Marcus Updateinfo to OVAL Converter 5.5 2023-02-10T11:15:26 ImageMagick-7.0.7.34-10.15.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the ImageMagick-7.0.7.34-10.15.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5118 CVE-2018-10805 CVE-2018-11624 CVE-2018-11625 CVE-2018-12599 CVE-2018-12600 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 CVE-2018-16323 CVE-2018-16328 CVE-2018-16329 CVE-2018-16412 CVE-2018-16413 CVE-2018-16640 CVE-2018-16641 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-17966 CVE-2018-18024 CVE-2018-18544 CVE-2018-20467 CVE-2018-9135 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11470 CVE-2019-11472 CVE-2019-11505 CVE-2019-11506 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13133 CVE-2019-13134 CVE-2019-13135 CVE-2019-13136 CVE-2019-13137 CVE-2019-13295 CVE-2019-13296 CVE-2019-13297 CVE-2019-13298 CVE-2019-13299 CVE-2019-13300 CVE-2019-13301 CVE-2019-13302 CVE-2019-13303 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13310 CVE-2019-13311 CVE-2019-13391 CVE-2019-13454 CVE-2019-14980 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16711 CVE-2019-16712 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949 CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27560 CVE-2020-27750 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27756 CVE-2020-27757 CVE-2020-27758 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 CVE-2020-29599 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20246 CVE-2021-20309 CVE-2021-20311 CVE-2021-20312 CVE-2021-20313 cpe:/o:opensuse:leap:15.3 Mesa-20.2.4-57.13 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the Mesa-20.2.4-57.13 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-5068 cpe:/o:opensuse:leap:15.3 MozillaFirefox-78.10.0-8.38.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the MozillaFirefox-78.10.0-8.38.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2011-3079 CVE-2012-2808 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 CVE-2014-8642 CVE-2014-8643 CVE-2015-0798 CVE-2015-0799 CVE-2015-0800 CVE-2015-0801 CVE-2015-0802 CVE-2015-0803 CVE-2015-0804 CVE-2015-0805 CVE-2015-0806 CVE-2015-0807 CVE-2015-0808 CVE-2015-0810 CVE-2015-0811 CVE-2015-0812 CVE-2015-0813 CVE-2015-0814 CVE-2015-0815 CVE-2015-0816 CVE-2015-0817 CVE-2015-0818 CVE-2015-0819 CVE-2015-0820 CVE-2015-0821 CVE-2015-0822 CVE-2015-0823 CVE-2015-0824 CVE-2015-0825 CVE-2015-0826 CVE-2015-0827 CVE-2015-0828 CVE-2015-0829 CVE-2015-0830 CVE-2015-0831 CVE-2015-0832 CVE-2015-0833 CVE-2015-0834 CVE-2015-0835 CVE-2015-0836 CVE-2015-2706 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2711 CVE-2015-2712 CVE-2015-2713 CVE-2015-2715 CVE-2015-2716 CVE-2015-2717 CVE-2015-2718 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2742 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4476 CVE-2015-4477 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4481 CVE-2015-4482 CVE-2015-4483 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4490 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 CVE-2015-4495 CVE-2015-4497 CVE-2015-4498 CVE-2015-4500 CVE-2015-4501 CVE-2015-4502 CVE-2015-4503 CVE-2015-4504 CVE-2015-4505 CVE-2015-4506 CVE-2015-4507 CVE-2015-4508 CVE-2015-4509 CVE-2015-4510 CVE-2015-4511 CVE-2015-4512 CVE-2015-4513 CVE-2015-4514 CVE-2015-4515 CVE-2015-4516 CVE-2015-4517 CVE-2015-4518 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7184 CVE-2015-7185 CVE-2015-7186 CVE-2015-7187 CVE-2015-7188 CVE-2015-7189 CVE-2015-7190 CVE-2015-7191 CVE-2015-7192 CVE-2015-7193 CVE-2015-7194 CVE-2015-7195 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 CVE-2015-7201 CVE-2015-7202 CVE-2015-7203 CVE-2015-7204 CVE-2015-7205 CVE-2015-7207 CVE-2015-7208 CVE-2015-7210 CVE-2015-7211 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7215 CVE-2015-7216 CVE-2015-7217 CVE-2015-7218 CVE-2015-7219 CVE-2015-7220 CVE-2015-7221 CVE-2015-7222 CVE-2015-7223 CVE-2015-7575 CVE-2016-0718 CVE-2016-1930 CVE-2016-1931 CVE-2016-1933 CVE-2016-1935 CVE-2016-1937 CVE-2016-1938 CVE-2016-1939 CVE-2016-1942 CVE-2016-1943 CVE-2016-1944 CVE-2016-1945 CVE-2016-1946 CVE-2016-1947 CVE-2016-1949 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1958 CVE-2016-1959 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1963 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1967 CVE-2016-1968 CVE-2016-1970 CVE-2016-1971 CVE-2016-1972 CVE-2016-1973 CVE-2016-1974 CVE-2016-1975 CVE-2016-1976 CVE-2016-1977 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-2804 CVE-2016-2806 CVE-2016-2807 CVE-2016-2808 CVE-2016-2809 CVE-2016-2810 CVE-2016-2811 CVE-2016-2812 CVE-2016-2813 CVE-2016-2814 CVE-2016-2815 CVE-2016-2816 CVE-2016-2817 CVE-2016-2818 CVE-2016-2819 CVE-2016-2820 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2825 CVE-2016-2827 CVE-2016-2828 CVE-2016-2829 CVE-2016-2830 CVE-2016-2831 CVE-2016-2832 CVE-2016-2833 CVE-2016-2834 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5251 CVE-2016-5252 CVE-2016-5253 CVE-2016-5254 CVE-2016-5255 CVE-2016-5256 CVE-2016-5257 CVE-2016-5258 CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266 CVE-2016-5267 CVE-2016-5268 CVE-2016-5270 CVE-2016-5271 CVE-2016-5272 CVE-2016-5273 CVE-2016-5274 CVE-2016-5275 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5279 CVE-2016-5280 CVE-2016-5281 CVE-2016-5282 CVE-2016-5283 CVE-2016-5284 CVE-2016-5287 CVE-2016-5288 CVE-2016-5289 CVE-2016-5290 CVE-2016-5291 CVE-2016-5292 CVE-2016-5293 CVE-2016-5294 CVE-2016-5295 CVE-2016-5296 CVE-2016-5297 CVE-2016-5298 CVE-2016-5299 CVE-2016-6354 CVE-2016-9061 CVE-2016-9062 CVE-2016-9063 CVE-2016-9064 CVE-2016-9065 CVE-2016-9066 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9070 CVE-2016-9071 CVE-2016-9072 CVE-2016-9073 CVE-2016-9074 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 CVE-2016-9078 CVE-2016-9079 CVE-2016-9080 CVE-2016-9893 CVE-2016-9894 CVE-2016-9895 CVE-2016-9896 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9903 CVE-2016-9904 CVE-2017-16541 CVE-2017-5031 CVE-2017-5373 CVE-2017-5374 CVE-2017-5375 CVE-2017-5376 CVE-2017-5377 CVE-2017-5378 CVE-2017-5379 CVE-2017-5380 CVE-2017-5381 CVE-2017-5382 CVE-2017-5383 CVE-2017-5384 CVE-2017-5385 CVE-2017-5386 CVE-2017-5387 CVE-2017-5388 CVE-2017-5389 CVE-2017-5390 CVE-2017-5391 CVE-2017-5392 CVE-2017-5393 CVE-2017-5394 CVE-2017-5395 CVE-2017-5396 CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 CVE-2017-5412 CVE-2017-5413 CVE-2017-5414 CVE-2017-5415 CVE-2017-5416 CVE-2017-5417 CVE-2017-5418 CVE-2017-5419 CVE-2017-5420 CVE-2017-5421 CVE-2017-5422 CVE-2017-5426 CVE-2017-5427 CVE-2017-5428 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7753 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7760 CVE-2017-7761 CVE-2017-7764 CVE-2017-7765 CVE-2017-7766 CVE-2017-7767 CVE-2017-7768 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7793 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7805 CVE-2017-7807 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 CVE-2017-7843 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12381 CVE-2018-12383 CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 CVE-2018-12405 CVE-2018-17466 CVE-2018-18335 CVE-2018-18356 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2018-18506 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 CVE-2018-5147 CVE-2018-5148 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5156 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178 CVE-2018-5183 CVE-2018-5188 CVE-2018-6126 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-11707 CVE-2019-11708 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11745 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-13722 CVE-2019-15903 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 CVE-2019-20503 CVE-2019-5785 CVE-2019-7317 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9800 CVE-2019-9801 CVE-2019-9810 CVE-2019-9811 CVE-2019-9812 CVE-2019-9813 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-12402 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 CVE-2020-15683 CVE-2020-15969 CVE-2020-15999 CVE-2020-16012 CVE-2020-16042 CVE-2020-16044 CVE-2020-26950 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26976 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 CVE-2020-6463 CVE-2020-6514 CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 CVE-2020-6831 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23961 CVE-2021-23964 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 cpe:/o:opensuse:leap:15.3 MozillaThunderbird-78.10.0-8.23.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the MozillaThunderbird-78.10.0-8.23.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2011-3079 CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8638 CVE-2014-8639 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0833 CVE-2015-0836 CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4475 CVE-2015-4477 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4481 CVE-2015-4482 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 CVE-2015-4500 CVE-2015-4505 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4513 CVE-2015-4514 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 CVE-2015-7201 CVE-2015-7205 CVE-2015-7207 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 CVE-2015-7575 CVE-2016-1930 CVE-2016-1935 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-2806 CVE-2016-2807 CVE-2016-2815 CVE-2016-2818 CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-5824 CVE-2016-6354 CVE-2016-9066 CVE-2016-9079 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905 CVE-2017-16541 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 CVE-2017-5412 CVE-2017-5413 CVE-2017-5414 CVE-2017-5416 CVE-2017-5418 CVE-2017-5419 CVE-2017-5421 CVE-2017-5422 CVE-2017-5426 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7753 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7793 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7805 CVE-2017-7807 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 CVE-2017-7826 CVE-2017-7828 CVE-2017-7829 CVE-2017-7830 CVE-2017-7845 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848 CVE-2018-12359 CVE-2018-12360 CVE-2018-12361 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12367 CVE-2018-12371 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12383 CVE-2018-12385 CVE-2018-12389 CVE-2018-12390 CVE-2018-12391 CVE-2018-12392 CVE-2018-12393 CVE-2018-12405 CVE-2018-17466 CVE-2018-18335 CVE-2018-18356 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2018-18509 CVE-2018-18511 CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5156 CVE-2018-5159 CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5185 CVE-2018-5187 CVE-2018-5188 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 CVE-2019-11707 CVE-2019-11708 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11745 CVE-2019-11746 CVE-2019-11752 CVE-2019-11755 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-13722 CVE-2019-15903 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 CVE-2019-20503 CVE-2019-5785 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9810 CVE-2019-9811 CVE-2019-9813 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 CVE-2020-12387 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-12397 CVE-2020-12398 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-15652 CVE-2020-15659 CVE-2020-15663 CVE-2020-15664 CVE-2020-15669 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 CVE-2020-15683 CVE-2020-15685 CVE-2020-15969 CVE-2020-15999 CVE-2020-16012 CVE-2020-16042 CVE-2020-16044 CVE-2020-26950 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 CVE-2020-26970 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26976 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 CVE-2020-6463 CVE-2020-6514 CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6797 CVE-2020-6798 CVE-2020-6800 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6831 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23961 CVE-2021-23964 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-23991 CVE-2021-23993 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948 cpe:/o:opensuse:leap:15.3 NetworkManager-1.22.10-3.7.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the NetworkManager-1.22.10-3.7.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2006-7246 CVE-2015-2924 CVE-2016-0764 CVE-2018-1000135 CVE-2018-15688 cpe:/o:opensuse:leap:15.3 NetworkManager-applet-1.8.24-5.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the NetworkManager-applet-1.8.24-5.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-6590 cpe:/o:opensuse:leap:15.3 NetworkManager-vpnc-1.2.6-lp153.1.31 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the NetworkManager-vpnc-1.2.6-lp153.1.31 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-10900 cpe:/o:opensuse:leap:15.3 PackageKit-1.1.13-4.20.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the PackageKit-1.1.13-4.20.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-1106 CVE-2020-16121 cpe:/o:opensuse:leap:15.3 accountsservice-0.6.55-3.14 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the accountsservice-0.6.55-3.14 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-14036 cpe:/o:opensuse:leap:15.3 apache2-2.4.43-3.17.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the apache2-2.4.43-3.17.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-5704 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-4000 CVE-2016-0736 CVE-2016-2161 CVE-2016-4979 CVE-2016-5387 CVE-2016-8740 CVE-2016-8743 CVE-2017-9798 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10097 CVE-2019-10098 CVE-2019-9517 CVE-2020-11984 CVE-2020-11993 CVE-2020-9490 cpe:/o:opensuse:leap:15.3 apache2-mod_php7-7.4.6-3.17.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the apache2-mod_php7-7.4.6-3.17.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3622 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-9426 CVE-2014-9427 CVE-2015-0231 CVE-2015-0232 CVE-2015-0235 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2305 CVE-2015-2325 CVE-2015-2326 CVE-2015-2331 CVE-2015-3152 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 CVE-2017-9120 CVE-2018-1000222 CVE-2018-1000888 CVE-2018-12882 CVE-2018-14851 CVE-2018-17082 CVE-2018-19935 CVE-2018-20783 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 CVE-2020-7062 CVE-2020-7063 CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 cpe:/o:opensuse:leap:15.3 apparmor-abstractions-2.13.6-1.31 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the apparmor-abstractions-2.13.6-1.31 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-6507 cpe:/o:opensuse:leap:15.3 argyllcms-1.9.2-2.27 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the argyllcms-1.9.2-2.27 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2012-1616 cpe:/o:opensuse:leap:15.3 ark-20.04.2-bp153.2.25 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the ark-20.04.2-bp153.2.25 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-16116 CVE-2020-24654 cpe:/o:opensuse:leap:15.3 augeas-1.10.1-1.11 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the augeas-1.10.1-1.11 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2012-0786 CVE-2014-8119 CVE-2017-7555 cpe:/o:opensuse:leap:15.3 autofs-5.1.3-7.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the autofs-5.1.3-7.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8169 cpe:/o:opensuse:leap:15.3 autoyast2-4.3.77-1.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the autoyast2-4.3.77-1.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-18905 cpe:/o:opensuse:leap:15.3 avahi-0.7-3.9.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the avahi-0.7-3.9.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-1000845 CVE-2021-26720 CVE-2021-3468 cpe:/o:opensuse:leap:15.3 bash-4.4-17.83 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the bash-4.4-17.83 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-9401 cpe:/o:opensuse:leap:15.3 bind-9.16.6-20.39 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the bind-9.16.6-20.39 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3214 CVE-2014-3859 CVE-2014-8500 CVE-2014-8680 CVE-2015-1349 CVE-2015-4620 CVE-2015-5477 CVE-2015-5722 CVE-2015-5986 CVE-2015-8000 CVE-2015-8461 CVE-2015-8704 CVE-2015-8705 CVE-2016-1285 CVE-2016-1286 CVE-2016-2088 CVE-2016-2775 CVE-2016-2776 CVE-2016-6170 CVE-2016-8864 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2016-9778 CVE-2017-3135 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 CVE-2017-3140 CVE-2017-3141 CVE-2017-3142 CVE-2017-3143 CVE-2017-3145 CVE-2018-5736 CVE-2018-5737 CVE-2018-5738 CVE-2018-5740 CVE-2018-5743 CVE-2018-5744 CVE-2018-5745 CVE-2019-6465 CVE-2019-6467 CVE-2019-6471 CVE-2019-6475 CVE-2019-6476 CVE-2019-6477 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 cpe:/o:opensuse:leap:15.3 binutils-2.35.1-7.18.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the binutils-2.35.1-7.18.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-9939 CVE-2017-12448 CVE-2017-12450 CVE-2017-12452 CVE-2017-12453 CVE-2017-12454 CVE-2017-12456 CVE-2017-12799 CVE-2017-13757 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130 CVE-2017-14333 CVE-2017-14529 CVE-2017-14729 CVE-2017-14745 CVE-2017-14974 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-1000876 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2019-1010180 CVE-2019-12972 CVE-2019-14250 CVE-2019-14444 CVE-2019-17450 CVE-2019-17451 CVE-2019-9074 CVE-2019-9075 CVE-2019-9077 cpe:/o:opensuse:leap:15.3 blktrace-1.1.0+git.20170126-3.3.28 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the blktrace-1.1.0+git.20170126-3.3.28 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-10689 cpe:/o:opensuse:leap:15.3 bluez-5.55-1.57 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the bluez-5.55-1.57 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-9797 CVE-2016-9798 CVE-2016-9800 CVE-2016-9801 CVE-2016-9802 CVE-2016-9804 CVE-2016-9917 CVE-2016-9918 cpe:/o:opensuse:leap:15.3 btrfsmaintenance-0.4.2-1.11 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the btrfsmaintenance-0.4.2-1.11 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-14722 cpe:/o:opensuse:leap:15.3 bubblewrap-0.4.1-1.16 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the bubblewrap-0.4.1-1.16 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-5226 CVE-2019-12439 CVE-2020-5291 cpe:/o:opensuse:leap:15.3 bzip2-1.0.6-5.11.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the bzip2-1.0.6-5.11.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-3189 CVE-2019-12900 cpe:/o:opensuse:leap:15.3 chromium-90.0.4430.212-bp153.1.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the chromium-90.0.4430.212-bp153.1.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-0574 CVE-2014-7899 CVE-2014-7900 CVE-2014-7901 CVE-2014-7902 CVE-2014-7903 CVE-2014-7904 CVE-2014-7905 CVE-2014-7906 CVE-2014-7907 CVE-2014-7908 CVE-2014-7909 CVE-2014-7910 CVE-2014-7923 CVE-2014-7924 CVE-2014-7925 CVE-2014-7926 CVE-2014-7927 CVE-2014-7928 CVE-2014-7929 CVE-2014-7930 CVE-2014-7932 CVE-2014-7933 CVE-2014-7934 CVE-2014-7935 CVE-2014-7936 CVE-2014-7937 CVE-2014-7938 CVE-2014-7939 CVE-2014-7940 CVE-2014-7941 CVE-2014-7942 CVE-2014-7943 CVE-2014-7944 CVE-2014-7945 CVE-2014-7946 CVE-2014-7947 CVE-2014-7948 CVE-2015-1205 CVE-2015-1209 CVE-2015-1210 CVE-2015-1211 CVE-2015-1212 CVE-2015-1213 CVE-2015-1214 CVE-2015-1215 CVE-2015-1216 CVE-2015-1217 CVE-2015-1218 CVE-2015-1219 CVE-2015-1220 CVE-2015-1221 CVE-2015-1222 CVE-2015-1223 CVE-2015-1224 CVE-2015-1225 CVE-2015-1226 CVE-2015-1227 CVE-2015-1228 CVE-2015-1229 CVE-2015-1230 CVE-2015-1231 CVE-2015-1233 CVE-2015-1234 CVE-2015-1235 CVE-2015-1236 CVE-2015-1237 CVE-2015-1238 CVE-2015-1240 CVE-2015-1241 CVE-2015-1242 CVE-2015-1243 CVE-2015-1244 CVE-2015-1245 CVE-2015-1246 CVE-2015-1247 CVE-2015-1248 CVE-2015-1249 CVE-2015-1250 CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254 CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258 CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262 CVE-2015-1263 CVE-2015-1264 CVE-2015-1265 CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269 CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273 CVE-2015-1274 CVE-2015-1275 CVE-2015-1276 CVE-2015-1277 CVE-2015-1278 CVE-2015-1279 CVE-2015-1280 CVE-2015-1281 CVE-2015-1282 CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286 CVE-2015-1287 CVE-2015-1288 CVE-2015-1289 CVE-2015-1291 CVE-2015-1292 CVE-2015-1293 CVE-2015-1294 CVE-2015-1295 CVE-2015-1296 CVE-2015-1297 CVE-2015-1298 CVE-2015-1299 CVE-2015-1300 CVE-2015-1301 CVE-2015-1302 CVE-2015-1303 CVE-2015-1304 CVE-2015-6755 CVE-2015-6756 CVE-2015-6757 CVE-2015-6758 CVE-2015-6759 CVE-2015-6760 CVE-2015-6761 CVE-2015-6762 CVE-2015-6763 CVE-2015-6764 CVE-2015-6765 CVE-2015-6766 CVE-2015-6767 CVE-2015-6768 CVE-2015-6769 CVE-2015-6770 CVE-2015-6771 CVE-2015-6772 CVE-2015-6773 CVE-2015-6774 CVE-2015-6775 CVE-2015-6776 CVE-2015-6777 CVE-2015-6778 CVE-2015-6779 CVE-2015-6780 CVE-2015-6781 CVE-2015-6782 CVE-2015-6783 CVE-2015-6784 CVE-2015-6785 CVE-2015-6786 CVE-2015-6787 CVE-2015-6788 CVE-2015-6789 CVE-2015-6790 CVE-2015-6791 CVE-2015-6792 CVE-2015-7834 CVE-2015-8126 CVE-2016-1612 CVE-2016-1613 CVE-2016-1614 CVE-2016-1615 CVE-2016-1616 CVE-2016-1617 CVE-2016-1618 CVE-2016-1619 CVE-2016-1620 CVE-2016-1622 CVE-2016-1623 CVE-2016-1624 CVE-2016-1625 CVE-2016-1626 CVE-2016-1627 CVE-2016-1629 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633 CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638 CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642 CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 CVE-2016-1646 CVE-2016-1647 CVE-2016-1648 CVE-2016-1649 CVE-2016-1650 CVE-2016-1651 CVE-2016-1652 CVE-2016-1653 CVE-2016-1654 CVE-2016-1655 CVE-2016-1656 CVE-2016-1657 CVE-2016-1658 CVE-2016-1659 CVE-2016-1660 CVE-2016-1661 CVE-2016-1662 CVE-2016-1663 CVE-2016-1664 CVE-2016-1665 CVE-2016-1666 CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687 CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695 CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700 CVE-2016-1701 CVE-2016-1702 CVE-2016-1703 CVE-2016-1704 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707 CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711 CVE-2016-3679 CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134 CVE-2016-5135 CVE-2016-5136 CVE-2016-5137 CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142 CVE-2016-5143 CVE-2016-5144 CVE-2016-5145 CVE-2016-5146 CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 CVE-2016-5150 CVE-2016-5151 CVE-2016-5152 CVE-2016-5153 CVE-2016-5154 CVE-2016-5155 CVE-2016-5156 CVE-2016-5157 CVE-2016-5158 CVE-2016-5159 CVE-2016-5160 CVE-2016-5161 CVE-2016-5162 CVE-2016-5163 CVE-2016-5164 CVE-2016-5165 CVE-2016-5166 CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5173 CVE-2016-5174 CVE-2016-5175 CVE-2016-5177 CVE-2016-5178 CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 CVE-2016-5198 CVE-2016-5199 CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 CVE-2016-5203 CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5210 CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214 CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219 CVE-2016-5220 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650 CVE-2016-9651 CVE-2016-9652 CVE-2017-11215 CVE-2017-11225 CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-15396 CVE-2017-15398 CVE-2017-15399 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 CVE-2017-15429 CVE-2017-15430 CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5013 CVE-2017-5014 CVE-2017-5015 CVE-2017-5016 CVE-2017-5017 CVE-2017-5018 CVE-2017-5019 CVE-2017-5020 CVE-2017-5021 CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025 CVE-2017-5026 CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040 CVE-2017-5041 CVE-2017-5042 CVE-2017-5043 CVE-2017-5044 CVE-2017-5045 CVE-2017-5046 CVE-2017-5052 CVE-2017-5053 CVE-2017-5054 CVE-2017-5055 CVE-2017-5056 CVE-2017-5057 CVE-2017-5058 CVE-2017-5059 CVE-2017-5060 CVE-2017-5061 CVE-2017-5062 CVE-2017-5063 CVE-2017-5064 CVE-2017-5065 CVE-2017-5066 CVE-2017-5067 CVE-2017-5068 CVE-2017-5069 CVE-2017-5070 CVE-2017-5071 CVE-2017-5072 CVE-2017-5073 CVE-2017-5074 CVE-2017-5075 CVE-2017-5076 CVE-2017-5077 CVE-2017-5078 CVE-2017-5079 CVE-2017-5080 CVE-2017-5081 CVE-2017-5082 CVE-2017-5083 CVE-2017-5085 CVE-2017-5086 CVE-2017-5087 CVE-2017-5088 CVE-2017-5089 CVE-2017-5091 CVE-2017-5092 CVE-2017-5093 CVE-2017-5094 CVE-2017-5095 CVE-2017-5096 CVE-2017-5097 CVE-2017-5098 CVE-2017-5099 CVE-2017-5100 CVE-2017-5101 CVE-2017-5102 CVE-2017-5103 CVE-2017-5104 CVE-2017-5105 CVE-2017-5106 CVE-2017-5107 CVE-2017-5108 CVE-2017-5109 CVE-2017-5110 CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 CVE-2017-5121 CVE-2017-5122 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128 CVE-2017-5129 CVE-2017-5130 CVE-2017-5131 CVE-2017-5132 CVE-2017-5133 CVE-2017-7000 CVE-2018-16065 CVE-2018-16066 CVE-2018-16067 CVE-2018-16068 CVE-2018-16069 CVE-2018-16070 CVE-2018-16071 CVE-2018-16073 CVE-2018-16074 CVE-2018-16075 CVE-2018-16076 CVE-2018-16077 CVE-2018-16078 CVE-2018-16079 CVE-2018-16080 CVE-2018-16081 CVE-2018-16082 CVE-2018-16083 CVE-2018-16084 CVE-2018-16085 CVE-2018-16086 CVE-2018-16087 CVE-2018-16088 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17472 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477 CVE-2018-17478 CVE-2018-17479 CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359 CVE-2018-20073 CVE-2018-4117 CVE-2018-5179 CVE-2018-6031 CVE-2018-6032 CVE-2018-6033 CVE-2018-6034 CVE-2018-6035 CVE-2018-6036 CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 CVE-2018-6040 CVE-2018-6041 CVE-2018-6042 CVE-2018-6043 CVE-2018-6044 CVE-2018-6045 CVE-2018-6046 CVE-2018-6047 CVE-2018-6048 CVE-2018-6049 CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 CVE-2018-6053 CVE-2018-6054 CVE-2018-6056 CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-2018-6074 CVE-2018-6075 CVE-2018-6076 CVE-2018-6077 CVE-2018-6078 CVE-2018-6079 CVE-2018-6080 CVE-2018-6081 CVE-2018-6082 CVE-2018-6083 CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106 CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114 CVE-2018-6115 CVE-2018-6116 CVE-2018-6117 CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122 CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6128 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 CVE-2018-6139 CVE-2018-6140 CVE-2018-6141 CVE-2018-6142 CVE-2018-6143 CVE-2018-6144 CVE-2018-6145 CVE-2018-6147 CVE-2018-6148 CVE-2018-6149 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155 CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159 CVE-2018-6160 CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164 CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168 CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172 CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176 CVE-2018-6177 CVE-2018-6178 CVE-2018-6179 CVE-2018-6406 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-13685 CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713 CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717 CVE-2019-13718 CVE-2019-13719 CVE-2019-13720 CVE-2019-13721 CVE-2019-13723 CVE-2019-13724 CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 CVE-2019-13764 CVE-2019-13767 CVE-2019-15903 CVE-2019-18197 CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926 CVE-2019-20503 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5761 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5771 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782 CVE-2019-5784 CVE-2019-5786 CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5801 CVE-2019-5802 CVE-2019-5803 CVE-2019-5804 CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5812 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5816 CVE-2019-5817 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823 CVE-2019-5824 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 CVE-2019-5844 CVE-2019-5845 CVE-2019-5846 CVE-2019-5847 CVE-2019-5848 CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853 CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857 CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861 CVE-2019-5862 CVE-2019-5863 CVE-2019-5864 CVE-2019-5865 CVE-2019-5867 CVE-2019-5868 CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-5881 CVE-2019-8075 CVE-2020-0561 CVE-2020-15959 CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991 CVE-2020-15992 CVE-2020-15995 CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16007 CVE-2020-16008 CVE-2020-16009 CVE-2020-16011 CVE-2020-16012 CVE-2020-16013 CVE-2020-16014 CVE-2020-16015 CVE-2020-16016 CVE-2020-16017 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 CVE-2020-16036 CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042 CVE-2020-16043 CVE-2020-16044 CVE-2020-27844 CVE-2020-6377 CVE-2020-6378 CVE-2020-6379 CVE-2020-6380 CVE-2020-6381 CVE-2020-6382 CVE-2020-6385 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 CVE-2020-6406 CVE-2020-6407 CVE-2020-6408 CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416 CVE-2020-6417 CVE-2020-6418 CVE-2020-6420 CVE-2020-6422 CVE-2020-6423 CVE-2020-6424 CVE-2020-6425 CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 CVE-2020-6449 CVE-2020-6450 CVE-2020-6451 CVE-2020-6452 CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457 CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6462 CVE-2020-6463 CVE-2020-6464 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6477 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 CVE-2020-6509 CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6532 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 CVE-2020-6556 CVE-2020-6557 CVE-2020-6558 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 CVE-2020-6831 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139 CVE-2021-21140 CVE-2021-21141 CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147 CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156 CVE-2021-21157 CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21164 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199 CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204 CVE-2021-21205 CVE-2021-21206 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219 CVE-2021-21220 CVE-2021-21221 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226 CVE-2021-21227 CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 CVE-2021-21231 CVE-2021-21232 CVE-2021-21233 CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520 cpe:/o:opensuse:leap:15.3 chrony-3.2-9.21.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the chrony-3.2-9.21.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-1567 cpe:/o:opensuse:leap:15.3 cifs-utils-6.9-5.12.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the cifs-utils-6.9-5.12.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-14342 CVE-2021-20208 cpe:/o:opensuse:leap:15.3 colord-gtk-lang-0.1.26-1.48 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the colord-gtk-lang-0.1.26-1.48 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2011-4349 cpe:/o:opensuse:leap:15.3 coreutils-8.32-1.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the coreutils-8.32-1.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-4041 CVE-2015-4042 CVE-2017-7476 cpe:/o:opensuse:leap:15.3 cpio-2.12-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the cpio-2.12-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-9112 CVE-2016-2037 CVE-2019-14866 cpe:/o:opensuse:leap:15.3 cpp7-7.5.0+r278197-4.25.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the cpp7-7.5.0+r278197-4.25.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-14250 CVE-2019-15847 CVE-2020-13844 cpe:/o:opensuse:leap:15.3 cracklib-2.9.7-11.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the cracklib-2.9.7-11.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-6318 cpe:/o:opensuse:leap:15.3 cron-4.2-6.12.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the cron-4.2-6.12.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-9704 CVE-2019-9705 cpe:/o:opensuse:leap:15.3 cryptsetup-2.3.4-1.34 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the cryptsetup-2.3.4-1.34 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-14382 cpe:/o:opensuse:leap:15.3 cups-2.2.7-3.26.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the cups-2.2.7-3.26.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2012-5519 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2015-1158 CVE-2015-1159 CVE-2017-18248 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 CVE-2018-4700 CVE-2019-8675 CVE-2019-8696 CVE-2019-8842 CVE-2020-10001 CVE-2020-3898 CVE-2021-25317 cpe:/o:opensuse:leap:15.3 cups-filters-1.25.0-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the cups-filters-1.25.0-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-2265 CVE-2015-3258 CVE-2015-3279 CVE-2015-8327 CVE-2015-8560 cpe:/o:opensuse:leap:15.3 cups-pk-helper-0.2.6-1.36 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the cups-pk-helper-0.2.6-1.36 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2012-4510 cpe:/o:opensuse:leap:15.3 curl-7.66.0-4.14.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the curl-7.66.0-4.14.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8150 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 CVE-2015-3236 CVE-2015-3237 CVE-2016-0755 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 CVE-2016-9586 CVE-2016-9594 CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254 CVE-2017-1000257 CVE-2017-2629 CVE-2017-7468 CVE-2017-8816 CVE-2017-8817 CVE-2017-8818 CVE-2017-9502 CVE-2018-0500 CVE-2018-1000005 CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000300 CVE-2018-1000301 CVE-2018-14618 CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 CVE-2019-5435 CVE-2019-5436 CVE-2019-5481 CVE-2019-5482 CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 cpe:/o:opensuse:leap:15.3 cyrus-sasl-2.1.27-2.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the cyrus-sasl-2.1.27-2.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-19906 CVE-2020-8032 cpe:/o:opensuse:leap:15.3 dbus-1-1.12.2-8.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the dbus-1-1.12.2-8.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3636 CVE-2014-3637 CVE-2014-3639 CVE-2014-7824 CVE-2014-8148 CVE-2015-0245 CVE-2019-12749 cpe:/o:opensuse:leap:15.3 dbus-1-glib-0.108-1.29 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the dbus-1-glib-0.108-1.29 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2010-1172 CVE-2013-0292 cpe:/o:opensuse:leap:15.3 dhcp-4.3.5-6.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the dhcp-4.3.5-6.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-8605 CVE-2017-3144 CVE-2018-5732 CVE-2018-5733 CVE-2019-6470 cpe:/o:opensuse:leap:15.3 dirmngr-2.2.27-1.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the dirmngr-2.2.27-1.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-1000858 CVE-2018-12020 CVE-2018-9234 CVE-2019-13050 CVE-2019-14855 CVE-2020-25125 cpe:/o:opensuse:leap:15.3 dnsmasq-2.78-7.8.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the dnsmasq-2.78-7.8.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-3294 CVE-2015-8899 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 CVE-2017-15107 CVE-2019-14834 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 cpe:/o:opensuse:leap:15.3 dracut-049.1+suse.188.gbf445638-3.30.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the dracut-049.1+suse.188.gbf445638-3.30.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-8637 cpe:/o:opensuse:leap:15.3 e2fsprogs-1.43.8-4.26.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the e2fsprogs-1.43.8-4.26.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-0247 CVE-2015-1572 CVE-2019-5094 CVE-2019-5188 cpe:/o:opensuse:leap:15.3 elfutils-0.168-4.5.3 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the elfutils-0.168-4.5.3 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-9447 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665 cpe:/o:opensuse:leap:15.3 emacs-25.3-3.6.51 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the emacs-25.3-3.6.51 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 CVE-2014-9483 CVE-2017-7476 cpe:/o:opensuse:leap:15.3 eog-3.34.2-1.46 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the eog-3.34.2-1.46 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-7447 CVE-2016-6855 cpe:/o:opensuse:leap:15.3 evince-3.34.2-1.115 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the evince-3.34.2-1.115 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-1000083 CVE-2019-1010006 CVE-2019-11459 cpe:/o:opensuse:leap:15.3 evolution-3.34.4-1.49 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the evolution-3.34.4-1.49 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-15587 cpe:/o:opensuse:leap:15.3 evolution-data-server-3.34.4-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the evolution-data-server-3.34.4-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-14928 CVE-2020-16117 cpe:/o:opensuse:leap:15.3 expat-2.2.5-3.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the expat-2.2.5-3.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2012-0876 CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2016-5300 CVE-2016-9063 CVE-2017-9233 CVE-2018-20843 CVE-2019-15903 cpe:/o:opensuse:leap:15.3 file-5.32-7.11.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the file-5.32-7.11.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 CVE-2017-1000249 CVE-2018-10360 CVE-2019-18218 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 cpe:/o:opensuse:leap:15.3 file-roller-3.32.5-1.8 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the file-roller-3.32.5-1.8 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-11736 cpe:/o:opensuse:leap:15.3 firewall-macros-0.9.3-1.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the firewall-macros-0.9.3-1.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-5410 cpe:/o:opensuse:leap:15.3 flatpak-1.10.2-4.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the flatpak-1.10.2-4.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-8659 CVE-2017-5226 CVE-2019-10063 CVE-2019-5736 CVE-2021-21261 cpe:/o:opensuse:leap:15.3 freerdp-2.1.2-15.10.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the freerdp-2.1.2-15.10.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-0250 CVE-2014-0791 CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 CVE-2018-0886 CVE-2018-1000852 CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 CVE-2019-17177 CVE-2019-17178 CVE-2020-11017 CVE-2020-11018 CVE-2020-11019 CVE-2020-11038 CVE-2020-11039 CVE-2020-11040 CVE-2020-11041 CVE-2020-11043 CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 CVE-2020-15103 CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 cpe:/o:opensuse:leap:15.3 fuse-2.9.7-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the fuse-2.9.7-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2009-3297 CVE-2011-0541 CVE-2015-3202 CVE-2018-10906 cpe:/o:opensuse:leap:15.3 fwupd-1.5.8-1.13 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the fwupd-1.5.8-1.13 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-10759 cpe:/o:opensuse:leap:15.3 gcab-1.1-1.15 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gcab-1.1-1.15 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-0552 CVE-2018-5345 cpe:/o:opensuse:leap:15.3 gdb-10.1-8.24.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gdb-10.1-8.24.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-1010180 cpe:/o:opensuse:leap:15.3 gdk-pixbuf-lang-2.40.0-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gdk-pixbuf-lang-2.40.0-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-4491 CVE-2015-7552 CVE-2015-7673 CVE-2015-7674 CVE-2016-6352 CVE-2017-2862 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2020-29385 cpe:/o:opensuse:leap:15.3 gdk-pixbuf-loader-rsvg-2.46.5-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.46.5-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-11464 CVE-2021-25900 cpe:/o:opensuse:leap:15.3 gdm-3.34.1-8.18.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gdm-3.34.1-8.18.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-7496 CVE-2017-12164 CVE-2018-14424 CVE-2019-3825 CVE-2020-16125 cpe:/o:opensuse:leap:15.3 gegl-0_4-0.4.16-1.99 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gegl-0_4-0.4.16-1.99 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2012-4433 CVE-2018-10114 cpe:/o:opensuse:leap:15.3 ghostscript-9.52-3.32.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the ghostscript-9.52-3.32.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-5653 CVE-2015-3228 CVE-2016-10217 CVE-2016-10218 CVE-2016-10219 CVE-2016-10220 CVE-2016-10317 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 CVE-2017-9216 CVE-2018-10194 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 CVE-2018-6616 CVE-2019-10216 CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-14869 CVE-2019-3835 CVE-2019-3838 CVE-2019-6116 CVE-2020-12268 CVE-2020-15900 cpe:/o:opensuse:leap:15.3 gimp-2.10.12-7.25 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gimp-2.10.12-7.25 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2007-3126 CVE-2016-4994 cpe:/o:opensuse:leap:15.3 glib2-lang-2.62.6-3.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the glib2-lang-2.62.6-3.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 CVE-2020-6750 CVE-2021-27218 CVE-2021-27219 cpe:/o:opensuse:leap:15.3 glibc-2.31-7.30 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the glibc-2.31-7.30 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2009-5155 CVE-2010-3192 CVE-2012-3406 CVE-2013-4458 CVE-2014-7817 CVE-2014-8121 CVE-2014-9402 CVE-2014-9761 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 CVE-2015-5180 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-10228 CVE-2016-10739 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 CVE-2016-5417 CVE-2016-6323 CVE-2017-1000366 CVE-2017-1000408 CVE-2017-1000409 CVE-2017-12132 CVE-2017-12133 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-16997 CVE-2017-17426 CVE-2017-18269 CVE-2018-1000001 CVE-2018-11236 CVE-2018-11237 CVE-2018-6485 CVE-2018-6551 CVE-2019-19126 CVE-2019-9169 CVE-2020-10029 CVE-2020-1751 CVE-2020-1752 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2021-27645 CVE-2021-3326 cpe:/o:opensuse:leap:15.3 glibc-locale-32bit-2.26-13.8.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the glibc-locale-32bit-2.26-13.8.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2009-5029 CVE-2009-5064 CVE-2010-3192 CVE-2012-3406 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-2207 CVE-2013-4237 CVE-2013-4332 CVE-2013-4458 CVE-2013-7423 CVE-2014-0475 CVE-2014-4043 CVE-2014-5119 CVE-2014-6040 CVE-2014-7817 CVE-2014-8121 CVE-2014-9402 CVE-2014-9761 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 CVE-2015-5180 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 CVE-2016-5417 CVE-2016-6323 CVE-2017-1000366 CVE-2017-1000408 CVE-2017-1000409 CVE-2017-12132 CVE-2017-12133 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-16997 CVE-2017-17426 CVE-2017-18269 CVE-2018-1000001 CVE-2018-11236 CVE-2018-11237 CVE-2018-6485 CVE-2018-6551 cpe:/o:opensuse:leap:15.3 gnome-desktop-lang-3.34.7-3.3.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gnome-desktop-lang-3.34.7-3.3.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-11460 cpe:/o:opensuse:leap:15.3 gnome-photos-3.34.1-1.62 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gnome-photos-3.34.1-1.62 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-7447 cpe:/o:opensuse:leap:15.3 gnome-settings-daemon-3.34.2+0-4.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gnome-settings-daemon-3.34.2+0-4.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-7300 cpe:/o:opensuse:leap:15.3 gnome-shell-3.34.5-8.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gnome-shell-3.34.5-8.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-8288 CVE-2019-3820 CVE-2020-17489 cpe:/o:opensuse:leap:15.3 gnome-shell-search-provider-nautilus-3.34.3-4.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gnome-shell-search-provider-nautilus-3.34.3-4.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-11461 cpe:/o:opensuse:leap:15.3 gnuchess-6.2.6-bp153.1.16 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gnuchess-6.2.6-bp153.1.16 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-8972 CVE-2019-15767 cpe:/o:opensuse:leap:15.3 gnutls-3.6.7-14.10.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gnutls-3.6.7-14.10.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8564 CVE-2015-6251 CVE-2016-8610 CVE-2017-7869 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 CVE-2018-16868 CVE-2019-3829 CVE-2019-3836 CVE-2020-11501 CVE-2020-13777 CVE-2020-24659 CVE-2021-20231 CVE-2021-20232 cpe:/o:opensuse:leap:15.3 graphviz-2.40.1-6.6.4 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the graphviz-2.40.1-6.6.4 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-10196 CVE-2019-11023 cpe:/o:opensuse:leap:15.3 grep-3.1-4.3.12 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the grep-3.1-4.3.12 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-1345 cpe:/o:opensuse:leap:15.3 groff-1.22.3-5.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the groff-1.22.3-5.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2009-5081 cpe:/o:opensuse:leap:15.3 grub2-2.04-20.4 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the grub2-2.04-20.4 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-8370 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-14372 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 cpe:/o:opensuse:leap:15.3 gstreamer-1.16.2-1.53 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gstreamer-1.16.2-1.53 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-10198 CVE-2016-10199 CVE-2017-5837 CVE-2017-5838 CVE-2017-5839 CVE-2017-5840 CVE-2017-5841 CVE-2017-5842 CVE-2017-5843 CVE-2017-5844 CVE-2017-5845 CVE-2017-5846 CVE-2017-5847 CVE-2017-5848 cpe:/o:opensuse:leap:15.3 gstreamer-plugins-bad-1.16.2-lp153.2.114 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gstreamer-plugins-bad-1.16.2-lp153.2.114 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-5838 CVE-2017-5847 CVE-2017-5848 cpe:/o:opensuse:leap:15.3 gstreamer-plugins-base-1.16.2-2.12 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gstreamer-plugins-base-1.16.2-2.12 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-9928 cpe:/o:opensuse:leap:15.3 gstreamer-plugins-good-1.16.2-1.85 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gstreamer-plugins-good-1.16.2-1.85 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-5838 cpe:/o:opensuse:leap:15.3 gstreamer-plugins-ugly-1.16.2-1.75 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gstreamer-plugins-ugly-1.16.2-1.75 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-5838 CVE-2017-5847 cpe:/o:opensuse:leap:15.3 gtk-vnc-lang-1.0.0-2.35 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gtk-vnc-lang-1.0.0-2.35 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-5884 CVE-2017-5885 cpe:/o:opensuse:leap:15.3 gvfs-1.42.2-4.24 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the gvfs-1.42.2-4.24 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-12447 CVE-2019-12448 CVE-2019-12449 CVE-2019-12795 CVE-2019-3827 cpe:/o:opensuse:leap:15.3 hplip-hpijs-3.20.11-2.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the hplip-hpijs-3.20.11-2.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-0839 cpe:/o:opensuse:leap:15.3 ibus-1.5.23-1.56 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the ibus-1.5.23-1.56 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-14822 cpe:/o:opensuse:leap:15.3 ibus-chewing-1.6.1-1.53 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the ibus-chewing-1.6.1-1.53 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-4509 cpe:/o:opensuse:leap:15.3 iscsiuio-0.7.8.6-30.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the iscsiuio-0.7.8.6-30.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 cpe:/o:opensuse:leap:15.3 java-11-openjdk-11.0.11.0-3.56.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the java-11-openjdk-11.0.11.0-3.56.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-11212 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2814 CVE-2018-2825 CVE-2018-2826 CVE-2018-2940 CVE-2018-2952 CVE-2018-2972 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3150 CVE-2018-3157 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2818 CVE-2019-2821 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2977 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-7317 CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2655 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830 CVE-2021-2161 CVE-2021-2163 cpe:/o:opensuse:leap:15.3 jq-1.6-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the jq-1.6-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-8863 CVE-2016-4074 cpe:/o:opensuse:leap:15.3 kconf_update5-5.76.0-bp153.1.16 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the kconf_update5-5.76.0-bp153.1.16 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-14744 cpe:/o:opensuse:leap:15.3 kcoreaddons-5.76.0-bp153.1.16 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the kcoreaddons-5.76.0-bp153.1.16 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-7966 cpe:/o:opensuse:leap:15.3 kdump-0.9.0-16.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the kdump-0.9.0-16.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-5759 cpe:/o:opensuse:leap:15.3 kernel-64kb-5.3.18-57.3 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the kernel-64kb-5.3.18-57.3 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-1000251 CVE-2017-12153 CVE-2017-13080 CVE-2017-14051 CVE-2017-16536 CVE-2017-16537 CVE-2017-16646 CVE-2017-16648 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-10323 CVE-2018-12232 CVE-2018-13053 CVE-2018-20669 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-14615 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15030 CVE-2019-15031 CVE-2019-15098 CVE-2019-15099 CVE-2019-15290 CVE-2019-15291 CVE-2019-15504 CVE-2019-16231 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-17133 CVE-2019-17666 CVE-2019-18198 CVE-2019-18660 CVE-2019-18683 CVE-2019-18786 CVE-2019-18808 CVE-2019-18809 CVE-2019-18811 CVE-2019-18812 CVE-2019-18813 CVE-2019-19037 CVE-2019-19043 CVE-2019-19044 CVE-2019-19045 CVE-2019-19046 CVE-2019-19047 CVE-2019-19048 CVE-2019-19049 CVE-2019-19050 CVE-2019-19051 CVE-2019-19052 CVE-2019-19053 CVE-2019-19054 CVE-2019-19055 CVE-2019-19056 CVE-2019-19057 CVE-2019-19058 CVE-2019-19060 CVE-2019-19061 CVE-2019-19062 CVE-2019-19063 CVE-2019-19064 CVE-2019-19065 CVE-2019-19066 CVE-2019-19067 CVE-2019-19068 CVE-2019-19069 CVE-2019-19070 CVE-2019-19071 CVE-2019-19072 CVE-2019-19073 CVE-2019-19074 CVE-2019-19075 CVE-2019-19077 CVE-2019-19078 CVE-2019-19080 CVE-2019-19081 CVE-2019-19082 CVE-2019-19083 CVE-2019-19241 CVE-2019-19252 CVE-2019-19332 CVE-2019-19338 CVE-2019-19447 CVE-2019-19462 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19526 CVE-2019-19528 CVE-2019-19529 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19602 CVE-2019-19767 CVE-2019-19768 CVE-2019-19770 CVE-2019-19807 CVE-2019-19922 CVE-2019-19947 CVE-2019-19965 CVE-2019-20422 CVE-2019-20810 CVE-2019-20812 CVE-2019-3016 CVE-2019-8912 CVE-2020-0110 CVE-2020-0305 CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-0543 CVE-2020-10135 CVE-2020-10690 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-10781 CVE-2020-10942 CVE-2020-11494 CVE-2020-11608 CVE-2020-11668 CVE-2020-11884 CVE-2020-12351 CVE-2020-12352 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-12373 CVE-2020-12464 CVE-2020-12465 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12659 CVE-2020-12769 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14314 CVE-2020-14331 CVE-2020-14351 CVE-2020-14356 CVE-2020-14385 CVE-2020-14386 CVE-2020-14390 CVE-2020-14416 CVE-2020-15393 CVE-2020-15436 CVE-2020-15437 CVE-2020-15780 CVE-2020-16120 CVE-2020-16166 CVE-2020-1749 CVE-2020-24490 CVE-2020-2521 CVE-2020-25211 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25639 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705 CVE-2020-26088 CVE-2020-27068 CVE-2020-27194 CVE-2020-2732 CVE-2020-27673 CVE-2020-27675 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27830 CVE-2020-27835 CVE-2020-28374 CVE-2020-28915 CVE-2020-28941 CVE-2020-28974 CVE-2020-29368 CVE-2020-29369 CVE-2020-29370 CVE-2020-29371 CVE-2020-29373 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-36311 CVE-2020-4788 CVE-2020-8428 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-8694 CVE-2020-8835 CVE-2020-8992 CVE-2020-9383 CVE-2021-0342 CVE-2021-20177 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28688 CVE-2021-3347 CVE-2021-3348 cpe:/o:opensuse:leap:15.3 kernel-firmware-all-20210208-2.4 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the kernel-firmware-all-20210208-2.4 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-13080 CVE-2017-13081 CVE-2017-5715 CVE-2019-9836 cpe:/o:opensuse:leap:15.3 kinit-5.76.0-bp153.1.15 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the kinit-5.76.0-bp153.1.15 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-3100 cpe:/o:opensuse:leap:15.3 kio-extras5-20.04.2-bp153.2.12 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the kio-extras5-20.04.2-bp153.2.12 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8600 cpe:/o:opensuse:leap:15.3 konversation-1.7.5-bp153.1.25 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the konversation-1.7.5-bp153.1.25 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8483 CVE-2017-15923 cpe:/o:opensuse:leap:15.3 krb5-1.16.3-3.18.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the krb5-1.16.3-3.18.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 CVE-2015-2694 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-2698 CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 CVE-2016-3119 CVE-2016-3120 CVE-2017-11368 CVE-2017-11462 CVE-2018-20217 CVE-2018-5729 CVE-2018-5730 CVE-2020-28196 cpe:/o:opensuse:leap:15.3 kscreenlocker-5.18.5-bp153.1.28 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the kscreenlocker-5.18.5-bp153.1.28 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-2312 cpe:/o:opensuse:leap:15.3 ktexteditor-5.76.0-bp153.1.14 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the ktexteditor-5.76.0-bp153.1.14 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-10361 cpe:/o:opensuse:leap:15.3 less-530-1.6 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the less-530-1.6 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-9488 cpe:/o:opensuse:leap:15.3 libBasicUsageEnvironment1-2019.06.28-bp153.1.20 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libBasicUsageEnvironment1-2019.06.28-bp153.1.20 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-4013 CVE-2019-6256 CVE-2019-7314 CVE-2019-9215 cpe:/o:opensuse:leap:15.3 libFLAC8-1.3.2-3.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libFLAC8-1.3.2-3.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8962 CVE-2014-9028 CVE-2017-6888 CVE-2020-0487 CVE-2020-0499 cpe:/o:opensuse:leap:15.3 libHX28-3.22-1.26 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libHX28-3.22-1.26 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2010-2947 cpe:/o:opensuse:leap:15.3 libICE6-1.0.9-1.25 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libICE6-1.0.9-1.25 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-2626 cpe:/o:opensuse:leap:15.3 libIlmImf-2_2-23-2.2.1-3.27.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libIlmImf-2_2-23-2.2.1-3.27.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-12596 CVE-2017-14988 CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2018-18444 CVE-2020-11758 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 CVE-2020-15304 CVE-2020-15305 CVE-2020-15306 CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 CVE-2021-20296 CVE-2021-23215 CVE-2021-26260 CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3479 cpe:/o:opensuse:leap:15.3 libKF5Auth5-5.76.0-bp153.1.16 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libKF5Auth5-5.76.0-bp153.1.16 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-8422 CVE-2019-7443 cpe:/o:opensuse:leap:15.3 libKF5Codecs5-5.76.0-bp153.1.16 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libKF5Codecs5-5.76.0-bp153.1.16 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-0779 cpe:/o:opensuse:leap:15.3 libQt5Concurrent5-5.12.7-4.12.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libQt5Concurrent5-5.12.7-4.12.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-0295 CVE-2020-0569 CVE-2020-0570 CVE-2020-13962 CVE-2020-17507 cpe:/o:opensuse:leap:15.3 libSDL-1_2-0-1.2.15-3.12.73 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libSDL-1_2-0-1.2.15-3.12.73 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-13616 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 cpe:/o:opensuse:leap:15.3 libSDL2-2_0-0-2.0.8-9.63 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libSDL2-2_0-0-2.0.8-9.63 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-2888 CVE-2019-13616 CVE-2019-13626 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 cpe:/o:opensuse:leap:15.3 libSoundTouch0-1.8.0-3.11.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libSoundTouch0-1.8.0-3.11.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-1000223 CVE-2018-17096 CVE-2018-17097 CVE-2018-17098 cpe:/o:opensuse:leap:15.3 libX11-6-1.6.5-3.15.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libX11-6-1.6.5-3.15.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 CVE-2020-14344 CVE-2020-14363 cpe:/o:opensuse:leap:15.3 libXRes1-1.2.0-1.18 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXRes1-1.2.0-1.18 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-1988 cpe:/o:opensuse:leap:15.3 libXcursor1-1.1.15-1.18 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXcursor1-1.1.15-1.18 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-2003 CVE-2017-16612 cpe:/o:opensuse:leap:15.3 libXdmcp6-1.1.2-1.23 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXdmcp6-1.1.2-1.23 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-2625 cpe:/o:opensuse:leap:15.3 libXext6-1.3.3-1.30 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXext6-1.3.3-1.30 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-1982 cpe:/o:opensuse:leap:15.3 libXfixes3-5.0.3-1.24 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXfixes3-5.0.3-1.24 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-1983 cpe:/o:opensuse:leap:15.3 libXfont1-1.5.4-1.17 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXfont1-1.5.4-1.17 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2011-2895 CVE-2013-6462 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 CVE-2017-13720 CVE-2017-13722 CVE-2017-16611 cpe:/o:opensuse:leap:15.3 libXfont2-2-2.0.3-1.17 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXfont2-2-2.0.3-1.17 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-16611 cpe:/o:opensuse:leap:15.3 libXi6-1.7.9-3.2.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXi6-1.7.9-3.2.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-1984 CVE-2013-1995 CVE-2013-1998 cpe:/o:opensuse:leap:15.3 libXinerama1-1.1.3-1.22 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXinerama1-1.1.3-1.22 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-1985 cpe:/o:opensuse:leap:15.3 libXrandr2-1.5.1-2.17 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXrandr2-1.5.1-2.17 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-1986 CVE-2016-7947 CVE-2016-7948 cpe:/o:opensuse:leap:15.3 libXrender1-0.9.10-1.30 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXrender1-0.9.10-1.30 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-1987 cpe:/o:opensuse:leap:15.3 libXt6-1.1.5-2.24 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXt6-1.1.5-2.24 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-2002 CVE-2013-2005 cpe:/o:opensuse:leap:15.3 libXtst6-1.2.3-1.24 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXtst6-1.2.3-1.24 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-2063 cpe:/o:opensuse:leap:15.3 libXv1-1.0.11-1.23 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXv1-1.0.11-1.23 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-1989 CVE-2013-2066 CVE-2016-5407 cpe:/o:opensuse:leap:15.3 libXvMC1-1.0.10-1.23 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXvMC1-1.0.10-1.23 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-1990 CVE-2013-1999 cpe:/o:opensuse:leap:15.3 libXvnc1-1.9.0-19.9.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXvnc1-1.9.0-19.9.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8240 CVE-2015-0255 CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695 CVE-2020-26117 cpe:/o:opensuse:leap:15.3 libXxf86vm1-1.1.4-1.23 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libXxf86vm1-1.1.4-1.23 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-2001 cpe:/o:opensuse:leap:15.3 libapr-util1-1.6.1-16.43 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libapr-util1-1.6.1-16.43 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-12618 cpe:/o:opensuse:leap:15.3 libarchive13-3.4.2-2.24 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libarchive13-3.4.2-2.24 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-0211 CVE-2015-2304 CVE-2015-8917 CVE-2015-8928 CVE-2015-8933 CVE-2015-8934 CVE-2016-1541 CVE-2016-4300 CVE-2016-4301 CVE-2016-4809 CVE-2016-5418 CVE-2016-5844 CVE-2016-6250 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880 CVE-2019-1000019 CVE-2019-1000020 CVE-2019-18408 CVE-2019-19221 cpe:/o:opensuse:leap:15.3 libass9-0.14.0-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libass9-0.14.0-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-7969 CVE-2016-7970 CVE-2016-7972 CVE-2020-26682 cpe:/o:opensuse:leap:15.3 libaudit1-2.8.5-3.43 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libaudit1-2.8.5-3.43 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-5186 cpe:/o:opensuse:leap:15.3 libavcodec57-3.4.2-9.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libavcodec57-3.4.2-9.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-8216 CVE-2015-8217 CVE-2015-8218 CVE-2015-8219 CVE-2015-8363 CVE-2015-8364 CVE-2015-8365 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 CVE-2016-10190 CVE-2016-10191 CVE-2016-10192 CVE-2016-1897 CVE-2016-1898 CVE-2017-11399 CVE-2017-11665 CVE-2017-14054 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14058 CVE-2017-14059 CVE-2017-14169 CVE-2017-14170 CVE-2017-14171 CVE-2017-14222 CVE-2017-14223 CVE-2017-14225 CVE-2017-15186 CVE-2017-15672 CVE-2017-16840 CVE-2017-17081 CVE-2017-17555 CVE-2017-7859 CVE-2017-7862 CVE-2017-7863 CVE-2017-7865 CVE-2017-7866 CVE-2018-12458 CVE-2018-13300 CVE-2018-13301 CVE-2018-13302 CVE-2018-13305 CVE-2018-14394 CVE-2018-14395 CVE-2018-15822 CVE-2018-1999010 CVE-2018-1999011 CVE-2018-1999012 CVE-2018-1999013 CVE-2018-6392 CVE-2018-6621 CVE-2019-12730 CVE-2019-17542 CVE-2019-9718 cpe:/o:opensuse:leap:15.3 libavcodec58_134-4.4-bp153.1.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libavcodec58_134-4.4-bp153.1.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-8216 CVE-2015-8217 CVE-2015-8218 CVE-2015-8219 CVE-2015-8363 CVE-2015-8364 CVE-2015-8365 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 CVE-2016-10190 CVE-2016-10191 CVE-2016-10192 CVE-2016-1897 CVE-2016-1898 CVE-2017-11399 CVE-2017-11665 CVE-2017-14054 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14058 CVE-2017-14059 CVE-2017-14169 CVE-2017-14170 CVE-2017-14171 CVE-2017-14222 CVE-2017-14223 CVE-2017-14225 CVE-2017-15186 CVE-2017-15672 CVE-2017-16840 CVE-2017-17081 CVE-2017-17555 CVE-2017-7859 CVE-2017-7862 CVE-2017-7863 CVE-2017-7865 CVE-2017-7866 CVE-2018-13300 CVE-2018-13305 CVE-2018-15822 CVE-2018-6392 CVE-2018-6621 CVE-2018-7751 CVE-2019-11338 CVE-2019-11339 CVE-2019-15942 CVE-2020-35964 cpe:/o:opensuse:leap:15.3 libblkid1-2.36.2-2.29 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libblkid1-2.36.2-2.29 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-9114 CVE-2015-5218 CVE-2016-2779 CVE-2016-5011 CVE-2017-2616 cpe:/o:opensuse:leap:15.3 libbsd0-0.8.7-3.3.17 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libbsd0-0.8.7-3.3.17 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-20367 cpe:/o:opensuse:leap:15.3 libcaca0-0.99.beta19.git20171003-9.28 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libcaca0-0.99.beta19.git20171003-9.28 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 cpe:/o:opensuse:leap:15.3 libcacard0-2.5.3-1.27 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libcacard0-2.5.3-1.27 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-6414 cpe:/o:opensuse:leap:15.3 libcairo-gobject2-1.16.0-1.55 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libcairo-gobject2-1.16.0-1.55 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-9082 CVE-2017-7475 CVE-2017-9814 cpe:/o:opensuse:leap:15.3 libcares2-1.17.0-3.11.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libcares2-1.17.0-3.11.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-5180 CVE-2017-1000381 CVE-2020-8277 cpe:/o:opensuse:leap:15.3 libcdio16-0.94-6.9.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libcdio16-0.94-6.9.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-18199 CVE-2017-18201 cpe:/o:opensuse:leap:15.3 libcdio19-2.1.0-1.27 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libcdio19-2.1.0-1.27 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-18198 CVE-2017-18199 CVE-2017-18201 cpe:/o:opensuse:leap:15.3 libcfitsio6-3.440-bp153.1.24 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libcfitsio6-3.440-bp153.1.24 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-1000166 cpe:/o:opensuse:leap:15.3 libcroco-0_6-3-0.6.13-1.26 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libcroco-0_6-3-0.6.13-1.26 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-7960 CVE-2017-7961 CVE-2017-8834 CVE-2017-8871 cpe:/o:opensuse:leap:15.3 libdcerpc-binding0-32bit-4.13.4+git.187.5ad4708741a-1.34 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libdcerpc-binding0-32bit-4.13.4+git.187.5ad4708741a-1.34 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8143 CVE-2015-0240 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-5370 CVE-2015-7560 CVE-2015-8467 CVE-2015-8543 CVE-2016-0771 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 CVE-2016-2119 CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 CVE-2017-11103 CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 CVE-2017-14746 CVE-2017-15275 CVE-2017-2619 CVE-2017-7494 CVE-2018-1050 CVE-2018-1057 CVE-2018-10858 CVE-2018-10918 CVE-2018-10919 CVE-2018-1139 CVE-2018-1140 CVE-2018-14629 CVE-2018-16841 CVE-2018-16851 CVE-2018-16852 CVE-2018-16853 CVE-2018-16857 CVE-2018-16860 CVE-2019-10197 CVE-2019-10218 CVE-2019-12435 CVE-2019-12436 CVE-2019-14833 CVE-2019-14847 CVE-2019-14861 CVE-2019-14870 CVE-2019-14902 CVE-2019-14907 CVE-2019-19344 CVE-2019-3824 CVE-2019-3870 CVE-2019-3880 CVE-2020-10700 CVE-2020-10704 CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 CVE-2020-1472 cpe:/o:opensuse:leap:15.3 libdjvulibre21-3.5.27-9.28 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libdjvulibre21-3.5.27-9.28 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 CVE-2019-18804 cpe:/o:opensuse:leap:15.3 libdmx1-1.1.3-1.23 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libdmx1-1.1.3-1.23 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-1992 cpe:/o:opensuse:leap:15.3 libebml5-1.4.2-bp153.1.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libebml5-1.4.2-bp153.1.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2021-3405 cpe:/o:opensuse:leap:15.3 libekmfweb1-2.15.1-6.7 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libekmfweb1-2.15.1-6.7 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2021-25316 cpe:/o:opensuse:leap:15.3 libevent-2_1-8-2.1.8-2.23 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libevent-2_1-8-2.1.8-2.23 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-6272 cpe:/o:opensuse:leap:15.3 libexempi3-2.4.5-3.3.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libexempi3-2.4.5-3.3.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-12648 CVE-2018-7728 CVE-2018-7729 CVE-2018-7730 CVE-2018-7731 cpe:/o:opensuse:leap:15.3 libexif12-0.6.22-5.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libexif12-0.6.22-5.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2019-9278 CVE-2020-0093 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 cpe:/o:opensuse:leap:15.3 libexiv2-26-0.26-6.8.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libexiv2-26-0.26-6.8.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-9449 CVE-2017-1000126 CVE-2017-11337 CVE-2017-11338 CVE-2017-11339 CVE-2017-11340 CVE-2017-11553 CVE-2017-11591 CVE-2017-11592 CVE-2017-11683 CVE-2017-12955 CVE-2017-12956 CVE-2017-12957 CVE-2017-14859 CVE-2017-14860 CVE-2017-14862 CVE-2017-14864 CVE-2017-9239 CVE-2018-12264 CVE-2018-12265 CVE-2018-17229 CVE-2018-17230 CVE-2018-17282 CVE-2018-19108 CVE-2018-19607 CVE-2018-9305 CVE-2019-13114 cpe:/o:opensuse:leap:15.3 libfreebl3-3.53.1-3.51.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libfreebl3-3.53.1-3.51.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-1569 CVE-2015-2721 CVE-2015-4000 CVE-2015-7181 CVE-2015-7182 CVE-2015-7575 CVE-2016-1950 CVE-2016-1979 CVE-2016-2834 CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-18508 CVE-2019-11745 CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 cpe:/o:opensuse:leap:15.3 libfreetype6-2.10.1-4.8.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libfreetype6-2.10.1-4.8.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-2240 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 CVE-2017-8105 CVE-2017-8287 CVE-2018-6942 CVE-2020-15999 cpe:/o:opensuse:leap:15.3 libgadu3-1.12.2-1.44 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libgadu3-1.12.2-1.44 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-6487 CVE-2014-3775 cpe:/o:opensuse:leap:15.3 libgc1-7.6.4-1.16 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libgc1-7.6.4-1.16 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2012-2673 cpe:/o:opensuse:leap:15.3 libgcc_s1-10.2.1+git583-1.3.4 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libgcc_s1-10.2.1+git583-1.3.4 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-13844 cpe:/o:opensuse:leap:15.3 libgcrypt20-1.8.2-8.36.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libgcrypt20-1.8.2-8.36.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3591 CVE-2015-0837 CVE-2015-5738 CVE-2015-7511 CVE-2016-6313 CVE-2017-0379 CVE-2017-7526 CVE-2018-0495 CVE-2019-12904 CVE-2019-13627 cpe:/o:opensuse:leap:15.3 libgd3-2.2.5-9.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libgd3-2.2.5-9.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-2497 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-5116 CVE-2016-5766 CVE-2016-6128 CVE-2016-6132 CVE-2016-6207 CVE-2016-6214 CVE-2016-6905 CVE-2016-6912 CVE-2016-9317 CVE-2017-6362 CVE-2017-7890 CVE-2018-1000222 CVE-2018-14553 CVE-2018-5711 CVE-2019-11038 CVE-2019-6977 CVE-2019-6978 cpe:/o:opensuse:leap:15.3 libgif7-5.1.4-4.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libgif7-5.1.4-4.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-7555 CVE-2016-3977 cpe:/o:opensuse:leap:15.3 libgit2-28-0.28.4-1.28 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libgit2-28-0.28.4-1.28 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2005-4900 CVE-2016-10128 CVE-2016-10129 CVE-2016-10130 CVE-2016-8568 CVE-2016-8569 CVE-2017-5338 CVE-2017-5339 CVE-2018-10887 CVE-2018-10888 CVE-2018-11235 CVE-2018-17456 CVE-2018-8098 CVE-2018-8099 CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1351 CVE-2019-1352 CVE-2019-1353 CVE-2019-1354 CVE-2019-1387 cpe:/o:opensuse:leap:15.3 libgme0-0.6.2-1.17 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libgme0-0.6.2-1.17 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961 cpe:/o:opensuse:leap:15.3 libgnome-autoar-0-0-0.2.3-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libgnome-autoar-0-0-0.2.3-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-36241 cpe:/o:opensuse:leap:15.3 libgraphite2-3-1.3.11-2.12 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libgraphite2-3-1.3.11-2.12 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-1521 CVE-2017-5436 CVE-2018-7999 cpe:/o:opensuse:leap:15.3 libgxps2-0.3.0-4.3.29 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libgxps2-0.3.0-4.3.29 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-10733 cpe:/o:opensuse:leap:15.3 libhdf5-103-1.10.7-bp153.3.43 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libhdf5-103-1.10.7-bp153.3.43 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-17505 CVE-2017-17506 CVE-2017-17508 CVE-2017-17509 CVE-2018-11202 CVE-2018-11203 CVE-2018-11204 CVE-2018-11206 CVE-2018-11207 CVE-2018-13869 CVE-2018-13870 CVE-2018-17233 CVE-2018-17434 CVE-2018-17435 CVE-2018-17437 CVE-2018-17438 cpe:/o:opensuse:leap:15.3 libhogweed4-3.4.1-4.15.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libhogweed4-3.4.1-4.15.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 CVE-2016-6489 CVE-2018-16869 CVE-2021-20305 cpe:/o:opensuse:leap:15.3 libhunspell-1_6-0-1.6.2-3.3.7 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libhunspell-1_6-0-1.6.2-3.3.7 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-16707 cpe:/o:opensuse:leap:15.3 libical-glib3-3.0.6-4.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libical-glib3-3.0.6-4.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-5824 CVE-2016-5827 CVE-2016-9584 cpe:/o:opensuse:leap:15.3 libicu60_2-60.2-3.9.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libicu60_2-60.2-3.9.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-10531 cpe:/o:opensuse:leap:15.3 libidn11-1.34-3.2.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libidn11-1.34-3.2.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 CVE-2017-14062 cpe:/o:opensuse:leap:15.3 libidn2-0-2.2.0-3.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libidn2-0-2.2.0-3.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 CVE-2019-12290 CVE-2019-18224 cpe:/o:opensuse:leap:15.3 libimobiledevice6-1.2.0+git20180427.26373b3-1.40 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libimobiledevice6-1.2.0+git20180427.26373b3-1.40 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-5104 cpe:/o:opensuse:leap:15.3 libixml11-1.14.0-bp153.1.19 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libixml11-1.14.0-bp153.1.19 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-6255 CVE-2016-8863 cpe:/o:opensuse:leap:15.3 libjansson4-2.9-1.24 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libjansson4-2.9-1.24 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-6401 cpe:/o:opensuse:leap:15.3 libjasper4-2.0.14-3.19.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libjasper4-2.0.14-3.19.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2008-3522 CVE-2011-4516 CVE-2011-4517 CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-9029 CVE-2015-5203 CVE-2015-5221 CVE-2016-10251 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 CVE-2016-9262 CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9395 CVE-2016-9396 CVE-2016-9398 CVE-2016-9399 CVE-2016-9557 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2017-1000050 CVE-2017-14132 CVE-2017-5498 CVE-2017-5499 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 CVE-2017-6850 CVE-2017-9782 CVE-2018-18873 CVE-2018-19139 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541 CVE-2018-19542 CVE-2018-19543 CVE-2018-20570 CVE-2018-20622 CVE-2018-9055 CVE-2018-9154 CVE-2018-9252 CVE-2020-27828 CVE-2021-3272 cpe:/o:opensuse:leap:15.3 libjavascriptcoregtk-4_0-18-2.32.0-3.15.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libjavascriptcoregtk-4_0-18-2.32.0-3.15.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-1856 CVE-2016-1857 CVE-2016-4590 CVE-2016-4591 CVE-2016-4622 CVE-2016-4624 CVE-2016-4692 CVE-2016-4743 CVE-2016-7586 CVE-2016-7587 CVE-2016-7589 CVE-2016-7592 CVE-2016-7598 CVE-2016-7599 CVE-2016-7610 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2017-1000121 CVE-2017-1000122 CVE-2017-13788 CVE-2017-13798 CVE-2017-13803 CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-13884 CVE-2017-13885 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2538 CVE-2017-2539 CVE-2017-5715 CVE-2017-5753 CVE-2017-7006 CVE-2017-7011 CVE-2017-7012 CVE-2017-7018 CVE-2017-7019 CVE-2017-7020 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7038 CVE-2017-7039 CVE-2017-7040 CVE-2017-7041 CVE-2017-7042 CVE-2017-7043 CVE-2017-7046 CVE-2017-7048 CVE-2017-7049 CVE-2017-7052 CVE-2017-7055 CVE-2017-7056 CVE-2017-7059 CVE-2017-7061 CVE-2017-7064 CVE-2017-7081 CVE-2017-7087 CVE-2017-7089 CVE-2017-7090 CVE-2017-7091 CVE-2017-7092 CVE-2017-7093 CVE-2017-7094 CVE-2017-7095 CVE-2017-7096 CVE-2017-7098 CVE-2017-7099 CVE-2017-7100 CVE-2017-7102 CVE-2017-7104 CVE-2017-7107 CVE-2017-7109 CVE-2017-7111 CVE-2017-7117 CVE-2017-7120 CVE-2017-7142 CVE-2017-7153 CVE-2017-7156 CVE-2017-7157 CVE-2017-7160 CVE-2017-7161 CVE-2017-7165 CVE-2018-11646 CVE-2018-11712 CVE-2018-11713 CVE-2018-12911 CVE-2018-4088 CVE-2018-4096 CVE-2018-4101 CVE-2018-4113 CVE-2018-4114 CVE-2018-4117 CVE-2018-4118 CVE-2018-4119 CVE-2018-4120 CVE-2018-4122 CVE-2018-4125 CVE-2018-4127 CVE-2018-4128 CVE-2018-4129 CVE-2018-4133 CVE-2018-4146 CVE-2018-4161 CVE-2018-4162 CVE-2018-4163 CVE-2018-4165 CVE-2018-4190 CVE-2018-4191 CVE-2018-4197 CVE-2018-4199 CVE-2018-4200 CVE-2018-4204 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4218 CVE-2018-4222 CVE-2018-4232 CVE-2018-4233 CVE-2018-4246 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 CVE-2019-11070 CVE-2019-6201 CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8375 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8518 CVE-2019-8523 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-10018 CVE-2020-11793 CVE-2020-13543 CVE-2020-13558 CVE-2020-13584 CVE-2020-13753 CVE-2020-27918 CVE-2020-29623 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 cpe:/o:opensuse:leap:15.3 libjbig2-2.1-1.31 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libjbig2-2.1-1.31 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-6369 cpe:/o:opensuse:leap:15.3 libjpeg8-8.1.2-5.15.7 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libjpeg8-8.1.2-5.15.7 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-9092 CVE-2017-15232 CVE-2018-1152 CVE-2018-11813 CVE-2018-14498 CVE-2019-2201 CVE-2020-13790 cpe:/o:opensuse:leap:15.3 libjson-c3-0.13-1.19 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libjson-c3-0.13-1.19 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-6370 CVE-2013-6371 cpe:/o:opensuse:leap:15.3 libksba8-1.3.5-2.14 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libksba8-1.3.5-2.14 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-9087 CVE-2016-4574 CVE-2016-4579 cpe:/o:opensuse:leap:15.3 liblcms2-2-2.9-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the liblcms2-2-2.9-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-16435 cpe:/o:opensuse:leap:15.3 libldap-2_4-2-2.4.46-9.53.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libldap-2_4-2-2.4.46-9.53.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-1545 CVE-2015-1546 CVE-2015-6908 CVE-2017-17740 CVE-2019-13057 CVE-2019-13565 CVE-2020-12243 CVE-2020-15719 CVE-2020-25692 CVE-2020-25709 CVE-2020-25710 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8023 CVE-2020-8027 CVE-2021-27212 cpe:/o:opensuse:leap:15.3 libldb2-2.2.1-1.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libldb2-2.2.1-1.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-3223 CVE-2015-5330 CVE-2018-1140 CVE-2019-3824 CVE-2020-10700 CVE-2020-10730 CVE-2020-27840 CVE-2021-20277 cpe:/o:opensuse:leap:15.3 liblouis-data-3.11.0-1.42 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the liblouis-data-3.11.0-1.42 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744 CVE-2018-11410 CVE-2018-11440 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 CVE-2018-12085 cpe:/o:opensuse:leap:15.3 liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the liblua5_3-5-32bit-5.3.4-3.3.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-6706 cpe:/o:opensuse:leap:15.3 liblz4-1-1.9.2-1.40 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the liblz4-1-1.9.2-1.40 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-17543 cpe:/o:opensuse:leap:15.3 liblzo2-2-2.10-2.22 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the liblzo2-2-2.10-2.22 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-4607 cpe:/o:opensuse:leap:15.3 libmad0-0.15.1b-3.16 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libmad0-0.15.1b-3.16 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-8374 cpe:/o:opensuse:leap:15.3 libmariadb3-3.1.12-3.25.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libmariadb3-3.1.12-3.25.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-13249 cpe:/o:opensuse:leap:15.3 libmarkdown2-2.2.4-1.41 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libmarkdown2-2.2.4-1.41 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-11468 CVE-2018-12495 cpe:/o:opensuse:leap:15.3 libminiupnpc16-2.0.20171102-bp153.1.39 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libminiupnpc16-2.0.20171102-bp153.1.39 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3985 CVE-2017-8798 cpe:/o:opensuse:leap:15.3 libminizip1-1.2.11-3.21.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libminizip1-1.2.11-3.21.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-9843 cpe:/o:opensuse:leap:15.3 libmms0-0.6.4-1.24 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libmms0-0.6.4-1.24 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-2892 cpe:/o:opensuse:leap:15.3 libmp3lame0-3.100-1.33 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libmp3lame0-3.100-1.33 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-9410 CVE-2017-9411 CVE-2017-9412 cpe:/o:opensuse:leap:15.3 libmpfr6-4.0.2-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libmpfr6-4.0.2-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-9474 cpe:/o:opensuse:leap:15.3 libmpg123-0-1.26.4-1.15 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libmpg123-0-1.26.4-1.15 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-10683 CVE-2017-11126 cpe:/o:opensuse:leap:15.3 libmspack0-0.6-3.8.19 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libmspack0-0.6-3.8.19 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-9556 CVE-2017-11423 CVE-2017-6419 CVE-2018-18584 CVE-2018-18585 CVE-2019-1010305 cpe:/o:opensuse:leap:15.3 libmwaw-0_3-3-0.3.17-4.9.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libmwaw-0_3-3-0.3.17-4.9.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-9433 cpe:/o:opensuse:leap:15.3 libmysqld19-10.2.37-3.37.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libmysqld19-10.2.37-3.37.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4864 CVE-2015-4866 CVE-2015-4870 CVE-2015-4879 CVE-2015-4895 CVE-2015-4913 CVE-2015-5969 CVE-2015-7744 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0610 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0644 CVE-2016-0646 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0668 CVE-2016-2047 CVE-2016-3477 CVE-2016-3492 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-6664 CVE-2016-7440 CVE-2016-8283 CVE-2016-9843 CVE-2017-10268 CVE-2017-10286 CVE-2017-10320 CVE-2017-10365 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 CVE-2017-15365 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2759 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2777 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3162 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3251 CVE-2018-3277 CVE-2018-3282 CVE-2018-3284 CVE-2019-18901 CVE-2019-2510 CVE-2019-2537 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2758 CVE-2019-2805 CVE-2019-2938 CVE-2019-2974 CVE-2020-13249 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 CVE-2020-2574 CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 cpe:/o:opensuse:leap:15.3 libncurses6-6.1-5.6.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libncurses6-6.1-5.6.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-19211 CVE-2019-17594 CVE-2019-17595 cpe:/o:opensuse:leap:15.3 libndp0-1.6-1.26 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libndp0-1.6-1.26 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-3698 cpe:/o:opensuse:leap:15.3 libnetpbm11-10.80.1-3.11.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libnetpbm11-10.80.1-3.11.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-2579 CVE-2017-2580 CVE-2018-8975 cpe:/o:opensuse:leap:15.3 libnewt0_52-0.52.20-5.35 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libnewt0_52-0.52.20-5.35 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2009-2905 cpe:/o:opensuse:leap:15.3 libnghttp2-14-1.40.0-3.5.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libnghttp2-14-1.40.0-3.5.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-1544 CVE-2018-1000168 CVE-2019-18802 CVE-2019-9511 CVE-2019-9513 CVE-2020-11080 cpe:/o:opensuse:leap:15.3 libntfs-3g87-2016.2.22-3.5.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libntfs-3g87-2016.2.22-3.5.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-9755 cpe:/o:opensuse:leap:15.3 libopencv3_3-3.3.1-6.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libopencv3_3-3.3.1-6.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-18009 CVE-2019-14491 CVE-2019-14492 CVE-2019-15939 cpe:/o:opensuse:leap:15.3 libopenjp2-7-2.3.0-1.25 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libopenjp2-7-2.3.0-1.25 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-10504 CVE-2016-10505 CVE-2016-10506 CVE-2016-5139 CVE-2016-5152 CVE-2016-5158 CVE-2016-5159 CVE-2016-7163 CVE-2016-8332 CVE-2017-12982 CVE-2017-14039 CVE-2017-14040 CVE-2017-14041 CVE-2017-14151 CVE-2017-14152 CVE-2017-14164 cpe:/o:opensuse:leap:15.3 libopenjpeg1-1.5.2-2.28 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libopenjpeg1-1.5.2-2.28 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2009-5030 CVE-2012-3358 CVE-2012-3535 CVE-2013-1447 CVE-2013-4289 CVE-2013-4290 CVE-2013-6045 CVE-2013-6052 CVE-2013-6053 CVE-2013-6054 CVE-2013-6887 CVE-2016-7445 cpe:/o:opensuse:leap:15.3 libopenmpt0-0.3.19-2.10.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libopenmpt0-0.3.19-2.10.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-11311 CVE-2018-10017 CVE-2018-11710 CVE-2018-20860 CVE-2018-20861 CVE-2019-14382 CVE-2019-14383 CVE-2019-17113 cpe:/o:opensuse:leap:15.3 libopenssl1_1-1.1.1d-11.23.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libopenssl1_1-1.1.1d-11.23.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-1793 CVE-2015-1794 CVE-2015-3193 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2016-0701 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2016-7056 CVE-2017-3731 CVE-2017-3732 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 CVE-2018-0732 CVE-2018-0734 CVE-2018-0735 CVE-2018-0737 CVE-2018-0739 CVE-2019-1543 CVE-2019-1547 CVE-2019-1549 CVE-2019-1551 CVE-2019-1563 CVE-2020-1967 CVE-2020-1971 CVE-2021-23840 CVE-2021-23841 CVE-2021-3449 cpe:/o:opensuse:leap:15.3 libopus0-1.3.1-3.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libopus0-1.3.1-3.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-0381 cpe:/o:opensuse:leap:15.3 libosinfo-1.7.1-1.52 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libosinfo-1.7.1-1.52 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-13313 cpe:/o:opensuse:leap:15.3 libpango-1_0-0-1.44.7+11-1.25 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpango-1_0-0-1.44.7+11-1.25 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-15120 cpe:/o:opensuse:leap:15.3 libpano13-3-2.9.19-bp153.2.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpano13-3-2.9.19-bp153.2.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2021-20307 cpe:/o:opensuse:leap:15.3 libpcap1-1.9.1-1.33 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpcap1-1.9.1-1.33 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-16301 CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 cpe:/o:opensuse:leap:15.3 libpcre1-32bit-8.41-4.20 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpcre1-32bit-8.41-4.20 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8964 CVE-2015-2325 CVE-2015-2326 CVE-2015-3217 CVE-2016-1283 CVE-2016-3191 CVE-2017-6004 CVE-2017-7186 CVE-2017-7244 CVE-2017-7245 CVE-2017-7246 cpe:/o:opensuse:leap:15.3 libpcre2-16-0-10.31-1.14 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpcre2-16-0-10.31-1.14 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8964 CVE-2015-2325 CVE-2015-2326 CVE-2016-3191 CVE-2017-7186 CVE-2017-8786 cpe:/o:opensuse:leap:15.3 libpcsclite1-1.8.24-1.14 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpcsclite1-1.8.24-1.14 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-10109 cpe:/o:opensuse:leap:15.3 libplist3-2.0.0-1.31 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libplist3-2.0.0-1.31 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 CVE-2017-6440 CVE-2017-7982 cpe:/o:opensuse:leap:15.3 libpng16-16-1.6.34-3.9.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpng16-16-1.6.34-3.9.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-8126 CVE-2016-10087 CVE-2016-5735 CVE-2017-12652 CVE-2018-13785 CVE-2019-7317 cpe:/o:opensuse:leap:15.3 libpolkit0-0.116-1.51 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpolkit0-0.116-1.51 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 CVE-2018-1116 CVE-2018-19788 CVE-2019-6133 cpe:/o:opensuse:leap:15.3 libpoppler-cpp0-0.79.0-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpoppler-cpp0-0.79.0-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-14517 CVE-2017-14518 CVE-2017-7511 CVE-2017-7515 cpe:/o:opensuse:leap:15.3 libpotrace0-1.15-3.19 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpotrace0-1.15-3.19 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-7437 CVE-2016-8685 CVE-2016-8686 CVE-2017-12067 cpe:/o:opensuse:leap:15.3 libpq5-13.2-5.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpq5-13.2-5.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 CVE-2021-20229 CVE-2021-3393 cpe:/o:opensuse:leap:15.3 libprocps7-3.3.15-7.19.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libprocps7-3.3.15-7.19.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:opensuse:leap:15.3 libproxy1-0.4.15-12.41 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libproxy1-0.4.15-12.41 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-25219 CVE-2020-26154 cpe:/o:opensuse:leap:15.3 libpskc0-2.6.2-1.15 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpskc0-2.6.2-1.15 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-7322 cpe:/o:opensuse:leap:15.3 libpurple-2.13.0-10.105 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpurple-2.13.0-10.105 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3697 CVE-2014-3698 CVE-2017-2640 cpe:/o:opensuse:leap:15.3 libpython2_7-1_0-2.7.18-7.55.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpython2_7-1_0-2.7.18-7.55.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-1752 CVE-2013-1753 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-1000158 CVE-2017-18207 CVE-2018-1000030 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-20852 CVE-2019-10160 CVE-2019-16056 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20916 CVE-2019-5010 CVE-2019-9636 CVE-2019-9674 CVE-2019-9947 CVE-2019-9948 CVE-2020-26116 CVE-2020-8492 CVE-2021-23336 CVE-2021-3177 cpe:/o:opensuse:leap:15.3 libpython3_6m1_0-3.6.13-3.81.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libpython3_6m1_0-3.6.13-3.81.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-20406 CVE-2018-20852 CVE-2019-10160 CVE-2019-15903 CVE-2019-16056 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20916 CVE-2019-5010 CVE-2019-9636 CVE-2019-9674 CVE-2019-9947 CVE-2020-14422 CVE-2020-26116 CVE-2020-27619 CVE-2020-8492 CVE-2021-23336 CVE-2021-3177 CVE-2021-3426 cpe:/o:opensuse:leap:15.3 libqpdf26-9.0.2-1.36 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libqpdf26-9.0.2-1.36 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 cpe:/o:opensuse:leap:15.3 libqt5-qtwebengine-5.15.3-bp153.1.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libqt5-qtwebengine-5.15.3-bp153.1.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-6033 CVE-2019-5786 CVE-2020-16044 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21135 CVE-2021-21137 CVE-2021-21140 CVE-2021-21141 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147 CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21152 CVE-2021-21153 CVE-2021-21156 CVE-2021-21157 cpe:/o:opensuse:leap:15.3 libquicktime0-1.2.4+git20180804.fff99cd-1.19 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libquicktime0-1.2.4+git20180804.fff99cd-1.19 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-2399 CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 cpe:/o:opensuse:leap:15.3 librados2-15.2.11.83+g8a15f484c2-3.22.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the librados2-15.2.11.83+g8a15f484c2-3.22.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-16818 CVE-2018-10861 CVE-2018-1128 CVE-2018-1129 CVE-2018-16889 CVE-2019-10222 CVE-2019-3821 CVE-2020-10736 CVE-2020-1759 CVE-2020-1760 CVE-2020-25660 CVE-2020-25678 CVE-2020-27781 CVE-2020-27839 CVE-2021-20288 cpe:/o:opensuse:leap:15.3 libraptor2-0-2.0.15-9.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libraptor2-0-2.0.15-9.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2012-0037 CVE-2017-18926 cpe:/o:opensuse:leap:15.3 libraw16-0.18.9-3.11.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libraw16-0.18.9-3.11.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-8367 CVE-2017-13735 CVE-2017-14265 CVE-2017-14348 CVE-2017-6886 CVE-2017-6887 CVE-2017-6890 CVE-2017-6899 CVE-2018-10528 CVE-2018-10529 CVE-2018-20337 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365 CVE-2018-5813 CVE-2018-5815 CVE-2018-5816 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 CVE-2020-15503 cpe:/o:opensuse:leap:15.3 libreoffice-7.1.2.2-2.3 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libreoffice-7.1.2.2-2.3 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3693 CVE-2014-8146 CVE-2014-8147 CVE-2014-9093 CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 CVE-2016-0794 CVE-2016-0795 CVE-2016-10327 CVE-2016-4324 CVE-2017-3157 CVE-2017-7870 CVE-2017-7882 CVE-2017-8358 CVE-2018-10119 CVE-2018-10120 CVE-2018-1055 CVE-2018-10583 CVE-2018-16858 CVE-2018-6871 CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9853 CVE-2019-9854 CVE-2019-9855 CVE-2020-12801 CVE-2020-12802 CVE-2020-12803 cpe:/o:opensuse:leap:15.3 libreoffice-gtk2-6.2.7.1-8.10.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libreoffice-gtk2-6.2.7.1-8.10.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3693 CVE-2014-8146 CVE-2014-8147 CVE-2014-9093 CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 CVE-2016-0794 CVE-2016-0795 CVE-2016-10327 CVE-2016-4324 CVE-2017-3157 CVE-2017-7870 CVE-2017-7882 CVE-2017-8358 CVE-2018-10119 CVE-2018-10120 CVE-2018-1055 CVE-2018-10583 CVE-2018-16858 CVE-2018-6871 CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9854 CVE-2019-9855 cpe:/o:opensuse:leap:15.3 libruby2_5-2_5-2.5.9-4.17.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libruby2_5-2_5-2.5.9-4.17.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2012-6708 CVE-2015-9251 CVE-2017-17742 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-16395 CVE-2018-16396 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 CVE-2020-10663 CVE-2020-10933 CVE-2020-25613 CVE-2020-8130 CVE-2021-28965 cpe:/o:opensuse:leap:15.3 libseccomp2-2.4.1-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libseccomp2-2.4.1-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-9893 cpe:/o:opensuse:leap:15.3 libserf-1-1-1.3.9-2.31 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libserf-1-1-1.3.9-2.31 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3504 cpe:/o:opensuse:leap:15.3 libslirp0-4.3.1-1.51 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libslirp0-4.3.1-1.51 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-10756 CVE-2020-1983 cpe:/o:opensuse:leap:15.3 libsndfile1-1.0.28-5.5.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libsndfile1-1.0.28-5.5.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2009-0186 CVE-2011-2696 CVE-2014-9496 CVE-2014-9756 CVE-2015-7805 CVE-2015-8075 CVE-2017-12562 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-17456 CVE-2017-17457 CVE-2017-6892 CVE-2017-7585 CVE-2017-7586 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 CVE-2018-13139 cpe:/o:opensuse:leap:15.3 libsnmp30-5.7.3-8.24 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libsnmp30-5.7.3-8.24 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-5621 cpe:/o:opensuse:leap:15.3 libsolv-tools-0.7.19-3.23.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libsolv-tools-0.7.19-3.23.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 cpe:/o:opensuse:leap:15.3 libsoup-2_4-1-2.68.3-2.32 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libsoup-2_4-1-2.68.3-2.32 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-2885 CVE-2018-12910 cpe:/o:opensuse:leap:15.3 libspice-client-glib-2_0-8-0.38-1.59 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libspice-client-glib-2_0-8-0.38-1.59 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-10873 CVE-2018-10893 CVE-2020-14355 cpe:/o:opensuse:leap:15.3 libspice-server1-0.14.3-1.48 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libspice-server1-0.14.3-1.48 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-4282 CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 CVE-2016-0749 CVE-2016-2150 CVE-2016-9577 CVE-2016-9578 CVE-2018-10873 CVE-2018-10893 CVE-2019-3813 CVE-2020-14355 cpe:/o:opensuse:leap:15.3 libsqlite3-0-3.28.0-3.9.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libsqlite3-0-3.28.0-3.9.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-20346 CVE-2018-8740 CVE-2019-16168 CVE-2019-9936 CVE-2019-9937 cpe:/o:opensuse:leap:15.3 libsrt1-1.3.4-1.45 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libsrt1-1.3.4-1.45 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-15784 cpe:/o:opensuse:leap:15.3 libsrtp2-1-2.2.0-1.34 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libsrtp2-1-2.2.0-1.34 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-6360 cpe:/o:opensuse:leap:15.3 libssh2-1-1.9.0-4.13.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libssh2-1-1.9.0-4.13.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-1782 CVE-2016-0787 CVE-2019-17498 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:opensuse:leap:15.3 libssh4-0.8.7-10.12.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libssh4-0.8.7-10.12.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8132 CVE-2015-3146 CVE-2018-10933 CVE-2019-14889 CVE-2020-1730 cpe:/o:opensuse:leap:15.3 libstaroffice-0_0-0-0.0.7-7.3.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libstaroffice-0_0-0-0.0.7-7.3.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-9432 cpe:/o:opensuse:leap:15.3 libsystemd0-246.13-5.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libsystemd0-246.13-5.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-7510 CVE-2016-10156 CVE-2017-15908 CVE-2017-18078 CVE-2017-9445 CVE-2018-15686 CVE-2018-15687 CVE-2018-15688 CVE-2018-16864 CVE-2018-16865 CVE-2018-21029 CVE-2018-6954 CVE-2019-20386 CVE-2019-3842 CVE-2019-3843 CVE-2019-3844 CVE-2019-6454 CVE-2020-1712 cpe:/o:opensuse:leap:15.3 libtag1-1.11.1-4.9.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libtag1-1.11.1-4.9.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-12678 CVE-2018-11439 cpe:/o:opensuse:leap:15.3 libtasn1-4.13-4.5.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libtasn1-4.13-4.5.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-2806 CVE-2015-3622 CVE-2016-4008 CVE-2018-1000654 CVE-2018-6003 cpe:/o:opensuse:leap:15.3 libthai-data-0.1.27-1.16 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libthai-data-0.1.27-1.16 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2009-4012 cpe:/o:opensuse:leap:15.3 libtiff5-4.0.9-5.30.28 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libtiff5-4.0.9-5.30.28 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2012-4564 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10095 CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10270 CVE-2016-10271 CVE-2016-10272 CVE-2016-10371 CVE-2016-3186 CVE-2016-3622 CVE-2016-3623 CVE-2016-3658 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5318 CVE-2016-5320 CVE-2016-5321 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 CVE-2016-9538 CVE-2017-11613 CVE-2017-12944 CVE-2017-16232 CVE-2017-18013 CVE-2017-5225 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 CVE-2017-9403 CVE-2017-9404 CVE-2017-9935 CVE-2017-9936 CVE-2018-10779 CVE-2018-10963 CVE-2018-12900 CVE-2018-16335 CVE-2018-17000 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 CVE-2018-18557 CVE-2018-18661 CVE-2018-19210 CVE-2018-5784 CVE-2018-7456 CVE-2018-8905 CVE-2019-14973 CVE-2019-6128 CVE-2019-7663 cpe:/o:opensuse:leap:15.3 libtirpc-netconfig-1.2.6-1.131 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libtirpc-netconfig-1.2.6-1.131 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-4429 cpe:/o:opensuse:leap:15.3 libtpms0-0.8.2-1.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libtpms0-0.8.2-1.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2021-3446 CVE-2021-3505 cpe:/o:opensuse:leap:15.3 libtss2-esys0-2.4.5-1.11 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libtss2-esys0-2.4.5-1.11 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-24455 cpe:/o:opensuse:leap:15.3 libudisks2-0-2.8.1-1.39 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libudisks2-0-2.8.1-1.39 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-17336 cpe:/o:opensuse:leap:15.3 libunwind-1.5.0-4.5.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libunwind-1.5.0-4.5.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-3239 cpe:/o:opensuse:leap:15.3 libupsclient1-2.7.4-4.72 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libupsclient1-2.7.4-4.72 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2012-2944 cpe:/o:opensuse:leap:15.3 libvdpau1-1.1.1-1.28 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libvdpau1-1.1.1-1.28 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 cpe:/o:opensuse:leap:15.3 libvirglrenderer0-0.6.0-4.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libvirglrenderer0-0.6.0-4.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-10214 CVE-2017-5937 CVE-2017-5957 CVE-2017-5993 CVE-2017-5994 CVE-2017-6386 CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391 cpe:/o:opensuse:leap:15.3 libvirt-bash-completion-7.1.0-4.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libvirt-bash-completion-7.1.0-4.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-7823 CVE-2014-8131 CVE-2015-0236 CVE-2015-5247 CVE-2015-5313 CVE-2017-1000256 CVE-2017-2635 CVE-2017-5715 CVE-2018-1064 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-3639 CVE-2018-5748 CVE-2019-10132 CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 CVE-2019-10168 CVE-2019-11091 CVE-2019-11135 CVE-2019-3886 CVE-2020-10701 CVE-2020-12430 CVE-2020-14339 CVE-2020-15708 CVE-2020-25637 cpe:/o:opensuse:leap:15.3 libvlc5-3.0.13-bp153.1.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libvlc5-3.0.13-bp153.1.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-9625 CVE-2015-5949 CVE-2015-7981 CVE-2015-8126 CVE-2016-5108 CVE-2017-10699 CVE-2017-9300 CVE-2018-19857 CVE-2019-12874 CVE-2019-13602 CVE-2019-13962 CVE-2019-14437 CVE-2019-14438 CVE-2019-14498 CVE-2019-14533 CVE-2019-14534 CVE-2019-14535 CVE-2019-14776 CVE-2019-14777 CVE-2019-14778 CVE-2019-14970 CVE-2019-5439 CVE-2019-5459 CVE-2019-5460 CVE-2020-13428 CVE-2020-26664 cpe:/o:opensuse:leap:15.3 libvmtools0-11.2.5-1.17 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libvmtools0-11.2.5-1.17 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-5191 cpe:/o:opensuse:leap:15.3 libvncclient0-0.9.10-4.25.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libvncclient0-0.9.10-4.25.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-4607 CVE-2017-18922 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 CVE-2018-21247 CVE-2018-6307 CVE-2018-7225 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-25708 cpe:/o:opensuse:leap:15.3 libvorbis0-1.3.6-4.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libvorbis0-1.3.6-4.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2008-1420 CVE-2009-3379 CVE-2012-0444 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 CVE-2018-10392 CVE-2018-10393 CVE-2018-5146 cpe:/o:opensuse:leap:15.3 libvpx4-1.6.1-6.6.8 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libvpx4-1.6.1-6.6.8 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-1621 CVE-2016-2464 CVE-2017-0641 CVE-2017-13194 CVE-2019-2126 CVE-2019-9232 CVE-2019-9325 CVE-2019-9371 CVE-2019-9433 CVE-2020-0034 cpe:/o:opensuse:leap:15.3 libwavpack1-5.4.0-4.9.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libwavpack1-5.4.0-4.9.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 CVE-2018-19840 CVE-2018-19841 CVE-2018-6767 CVE-2018-7253 CVE-2018-7254 CVE-2019-1010319 CVE-2019-11498 CVE-2020-35738 cpe:/o:opensuse:leap:15.3 libwebp7-1.0.3-1.62 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libwebp7-1.0.3-1.62 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-8888 CVE-2016-9085 cpe:/o:opensuse:leap:15.3 libwmf-0_2-7-0.2.8.4-2.30 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libwmf-0_2-7-0.2.8.4-2.30 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 cpe:/o:opensuse:leap:15.3 libwpd-0_10-10-0.10.2-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libwpd-0_10-10-0.10.2-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-14226 CVE-2018-19208 cpe:/o:opensuse:leap:15.3 libxapian30-1.4.17-bp153.1.19 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libxapian30-1.4.17-bp153.1.19 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-0499 cpe:/o:opensuse:leap:15.3 libxerces-c-3_2-3.2.3-1.28 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libxerces-c-3_2-3.2.3-1.28 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-0729 CVE-2016-2099 CVE-2016-4463 CVE-2017-12627 cpe:/o:opensuse:leap:15.3 libxkbcommon-x11-0-0.8.2-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libxkbcommon-x11-0-0.8.2-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-15853 CVE-2018-15854 CVE-2018-15855 CVE-2018-15856 CVE-2018-15857 CVE-2018-15858 CVE-2018-15859 CVE-2018-15861 CVE-2018-15862 CVE-2018-15863 CVE-2018-15864 cpe:/o:opensuse:leap:15.3 libxml2-2-2.9.7-3.31.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libxml2-2-2.9.7-3.31.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-0191 CVE-2014-3660 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8242 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 CVE-2016-4658 CVE-2017-0663 CVE-2017-18258 CVE-2017-5969 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2018-14404 CVE-2018-14567 CVE-2018-9251 CVE-2019-19956 CVE-2019-20388 CVE-2020-24977 CVE-2020-7595 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 cpe:/o:opensuse:leap:15.3 libxslt-tools-1.1.32-3.8.24 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libxslt-tools-1.1.32-3.8.24 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 CVE-2019-11068 CVE-2019-13117 CVE-2019-13118 CVE-2019-18197 cpe:/o:opensuse:leap:15.3 libyaml-0-2-0.1.7-1.17 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libyaml-0-2-0.1.7-1.17 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 cpe:/o:opensuse:leap:15.3 libyaml-cpp0_6-0.6.1-4.2.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libyaml-cpp0_6-0.6.1-4.2.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-5950 cpe:/o:opensuse:leap:15.3 libzip5-1.5.1-1.9 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libzip5-1.5.1-1.9 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2011-0421 CVE-2012-1162 CVE-2012-1163 CVE-2015-2331 CVE-2017-12858 CVE-2017-14107 cpe:/o:opensuse:leap:15.3 libzstd1-1.4.4-1.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libzstd1-1.4.4-1.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-11922 CVE-2021-24031 CVE-2021-24032 cpe:/o:opensuse:leap:15.3 libzypp-17.25.10-3.36.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the libzypp-17.25.10-3.36.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-7435 CVE-2017-7436 CVE-2017-9269 CVE-2017-9271 CVE-2018-7685 CVE-2019-18900 cpe:/o:opensuse:leap:15.3 login_defs-4.8.1-2.43 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the login_defs-4.8.1-2.43 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-7169 cpe:/o:opensuse:leap:15.3 logrotate-3.13.0-4.3.9 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the logrotate-3.13.0-4.3.9 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 cpe:/o:opensuse:leap:15.3 mailx-12.5-1.87 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the mailx-12.5-1.87 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2004-2771 CVE-2014-7844 cpe:/o:opensuse:leap:15.3 mariadb-10.5.8-1.5 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the mariadb-10.5.8-1.5 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4864 CVE-2015-4866 CVE-2015-4870 CVE-2015-4879 CVE-2015-4895 CVE-2015-4913 CVE-2015-5969 CVE-2015-7744 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0610 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0644 CVE-2016-0646 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0668 CVE-2016-2047 CVE-2016-3477 CVE-2016-3492 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-6664 CVE-2016-7440 CVE-2016-8283 CVE-2016-9843 CVE-2017-10268 CVE-2017-10286 CVE-2017-10320 CVE-2017-10365 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 CVE-2017-15365 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2759 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2777 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3162 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3251 CVE-2018-3277 CVE-2018-3282 CVE-2018-3284 CVE-2019-18901 CVE-2019-2503 CVE-2019-2510 CVE-2019-2537 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2758 CVE-2019-2805 CVE-2019-2938 CVE-2019-2974 CVE-2020-13249 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 CVE-2020-2574 CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 CVE-2020-7221 cpe:/o:opensuse:leap:15.3 messagelib-20.04.2-bp153.1.29 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the messagelib-20.04.2-bp153.1.29 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-10732 cpe:/o:opensuse:leap:15.3 mozilla-nspr-4.25.1-3.17.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the mozilla-nspr-4.25.1-3.17.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-7183 cpe:/o:opensuse:leap:15.3 nfs-client-2.1.1-10.12.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the nfs-client-2.1.1-10.12.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-3689 cpe:/o:opensuse:leap:15.3 okular-20.04.2-bp153.1.31 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the okular-20.04.2-bp153.1.31 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-1000801 CVE-2020-9359 cpe:/o:opensuse:leap:15.3 openconnect-7.08-6.9.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the openconnect-7.08-6.9.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-16239 CVE-2020-12105 CVE-2020-12823 cpe:/o:opensuse:leap:15.3 openslp-2.0.0-6.15.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the openslp-2.0.0-6.15.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-4912 CVE-2016-7567 CVE-2017-17833 cpe:/o:opensuse:leap:15.3 openssh-8.4p1-1.30 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the openssh-8.4p1-1.30 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-8325 CVE-2016-0777 CVE-2016-0778 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-6210 CVE-2016-6515 CVE-2016-8858 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 cpe:/o:opensuse:leap:15.3 openssl-1.1.1d-1.46 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the openssl-1.1.1d-1.46 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-1793 CVE-2015-1794 CVE-2015-3193 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2016-0701 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2016-7056 CVE-2017-3731 CVE-2017-3732 cpe:/o:opensuse:leap:15.3 openvpn-2.4.3-5.7.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the openvpn-2.4.3-5.7.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8104 CVE-2017-12166 CVE-2017-7521 CVE-2017-7522 CVE-2018-7544 CVE-2018-9336 CVE-2020-11810 CVE-2020-15078 cpe:/o:opensuse:leap:15.3 ovmf-202008-8.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the ovmf-202008-8.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-0739 CVE-2018-12178 CVE-2018-12180 CVE-2018-12181 CVE-2018-3613 CVE-2018-3630 CVE-2019-0160 CVE-2019-0161 CVE-2019-14553 CVE-2019-14559 CVE-2019-14562 CVE-2019-14563 CVE-2019-14575 CVE-2019-14584 CVE-2021-28210 CVE-2021-28211 cpe:/o:opensuse:leap:15.3 p7zip-16.02-14.5.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the p7zip-16.02-14.5.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-1038 CVE-2016-2334 CVE-2016-2335 CVE-2016-9296 CVE-2017-17969 CVE-2021-3465 cpe:/o:opensuse:leap:15.3 pam-1.3.0-6.29.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the pam-1.3.0-6.29.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-3238 CVE-2018-17953 cpe:/o:opensuse:leap:15.3 perl-5.26.1-15.87 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the perl-5.26.1-15.87 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-12837 CVE-2017-12883 CVE-2018-12015 CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 cpe:/o:opensuse:leap:15.3 perl-Archive-Zip-1.60-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the perl-Archive-Zip-1.60-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-10860 cpe:/o:opensuse:leap:15.3 perl-HTML-Parser-3.72-1.26 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the perl-HTML-Parser-3.72-1.26 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2009-3627 cpe:/o:opensuse:leap:15.3 perl-LWP-Protocol-https-6.06-1.24 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the perl-LWP-Protocol-https-6.06-1.24 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3230 cpe:/o:opensuse:leap:15.3 perl-XML-LibXML-2.0132-1.20 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the perl-XML-LibXML-2.0132-1.20 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-3451 cpe:/o:opensuse:leap:15.3 perl-XML-Twig-3.52-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the perl-XML-Twig-3.52-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-9180 cpe:/o:opensuse:leap:15.3 permissions-20181225-23.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the permissions-20181225-23.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-3687 CVE-2019-3688 CVE-2019-3690 CVE-2020-8013 CVE-2020-8025 cpe:/o:opensuse:leap:15.3 plasma5-desktop-5.18.6-bp153.2.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the plasma5-desktop-5.18.6-bp153.2.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8651 cpe:/o:opensuse:leap:15.3 powerpc-utils-1.3.8-7.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the powerpc-utils-1.3.8-7.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-4040 cpe:/o:opensuse:leap:15.3 ppc64-diag-2.7.6-3.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the ppc64-diag-2.7.6-3.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-4038 CVE-2014-4039 cpe:/o:opensuse:leap:15.3 ppp-2.4.7-5.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the ppp-2.4.7-5.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3158 CVE-2015-3310 CVE-2020-8597 cpe:/o:opensuse:leap:15.3 procmail-3.22-2.34 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the procmail-3.22-2.34 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3618 CVE-2017-16844 cpe:/o:opensuse:leap:15.3 python3-cryptography-2.8-3.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the python3-cryptography-2.8-3.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-25659 CVE-2020-36242 cpe:/o:opensuse:leap:15.3 python3-cupshelpers-1.5.7-6.27 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the python3-cupshelpers-1.5.7-6.27 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2011-4405 cpe:/o:opensuse:leap:15.3 python3-numpy-1.17.3-7.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the python3-numpy-1.17.3-7.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-12852 CVE-2019-6446 cpe:/o:opensuse:leap:15.3 python3-pip-20.0.2-6.12.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the python3-pip-20.0.2-6.12.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8991 CVE-2015-2296 CVE-2019-20916 cpe:/o:opensuse:leap:15.3 python3-requests-2.24.0-1.24 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the python3-requests-2.24.0-1.24 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-2296 CVE-2018-18074 cpe:/o:opensuse:leap:15.3 python3-setuptools-40.5.0-6.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the python3-setuptools-40.5.0-6.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-20916 cpe:/o:opensuse:leap:15.3 python3-urllib3-1.25.10-2.18 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the python3-urllib3-1.25.10-2.18 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-9015 CVE-2018-20060 CVE-2019-11236 CVE-2019-11324 CVE-2019-9740 CVE-2020-26137 cpe:/o:opensuse:leap:15.3 qemu-5.2.0-9.18 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the qemu-5.2.0-9.18 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-3456 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-10028 CVE-2016-10155 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 CVE-2016-3712 CVE-2016-4002 CVE-2016-4020 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4964 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6351 CVE-2016-6490 CVE-2016-6833 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 CVE-2016-7157 CVE-2016-7161 CVE-2016-7170 CVE-2016-7421 CVE-2016-7422 CVE-2016-7423 CVE-2016-7466 CVE-2016-7907 CVE-2016-7908 CVE-2016-7909 CVE-2016-7994 CVE-2016-7995 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8668 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 CVE-2016-9381 CVE-2016-9602 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922 CVE-2016-9923 CVE-2017-10664 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434 CVE-2017-13672 CVE-2017-13673 CVE-2017-13711 CVE-2017-14167 CVE-2017-15038 CVE-2017-15118 CVE-2017-15119 CVE-2017-15268 CVE-2017-15289 CVE-2017-2615 CVE-2017-2620 CVE-2017-2630 CVE-2017-2633 CVE-2017-5525 CVE-2017-5526 CVE-2017-5552 CVE-2017-5578 CVE-2017-5579 CVE-2017-5667 CVE-2017-5715 CVE-2017-5856 CVE-2017-5857 CVE-2017-5898 CVE-2017-5931 CVE-2017-5973 CVE-2017-5987 CVE-2017-6058 CVE-2017-6505 CVE-2017-7471 CVE-2017-7493 CVE-2017-8112 CVE-2017-8309 CVE-2017-8379 CVE-2017-8380 CVE-2017-9503 CVE-2017-9524 CVE-2018-10839 CVE-2018-11806 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-12207 CVE-2018-12617 CVE-2018-15746 CVE-2018-16847 CVE-2018-16872 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 CVE-2018-20123 CVE-2018-20124 CVE-2018-20125 CVE-2018-20126 CVE-2018-20191 CVE-2018-20216 CVE-2018-20815 CVE-2018-3639 CVE-2018-7550 CVE-2018-7858 CVE-2019-11091 CVE-2019-11135 CVE-2019-12068 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-15890 CVE-2019-5008 CVE-2019-6778 CVE-2019-8934 CVE-2019-9824 CVE-2020-10702 CVE-2020-10717 CVE-2020-10761 CVE-2020-11102 CVE-2020-11869 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13800 CVE-2020-14364 CVE-2020-15863 CVE-2020-16092 CVE-2020-1711 CVE-2020-1983 CVE-2020-24352 CVE-2020-7039 CVE-2020-8608 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 cpe:/o:opensuse:leap:15.3 rpcbind-0.2.3-5.9.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the rpcbind-0.2.3-5.9.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-7236 CVE-2017-8779 cpe:/o:opensuse:leap:15.3 rpm-32bit-4.14.1-29.46 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the rpm-32bit-4.14.1-29.46 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-7500 cpe:/o:opensuse:leap:15.3 rsync-3.1.3-4.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the rsync-3.1.3-4.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8242 CVE-2014-9512 CVE-2017-16548 CVE-2018-5764 cpe:/o:opensuse:leap:15.3 rsyslog-8.39.0-4.10.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the rsyslog-8.39.0-4.10.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-3243 cpe:/o:opensuse:leap:15.3 rtkit-0.11+git.20130926-1.34 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the rtkit-0.11+git.20130926-1.34 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-4326 cpe:/o:opensuse:leap:15.3 ruby2.5-rubygem-nokogiri-1.8.5-3.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the ruby2.5-rubygem-nokogiri-1.8.5-3.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-7995 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2016-4658 CVE-2016-4738 CVE-2016-5131 CVE-2017-15412 CVE-2017-5029 CVE-2018-14404 CVE-2018-14567 CVE-2018-3740 CVE-2018-3741 CVE-2018-8048 CVE-2019-5477 CVE-2020-26247 cpe:/o:opensuse:leap:15.3 sane-backends-1.0.32-6.6.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the sane-backends-1.0.32-6.6.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-6318 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 cpe:/o:opensuse:leap:15.3 screen-4.6.2-5.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the screen-4.6.2-5.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-5618 CVE-2021-26937 cpe:/o:opensuse:leap:15.3 sddm-0.18.0-lp153.1.31 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the sddm-0.18.0-lp153.1.31 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-7271 CVE-2014-7272 CVE-2015-0856 CVE-2018-14345 CVE-2020-28049 cpe:/o:opensuse:leap:15.3 sharutils-4.15.2-2.21 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the sharutils-4.15.2-2.21 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-1000097 cpe:/o:opensuse:leap:15.3 shim-15.4-2.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the shim-15.4-2.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 CVE-2019-14584 cpe:/o:opensuse:leap:15.3 spice-vdagent-0.20.0-1.51 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the spice-vdagent-0.20.0-1.51 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-15108 cpe:/o:opensuse:leap:15.3 squashfs-4.4-1.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the squashfs-4.4-1.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-4645 CVE-2015-4646 cpe:/o:opensuse:leap:15.3 sudo-1.9.5p2-1.5 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the sudo-1.9.5p2-1.5 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-9680 CVE-2016-7032 CVE-2016-7076 CVE-2017-1000367 CVE-2017-1000368 CVE-2019-14287 CVE-2019-18634 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 cpe:/o:opensuse:leap:15.3 swtpm-0.5.2-1.20 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the swtpm-0.5.2-1.20 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2020-28407 cpe:/o:opensuse:leap:15.3 tar-1.30-3.6.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the tar-1.30-3.6.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-6321 CVE-2018-20482 CVE-2019-9923 CVE-2021-20193 cpe:/o:opensuse:leap:15.3 telepathy-idle-0.2.0-bp153.1.14 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the telepathy-idle-0.2.0-bp153.1.14 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2007-6746 cpe:/o:opensuse:leap:15.3 texlive-lm-fonts-2017.137.2.004svn28119-7.6.4 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the texlive-lm-fonts-2017.137.2.004svn28119-7.6.4 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-10243 cpe:/o:opensuse:leap:15.3 tmux-3.1c-bp153.1.16 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the tmux-3.1c-bp153.1.16 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-19387 CVE-2020-27347 cpe:/o:opensuse:leap:15.3 tnftp-20151004-bp153.1.16 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the tnftp-20151004-bp153.1.16 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8517 cpe:/o:opensuse:leap:15.3 transmission-common-2.94-bp153.1.20 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the transmission-common-2.94-bp153.1.20 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-5072 CVE-2018-5702 cpe:/o:opensuse:leap:15.3 trousers-0.3.14-6.6.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the trousers-0.3.14-6.6.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-18898 cpe:/o:opensuse:leap:15.3 u-boot-rpiarm64-2021.01-5.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the u-boot-rpiarm64-2021.01-5.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-18439 CVE-2018-18440 CVE-2020-10648 CVE-2020-8432 cpe:/o:opensuse:leap:15.3 ucode-intel-20210216-2.19.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the ucode-intel-20210216-2.19.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-5715 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-3639 CVE-2018-3640 CVE-2019-11091 CVE-2019-11135 CVE-2019-11139 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 cpe:/o:opensuse:leap:15.3 unixODBC-2.3.6-3.2.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the unixODBC-2.3.6-3.2.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2018-7409 CVE-2018-7485 cpe:/o:opensuse:leap:15.3 unzip-6.00-4.8.13 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the unzip-6.00-4.8.13 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 CVE-2014-9636 CVE-2014-9913 CVE-2015-7696 CVE-2015-7697 CVE-2016-9844 CVE-2018-1000035 CVE-2018-18384 cpe:/o:opensuse:leap:15.3 update-alternatives-1.19.0.4-2.48 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the update-alternatives-1.19.0.4-2.48 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-0840 cpe:/o:opensuse:leap:15.3 vim-8.0.1568-5.14.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the vim-8.0.1568-5.14.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2009-0316 CVE-2017-1000382 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 CVE-2019-12735 CVE-2019-20807 cpe:/o:opensuse:leap:15.3 virt-install-3.2.0-5.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the virt-install-3.2.0-5.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-10183 cpe:/o:opensuse:leap:15.3 virtualbox-guest-tools-6.1.20-lp153.1.8 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the virtualbox-guest-tools-6.1.20-lp153.1.8 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-0224 CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0377 CVE-2015-0418 CVE-2015-0427 CVE-2015-3456 CVE-2015-4813 CVE-2015-4896 CVE-2016-0678 CVE-2016-5501 CVE-2016-5538 CVE-2016-5545 CVE-2016-5605 CVE-2016-5608 CVE-2016-5610 CVE-2016-5611 CVE-2017-10392 CVE-2017-10407 CVE-2017-10408 CVE-2017-10428 CVE-2017-3290 CVE-2017-3316 CVE-2017-3332 CVE-2017-3513 CVE-2017-3538 CVE-2017-3558 CVE-2017-3559 CVE-2017-3561 CVE-2017-3563 CVE-2017-3575 CVE-2017-3576 CVE-2017-3587 CVE-2017-3733 CVE-2017-5715 CVE-2018-0732 CVE-2018-0734 CVE-2018-0739 CVE-2018-11763 CVE-2018-11784 CVE-2018-2676 CVE-2018-2685 CVE-2018-2686 CVE-2018-2687 CVE-2018-2688 CVE-2018-2689 CVE-2018-2690 CVE-2018-2693 CVE-2018-2694 CVE-2018-2698 CVE-2018-2830 CVE-2018-2831 CVE-2018-2835 CVE-2018-2836 CVE-2018-2837 CVE-2018-2842 CVE-2018-2843 CVE-2018-2844 CVE-2018-2845 CVE-2018-2860 CVE-2018-2909 CVE-2018-3005 CVE-2018-3055 CVE-2018-3085 CVE-2018-3086 CVE-2018-3087 CVE-2018-3088 CVE-2018-3089 CVE-2018-3090 CVE-2018-3091 CVE-2018-3287 CVE-2018-3288 CVE-2018-3289 CVE-2018-3290 CVE-2018-3291 CVE-2018-3292 CVE-2018-3293 CVE-2018-3294 CVE-2018-3295 CVE-2018-3296 CVE-2018-3297 CVE-2018-3298 CVE-2018-3309 CVE-2019-1543 CVE-2019-1547 CVE-2019-2446 CVE-2019-2448 CVE-2019-2450 CVE-2019-2451 CVE-2019-2500 CVE-2019-2501 CVE-2019-2504 CVE-2019-2505 CVE-2019-2506 CVE-2019-2508 CVE-2019-2509 CVE-2019-2511 CVE-2019-2520 CVE-2019-2521 CVE-2019-2522 CVE-2019-2523 CVE-2019-2524 CVE-2019-2525 CVE-2019-2526 CVE-2019-2527 CVE-2019-2548 CVE-2019-2552 CVE-2019-2553 CVE-2019-2554 CVE-2019-2555 CVE-2019-2556 CVE-2019-2574 CVE-2019-2656 CVE-2019-2657 CVE-2019-2678 CVE-2019-2679 CVE-2019-2680 CVE-2019-2690 CVE-2019-2696 CVE-2019-2703 CVE-2019-2721 CVE-2019-2722 CVE-2019-2723 CVE-2019-2848 CVE-2019-2850 CVE-2019-2859 CVE-2019-2863 CVE-2019-2864 CVE-2019-2865 CVE-2019-2866 CVE-2019-2867 CVE-2019-2873 CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2877 CVE-2019-2926 CVE-2019-2944 CVE-2019-2984 CVE-2019-3002 CVE-2019-3005 CVE-2019-3017 CVE-2019-3021 CVE-2019-3026 CVE-2019-3028 CVE-2019-3031 CVE-2020-14628 CVE-2020-14629 CVE-2020-14646 CVE-2020-14647 CVE-2020-14648 CVE-2020-14649 CVE-2020-14650 CVE-2020-14673 CVE-2020-14674 CVE-2020-14675 CVE-2020-14676 CVE-2020-14677 CVE-2020-14694 CVE-2020-14695 CVE-2020-14698 CVE-2020-14699 CVE-2020-14700 CVE-2020-14703 CVE-2020-14704 CVE-2020-14707 CVE-2020-14711 CVE-2020-14712 CVE-2020-14713 CVE-2020-14714 CVE-2020-14715 CVE-2020-2674 CVE-2020-2678 CVE-2020-2681 CVE-2020-2682 CVE-2020-2689 CVE-2020-2690 CVE-2020-2691 CVE-2020-2692 CVE-2020-2693 CVE-2020-2698 CVE-2020-2701 CVE-2020-2702 CVE-2020-2703 CVE-2020-2704 CVE-2020-2705 CVE-2020-2725 CVE-2020-2726 CVE-2020-2727 CVE-2021-2074 CVE-2021-2129 CVE-2021-2264 cpe:/o:opensuse:leap:15.3 vorbis-tools-1.4.0-1.53 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the vorbis-tools-1.4.0-1.53 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 CVE-2015-6749 cpe:/o:opensuse:leap:15.3 vsftpd-3.0.3-7.16.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the vsftpd-3.0.3-7.16.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-1419 cpe:/o:opensuse:leap:15.3 w3m-0.5.3+git20180125-1.17 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the w3m-0.5.3+git20180125-1.17 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2010-2074 CVE-2012-4929 CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 CVE-2018-6196 CVE-2018-6197 CVE-2018-6198 cpe:/o:opensuse:leap:15.3 wget-1.20.3-3.9.2 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the wget-1.20.3-3.9.2 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-4877 CVE-2015-7665 CVE-2016-4971 CVE-2017-13089 CVE-2017-13090 CVE-2017-6508 CVE-2018-0494 CVE-2018-20483 CVE-2019-5953 cpe:/o:opensuse:leap:15.3 wicked-0.6.65-2.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the wicked-0.6.65-2.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-18902 CVE-2019-18903 CVE-2020-7216 CVE-2020-7217 cpe:/o:opensuse:leap:15.3 wpa_supplicant-2.9-4.29.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the wpa_supplicant-2.9-4.29.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2014-3686 CVE-2015-1863 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146 CVE-2015-5310 CVE-2015-5315 CVE-2015-5316 CVE-2015-8041 CVE-2016-4476 CVE-2016-4477 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 CVE-2018-14526 CVE-2019-11555 CVE-2019-13377 CVE-2019-16275 CVE-2019-9494 CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 CVE-2021-0326 CVE-2021-27803 CVE-2021-30004 cpe:/o:opensuse:leap:15.3 xdg-utils-1.1.3+20190413-1.24 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the xdg-utils-1.1.3+20190413-1.24 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-18266 cpe:/o:opensuse:leap:15.3 xen-libs-4.14.1_16-1.6 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the xen-libs-4.14.1_16-1.6 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-3495 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2014-0222 CVE-2014-3640 CVE-2014-3672 CVE-2014-7815 CVE-2015-1779 CVE-2015-3259 CVE-2015-3340 CVE-2015-3456 CVE-2015-4037 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-5154 CVE-2015-5239 CVE-2015-5278 CVE-2015-5307 CVE-2015-6815 CVE-2015-6855 CVE-2015-7311 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8615 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-10013 CVE-2016-10024 CVE-2016-10025 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-4439 CVE-2016-4441 CVE-2016-5238 CVE-2016-5338 CVE-2016-6258 CVE-2016-6259 CVE-2016-6351 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8910 CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 CVE-2016-9921 CVE-2016-9922 CVE-2016-9932 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-2615 CVE-2017-2620 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-6505 CVE-2017-8309 CVE-2017-9330 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 CVE-2018-10982 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-15468 CVE-2018-15469 CVE-2018-15470 CVE-2018-18883 CVE-2018-19961 CVE-2018-19962 CVE-2018-19963 CVE-2018-19964 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 CVE-2018-3639 CVE-2018-3646 CVE-2018-3665 CVE-2018-5244 CVE-2018-7540 CVE-2018-7541 CVE-2018-7542 CVE-2018-8897 CVE-2019-11091 CVE-2019-17349 CVE-2020-0543 CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-11743 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25598 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 CVE-2020-29040 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29567 CVE-2020-29570 CVE-2020-29571 CVE-2021-28687 cpe:/o:opensuse:leap:15.3 xinetd-2.3.15.4-bp153.1.16 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the xinetd-2.3.15.4-bp153.1.16 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2013-4342 cpe:/o:opensuse:leap:15.3 xorg-x11-essentials-7.6_1-1.22 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the xorg-x11-essentials-7.6_1-1.22 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2011-0465 cpe:/o:opensuse:leap:15.3 xorg-x11-server-1.20.3-22.5.30.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the xorg-x11-server-1.20.3-22.5.30.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-3164 CVE-2017-10971 CVE-2017-10972 CVE-2017-12176 CVE-2017-12187 CVE-2017-13721 CVE-2017-13723 CVE-2017-2624 CVE-2018-14665 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14360 CVE-2020-14361 CVE-2020-14362 CVE-2020-25712 CVE-2021-3472 cpe:/o:opensuse:leap:15.3 xscreensaver-5.44-5.3.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the xscreensaver-5.44-5.3.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2015-8025 cpe:/o:opensuse:leap:15.3 yast2-security-4.3.16-1.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the yast2-security-4.3.16-1.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2019-3700 cpe:/o:opensuse:leap:15.3 yast2-users-4.3.10-1.41 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the yast2-users-4.3.10-1.41 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2016-1601 cpe:/o:opensuse:leap:15.3 zypper-1.14.43-3.20.1 on GA media (Moderate) openSUSE Leap 15.3 These are all security issues fixed in the zypper-1.14.43-3.20.1 package on the GA media of openSUSE Leap 15.3. Moderate CVE-2017-7436 CVE-2017-9269 cpe:/o:opensuse:leap:15.3 Security update for live555 (Moderate) openSUSE Leap 15.3 This update for live555 fixes the following issues: Update to 2021.05.22: - Lots of fixes and updates, including the security fix for CVE-2021-28899 (boo#1185874) and CVE-2019-15232 (boo#1146283). See the list in http://live555.com/liveMedia/public/changelog.txt Moderate SUSE bug 1146283 SUSE bug 1185874 CVE-2019-15232 CVE-2021-28899 cpe:/o:opensuse:leap:15.3 Security update for gstreamer-plugins-bad (Important) openSUSE Leap 15.3 This update for gstreamer-plugins-bad fixes the following issues: - Update to version 1.16.3: - CVE-2021-3185: buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking() (bsc#1181255) - amcvideodec: fix sync meta copying not taking a reference - audiobuffersplit: Perform discont tracking on running time - audiobuffersplit: Specify in the template caps that only interleaved audio is supported - audiobuffersplit: Unset DISCONT flag if not discontinuous - autoconvert: Fix lock-less exchange or free condition - autoconvert: fix compiler warnings with g_atomic on recent GLib versions - avfvideosrc: element requests camera permissions even with capture-screen property is true - codecparsers: h264parser: guard against ref_pic_markings overflow - dtlsconnection: Avoid segmentation fault when no srtp capabilities are negotiated - dtls/connection: fix EOF handling with openssl 1.1.1e - fdkaacdec: add support for mpegversion=2 - hls: Check nettle version to ensure AES128 support - ipcpipeline: Rework compiler checks - interlace: Increment phase_index before checking if we're at the end of the phase - h264parser: Do not allocate too large size of memory for registered user data SEI - ladspa: fix unbounded integer properties - modplug: avoid division by zero - msdkdec: Fix GstMsdkContext leak - msdkenc: fix leaks on windows - musepackdec: Don't fail all queries if no sample rate is known yet - openslessink: Allow openslessink to handle 48kHz streams. - opencv: allow compilation against 4.2.x - proxysink: event_function needs to handle the event when it is disconnecetd from proxysrc - vulkan: Drop use of VK_RESULT_BEGIN_RANGE - wasapi: added missing lock release in case of error in gst_wasapi_xxx_reset - wasapi: Fix possible deadlock while downwards state change - waylandsink: Clear window when pipeline is stopped - webrtc: Support non-trickle ICE candidates in the SDP - webrtc: Unmap all non-binary buffers received via the datachannel Important SUSE bug 1181255 CVE-2021-3185 cpe:/o:opensuse:leap:15.3 Security update for solo (Moderate) openSUSE Leap 15.3 This update for solo fixes the following issues: Update to Solo 4.1.2 * Fix boo#1186848 CVE-202-27208, security issue in firmware source that is part of the source package. Moderate SUSE bug 1186848 CVE-2020-27208 cpe:/o:opensuse:leap:15.3 Security update for claws-mail (Moderate) openSUSE Leap 15.3 This update for claws-mail fixes the following issues: Update to 3.18.0 * Support for the OAuth2 authorisation protocol has been added for IMAP, POP and SMTP using custom, user-generated client IDs. OAuth2 preferences are found in the Account Preferences on the Receive page (for POP: Authenticate before POP connection, for IMAP: Authentication method); the Send page (SMTP authentication: Authentication method); and on a dedicated OAuth2 page. * The option 'Save (X-)Face in address book if possible' has been added to the /Message View/Text Options preferences page. Previously the (X-)Face would be saved automatically, therefore this option is turned on by default. * The Image Viewer has been reworked. New options have been added to /Message View/Image Viewer: when resizing images, either fit the image width or fit the image height to the available space. Fitting the image height is the default. Regardless of this setting, when displaying images inline they will fit the height. When displaying an image, left-clicking the image will toggle between full size and reduced size; right-clicking will toggle between fitting the height and fitting the width. * When re-editing a saved message, it is now possible to use /Options/Remove References. * It is now possible to attempt to retrieve a missing GPG key via WKD. * The man page has been updated. * Updated translations: Brazilian Portuguese, British English, Catalan, Czech, Danish, Dutch, French, Polish, Romanian, Russian, Slovak, Spanish, Traditional Chinese, Turkish. * bug fixes: claws#2411, claws#4326, claws#4394, claws#4431, claws#4445, claws#4447, claws#4455, claws#4473 - stop WM's X button from causing GPG key fetch attempt - Make fancy respect default font size for messageview - harden link checker before accepting click - non-display of (X-)Face when prefs_common.enable_avatars is AVATARS_ENABLE_RENDER (2) - debian bug #983778, 'Segfault on selecting empty 'X-Face' custom header' * It is now possible to 'Inherit Folder properties and processing rules from parent folder' when creating new folders with the move message and copy message dialogues. * A Phishing warning is now shown when copying a phishing URL, (in addition to clicking a phishing URL). * The progress window when importing an mbox file is now more responsive. * A warning dialogue is shown if the selected privacy system is 'None' and automatic signing amd/or encrypting is enabled. * Python plugin: pkgconfig is now used to check for python2. This enables the Python plugin (which uses python2) to be built on newer systems which have both python2 and python3. Bug fixes: * bug 3922, 'minimize to tray on startup not working' * bug 4220, 'generates files in cache without content' * bug 4325, 'Following redirects when retrieving image' * bug 4342, 'Import mbox file command doesn't work twice on a row' * fix STARTTLS protocol violation CVE-2020-15917 boo#1174457) * fix initial debug line * fix fat-fingered crash when v (hiding msgview) is pressed just before c (check signature) * fix non-translation of some Templates strings Moderate SUSE bug 1174457 CVE-2020-15917 cpe:/o:opensuse:leap:15.3 Security update for fossil (Moderate) openSUSE Leap 15.3 This update for fossil fixes the following issues: fossil 2.16: * Add the fossil patch command * Improve the fossil ui command to work on check-out directories and remote machines * web UI improvements * Add fossil bisect run command for improved automation of bisects * Improve fossil merge handling of renames * wiki now defaults to markdown * email alerts can now be set to expire to prevent sending mail to abandoned accounts forever fossil 2.15.2: * Fix the client-side TLS so that it verifies that the server hostname matches its certificate (boo#1187988) fossil 2.15.1: * fix access to tables starting 'fx_' in ticket report fossil 2.15: * Relax default Content Security policy to allow images to be loaded from any URL * Updates to skins and their configuration options * Built-in skin can now be selected via the skin= request parameter and the /skins page. * /cookies page can now now delete individual cookies * Various extensions to diff displaz and operations * Add the --list option to the tarball, zip, and sqlar commands. * New TH1 commands: 'builtin_request_js', 'capexpr', 'foreach', 'lappend', and 'string match' * The leaves command now shows the branch point of each leaf. * The fossil add command refuses to add files whose names are reserved by Windows (ex: 'aux') unless the --allow-reserved option is included. fossil 2.14 * add fossil chat * enhanced fossil clone * performance optimization * enhanced documents * Pikchr improvements * Schema Update Notice #1: This release drops a trigger from the database schema * Schema Update Notice #2: This release changes how the descriptions of wiki edits are stored in the EVENT table, for improved display on timelines fossil 2.13: * wiki improvements: interwiki links, markup features * support for rendering pikchr markup scriptions * line number modes support interactive selection of range of lines to hyperlink to * Enhance finfo page to track a file across renames - minimum/bundled version of sqlite increased to 3.34.0 Moderate SUSE bug 1187988 cpe:/o:opensuse:leap:15.3 Security update for nextcloud (Important) openSUSE Leap 15.3 This update for nextcloud fixes the following issues: nextcloud was updated to 20.0.11: - Fix boo#1188247 - CVE-2021-32678: OCS API response ratelimits are not applied - Fix boo#1188248 - CVE-2021-32679: filenames where not escaped by default in controllers using DownloadResponse - Fix boo#1188249 - CVE-2021-32680: share expiration date wasn't properly logged - Fix boo#1188250 - CVE-2021-32688: lacking permission check with application specific tokens - Fix boo#1188251 - CVE-2021-32703: lack of ratelimiting on the shareinfo endpoint - Fix boo#1188252 - CVE-2021-32705: lack of ratelimiting on the public DAV endpoint - Fix boo#1188253 - CVE-2021-32725: default share permissions were not being respected for federated reshares of files and folders - Fix boo#1188254 - CVE-2021-32726: webauthn tokens were not deleted after a user has been deleted - Fix boo#1188255 - CVE-2021-32734: possible full path disclosure on shared files - Fix boo#1188256 - CVE-2021-32741: lack of ratelimiting on the public share link mount endpoint - Bump handlebars from 4.7.6 to 4.7.7 (server#26900) - Bump lodash from 4.17.20 to 4.17.21 (server#26909) - Bump hosted-git-info from 2.8.8 to 2.8.9 (server#26920) - Don't break OCC if an app is breaking in it's Application class (server#26954) - Add bruteforce protection to the shareinfo endpoint (server#26956) - Ignore readonly flag for directories (server#26965) - Throttle MountPublicLinkController when share is not found (server#26971) - Respect default share permissions for federated reshares (server#27001) - Harden apptoken check (server#27014) - Use parent wrapper to properly handle moves on the same source/target storage (server#27016) - Fix error when using CORS with no auth credentials (server#27027) - Fix return value of getStorageInfo when 'quota_include_external_storage' is enabled (server#27108) - Bump patch dependencies (server#27183) - Use noreply@ as email address for share emails (server#27209) - Bump p-queue from 6.6.1 to 6.6.2 (server#27226) - Bump browserslist from 4.14.0 to 4.16.6 (server#27247) - Bump webpack from 4.44.1 to 4.44.2 (server#27297) - Properly use limit and offset for search in Jail wrapper (server#27308) - Make user:report command scale (server#27319) - Properly log expiration date removal in audit log (server#27325) - Propagate throttling on OCS response (server#27337) - Set umask before operations that create local files (server#27349) - Escape filename in Content-Disposition (server#27360) - Don't update statuses to offline again and again (server#27412) - Header must contain a colon (server#27456) - Activate constraint check for oracle / pqsql also for 20 (server#27523) - Only allow removing existing shares that would not be allowed due to reshare restrictions (server#27552) - Bump ws from 7.3.1 to 7.5.0 (server#27570) - Properly cleanup entries of WebAuthn on user deletion (server#27596) - Throttle on public DAV endpoint (server#27617) - Bump vue-loader from 15.9.3 to 15.9.7 (server#27639) - Bump eslint-plugin-standard from 4.0.1 to 4.0.2 (server#27651) - Validate the theming color also on CLI (server#27680) - Downstream encryption:fix-encrypted-version for repairing bad signature errors (server#27728) - Remove encodeURI code (files_pdfviewer#396) - Only ask for permissions on HTTPS (notifications#998) - Fix sorting if one of the file name is only composed with number (photos#785) - Backport 20 fix Photos not shown in large browser windows #630 (#686) (photos#810) - Update File.vue (photos#813) - Update chart.js (serverinfo#309) - Only return workspace property for top node in a propfind request (text#1611) - ViewerComponent: pass on autofocus to EditorWrapper (text#1647) - Use text/plain as content type for fetching the document (text#1692) - Log exceptions that happen on unknown exception and return generic messages (text#1698) - Add fixup (viewer#924) - Fix: fullscreen for Firefox (viewer#929) Update to 20.0.7 - Catch NotFoundException when querying quota (server#25315) - CalDAV] Validate notified emails (server#25324) - Fix/app fetcher php compat comparison (server#25347) - Show the actual error on share requests (server#25352) - Fix parameter provided as string not array (server#25366) - The objectid is a string (server#25374) - 20.0.7 final (server#25387) - Properly handle SMB ACL blocking scanning a directory (server#25421) - Don't break completely when creating the digest fail for one user (activity#556) - Only attempt to use a secure view if hide download is actually set (files_pdfviewer#296) - Fix opening PDF files with special characters in their name (files_pdfviewer#298) - Fix PDF viewer failing on Edge (not based on Chromium) (files_pdfviewer#299) - Cannot unfold plain text notifications (notifications#846) - Remove EPUB mimetype (text#1391) Update to 20.0.6 - Make sure to do priority app upgrades first (server#25077) - Respect DB restrictions on number of arguments in statements and queries (server#25120) - Add a hint about the direction of priority (server#25143) - Do not redirect to logout after login (server#25146) - Fix comparison of PHP versions (server#25152) - Add 'composer.lock' for acceptance tests to git (server#25178) - Update CRL due to revoked gravatar.crl (server#25190) - Don't log keys on checkSignature (server#25193) - Update 3rdparty after Archive_Tar (server#25199) - Bump CA bundle (server#25219) - Update handling of user credentials (server#25225) - Fix encoding issue with OC.Notification.show (server#25244) - Also use storage copy when dav copying directories (server#25261) - Silence log message (server#25263) - Extend ILDAPProvider to allow reading arbitrairy ldap attributes for users (server#25276) - Do not obtain userFolder of a federated user (server#25278) - Bump pear/archive_tar from 1.4.11 to 1.4.12 (3rdparty#603) - Add gitignore entry for .github folder of dependencies (3rdparty#604) - Clear event array on getting them (activity#551) Update to 20.0.5 - Don't log params of imagecreatefromstring (server#24546) - Use storage copy implementation when doing dav copy (server#24590) - Use in objectstore copy (server#24592) - Add tel, note, org and title search (server#24697) - Check php compatibility of app store app releases (server#24698) - Fix #24682]: ensure federation cloud id is retruned if FN property not found (server#24709) - Do not include non-required scripts on the upgrade page (server#24714) - LDAP: fix inGroup for memberUid type of group memberships (server#24716) - Cancel user search requests to avoid duplicate results being added (server#24728) - Also unset the other possible unused paramters (server#24751) - Enables the file name check also to match name of mountpoints (server#24760) - Fixes sharing to group ids with characters that are being url encoded (server#24763) - Limit getIncomplete query to one row (server#24791) - Fix Argon2 descriptions (server#24792) - Actually set the TTL on redis set (server#24798) - Allow to force rename a conflicting calendar (server#24806) - Fix IPv6 localhost regex (server#24823) - Catch the error on heartbeat update (server#24826) - Make oc_files_trash.auto_id a bigint (server#24853) - Fix total upload size overwritten by next upload (server#24854) - Avoid huge exception argument logging (server#24876) - Make share results distinguishable if there are more than one with the exact same display name (server#24878) - Add migration for oc_share_external columns (server#24963) - Don't throw a 500 when importing a broken ics reminder file (server#24972) - Fix unreliable ViewTest (server#24976) - Update root.crl due to revocation of transmission.crt (server#24990) - Set the JSCombiner cache if needed (server#24997) - Fix column name to check prior to deleting (server#25009) - Catch throwable instead of exception (server#25013) - Set the user language when adding the footer (server#25019) - Change defaultapp in config.sample.php to dashboard to improve docs and align it to source code (server#25030) - Fix clearing the label of a share (server#25035) - Update psalm-baseline.xml (server#25066) - Don't remove assignable column for now (server#25074) - Add setup check to verify that the used DB version is still supported… (server#25076) - Correctly set the user for activity parsing when preparing a notifica… (activity#542) - Bump vue-virtual-grid from 2.2.1 to 2.3.0 (photos#597) - Catch possible database exceptions when fetching document data (text#1221) - Make sure we have the proper PHP version installed before running composer (text#1234) - Revert removal of transformResponse (text#1235) - Bump prosemirror-view from 1.16.1 to 1.16.5 (text#1255) - Bump @babel/preset-env from 7.12.1 to 7.12.11 (text#1257) - Bump babel-loader from 8.1.0 to 8.2.2 (text#1259) - Bump eslint-plugin-standard from 4.0.2 to 4.1.0 (text#1261) - Bump vue-loader from 15.9.5 to 15.9.6 (text#1263) - Bump prosemirror-model from 1.12.0 to 1.13.1 (text#1265) - Bump core-js from 3.7.0 to 3.8.1 (text#1266) - Bump stylelint from 13.7.2 to 13.8.0 (text#1269) - Bump @babel/plugin-transform-runtime from 7.12.1 to 7.12.10 (text#1271) - Bump sass-loader from 10.0.5 to 10.1.0 (text#1273) - Bump webpack-merge from 5.3.0 to 5.7.2 (text#1274) - Bump @babel/core from 7.12.3 to 7.12.10 (text#1277) - Bump cypress from 5.1.0 to 5.6.0 (text#1278) - Bump @vue/test-utils from 1.1.1 to 1.1.2 (text#1279) - Bump webpack-merge from 5.7.2 to 5.7.3 (text#1303) - The apache subpackage must require the main package, otherwise it will not be uninstalled when the main package is uninstalled. Update to 20.0.4 - Avoid dashboard crash when accessibility app is not installed (server#24636) - Bump ini from 1.3.5 to 1.3.7 (server#24649) - Handle owncloud migration to latest release (server#24653) - Use string for storing a OCM remote id (server#24654) - Fix MySQL database size calculation (serverinfo#262) - Bump cypress-io/github-action@v2 (viewer#722) - Fix] sidebar opening animation (viewer#723) - Fix not.exist cypress and TESTING checks (viewer#725) - Put apache configuration files in separate subpackage. - Use apache-rpm-macros for SUSE. - Change oc_* macros to nc_* macros. - Insert macro apache_serverroot also in cron files. Update to 20.0.3 * Check quota of subdirectories when uploading to them (server#24181) * CircleId too short in some request (server#24196) * Missing level in ScopedPsrLogger (server#24212) * Fix nextcloud logo in email notifications misalignment (server#24228) * Allow selecting multiple columns with SELECT DISTINCT (server#24230) * Use file name instead of path in 'not allowed to share' message (server#24231) * Fix setting images through occ for theming (server#24232) * Use regex when searching on single file shares (server#24239) * Harden EncryptionLegacyCipher a bit (server#24249) * Update ScanLegacyFormat.php (server#24258) * Simple typo in comments (server#24259) * Use correct year for generated birthdays events (server#24263) * Delete files that exceed trashbin size immediately (server#24297) * Update sabre/xml to fix XML parsing errors (server#24311) * Only check path for being accessible when the storage is a object home (server#24325) * Avoid empty null default with value that will be inserted anyways (server#24333) * Fix contacts menu position and show uid as a tooltip (server#24342) * Fix the config key on the sharing expire checkbox (server#24346) * Set the display name of federated sharees from addressbook (server#24353) * Catch storage not available in versions expire command (server#24367) * Use proper bundles for files client and fileinfo (server#24377) * Properly encode path when fetching inherited shares (server#24387) * Formatting remote sharer should take protocol, path into account (server#24391) * Make sure we add new line between vcf groups exports (server#24443) * Fix public calendars shared to circles (server#24446) * Store scss variables under a different prefix for each theming config version (server#24453) * External storages: save group ids not display names in configuration (server#24455) * Use correct l10n source in files_sharing JS code (server#24462) * Set frame-ancestors to none if none are filled (server#24477) * Move the password fiels of chaging passwords to post (server#24478) * Move the global password for files external to post (server#24479) * Only attempt to move to trash if a file is not in appdata (server#24483) * Fix loading mtime of new file in conflict dialog in firefox (server#24491) * Harden setup check for TLS version if host is not reachable (server#24502) * Fix file size computation on 32bit platforms (server#24509) * Allow subscription to indicate that a userlimit is reached (server#24511) * Set mountid for personal external storage mounts (server#24513) * Only execute plain mimetype check for directories and do the fallback… (server#24517) * Fix vsprint parameter (server#24527) * Replace abandoned log normalizer with our fork (server#24530) * Add icon to user limit notification (server#24531) * Also run repair steps when encryption is disabled but a legacy key is present (server#24532) * [3rdparty][security] Archive TAR to 1.4.11 (server#24534) * Generate a new session id if the decrypting the session data fails (server#24553) * Revert 'Do not read certificate bundle from data dir by default' (server#24556) * Dont use system composer for autoload checker (server#24557) * Remember me is not an app_password (server#24563) * Do not load nonexisting setup.js (server#24582) * Update sabre/xml to fix XML parsing errors (3rdparty#529) * Use composer v1 on CI (3rdparty#532) * Bump pear/archive_tar from 1.4.9 to 1.4.11 (3rdparty#536) * Replace abandoned log normalizer with our fork (3rdparty#543) * Allow nullable values as subject params (activity#535) * Don't log when unknown array is null (notifications#803) * Feat/virtual grid (photos#550) * Make sure we have a string to localecompare to (photos#583) * Always get recommendations for dashboard if enabled (recommendations#336) * Properly fetch oracle database information (serverinfo#258) * Also register to urlChanged event to update RichWorkspace (text#1181) * Move away from GET (text#1214) Update to 20.0.2 * CVE-2020-8293: Fixed input validation which allowed users to store unlimited data in workflow rules (boo#1181445). * CVE-2020-8294: Fixed a missing link validation (boo#1181803). * Inidicate preview availability in share api responses (server#23419) * CalDavBackend: check if timerange is array before accessing (server#23563) * Some emojis are in CHAR_CATEGORY_GENERAL_OTHER_TYPES (server#23575) * Also expire share type email (server#23583) * Only use index of mount point when it is there (server#23611) * Only retry fetching app store data once every 5 minutes in case it fails (server#23633) * Bring back the restore share button (server#23636) * Fix updates of NULL appconfig values (server#23641) * Fix sharing input placeholder for emails (server#23646) * Use bigint for fileid in filecache_extended (server#23690) * Enable theming background transparency (server#23699) * Fix sharer flag on ldap:show-remnants when user owned more than a single share (server#23702) * Make sure the function signatures of the backgroundjob match (server#23710) * Check if array elements exist before using them (server#23713) * Fix default quota display value in user row (server#23726) * Use lib instead if core as l10n module in OC_Files (server#23727) * Specify accept argument to avatar upload input field (server#23732) * Save email as lower case (server#23733) * Reset avatar cropper before showing (server#23736) * Also run the SabreAuthInitEvent for the main server (server#23745) * Type the \OCP\IUserManager::callForAllUsers closure with Psalm (server#23749) * Type the \OCP\AppFramework\Services\IInitialState::provideLazyInitial… (server#23751) * Don't overwrite the event if we use it later (server#23753) * Inform the user when flow config data exceeds thresholds (server#23759) * Type the \OCP\IUserManager::callForSeenUsers closure with Psalm (server#23763) * Catch errors when closing file conflict dialog (server#23774) * Document the backend registered events of LDAP (server#23779) * Fetch the logger and system config once for all query builder instances (server#23787) * Type the event dispatcher listener callables with Psalm (server#23789) * Only run phpunit when 'php' changed (server#23794) * Remove bold font-weight and lower font-size for empty search box (server#23829) * No need to check if there is an avatar available, because it is gener… (server#23846) * Ensure filepicker list is empty before populating (server#23850) * UserStatus: clear status message if message is null (server#23858) * Fix grid view toggle in tags view (server#23874) * Restrict query when searching for versions of trashbin files (server#23884) * Fix potentially passing null to events where IUser is expected (server#23894) * Make user status styles scoped (server#23899) * Move help to separate stylesheet (server#23900) * Add default font size (server#23902) * Do not emit UserCreatedEvent twice (server#23917) * Bearer must be in the start of the auth header (server#23924) * Fix casting of integer and boolean on Oracle (server#23935) * Skip already loaded apps in loadApps (server#23948) * Fix repair mimetype step to not leave stray cursors (server#23950) * Improve query type detection (server#23951) * Fix iLike() falsely turning escaped % and _ into wildcards (server#23954) * Replace some usages of OC_DB in OC\Share\* with query builder (server#23955) * Use query builder instead of OC_DB in trashbin (server#23971) * Fix greatest/least order for oracle (server#23975) * Fix link share label placeholder not showing (server#23992) * Unlock when promoting to exclusive lock fails (server#23995) * Make sure root storage is valid before checking its size (server#23996) * Use query builder instead of OC_DB in OC\Files\* (server#23998) * Shortcut to avoid file system setup when generating the logo URL (server#24001) * Remove old legacy scripts references (server#24004) * Fix js search in undefined ocs response (server#24012) * Don't leave cursors open (server#24033) * Fix sharing tab state not matching resharing admin settings (server#24044) * Run unit tests against oracle (server#24049) * Use png icons in caldav reminder emails (server#24050) * Manually iterate over calendardata when oracle is used (server#24058) * Make is_user_defined nullable so we can store false on oracle (server#24079) * Fix default internal expiration date enforce (server#24081) * Register new command db:add-missing-primary-keys (server#24106) * Convert the card resource to a string if necessary (server#24114) * Don't throw on SHOW VERSION query (server#24147) * Bump dompurify to 2.2.2 (server#24153) * Set up FS before querying storage info in settings (server#24156) * Fix default internal expiration date (server#24159) * CircleId too short in some request (server#24178) * Revert 'circleId too short in some request' (server#24183) * Missing level in ScopedPsrLogger (server#24212) * Fix activity spinner on empty activity (activity#523) * Add OCI github action (activity#528) * Disable download button by default (files_pdfviewer#257) * Feat/dependabot ga/stable20 (firstrunwizard#442) * Fix loading notifications without a message on oracle (notifications#796) * Do not setup appdata in constructor to avoid errors causing the whole instance to stop working (text#1105) * Bump eslint-plugin-standard from 4.0.1 to 4.0.2 (text#1125) * Bump sass-loader from 10.0.1 to 10.0.5 (text#1134) * Bump webpack from 4.44.1 to 4.44.2 (text#1140) * Bump dependencies to version in range (text#1164) * Validate link on click (text#1166) * Add migration to fix oracle issues with the database schema (text#1177) * Bump cypress from 4.12.1 to 5.1.0 (text#1179) * Fix URL escaping of shared files (viewer#681) * Fix component click outside and cleanup structure (viewer#684) Update to 20.0.1 No changelog from upstream at this time. Update to 20.0.0 * Changes The three biggest features we introduce with Nextcloud 20 are: - Our new dashboard provides a great starting point for the day with over a dozen widgets ranging from Twitter and Github to Moodle and Zammad already available - Search was unified, bringing search results of Nextcloud apps as well as external services like Gitlab, Jira and Discourse in one place - Talk introduced bridging to other platforms including MS Teams, Slack, IRC, Matrix and a dozen others * Some other improvements we want to highlight include: - Notifications and Activities were brought together, making sure you won’t miss anything important - We added a ‘status’ setting so you can communicate to other users what you are up to - Talk also brings dashboard and search integration, emoji picker, upload view, camera and microphone settings, mute and more - Calendar integrates in dashboard and search, introduced a list view and design improvements - Mail introduces threaded view, mailbox management and more - Deck integrates with dashboard and search, introduces Calendar integration, modal view for card editing and series of smaller improvements - Flow adds push notification and webhooks so other web apps can easily integrate with Nextcloud - Text introduced direct linking to files in Nextcloud - Files lets you add a description to public link shares + Read the full announcement on our blog - NC-SA-2020-037 - CVE-2020-8295: Fixed Denial of service attack when resetting the password for a user(boo#1181804) - Update to 20.0.11 - Fix boo#1188247 - CVE-2021-32678: OCS API response ratelimits are not applied - Fix boo#1188248 - CVE-2021-32679: filenames where not escaped by default in controllers using DownloadResponse - Fix boo#1188249 - CVE-2021-32680: share expiration date wasn't properly logged - Fix boo#1188250 - CVE-2021-32688: lacking permission check with application specific tokens - Fix boo#1188251 - CVE-2021-32703: lack of ratelimiting on the shareinfo endpoint - Fix boo#1188252 - CVE-2021-32705: lack of ratelimiting on the public DAV endpoint - Fix boo#1188253 - CVE-2021-32725: default share permissions were not being respected for federated reshares of files and folders - Fix boo#1188254 - CVE-2021-32726: webauthn tokens were not deleted after a user has been deleted - Fix boo#1188255 - CVE-2021-32734: possible full path disclosure on shared files - Fix boo#1188256 - CVE-2021-32741: lack of ratelimiting on the public share link mount endpoint - Bump handlebars from 4.7.6 to 4.7.7 (server#26900) - Bump lodash from 4.17.20 to 4.17.21 (server#26909) - Bump hosted-git-info from 2.8.8 to 2.8.9 (server#26920) - Don't break OCC if an app is breaking in it's Application class (server#26954) - Add bruteforce protection to the shareinfo endpoint (server#26956) - Ignore readonly flag for directories (server#26965) - Throttle MountPublicLinkController when share is not found (server#26971) - Respect default share permissions for federated reshares (server#27001) - Harden apptoken check (server#27014) - Use parent wrapper to properly handle moves on the same source/target storage (server#27016) - Fix error when using CORS with no auth credentials (server#27027) - Fix return value of getStorageInfo when 'quota_include_external_storage' is enabled (server#27108) - Bump patch dependencies (server#27183) - Use noreply@ as email address for share emails (server#27209) - Bump p-queue from 6.6.1 to 6.6.2 (server#27226) - Bump browserslist from 4.14.0 to 4.16.6 (server#27247) - Bump webpack from 4.44.1 to 4.44.2 (server#27297) - Properly use limit and offset for search in Jail wrapper (server#27308) - Make user:report command scale (server#27319) - Properly log expiration date removal in audit log (server#27325) - Propagate throttling on OCS response (server#27337) - Set umask before operations that create local files (server#27349) - Escape filename in Content-Disposition (server#27360) - Don't update statuses to offline again and again (server#27412) - Header must contain a colon (server#27456) - Activate constraint check for oracle / pqsql also for 20 (server#27523) - Only allow removing existing shares that would not be allowed due to reshare restrictions (server#27552) - Bump ws from 7.3.1 to 7.5.0 (server#27570) - Properly cleanup entries of WebAuthn on user deletion (server#27596) - Throttle on public DAV endpoint (server#27617) - Bump vue-loader from 15.9.3 to 15.9.7 (server#27639) - Bump eslint-plugin-standard from 4.0.1 to 4.0.2 (server#27651) - Validate the theming color also on CLI (server#27680) - Downstream encryption:fix-encrypted-version for repairing bad signature errors (server#27728) - Remove encodeURI code (files_pdfviewer#396) - Only ask for permissions on HTTPS (notifications#998) - Fix sorting if one of the file name is only composed with number (photos#785) - Backport 20 fix Photos not shown in large browser windows #630 (#686) (photos#810) - Update File.vue (photos#813) - Update chart.js (serverinfo#309) - Only return workspace property for top node in a propfind request (text#1611) - ViewerComponent: pass on autofocus to EditorWrapper (text#1647) - Use text/plain as content type for fetching the document (text#1692) - Log exceptions that happen on unknown exception and return generic messages (text#1698) - Add fixup (viewer#924) - Fix: fullscreen for Firefox (viewer#929) Update to 20.0.7 - Catch NotFoundException when querying quota (server#25315) - CalDAV] Validate notified emails (server#25324) - Fix/app fetcher php compat comparison (server#25347) - Show the actual error on share requests (server#25352) - Fix parameter provided as string not array (server#25366) - The objectid is a string (server#25374) - 20.0.7 final (server#25387) - Properly handle SMB ACL blocking scanning a directory (server#25421) - Don't break completely when creating the digest fail for one user (activity#556) - Only attempt to use a secure view if hide download is actually set (files_pdfviewer#296) - Fix opening PDF files with special characters in their name (files_pdfviewer#298) - Fix PDF viewer failing on Edge (not based on Chromium) (files_pdfviewer#299) - Cannot unfold plain text notifications (notifications#846) - Remove EPUB mimetype (text#1391) Update to 20.0.6 - Make sure to do priority app upgrades first (server#25077) - Respect DB restrictions on number of arguments in statements and queries (server#25120) - Add a hint about the direction of priority (server#25143) - Do not redirect to logout after login (server#25146) - Fix comparison of PHP versions (server#25152) - Add 'composer.lock' for acceptance tests to git (server#25178) - Update CRL due to revoked gravatar.crl (server#25190) - Don't log keys on checkSignature (server#25193) - Update 3rdparty after Archive_Tar (server#25199) - Bump CA bundle (server#25219) - Update handling of user credentials (server#25225) - Fix encoding issue with OC.Notification.show (server#25244) - Also use storage copy when dav copying directories (server#25261) - Silence log message (server#25263) - Extend ILDAPProvider to allow reading arbitrairy ldap attributes for users (server#25276) - Do not obtain userFolder of a federated user (server#25278) - Bump pear/archive_tar from 1.4.11 to 1.4.12 (3rdparty#603) - Add gitignore entry for .github folder of dependencies (3rdparty#604) - Clear event array on getting them (activity#551) Update to 20.0.5 - Don't log params of imagecreatefromstring (server#24546) - Use storage copy implementation when doing dav copy (server#24590) - Use in objectstore copy (server#24592) - Add tel, note, org and title search (server#24697) - Check php compatibility of app store app releases (server#24698) - Fix #24682]: ensure federation cloud id is retruned if FN property not found (server#24709) - Do not include non-required scripts on the upgrade page (server#24714) - LDAP: fix inGroup for memberUid type of group memberships (server#24716) - Cancel user search requests to avoid duplicate results being added (server#24728) - Also unset the other possible unused paramters (server#24751) - Enables the file name check also to match name of mountpoints (server#24760) - Fixes sharing to group ids with characters that are being url encoded (server#24763) - Limit getIncomplete query to one row (server#24791) - Fix Argon2 descriptions (server#24792) - Actually set the TTL on redis set (server#24798) - Allow to force rename a conflicting calendar (server#24806) - Fix IPv6 localhost regex (server#24823) - Catch the error on heartbeat update (server#24826) - Make oc_files_trash.auto_id a bigint (server#24853) - Fix total upload size overwritten by next upload (server#24854) - Avoid huge exception argument logging (server#24876) - Make share results distinguishable if there are more than one with the exact same display name (server#24878) - Add migration for oc_share_external columns (server#24963) - Don't throw a 500 when importing a broken ics reminder file (server#24972) - Fix unreliable ViewTest (server#24976) - Update root.crl due to revocation of transmission.crt (server#24990) - Set the JSCombiner cache if needed (server#24997) - Fix column name to check prior to deleting (server#25009) - Catch throwable instead of exception (server#25013) - Set the user language when adding the footer (server#25019) - Change defaultapp in config.sample.php to dashboard to improve docs and align it to source code (server#25030) - Fix clearing the label of a share (server#25035) - Update psalm-baseline.xml (server#25066) - Don't remove assignable column for now (server#25074) - Add setup check to verify that the used DB version is still supported… (server#25076) - Correctly set the user for activity parsing when preparing a notifica… (activity#542) - Bump vue-virtual-grid from 2.2.1 to 2.3.0 (photos#597) - Catch possible database exceptions when fetching document data (text#1221) - Make sure we have the proper PHP version installed before running composer (text#1234) - Revert removal of transformResponse (text#1235) - Bump prosemirror-view from 1.16.1 to 1.16.5 (text#1255) - Bump @babel/preset-env from 7.12.1 to 7.12.11 (text#1257) - Bump babel-loader from 8.1.0 to 8.2.2 (text#1259) - Bump eslint-plugin-standard from 4.0.2 to 4.1.0 (text#1261) - Bump vue-loader from 15.9.5 to 15.9.6 (text#1263) - Bump prosemirror-model from 1.12.0 to 1.13.1 (text#1265) - Bump core-js from 3.7.0 to 3.8.1 (text#1266) - Bump stylelint from 13.7.2 to 13.8.0 (text#1269) - Bump @babel/plugin-transform-runtime from 7.12.1 to 7.12.10 (text#1271) - Bump sass-loader from 10.0.5 to 10.1.0 (text#1273) - Bump webpack-merge from 5.3.0 to 5.7.2 (text#1274) - Bump @babel/core from 7.12.3 to 7.12.10 (text#1277) - Bump cypress from 5.1.0 to 5.6.0 (text#1278) - Bump @vue/test-utils from 1.1.1 to 1.1.2 (text#1279) - Bump webpack-merge from 5.7.2 to 5.7.3 (text#1303) - The apache subpackage must require the main package, otherwise it will not be uninstalled when the main package is uninstalled. Update to 20.0.4 - Avoid dashboard crash when accessibility app is not installed (server#24636) - Bump ini from 1.3.5 to 1.3.7 (server#24649) - Handle owncloud migration to latest release (server#24653) - Use string for storing a OCM remote id (server#24654) - Fix MySQL database size calculation (serverinfo#262) - Bump cypress-io/github-action@v2 (viewer#722) - Fix] sidebar opening animation (viewer#723) - Fix not.exist cypress and TESTING checks (viewer#725) - Put apache configuration files in separate subpackage. - Use apache-rpm-macros for SUSE. - Change oc_* macros to nc_* macros. - Insert macro apache_serverroot also in cron files. Update to 20.0.3 * Check quota of subdirectories when uploading to them (server#24181) * CircleId too short in some request (server#24196) * Missing level in ScopedPsrLogger (server#24212) * Fix nextcloud logo in email notifications misalignment (server#24228) * Allow selecting multiple columns with SELECT DISTINCT (server#24230) * Use file name instead of path in 'not allowed to share' message (server#24231) * Fix setting images through occ for theming (server#24232) * Use regex when searching on single file shares (server#24239) * Harden EncryptionLegacyCipher a bit (server#24249) * Update ScanLegacyFormat.php (server#24258) * Simple typo in comments (server#24259) * Use correct year for generated birthdays events (server#24263) * Delete files that exceed trashbin size immediately (server#24297) * Update sabre/xml to fix XML parsing errors (server#24311) * Only check path for being accessible when the storage is a object home (server#24325) * Avoid empty null default with value that will be inserted anyways (server#24333) * Fix contacts menu position and show uid as a tooltip (server#24342) * Fix the config key on the sharing expire checkbox (server#24346) * Set the display name of federated sharees from addressbook (server#24353) * Catch storage not available in versions expire command (server#24367) * Use proper bundles for files client and fileinfo (server#24377) * Properly encode path when fetching inherited shares (server#24387) * Formatting remote sharer should take protocol, path into account (server#24391) * Make sure we add new line between vcf groups exports (server#24443) * Fix public calendars shared to circles (server#24446) * Store scss variables under a different prefix for each theming config version (server#24453) * External storages: save group ids not display names in configuration (server#24455) * Use correct l10n source in files_sharing JS code (server#24462) * Set frame-ancestors to none if none are filled (server#24477) * Move the password fiels of chaging passwords to post (server#24478) * Move the global password for files external to post (server#24479) * Only attempt to move to trash if a file is not in appdata (server#24483) * Fix loading mtime of new file in conflict dialog in firefox (server#24491) * Harden setup check for TLS version if host is not reachable (server#24502) * Fix file size computation on 32bit platforms (server#24509) * Allow subscription to indicate that a userlimit is reached (server#24511) * Set mountid for personal external storage mounts (server#24513) * Only execute plain mimetype check for directories and do the fallback… (server#24517) * Fix vsprint parameter (server#24527) * Replace abandoned log normalizer with our fork (server#24530) * Add icon to user limit notification (server#24531) * Also run repair steps when encryption is disabled but a legacy key is present (server#24532) * [3rdparty][security] Archive TAR to 1.4.11 (server#24534) * Generate a new session id if the decrypting the session data fails (server#24553) * Revert 'Do not read certificate bundle from data dir by default' (server#24556) * Dont use system composer for autoload checker (server#24557) * Remember me is not an app_password (server#24563) * Do not load nonexisting setup.js (server#24582) * Update sabre/xml to fix XML parsing errors (3rdparty#529) * Use composer v1 on CI (3rdparty#532) * Bump pear/archive_tar from 1.4.9 to 1.4.11 (3rdparty#536) * Replace abandoned log normalizer with our fork (3rdparty#543) * Allow nullable values as subject params (activity#535) * Don't log when unknown array is null (notifications#803) * Feat/virtual grid (photos#550) * Make sure we have a string to localecompare to (photos#583) * Always get recommendations for dashboard if enabled (recommendations#336) * Properly fetch oracle database information (serverinfo#258) * Also register to urlChanged event to update RichWorkspace (text#1181) * Move away from GET (text#1214) Update to 20.0.2 * CVE-2020-8293: Fixed input validation which allowed users to store unlimited data in workflow rules (boo#1181445). * CVE-2020-8294: Fixed a missing link validation (boo#1181803). * Inidicate preview availability in share api responses (server#23419) * CalDavBackend: check if timerange is array before accessing (server#23563) * Some emojis are in CHAR_CATEGORY_GENERAL_OTHER_TYPES (server#23575) * Also expire share type email (server#23583) * Only use index of mount point when it is there (server#23611) * Only retry fetching app store data once every 5 minutes in case it fails (server#23633) * Bring back the restore share button (server#23636) * Fix updates of NULL appconfig values (server#23641) * Fix sharing input placeholder for emails (server#23646) * Use bigint for fileid in filecache_extended (server#23690) * Enable theming background transparency (server#23699) * Fix sharer flag on ldap:show-remnants when user owned more than a single share (server#23702) * Make sure the function signatures of the backgroundjob match (server#23710) * Check if array elements exist before using them (server#23713) * Fix default quota display value in user row (server#23726) * Use lib instead if core as l10n module in OC_Files (server#23727) * Specify accept argument to avatar upload input field (server#23732) * Save email as lower case (server#23733) * Reset avatar cropper before showing (server#23736) * Also run the SabreAuthInitEvent for the main server (server#23745) * Type the \OCP\IUserManager::callForAllUsers closure with Psalm (server#23749) * Type the \OCP\AppFramework\Services\IInitialState::provideLazyInitial… (server#23751) * Don't overwrite the event if we use it later (server#23753) * Inform the user when flow config data exceeds thresholds (server#23759) * Type the \OCP\IUserManager::callForSeenUsers closure with Psalm (server#23763) * Catch errors when closing file conflict dialog (server#23774) * Document the backend registered events of LDAP (server#23779) * Fetch the logger and system config once for all query builder instances (server#23787) * Type the event dispatcher listener callables with Psalm (server#23789) * Only run phpunit when 'php' changed (server#23794) * Remove bold font-weight and lower font-size for empty search box (server#23829) * No need to check if there is an avatar available, because it is gener… (server#23846) * Ensure filepicker list is empty before populating (server#23850) * UserStatus: clear status message if message is null (server#23858) * Fix grid view toggle in tags view (server#23874) * Restrict query when searching for versions of trashbin files (server#23884) * Fix potentially passing null to events where IUser is expected (server#23894) * Make user status styles scoped (server#23899) * Move help to separate stylesheet (server#23900) * Add default font size (server#23902) * Do not emit UserCreatedEvent twice (server#23917) * Bearer must be in the start of the auth header (server#23924) * Fix casting of integer and boolean on Oracle (server#23935) * Skip already loaded apps in loadApps (server#23948) * Fix repair mimetype step to not leave stray cursors (server#23950) * Improve query type detection (server#23951) * Fix iLike() falsely turning escaped % and _ into wildcards (server#23954) * Replace some usages of OC_DB in OC\Share\* with query builder (server#23955) * Use query builder instead of OC_DB in trashbin (server#23971) * Fix greatest/least order for oracle (server#23975) * Fix link share label placeholder not showing (server#23992) * Unlock when promoting to exclusive lock fails (server#23995) * Make sure root storage is valid before checking its size (server#23996) * Use query builder instead of OC_DB in OC\Files\* (server#23998) * Shortcut to avoid file system setup when generating the logo URL (server#24001) * Remove old legacy scripts references (server#24004) * Fix js search in undefined ocs response (server#24012) * Don't leave cursors open (server#24033) * Fix sharing tab state not matching resharing admin settings (server#24044) * Run unit tests against oracle (server#24049) * Use png icons in caldav reminder emails (server#24050) * Manually iterate over calendardata when oracle is used (server#24058) * Make is_user_defined nullable so we can store false on oracle (server#24079) * Fix default internal expiration date enforce (server#24081) * Register new command db:add-missing-primary-keys (server#24106) * Convert the card resource to a string if necessary (server#24114) * Don't throw on SHOW VERSION query (server#24147) * Bump dompurify to 2.2.2 (server#24153) * Set up FS before querying storage info in settings (server#24156) * Fix default internal expiration date (server#24159) * CircleId too short in some request (server#24178) * Revert 'circleId too short in some request' (server#24183) * Missing level in ScopedPsrLogger (server#24212) * Fix activity spinner on empty activity (activity#523) * Add OCI github action (activity#528) * Disable download button by default (files_pdfviewer#257) * Feat/dependabot ga/stable20 (firstrunwizard#442) * Fix loading notifications without a message on oracle (notifications#796) * Do not setup appdata in constructor to avoid errors causing the whole instance to stop working (text#1105) * Bump eslint-plugin-standard from 4.0.1 to 4.0.2 (text#1125) * Bump sass-loader from 10.0.1 to 10.0.5 (text#1134) * Bump webpack from 4.44.1 to 4.44.2 (text#1140) * Bump dependencies to version in range (text#1164) * Validate link on click (text#1166) * Add migration to fix oracle issues with the database schema (text#1177) * Bump cypress from 4.12.1 to 5.1.0 (text#1179) * Fix URL escaping of shared files (viewer#681) * Fix component click outside and cleanup structure (viewer#684) Update to 20.0.1 No changelog from upstream at this time. Update to 20.0.0 * Changes The three biggest features we introduce with Nextcloud 20 are: - Our new dashboard provides a great starting point for the day with over a dozen widgets ranging from Twitter and Github to Moodle and Zammad already available - Search was unified, bringing search results of Nextcloud apps as well as external services like Gitlab, Jira and Discourse in one place - Talk introduced bridging to other platforms including MS Teams, Slack, IRC, Matrix and a dozen others * Some other improvements we want to highlight include: - Notifications and Activities were brought together, making sure you won’t miss anything important - We added a ‘status’ setting so you can communicate to other users what you are up to - Talk also brings dashboard and search integration, emoji picker, upload view, camera and microphone settings, mute and more - Calendar integrates in dashboard and search, introduced a list view and design improvements - Mail introduces threaded view, mailbox management and more - Deck integrates with dashboard and search, introduces Calendar integration, modal view for card editing and series of smaller improvements - Flow adds push notification and webhooks so other web apps can easily integrate with Nextcloud - Text introduced direct linking to files in Nextcloud - Files lets you add a description to public link shares + Read the full announcement on our blog - NC-SA-2020-037 - CVE-2020-8295: Fixed Denial of service attack when resetting the password for a user(boo#1181804) - Update to 20.0.11 - Fix boo#1188247 - CVE-2021-32678: OCS API response ratelimits are not applied - Fix boo#1188248 - CVE-2021-32679: filenames where not escaped by default in controllers using DownloadResponse - Fix boo#1188249 - CVE-2021-32680: share expiration date wasn't properly logged - Fix boo#1188250 - CVE-2021-32688: lacking permission check with application specific tokens - Fix boo#1188251 - CVE-2021-32703: lack of ratelimiting on the shareinfo endpoint - Fix boo#1188252 - CVE-2021-32705: lack of ratelimiting on the public DAV endpoint - Fix boo#1188253 - CVE-2021-32725: default share permissions were not being respected for federated reshares of files and folders - Fix boo#1188254 - CVE-2021-32726: webauthn tokens were not deleted after a user has been deleted - Fix boo#1188255 - CVE-2021-32734: possible full path disclosure on shared files - Fix boo#1188256 - CVE-2021-32741: lack of ratelimiting on the public share link mount endpoint - Bump handlebars from 4.7.6 to 4.7.7 (server#26900) - Bump lodash from 4.17.20 to 4.17.21 (server#26909) - Bump hosted-git-info from 2.8.8 to 2.8.9 (server#26920) - Don't break OCC if an app is breaking in it's Application class (server#26954) - Add bruteforce protection to the shareinfo endpoint (server#26956) - Ignore readonly flag for directories (server#26965) - Throttle MountPublicLinkController when share is not found (server#26971) - Respect default share permissions for federated reshares (server#27001) - Harden apptoken check (server#27014) - Use parent wrapper to properly handle moves on the same source/target storage (server#27016) - Fix error when using CORS with no auth credentials (server#27027) - Fix return value of getStorageInfo when 'quota_include_external_storage' is enabled (server#27108) - Bump patch dependencies (server#27183) - Use noreply@ as email address for share emails (server#27209) - Bump p-queue from 6.6.1 to 6.6.2 (server#27226) - Bump browserslist from 4.14.0 to 4.16.6 (server#27247) - Bump webpack from 4.44.1 to 4.44.2 (server#27297) - Properly use limit and offset for search in Jail wrapper (server#27308) - Make user:report command scale (server#27319) - Properly log expiration date removal in audit log (server#27325) - Propagate throttling on OCS response (server#27337) - Set umask before operations that create local files (server#27349) - Escape filename in Content-Disposition (server#27360) - Don't update statuses to offline again and again (server#27412) - Header must contain a colon (server#27456) - Activate constraint check for oracle / pqsql also for 20 (server#27523) - Only allow removing existing shares that would not be allowed due to reshare restrictions (server#27552) - Bump ws from 7.3.1 to 7.5.0 (server#27570) - Properly cleanup entries of WebAuthn on user deletion (server#27596) - Throttle on public DAV endpoint (server#27617) - Bump vue-loader from 15.9.3 to 15.9.7 (server#27639) - Bump eslint-plugin-standard from 4.0.1 to 4.0.2 (server#27651) - Validate the theming color also on CLI (server#27680) - Downstream encryption:fix-encrypted-version for repairing bad signature errors (server#27728) - Remove encodeURI code (files_pdfviewer#396) - Only ask for permissions on HTTPS (notifications#998) - Fix sorting if one of the file name is only composed with number (photos#785) - Backport 20 fix Photos not shown in large browser windows #630 (#686) (photos#810) - Update File.vue (photos#813) - Update chart.js (serverinfo#309) - Only return workspace property for top node in a propfind request (text#1611) - ViewerComponent: pass on autofocus to EditorWrapper (text#1647) - Use text/plain as content type for fetching the document (text#1692) - Log exceptions that happen on unknown exception and return generic messages (text#1698) - Add fixup (viewer#924) - Fix: fullscreen for Firefox (viewer#929) Important SUSE bug 1181445 SUSE bug 1181803 SUSE bug 1181804 SUSE bug 1188247 SUSE bug 1188248 SUSE bug 1188249 SUSE bug 1188250 SUSE bug 1188251 SUSE bug 1188252 SUSE bug 1188253 SUSE bug 1188254 SUSE bug 1188255 SUSE bug 1188256 CVE-2020-8293 CVE-2020-8294 CVE-2020-8295 CVE-2021-32678 CVE-2021-32679 CVE-2021-32680 CVE-2021-32688 CVE-2021-32703 CVE-2021-32705 CVE-2021-32725 CVE-2021-32726 CVE-2021-32734 CVE-2021-32741 cpe:/o:opensuse:leap:15.3 Security update for icinga2 (Moderate) openSUSE Leap 15.3 This update for icinga2 fixes the following issues: Update to 2.12.4 * Bugfixes - Fix a crash when notification objects are deleted using the API #8782 - Fix crashes that might occur during downtime scheduling if host or downtime objects are deleted using the API #8785 - Fix an issue where notifications may incorrectly be skipped after a downtime ends #8775 - Don't send reminder notification if the notification is still suppressed by a time period #8808 - Fix an issue where attempting to create a duplicate object using the API might result in the original object being deleted #8787 - IDO: prioritize program status updates #8809 - Improve exceptions handling, including a fix for an uncaught exception on Windows #8777 - Retry file rename operations on Windows to avoid intermittent locking issues #8771 * Enhancements - Support Boost 1.74 (Ubuntu 21.04, Fedora 34) #8792 Update to 2.12.3 * Security - Fix that revoked certificates due for renewal will automatically be renewed ignoring the CRL (Advisory / CVE-2020-29663 - fixes boo#1180147 ) * Bugfixes - Improve config sync locking - resolves high load issues on Windows #8511 - Fix runtime config updates being ignored for objects without zone #8549 - Use proper buffer size for OpenSSL error messages #8542 * Enhancements - On checkable recovery: re-check children that have a problem #8506 Update to 2.12.2 * Bugfixes - Fix a connection leak with misconfigured agents #8483 - Properly sync changes of config objects in global zones done via the API #8474 #8470 - Prevent other clients from being disconnected when replaying the cluster log takes very long #8496 - Avoid duplicate connections between endpoints #8465 - Ignore incoming config object updates for unknown zones #8461 - Check timestamps before removing files in config sync #8495 * Enhancements - Include HTTP status codes in log #8467 Moderate SUSE bug 1180147 CVE-2020-29663 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 91.0.4472.164 (boo#1188373) * CVE-2021-30559: Out of bounds write in ANGLE * CVE-2021-30541: Use after free in V8 * CVE-2021-30560: Use after free in Blink XSLT * CVE-2021-30561: Type Confusion in V8 * CVE-2021-30562: Use after free in WebSerial * CVE-2021-30563: Type Confusion in V8 * CVE-2021-30564: Heap buffer overflow in WebXR * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1188373 CVE-2021-30541 CVE-2021-30559 CVE-2021-30560 CVE-2021-30561 CVE-2021-30562 CVE-2021-30563 CVE-2021-30564 cpe:/o:opensuse:leap:15.3 Security update for icinga2 (Moderate) openSUSE Leap 15.3 This update for icinga2 fixes the following issues: icinga2 was updated to 2.12.5: Version 2.12.5 fixes two security vulnerabilities that may lead to privilege escalation for authenticated API users. Other improvements include several bugfixes related to downtimes, downtime notifications, and more reliable connection handling. * Security - Don't expose the PKI ticket salt via the API. This may lead to privilege escalation for authenticated API users by them being able to request certificates for other identities (CVE-2021-32739) - Don't expose IdoMysqlConnection, IdoPgsqlConnection, and ElasticsearchWriter passwords via the API (CVE-2021-32743) Depending on your setup, manual intervention beyond installing the new versions may be required, so please read the more detailed information in the release blog post carefully. * Bugfixes - Don't send downtime end notification if downtime hasn't started #8878 - Don't let a failed downtime creation block the others #8871 - Support downtimes and comments for checkables with long names #8870 - Trigger fixed downtimes immediately if the current time matches (instead of waiting for the timer) #8891 - Add configurable timeout for full connection handshake #8872 * Enhancements - Replace existing downtimes on ScheduledDowntime change #8880 - Improve crashlog #8869 Moderate CVE-2020-29663 CVE-2021-32739 CVE-2021-32743 cpe:/o:opensuse:leap:15.3 Security update for virtualbox (Important) openSUSE Leap 15.3 This update for virtualbox fixes the following issues: Version bump to 6.1.24 (released July 20 2021 by Oracle) This is a maintenance release. The following items were fixed and/or added: - Storage: Fixed starting a VM if a device is attached to a VirtIO SCSI port higher than 30 (bug #20213) - Storage: Improvement to DVD medium change signaling - Serial: Fixed a the guest missing interrupts under certain circumstances (6.0 regression, bug #18668) - Audio: Multiple fixes and enhancements - Network: Fixed connectivity issue with virtio-net after resuming VM with disconnected link - Network: Fixed UDP GSO fragmentation issue with missing 8 bytes of payload at the end of the first fragment - API: Fixed VM configuration for recent Windows Server versions - Extension Pack: Fixed issues with USB webcam pass-through on Linux - Host and guest driver: Fix small memory leak (bug #20280) - Linux host and guest: Support kernel version 5.13 (bug #20456) - Linux host and guest: Introduce support for SUSE SLES/SLED 15 SP3 kernels (bug #20396) - Linux host: Installer will not attempt to build kernel modules if system already has them installed and modules versions match current version - Guest Additions: Fixed crash on using shared clipboard (bug #19165) - Linux Guest Additions: Introduce support for Ubuntu specific kernels (bug #20325) - Solaris guest: Increased default memory and disk sizes - EFI: Support network booting with the E1000 network controller emulation - EFI: Stability improvements (bug #20090) - This release fixes boo#1188535, VUL-0: CVE-2021-2454, boo#1188536, VUL-0: CVE-2021-2409, boo#1188537, VUL-0: CVE-2021-2442, and boo#1188538, VUL-0: CVE-2021-2443. - Add vboximg-mount to packaging. boo#1188045. - Fix CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT problem with kernel 5.13 as shown in boo#1188105. - Disable the build of kmp vboxvideo, at least temporarily. - Correct WantedBy entry in vboxadd-service - Require which for /usr/lib/virtualbox/vboxadd-service - fix license packaging, small cruft cleanup (avoid owning directories provided by filesystem rpm) Important SUSE bug 1188045 SUSE bug 1188105 SUSE bug 1188535 SUSE bug 1188536 SUSE bug 1188537 SUSE bug 1188538 CVE-2021-2409 CVE-2021-2442 CVE-2021-2443 CVE-2021-2454 cpe:/o:opensuse:leap:15.3 Security update for balsa (Moderate) openSUSE Leap 15.3 This update for balsa fixes the following issues: Update to version 2.6.1 - CVE-2020-13645: fix server identity verification (boo#1172460) Moderate SUSE bug 1172460 CVE-2020-13645 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Update to version 77.0.4054.277 - DNA-94291 Video conference popout doesnt remember its size after resizing - DNA-94399 Incorrect icon for wp.pl in address bar dropdown - DNA-94462 Low quality of default wallpaper on windows - The update to chromium 91.0.4472.164 fixes following issues: CVE-2021-30541, CVE-2021-30560, CVE-2021-30561, CVE-2021-30562, CVE-2021-30563, CVE-2021-30564 Important CVE-2021-30541 CVE-2021-30560 CVE-2021-30561 CVE-2021-30562 CVE-2021-30563 CVE-2021-30564 cpe:/o:opensuse:leap:15.3 Security update for aria2 (Moderate) openSUSE Leap 15.3 This update for aria2 fixes the following issues: Update to version 1.35.0: * Drop SSLv3.0 and TLSv1.0 and add TLSv1.3 * TLSv1.3 support is added for GNUTLS and OpenSSL. * Platform: Fix compilation without deprecated OpenSSL APIs * Remove linux getrandom and use C++ stdlib instead * Don't send Accept Metalink header if Metalink is disabled - Move bash completion to better location Update to version 1.34.0: * UnknownLengthPieceStorage: return piece length show something in console status when downloading items with unknown content length * Fix bug that signal handler does not work with libaria2 when aria2::RUN_ONCE is passed to aria2::run(). * Retry on HTTP 502 Moderate SUSE bug 1189107 CVE-2019-3500 cpe:/o:opensuse:leap:15.3 Recommended update for seamonkey (Low) openSUSE Leap 15.3 This update ships seamonkey to openSUSE Leap 15.3 and Packagehub 15-SP3. Low cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 92.0.4515.131 (boo#1189006) * CVE-2021-30590: Heap buffer overflow in Bookmarks * CVE-2021-30591: Use after free in File System API * CVE-2021-30592: Out of bounds write in Tab Groups * CVE-2021-30593: Out of bounds read in Tab Strip * CVE-2021-30594: Use after free in Page Info UI * CVE-2021-30596: Incorrect security UI in Navigation * CVE-2021-30597: Use after free in Browser UI Chromium 92.0.4515.107 (boo#1188590) * CVE-2021-30565: Out of bounds write in Tab Groups * CVE-2021-30566: Stack buffer overflow in Printing * CVE-2021-30567: Use after free in DevTools * CVE-2021-30568: Heap buffer overflow in WebGL * CVE-2021-30569: Use after free in sqlite * CVE-2021-30571: Insufficient policy enforcement in DevTools * CVE-2021-30572: Use after free in Autofill * CVE-2021-30573: Use after free in GPU * CVE-2021-30574: Use after free in protocol handling * CVE-2021-30575: Out of bounds read in Autofill * CVE-2021-30576: Use after free in DevTools * CVE-2021-30577: Insufficient policy enforcement in Installer * CVE-2021-30578: Uninitialized Use in Media * CVE-2021-30579: Use after free in UI framework * CVE-2021-30581: Use after free in DevTools * CVE-2021-30582: Inappropriate implementation in Animation * CVE-2021-30584: Incorrect security UI in Downloads * CVE-2021-30585: Use after free in sensor handling * CVE-2021-30588: Type Confusion in V8 * CVE-2021-30589: Insufficient validation of untrusted input in Sharing Important SUSE bug 1188590 SUSE bug 1189006 CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568 CVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573 CVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30577 CVE-2021-30578 CVE-2021-30579 CVE-2021-30581 CVE-2021-30582 CVE-2021-30584 CVE-2021-30585 CVE-2021-30588 CVE-2021-30589 CVE-2021-30590 CVE-2021-30591 CVE-2021-30592 CVE-2021-30593 CVE-2021-30594 CVE-2021-30596 CVE-2021-30597 cpe:/o:opensuse:leap:15.3 Security update for prosody (Moderate) openSUSE Leap 15.3 This update for prosody fixes the following issues: prosody was updated to 0.11.10: Security: * MUC: Fix logic for access to affiliation lists CVE-2021-37601 (boo#1188976) https://prosody.im/security/advisory_20210722/ Minor changes: * prosodyctl: Add ‘limits’ to known globals to warn about misplacing it * util.ip: Fix netmask for link-local address range * mod_pep: Remove obsolete node restoration code * util.pubsub: Fix traceback if node data not initialized Moderate SUSE bug 1188976 CVE-2021-37601 cpe:/o:opensuse:leap:15.3 Security update for libhts (Low) openSUSE Leap 15.3 This update of libhts fixes the following security issue: - CVE-2020-36403: Fixed an out-of-bounds write access in vcf_parse_format() (bsc#1187917) Low SUSE bug 1187917 CVE-2020-36403 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 92.0.4515.159 (boo#1189490): * CVE-2021-30598: Type Confusion in V8 * CVE-2021-30599: Type Confusion in V8 * CVE-2021-30600: Use after free in Printing * CVE-2021-30601: Use after free in Extensions API * CVE-2021-30602: Use after free in WebRTC * CVE-2021-30603: Race in WebAudio * CVE-2021-30604: Use after free in ANGLE * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1189490 CVE-2021-30598 CVE-2021-30599 CVE-2021-30600 CVE-2021-30601 CVE-2021-30602 CVE-2021-30603 CVE-2021-30604 cpe:/o:opensuse:leap:15.3 Security update for libspf2 (Critical) openSUSE Leap 15.3 This update for libspf2 fixes the following issue: - CVE-2021-20314: A remote overflow in SPF parsing could lead to remote code execution (bsc#1189104) Critical SUSE bug 1189104 CVE-2021-20314 cpe:/o:opensuse:leap:15.3 Security update for cacti, cacti-spine (Moderate) openSUSE Leap 15.3 This update for cacti, cacti-spine fixes the following issues: cacti-spine 1.2.18: * Fix missing time parameter on FROM_UNIXTIME function cacti 1.2.18: * CVE-2020-14424: Lack of escaping on template import can lead to XSS exposure under 'midwinter' theme (boo#1188188) * Real time graphs can expose XSS issue Moderate SUSE bug 1188188 CVE-2020-14424 cpe:/o:opensuse:leap:15.3 Security update for tor (Moderate) openSUSE Leap 15.3 This update for tor fixes the following issues: tor 0.4.6.7: * Fix a DoS via a remotely triggerable assertion failure (boo#1189489, TROVE-2021-007, CVE-2021-38385) tor 0.4.6.6: * Enable the deterministic RNG for unit tests that covers the address set bloomfilter-based API's tor 0.4.6.5 * Add controller support for creating v3 onion services with client auth * When voting on a relay with a Sybil-like appearance, add the Sybil flag when clearing out the other flags. This lets a relay operator know why their relay hasn't been included in the consensus * Relays now report how overloaded they are * Add a new DoS subsystem to control the rate of client connections for relays * Relays now publish statistics about v3 onions services * Improve circuit timeout algorithm for client performance Moderate SUSE bug 1189489 CVE-2021-38385 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: opera was updated to version 78.0.4093.147 - CHR-8251 Update chromium on desktop-stable-92-4093 to 92.0.4515.131 - DNA-93036 Opera not starting after closing window. Processes still working. - DNA-94516 Add ‘Detach tab’ entry to tab menu - DNA-94584 [Mac] Sidebar setup not closed after press ‘Add extensions’ button - DNA-94761 Crash when trying to record “Chrome developer” trace - DNA-94790 Crash at opera::VideoConferenceTabDetachController:: OnBrowserAboutToStartClosing(Browser*) - The update to chromium 92.0.4515.131 fixes following issues: CVE-2021-30590, CVE-2021-30591, CVE-2021-30592, CVE-2021-30593, CVE-2021-30594, CVE-2021-30596, CVE-2021-30597 Update to version 78.0.4093.112 - DNA-94466 Implement sorting Pinboards in overview - DNA-94582 Add access to APIs for showing pinboard icon in sidebar - DNA-94603 Suspicious pinboards events - DNA-94625 Disable opr.pinboardPrivate.getThumbnail() for local files - DNA-94640 Promote O78 to stable - DNA-94661 Missing translations for some languages - Complete Opera 78.0 changelog at: https://blogs.opera.com/desktop/changelog-for-78/ Important CVE-2021-30590 CVE-2021-30591 CVE-2021-30592 CVE-2021-30593 CVE-2021-30594 CVE-2021-30596 CVE-2021-30597 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: opera was updated to version 78.0.4093.184 - CHR-8533 Update chromium on desktop-stable-92-4093 to 92.0.4515.159 - DNA-93472 Reattaching to other browsers - DNA-93741 Multiple hint slots - DNA-93742 Allow displaying unobtrusive external hints - DNA-93744 Add slots in toolbar action view - DNA-94230 Improve text contrast for Speed Dials - DNA-94724 [Mac] Add macOS dark theme wallpaper with easy setup - DNA-94786 Crash at base::SupportsUserData:: SetUserData(void const*, std::__1::unique_ptr) - DNA-94807 Allow scripts access opera version and product info - DNA-94862 Continue on shopping Amazon doesn’t work correct - DNA-94870 Add an addonsPrivate function to install with permissions dialog first - DNA-95064 Revert DNA-93714 on stable - The update to chromium 92.0.4515.159 fixes following issues: CVE-2021-30598, CVE-2021-30599, CVE-2021-30600, CVE-2021-30601, CVE-2021-30602, CVE-2021-30603, CVE-2021-30604 Important CVE-2021-30598 CVE-2021-30599 CVE-2021-30600 CVE-2021-30601 CVE-2021-30602 CVE-2021-30603 CVE-2021-30604 cpe:/o:opensuse:leap:15.3 Security update for gifsicle (Moderate) openSUSE Leap 15.3 This update for gifsicle fixes the following issues: Update to version 1.93: * Fix security bug on certain resize operations with `--resize-method=box` * Fix problems with colormapless GIFs. Update to version 1.92 * Add `--lossy` option from Kornel Lipiński. * Remove an assertion failure possible with `--conserve-memory` + `--colors` + `--careful`. Moderate cpe:/o:opensuse:leap:15.3 Security update for nextcloud (Important) openSUSE Leap 15.3 This update for nextcloud fixes the following issues: Update to 20.0.12 Fix boo#1190291 - CVE-2021-32766 (CWE-209): Generation of Error Message Containing Sensitive Information - CVE-2021-32800 (CWE-306): Missing Authentication for Critical Function - CVE-2021-32801 (CWE-532): Insertion of Sensitive Information into Log File - CVE-2021-32802 (CWE-829): Inclusion of Functionality from Untrusted Control Sphere Changes - Bump vue-router from 3.4.3 to 3.4.9 (server#27224) - Bump v-click-outside from 3.1.1 to 3.1.2 (server#27232) - Bump url-search-params-polyfill from 8.1.0 to 8.1.1 (server#27236) - Bump debounce from 1.2.0 to 1.2.1 (server#27646) - Bump vue and vue-template-compiler (server#27701) - Design fixes to app-settings button (server#27745) - Reset checksum when writing files to object store (server#27754) - Run s3 tests again (server#27804) - Fix in locking cache check (server#27829) - Bump dompurify from 2.2.8 to 2.2.9 (server#27836) - Make search popup usable on mobile, too (server#27858) - Cache images on browser (server#27863) - Fix dark theme on public link shares (server#27895) - Make user status usable on mobile (server#27897) - Do not escape display name in dashboard welcome text (server#27913) - Bump moment-timezone from 0.5.31 to 0.5.33 (server#27924) - Fix newfileMenu on public page (server#27941) - Fix svg icons disapearing in app navigation when text overflows (server#27955) - Bump bootstrap from 4.5.2 to 4.5.3 (server#27965) - Show registered breadcrumb detail views in breadcrumb menu (server#27970) - Fix regression in file sidebar (server#27976) - Bump exports-loader from 1.1.0 to 1.1.1 (server#27984) - Bump @nextcloud/capabilities from 1.0.2 to 1.0.4 (server#27985) - Bump @nextcloud/vue-dashboard from 1.0.0 to 1.0.1 (server#27988) - Improve notcreatable permissions hint (server#28006) - Update CRL due to revoked twofactor_nextcloud_notification.crt (server#28018) - Bump sass-loader from 10.0.2 to 10.0.5 (server#28032) - Increase footer height for longer menus (server#28045) - Mask password for Redis and RedisCluster on connection failure (server#28054) - Fix missing theming for login button (server#28065) - Fix overlapping of elements in certain views (server#28072) - Disable HEIC image preview provider for performance concerns (server#28081) - Improve provider check (server#28087) - Sanitize more functions from the encryption app (server#28091) - Hide download button for public preview of audio files (server#28096) - L10n: HTTP in capital letters (server#28107) - Fix dark theme in file exists dialog (server#28111) - Let memory limit set in tests fit the used amount (server#28125) - User management - Add icon to user groups (server#28172) - Bump marked from 1.1.1 to 1.1.2 (server#28187) - Fix variable override in file view (server#28191) - Bump regenerator-runtime from 0.13.7 to 0.13.9 (server#28207) - Bump url-loader from 4.1.0 to 4.1.1 (server#28208) - Fix Files breadcrumbs being hidden even if there is enough space (server#28224) - Dont apply jail search filter is on the root (server#28241) - Check that php was compiled with argon2 support or that the php-sodium extensions is installed (server#28289) - Fix preference name when generating notifications (activity#603) - Fix monochrome icon detection for correct dark mode invert (activity#607) - Fix 'Enable notification emails' (activity#613) - Show add, del and restored files within by and self filter (activity#616) - Link from app-navigation-settings to personal settings (activity#625) - Fix pdfviewer design (files_pdfviewer#446) - Include version number in firstrunwizard (firstrunwizard#570) - Use notification main link if no parameter has a link (notifications#1040) - Bump sass-loader from 10.1.0 to 10.1.1 (text#1360) - Bump @babel/plugin-transform-runtime from 7.13.9 to 7.13.15 (text#1548) - Bump @babel/preset-env from 7.13.9 to 7.13.15 (text#1550) - Bump vue-loader from 15.9.6 to 15.9.7 (text#1592) - Unify error responses and add logging where appropriate (text#1719) - Disable header timeout on mobile (viewer#978) Important SUSE bug 1190291 CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 cpe:/o:opensuse:leap:15.3 Security update for fail2ban (Important) openSUSE Leap 15.3 This update for fail2ban fixes the following issues: - CVE-2021-32749: prevent a command injection via mail command (boo#1188610) - Integrate change to resolve boo#1146856 and boo#1180738 Update to 0.11.2 - increased stability, filter and action updates New Features and Enhancements * fail2ban-regex: - speedup formatted output (bypass unneeded stats creation) - extended with prefregex statistic - more informative output for `datepattern` (e. g. set from filter) - pattern : description * parsing of action in jail-configs considers space between action-names as separator also (previously only new-line was allowed), for example `action = a b` would specify 2 actions `a` and `b` * new filter and jail for GitLab recognizing failed application logins (gh#fail2ban/fail2ban#2689) * new filter and jail for Grafana recognizing failed application logins (gh#fail2ban/fail2ban#2855) * new filter and jail for SoftEtherVPN recognizing failed application logins (gh#fail2ban/fail2ban#2723) * `filter.d/guacamole.conf` extended with `logging` parameter to follow webapp-logging if it's configured (gh#fail2ban/fail2ban#2631) * `filter.d/bitwarden.conf` enhanced to support syslog (gh#fail2ban/fail2ban#2778) * introduced new prefix `{UNB}` for `datepattern` to disable word boundaries in regex; * datetemplate: improved anchor detection for capturing groups `(^...)`; * datepattern: improved handling with wrong recognized timestamps (timezones, no datepattern, etc) as well as some warnings signaling user about invalid pattern or zone (gh#fail2ban/fail2ban#2814): - filter gets mode in-operation, which gets activated if filter starts processing of new messages; in this mode a timestamp read from log-line that appeared recently (not an old line), deviating too much from now (up too 24h), will be considered as now (assuming a timezone issue), so could avoid unexpected bypass of failure (previously exceeding `findtime`); - better interaction with non-matching optional datepattern or invalid timestamps; - implements special datepattern `{NONE}` - allow to find failures totally without date-time in log messages, whereas filter will use now as timestamp (gh#fail2ban/fail2ban#2802) * performance optimization of `datepattern` (better search algorithm in datedetector, especially for single template); * fail2ban-client: extended to unban IP range(s) by subnet (CIDR/mask) or hostname (DNS), gh#fail2ban/fail2ban#2791; * extended capturing of alternate tags in filter, allowing combine of multiple groups to single tuple token with new tag prefix `<F-TUPLE_`, that would combine value of `<F-V>` with all value of `<F-TUPLE_V?_n?>` tags (gh#fail2ban/fail2ban#2755) - Fixes * [stability] prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh#fail2ban/fail2ban#2660) * pyinotify-backend sporadically avoided initial scanning of log-file by start * python 3.9 compatibility (and Travis CI support) * restoring a large number (500+ depending on files ulimit) of current bans when using PyPy fixed * manual ban is written to database, so can be restored by restart (gh#fail2ban/fail2ban#2647) * `jail.conf`: don't specify `action` directly in jails (use `action_` or `banaction` instead) * no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh#fail2ban/fail2ban#2357 * ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh#fail2ban/fail2ban#2686) * don't use `%(banaction)s` interpolation because it can be complex value (containing `[...]` and/or quotes), so would bother the action interpolation * fixed type conversion in config readers (take place after all interpolations get ready), that allows to specify typed parameters variable (as substitutions) as well as to supply it in other sections or as init parameters. * `action.d/*-ipset*.conf`: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only, gh#fail2ban/fail2ban#2703) * `action.d/cloudflare.conf`: fixed `actionunban` (considering new-line chars and optionally real json-parsing with `jq`, gh#fail2ban/fail2ban#2140, gh#fail2ban/fail2ban#2656) * `action.d/nftables.conf` (type=multiport only): fixed port range selector, replacing `:` with `-` (gh#fail2ban/fail2ban#2763) * `action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-` (gh#fail2ban/fail2ban#2821) * `action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num` (gh#fail2ban/fail2ban#2836) * `filter.d/common.conf`: avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (inside the filter-config, gh#fail2ban/fail2ban#2650) * `filter.d/dovecot.conf`: - add managesieve and submission support (gh#fail2ban/fail2ban#2795); - accept messages with more verbose logging (gh#fail2ban/fail2ban#2573); * `filter.d/courier-smtp.conf`: prefregex extended to consider port in log-message (gh#fail2ban/fail2ban#2697) * `filter.d/traefik-auth.conf`: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently (gh#fail2ban/fail2ban#2693): - `normal`: matches 401 with supplied username only - `ddos`: matches 401 without supplied username only - `aggressive`: matches 401 and any variant (with and without username) * `filter.d/sshd.conf`: normalizing of user pattern in all RE's, allowing empty user (gh#fail2ban/fail2ban#2749) Update to 0.11.1: * Increment ban time (+ observer) functionality introduced. * Database functionality extended with bad ips. * New tags (usable in actions): - `<bancount>` - ban count of this offender if known as bad (started by 1 for unknown) - `<bantime>` - current ban-time of the ticket (prolongation can be retarded up to 10 sec.) * Introduced new action command `actionprolong` to prolong ban-time (e. g. set new timeout if expected); * algorithm of restore current bans after restart changed: update the restored ban-time (and therefore end of ban) of the ticket with ban-time of jail (as maximum), for all tickets with ban-time greater (or persistent) * added new setup-option `--without-tests` to skip building and installing of tests files (gh-2287). * added new command `fail2ban-client get <JAIL> banip ?sep-char|--with-time?` to get the banned ip addresses (gh-1916). * purge database will be executed now (within observer). restoring currently banned ip after service restart fixed (now < timeofban + bantime), ignore old log failures (already banned) * upgrade database: update new created table `bips` with entries from table `bans` (allows restore current bans after upgrade from version <= 0.10) - removal of SuSEfirewall2-fail2ban for factory versions since SuSEfirewall2 will be removed from Factory (see sr#713247): * removed references to SuSEfirewall2 service * use references to SuSEfirewall2 only for older distributions * Removed installation recommendation of the fail2ban-SuSEfirewall2 package for all distributions as it is deprecated. - changed fail2ban unit file location (boo#1145181, gh#fail2ban/fail2ban#2474) Important SUSE bug 1145181 SUSE bug 1146856 SUSE bug 1180738 SUSE bug 1188610 CVE-2021-32749 cpe:/o:opensuse:leap:15.3 Security update for haserl (Moderate) openSUSE Leap 15.3 This update for haserl fixes the following issues: Update to version 0.9.36: * Fixed: Its possible to issue a PUT request without a CONTENT-TYPE. Assume an octet-stream in that case. This is CVE-2021-29133 and boo#1187671 * Change the Prefix for variables to be the REQUEST_METHOD (PUT/DELETE/GET/POST) THIS IS A BREAKING CHANGE * Mitigations vs running haserl to get access to files not available to the user. Moderate SUSE bug 1187671 CVE-2021-29133 cpe:/o:opensuse:leap:15.3 Security update for php-composer (Important) openSUSE Leap 15.3 This update for php-composer fixes the following issues: - Require php-mbstring as requested in boo#1187416 - Version 1.10.22 * Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472), boo#1185376 - Version 1.10.21 * Fixed support for new GitHub OAuth token format * Fixed processes silently ignoring the CWD when it does not exist - Version 1.10.20 * Fixed exclude-from-classmap causing regex issues when having too many paths * Fixed compatibility issue with Symfony 4/5 - Version 1.10.17 * Fixed Bitbucket API authentication issue * Fixed parsing of Composer 2 lock files breaking in some rare conditions - Version 1.10.16 * Added warning to validate command for cases where packages provide/ replace a package that they also require * Fixed JSON schema validation issue with PHPStorm * Fixed symlink handling in archive command - Version 1.10.15 * Fixed path repo version guessing issue - Version 1.10.14 * Fixed version guesser to look at remote branches as well as local ones * Fixed path repositories version guessing to handle edge cases where version is different from the VCS-guessed version * Fixed COMPOSER env var causing issues when combined with the global command * Fixed a few issues dealing with PHP without openssl extension (not recommended at all but sometimes needed for testing) - Version 1.10.13 * Fixed regressions with old version validation * Fixed invalid root aliases not being reported - Version 1.10.12 * Fixed regressions with old version validation - Version 1.10.11 * Fixed more PHP 8 compatibility issues * Fixed regression in handling of CTRL-C when xdebug is loaded * Fixed status handling of broken symlinks - Version 1.10.10 * Fixed create-project not triggering events while installing the root package * Fixed PHP 8 compatibility issue * Fixed self-update to avoid automatically upgrading to the next major version once it becomes stable - Version 1.10.9 * Fixed Bitbucket redirect loop when credentials are outdated * Fixed GitLab auth prompt wording * Fixed self-update handling of files requiring admin permissions to write to on Windows (it now does a UAC prompt) * Fixed parsing issues in funding.yml files - Version 1.10.8 * Fixed compatibility issue with git being configured to show signatures by default * Fixed discarding of local changes when updating packages to include untracked files * Several minor fixes - Version 1.10.7 * Fixed PHP 8 deprecations * Fixed detection of pcntl_signal being in disabled_functions when pcntl_async_signal is allowed - Version 1.10.6 * Fixed version guessing to take composer-runtime-api and composer-plugin-api requirements into account to avoid selecting packages which require Composer 2 * Fixed package name validation to allow several dashes following each other * Fixed post-status-cmd script not firing when there were no changes to be displayed * Fixed composer-runtime-api support on Composer 1.x, the package is now present as 1.0.0 * Fixed support for composer show --name-only --self * Fixed detection of GitLab URLs when handling authentication in some cases - Version 1.10.5 * Fixed self-update on PHP <5.6, seriously please upgrade * Fixed 1.10.2 regression with PATH resolution in scripts - Version 1.10.4 * Fixed 1.10.2 regression in path symlinking with absolute path repos - Version 1.10.3 * Fixed invalid --2 flag warning in self-update when no channel is requested - Version 1.10.2 * Added --1 flag to self-update command which can be added to automated self-update runs to make sure it won't automatically jump to 2.0 once that is released * Fixed path repository symlinks being made relative when the repo url is defined as absolute paths * Fixed potential issues when using 'composer ...' in scripts and composer/composer was also required in the project * Fixed 1.10.0 regression when downloading GitHub archives from non-API URLs * Fixed handling of malformed info in fund command * Fixed Symfony5 compatibility issues in a few commands - Version 1.10.1 * Fixed path repository warning on empty path when using wildcards * Fixed superfluous warnings when generating optimized autoloaders - Version 1.10.0 * Breaking: composer global exec ... now executes the process in the current working directory instead of executing it in the global directory. * Warning: Added a warning when class names are being loaded by a PSR-4 or PSR-0 rule only due to classmap optimization, but would not otherwise be autoloadable. Composer 2.0 will stop autoloading these classes so make sure you fix your autoload configs. * Added new funding key to composer.json to describe ways your package's maintenance can be funded. This reads info from GitHub's FUNDING.yml by default so better configure it there so it shows on GitHub and Composer/Packagist * Added composer fund command to show funding info of your dependencies * Added bearer auth config to authenticate using Authorization: Bearer <token> headers * Added plugin-api-version in composer.lock so third-party tools can know which Composer version was used to generate a lock file * Added support for --format=json output for show command when showing a single package * Added support for configuring suggestions using config command, e.g. composer config suggest.foo/bar some text * Added support for configuring fine-grained preferred-install using config command, e.g. composer config preferred-install.foo/* dist * Added @putenv script handler to set environment variables from composer.json for following scripts * Added lock option that can be set to false, in which case no composer.lock file will be generated * Added --add-repository flag to create-project command which will persist the repo given in --repository into the composer.json of the package being installed * Fixed issue where --no-dev autoload generation was excluding some packages which should not have been excluded * Added support for IPv6 addresses in NO_PROXY * Added package homepage display in the show command * Added debug info about HTTP authentications * Added Symfony 5 compatibility * Added --fixed flag to require command to make it use a fixed constraint instead of a ^x.y constraint when adding the requirement * Fixed exclude-from-classmap matching subsets of directories e.g. foo/ was excluding foobar/ * Fixed archive command to persist file permissions inside the zip files * Fixed init/require command to avoid suggesting packages which are already selected in the search results * Fixed create-project UX issues * Fixed filemtime for vendor/composer/* files is now only changing when the files actually change * Fixed issues detecting docker environment with an active open_basedir - Version 1.9.3 * Fixed GitHub deprecation of access_token query parameter, now using Authorization header - Version 1.9.2 * Fixed minor git driver bugs * Fixed schema validation for version field to allow dev-* versions too * Fixed external processes' output being formatted even though it should not * Fixed issue with path repositories when trying to install feature branches - Version 1.9.1 * Fixed various credential handling issues with gitlab and github * Fixed credentials being present in git remotes in Composer cache and vendor directory when not using SSH keys * Fixed composer why not listing replacers as a reason something is present * Fixed various PHP 7.4 compatibility issues * Fixed root warnings always present in Docker containers, setting COMPOSER_ALLOW_SUPERUSER is not necessary anymore * Fixed GitHub access tokens leaking into debug-verbosity output * Fixed several edge case issues detecting GitHub, Bitbucket and GitLab repository types * Fixed Composer asking if you want to use a composer.json in a parent directory when ran in non-interactive mode * Fixed classmap autoloading issue finding classes located within a few non-PHP context blocks (?>...<?php) - Version 1.9.0 * Added a --no-cache flag available on all commands to run with the cache disabled * Added PHP_BINARY as env var pointing to the PHP process when executing Composer scripts as shell scripts * Added a use-github-api config option which can set the no-api flag on all GitHub VCS repositories declared * Added a static helper you can preprend to a script to avoid process timeouts, 'Composer\\Config::disableProcessTimeout' * Added Event::getOriginatingEvent to retrieve an event's original event when a script handler forwards to another one * Added support for autoloading directly from a phar file * Fixed loading order of plugins to always initialize them in order of dependencies * Fixed various network-mount related issues * Fixed --ignore-platform-reqs not ignoring conflict rules against platform packages - Version 1.8.6 * Fixed handling of backslash-escapes handling in compoesr.json when using the require command * Fixed create-project not following classmap-authoritative and apcu-autoloader config values * Fixed HHVM version warning showing up in some cases when it was not in use Important SUSE bug 1185376 SUSE bug 1187416 CVE-2021-29472 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 93.0.4577.63 (boo#1190096): * CVE-2021-30606: Use after free in Blink * CVE-2021-30607: Use after free in Permissions * CVE-2021-30608: Use after free in Web Share * CVE-2021-30609: Use after free in Sign-In * CVE-2021-30610: Use after free in Extensions API * CVE-2021-30611: Use after free in WebRTC * CVE-2021-30612: Use after free in WebRTC * CVE-2021-30613: Use after free in Base internals * CVE-2021-30614: Heap buffer overflow in TabStrip * CVE-2021-30615: Cross-origin data leak in Navigation * CVE-2021-30616: Use after free in Media * CVE-2021-30617: Policy bypass in Blink * CVE-2021-30618: Inappropriate implementation in DevTools * CVE-2021-30619: UI Spoofing in Autofill * CVE-2021-30620: Insufficient policy enforcement in Blink * CVE-2021-30621: UI Spoofing in Autofill * CVE-2021-30622: Use after free in WebApp Installs * CVE-2021-30623: Use after free in Bookmarks * CVE-2021-30624: Use after free in Autofill Chromium 93.0.4577.82 (boo#1190476): * CVE-2021-30625: Use after free in Selection API * CVE-2021-30626: Out of bounds memory access in ANGLE * CVE-2021-30627: Type Confusion in Blink layout * CVE-2021-30628: Stack buffer overflow in ANGLE * CVE-2021-30629: Use after free in Permissions * CVE-2021-30630: Inappropriate implementation in Blink * CVE-2021-30631: Type Confusion in Blink layout * CVE-2021-30632: Out of bounds write in V8 * CVE-2021-30633: Use after free in Indexed DB API Important SUSE bug 1190096 SUSE bug 1190476 CVE-2021-30606 CVE-2021-30607 CVE-2021-30608 CVE-2021-30609 CVE-2021-30610 CVE-2021-30611 CVE-2021-30612 CVE-2021-30613 CVE-2021-30614 CVE-2021-30615 CVE-2021-30616 CVE-2021-30617 CVE-2021-30618 CVE-2021-30619 CVE-2021-30620 CVE-2021-30621 CVE-2021-30622 CVE-2021-30623 CVE-2021-30624 CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30629 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: opera was updated to version 79.0.4143.22 - CHR-8550 Update chromium on desktop-stable-93-4143 to 93.0.4577.58 - CHR-8557 Update chromium on desktop-stable-93-4143 to 93.0.4577.63 - DNA-94641 [Linux] Proprietary media codecs not working in snap builds - DNA-95076 [Linux] Page crash with media content - DNA-95084 [Mac] Cannot quit through menu with snapshot editor open - DNA-95138 Add setting to synchronize Pinboards - DNA-95157 Crash at -[OperaCrApplication sendEvent:] - DNA-95204 Opera 79 translations - DNA-95240 The pinboard thumbnail cannot be generated anymore - DNA-95278 Existing Pinboards might be missing - DNA-95292 Enable #bookmarks-trash-cleaner on all streams - DNA-95293 Enable #easy-files-downloads-folder on all streams - DNA-95383 Promote O79 to stable - Complete Opera 79.0 changelog at: https://blogs.opera.com/desktop/changelog-for-79/ - The update to chromium 93.0.4577.58 fixes following issues: CVE-2021-30606, CVE-2021-30607, CVE-2021-30608, CVE-2021-30609, CVE-2021-30610, CVE-2021-30611, CVE-2021-30612, CVE-2021-30613, CVE-2021-30614, CVE-2021-30615, CVE-2021-30616, CVE-2021-30617, CVE-2021-30618, CVE-2021-30619, CVE-2021-30620, CVE-2021-30621, CVE-2021-30622, CVE-2021-30623, CVE-2021-30624 Important CVE-2021-30606 CVE-2021-30607 CVE-2021-30608 CVE-2021-30609 CVE-2021-30610 CVE-2021-30611 CVE-2021-30612 CVE-2021-30613 CVE-2021-30614 CVE-2021-30615 CVE-2021-30616 CVE-2021-30617 CVE-2021-30618 CVE-2021-30619 CVE-2021-30620 CVE-2021-30621 CVE-2021-30622 CVE-2021-30623 CVE-2021-30624 cpe:/o:opensuse:leap:15.3 Security update for transfig (Moderate) openSUSE Leap 15.3 This update for transfig fixes the following issues: Update to version 3.2.8, including fixes for - CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef() (bsc#1186329). - CVE-2019-19797: out-of-bounds write in read_colordef in read.c (bsc#1159293). - CVE-2019-19555: stack-based buffer overflow because of an incorrect sscanf (bsc#1161698). - CVE-2019-19746: segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130). - CVE-2019-14275: stack-based buffer overflow in the calc_arrow function in bound.c (bsc#1143650). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1143650 SUSE bug 1159130 SUSE bug 1159293 SUSE bug 1161698 SUSE bug 1186329 CVE-2019-14275 CVE-2019-19555 CVE-2019-19746 CVE-2019-19797 CVE-2021-3561 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Opera was updated to version 79.0.4143.50 - CHR-8571 Update chromium on desktop-stable-93-4143 to 93.0.4577.82 - DNA-94104 ContinueShoppingOnEbayBrowserTest.ShouldDisplayOffers TilesStartingWithMostActiveOnes fails - DNA-94894 [Rich Hint] Agent API permissions - DNA-94989 Wrong color and appearance of subpages in the settings - DNA-95241 “Switch to tab” button is visible only on hover - DNA-95286 Add unit tests to pinboard sync related logic in browser - DNA-95372 [Mac retina screen] Snapshot doesnt capture cropped area - DNA-95526 Some webstore extensions are not verified properly - The update to chromium 93.0.4577.82 fixes following issues: CVE-2021-30625, CVE-2021-30626, CVE-2021-30627, CVE-2021-30628, CVE-2021-30629, CVE-2021-30630, CVE-2021-30631, CVE-2021-30632, CVE-2021-30633 Important CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30629 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 94.0.4606.54 (boo#1190765): * CVE-2021-37956: Use after free in Offline use * CVE-2021-37957: Use after free in WebGPU * CVE-2021-37958: Inappropriate implementation in Navigation * CVE-2021-37959: Use after free in Task Manager * CVE-2021-37960: Inappropriate implementation in Blink graphics * CVE-2021-37961: Use after free in Tab Strip * CVE-2021-37962: Use after free in Performance Manager * CVE-2021-37963: Side-channel information leakage in DevTools * CVE-2021-37964: Inappropriate implementation in ChromeOS Networking * CVE-2021-37965: Inappropriate implementation in Background Fetch API * CVE-2021-37966: Inappropriate implementation in Compositing * CVE-2021-37967: Inappropriate implementation in Background Fetch API * CVE-2021-37968: Inappropriate implementation in Background Fetch API * CVE-2021-37969: Inappropriate implementation in Google Updater * CVE-2021-37970: Use after free in File System API * CVE-2021-37971: Incorrect security UI in Web Browser UI * CVE-2021-37972: Out of bounds read in libjpeg-turbo Chromium 94.0.4606.61 (boo#1191166): * CVE-2021-37973: Use after free in Portals Chromium 94.0.4606.71 (boo#1191204): * CVE-2021-37974 : Use after free in Safe Browsing * CVE-2021-37975 : Use after free in V8 * CVE-2021-37976 : Information leak in core Important SUSE bug 1190765 SUSE bug 1191166 SUSE bug 1191204 CVE-2021-37956 CVE-2021-37957 CVE-2021-37958 CVE-2021-37959 CVE-2021-37960 CVE-2021-37961 CVE-2021-37962 CVE-2021-37963 CVE-2021-37964 CVE-2021-37965 CVE-2021-37966 CVE-2021-37967 CVE-2021-37968 CVE-2021-37969 CVE-2021-37970 CVE-2021-37971 CVE-2021-37972 CVE-2021-37973 CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 cpe:/o:opensuse:leap:15.3 Security update for mupdf (Important) openSUSE Leap 15.3 This update for mupdf fixes the following issues: - CVE-2020-19609: Fixed heap-based buffer overflow in tiff_expand_colormap() when parsing TIFF files (boo#1190176) - CVE-2020-16600: Fixed use-after-free when a valid page was followed by a page with invalid pixmap dimensions (boo#1190175) Important SUSE bug 1190175 SUSE bug 1190176 CVE-2020-16600 CVE-2020-19609 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: opera was updated to version 80.0.4170.16 Fixes: - CHR-8590 Update chromium on desktop-stable-94-4170 to 94.0.4606.61 - DNA-95347 Make InstallerStep::Run async - DNA-95420 First suggestion in address field is often not highlighted - DNA-95613 Browser closing itself after closing SD/first tab and last opened tab - DNA-95725 Promote O80 to stable - DNA-95781 Import fixes for CVE-2021-37975, CVE-2021-37976 and CVE-2021-37974 to desktop-stable-94-4170 - Complete Opera 80.0 changelog at: https://blogs.opera.com/desktop/changelog-for-80/ - Drop Provides/Obsoletes for opera-gtk and opera-kde4 opera-gtk and opera-kde4 were last used in openSUSE 13.1 Opera was updated to version 79.0.4143.72 Fixes: - DNA-94933 Add emoji panel to address bar - DNA-95210 Add emoji YAT address bar suggestions - DNA-95221 Emoji button stuck in address bar - DNA-95325 Make y.at navigations to be reported with page_views events - DNA-95327 Add “Emojis” context menu option in address bar field - DNA-95339 Add YAT emoji url suggestion to search? dialog - DNA-95364 Add browser feature flag - DNA-95416 Remove emoji button from address bar - DNA-95439 Enable #yat-emoji-addresses on developer stream - DNA-95441 [Mac big sur] Emoji are not shown in address bar url - DNA-95445 Crash when removing unsynced pinboard bookmark with sync enabled - DNA-95512 Allow to show title and timer for simple banners - DNA-95516 Wrong label in settings for themes - DNA-95679 Temporarily disable AB test for a new autoupdater logic Important CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 cpe:/o:opensuse:leap:15.3 Security update for mbedtls (Moderate) openSUSE Leap 15.3 This update for mbedtls fixes the following issues: * CVE-2021-24119: Fixed side-channel vulnerability in base64 PEM [boo#1189589] Guard against strong local side channel attack against base64 tables by making access aceess to them use constant flow code. Moderate SUSE bug 1189589 CVE-2021-24119 cpe:/o:opensuse:leap:15.3 Security update for ssh-audit (Moderate) openSUSE Leap 15.3 This update for ssh-audit fixes the following issues: ssh-audit was updated to version 2.5.0 * Fixed crash when running host key tests. * Handles server connection failures more gracefully. * Now prints JSON with indents when -jj is used (useful for debugging). * Added MD5 fingerprints to verbose output. * Added -d/--debug option for getting debugging output. * Updated JSON output to include MD5 fingerprints. Note that this results in a breaking change in the 'fingerprints' dictionary format. * Updated OpenSSH 8.1 (and earlier) policies to include rsa-sha2-512 and rsa-sha2-256. * Added OpenSSH v8.6 & v8.7 policies. * Added 3 new key exchanges: + gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q== + gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q== + gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q== * Added 3 new MACs: + hmac-ripemd160-96 + AEAD_AES_128_GCM + AEAD_AES_256_GCM Update to version 2.4.0 * Added multi-threaded scanning support. * Added version check for OpenSSH user enumeration (CVE-2018-15473). * Added deprecation note to host key types based on SHA-1. * Added extra warnings for SSHv1. * Added built-in hardened OpenSSH v8.5 policy. * Upgraded warnings to failures for host key types based on SHA-1 * Fixed crash when receiving unexpected response during host key test. * Fixed hang against older Cisco devices during host key test & gex test. * Fixed improper termination while scanning multiple targets when one target returns an error. * Dropped support for Python 3.5 (which reached EOL in Sept.2020) * Added 1 new key exchange: sntrup761x25519-sha512@openssh.com. Moderate CVE-2018-15473 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 95.0.4638.54 (boo#1191844): * CVE-2021-37981: Heap buffer overflow in Skia * CVE-2021-37982: Use after free in Incognito * CVE-2021-37983: Use after free in Dev Tools * CVE-2021-37984: Heap buffer overflow in PDFium * CVE-2021-37985: Use after free in V8 * CVE-2021-37986: Heap buffer overflow in Settings * CVE-2021-37987: Use after free in Network APIs * CVE-2021-37988: Use after free in Profiles * CVE-2021-37989: Inappropriate implementation in Blink * CVE-2021-37990: Inappropriate implementation in WebView * CVE-2021-37991: Race in V8 * CVE-2021-37992: Out of bounds read in WebAudio * CVE-2021-37993: Use after free in PDF Accessibility * CVE-2021-37996: Insufficient validation of untrusted input in Downloads * CVE-2021-37994: Inappropriate implementation in iFrame Sandbox * CVE-2021-37995: Inappropriate implementation in WebApp Installer Important SUSE bug 1191844 CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996 cpe:/o:opensuse:leap:15.3 Security update for virtualbox (Important) openSUSE Leap 15.3 This update for virtualbox fixes the following issues: Version bump to 6.1.28 (released October 19 2021 by Oracle) This is a maintenance release. The following items were fixed and/or added: - VMM: Fixed guru meditation while booting nested-guests accessing debug registers under certain conditions - UI: Bug fixes for touchpad-based scrolling - VMSVGA: Fixed VM black screen issue on first resize after restoring from saved state (bug #20067) - VMSVGA: Fixed display corruption on Linux Mint (bug #20513) - Storage: Fixed a possible write error under certain circumstances when using VHD images (bug #20512) - Network: Multiple updates in virtio-net device support - Network: Disconnecting cable in saved VM state now is handled properly by virtio-net - Network: More administrative control over network ranges, see user manual - NAT: Fixed not rejecting TFTP requests with absolute pathnames (bug #20589) - Audio: Fixed VM session aborting after PC hibernation (bug #20516) - Audio: Fixed setting the line-in volume of the HDA emulation on modern Linux guests - Audio: Fixed resuming playback of the AC'97 emulation while a snapshot has been taken - API: Added bindings support for Python 3.9 (bug #20252) - API: Fixed rare hang of VM when changing settings at runtime - Linux host: Improved kernel modules installation detection which prevents unnecessary modules rebuild - Host Services: Shared Clipboard: Prevent guest clipboard reset when clipboard sharing is disabled (bug #20487) - Host Services: Shared Clipboard over VRDP: Fixed to continue working when guest service reconnects to host (bug #20366) - Host Services: Shared Clipboard over VRDP: Fixed preventing remote RDP client to hang when guest has no clipboard data to report - Linux Host and Guest: Introduced initial support for kernels 5.14 and 5.15 - Linux Host and Guest: Introduced initial support for RHEL 8.5 kernel - Windows Guest: Introduced Windows 11 guest support, including unattended installation - Fixes CVE-2021-35538, CVE-2021-35545, CVE-2021-35540, CVE-2021-35542, and CVE-2021-2475 (boo#1191869) - Use kernel_module_directory macro for kernel modules (boo#1191526) - Finish UsrMerge for VirtualBox components (boo#1191104). Important SUSE bug 1191104 SUSE bug 1191526 SUSE bug 1191869 CVE-2021-2475 CVE-2021-35538 CVE-2021-35540 CVE-2021-35542 CVE-2021-35545 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Opera was updated to version 80.0.4170.63 - CHR-8612 Update chromium on desktop-stable-94-4170 to 94.0.4606.81 - DNA-95434 Crash at opera::ThemesService::UpdateCurrentTheme() - The update to chromium 94.0.4606.81 fixes following issues: CVE-2021-37977, CVE-2021-37978, CVE-2021-37979, CVE-2021-37980 Opera was updated to version 80.0.4170.40 - CHR-8598 Update chromium on desktop-stable-94-4170 to 94.0.4606.71 - DNA-95221 Emoji button stuck in address bar - DNA-95325 Make y.at navigations to be reported with page_views events - DNA-95327 Add “Emojis” context menu option in address bar field - DNA-95339 Add YAT emoji url suggestion to search? dialog - DNA-95416 Remove emoji button from address bar - DNA-95439 Enable #yat-emoji-addresses on developer stream - DNA-95441 [Mac big sur] Emoji are not shown in address bar url - DNA-95514 Crash at resource_coordinator::TabLifecycleUnitSource ::TabLifecycleUnit::OnLifecycleUnitStateChanged(mojom:: LifecycleUnitState, mojom::LifecycleUnitStateChangeReason) - DNA-95746 Enable #reader-mode everywhere - DNA-95865 Numbers are recognized as emojis - DNA-95866 Change Yat text in selection popup - DNA-95867 Show that buttons are clickable in selection popup - The update to chromium 94.0.4606.71 fixes following issues: CVE-2021-37974, CVE-2021-37975, CVE-2021-37976 Important CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 95.0.4638.69 (boo#1192184): * CVE-2021-37997: Use after free in Sign-In * CVE-2021-37998: Use after free in Garbage Collection * CVE-2021-37999: Insufficient data validation in New Tab Page * CVE-2021-38000: Insufficient validation of untrusted input in Intents * CVE-2021-38001: Type Confusion in V8 * CVE-2021-38002: Use after free in Web Transport * CVE-2021-38003: Inappropriate implementation in V8 Important SUSE bug 1192184 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 cpe:/o:opensuse:leap:15.3 Security update for transfig (Important) openSUSE Leap 15.3 This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021) - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c. - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c. - bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c. - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c. - bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c. - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c. - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c. - bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c This update was imported from the SUSE:SLE-15:Update update project. This update was imported from the openSUSE:Leap:15.2:Update update project. Important SUSE bug 1189325 SUSE bug 1189343 SUSE bug 1189345 SUSE bug 1189346 SUSE bug 1190607 SUSE bug 1190611 SUSE bug 1190612 SUSE bug 1190615 SUSE bug 1190616 SUSE bug 1190617 SUSE bug 1190618 SUSE bug 1192019 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2020-21680 CVE-2020-21681 CVE-2020-21682 CVE-2020-21683 CVE-2021-32280 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Update to version 81.0.4196.31: - DNA-95733 Implement the “Manage” menu in card details view - DNA-95736 Update UI for paused card - DNA-95791 Crash at base::operator< - DNA-95794 Sometimes the sidebar UI fails to load - DNA-95812 Retrieve cards info when showing autofill - DNA-96035 Cannot create virtual card on Sandbox environment - DNA-96147 “Buy” button does not work - DNA-96168 Update contributors list - DNA-96211 Enable #fast-tab-tooltip on all streams - DNA-96231 Promote O81 to stable - Complete Opera 80.1 changelog at: https://blogs.opera.com/desktop/changelog-for-81/ Update to version 81.0.4196.27 - CHR-8623 Update chromium on desktop-stable-95-4196 to 95.0.4638.54 - DNA-92384 Better segmenting of hint users - DNA-95523 Allow sorting in multi-card view - DNA-95659 Flow of Lastcard on first login - DNA-95735 Implement the button that reveals full card details - DNA-95747 Better way to handle expired funding card - DNA-95949 [Mac Retina] Clicking active tab should scroll to the top - DNA-95993 Update icon used for Yat in address bar dropdown - DNA-96021 Cleared download item view is never deleted - DNA-96036 Occupation field in 'Account – Edit' is shown twice - DNA-96127 Upgrade plan button does nothing - DNA-96138 'Add Card' button does not change to 'Upgrade Plan' after adding card - The update to chromium 95.0.4638.54 fixes following issues: CVE-2021-37981, CVE-2021-37982, CVE-2021-37983, CVE-2021-37984, CVE-2021-37985, CVE-2021-37986, CVE-2021-37987, CVE-2021-37988, CVE-2021-37989, CVE-2021-37990, CVE-2021-37991, CVE-2021-37992, CVE-2021-37993, CVE-2021-37994, CVE-2021-37995, CVE-2021-37996 Update to version 80.0.4170.72 - DNA-95522 Change card view to show all types of cards - DNA-95523 Allow sorting in multi-card view - DNA-95524 Allow searching for cards by name - DNA-95658 Allow user to add a card - DNA-95659 Flow of Lastcard on first login - DNA-95660 Implement editing card details - DNA-95699 Add card details view - DNA-95733 Implement the “Manage” menu in card details view - DNA-95735 Implement the button that reveals full card details - DNA-95736 Update UI for paused card - DNA-95747 Better way to handle expired funding card - DNA-95794 Sometimes the sidebar UI fails to load - DNA-95812 Retrieve cards info when showing autofill - DNA-96036 Occupation field in ‘Account – Edit’ is shown twice - DNA-96127 Upgrade plan button does nothing - DNA-96138 “Add Card” button does not change to “Upgrade Plan” after adding card Important CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996 cpe:/o:opensuse:leap:15.3 Security update for hylafax+ (Moderate) openSUSE Leap 15.3 hylafax+ was updated to version 7.0.4: * README.SUSE renamed * hylafax.diff added for boo#1191571 (pre-correction) * Dependencies on systemd-services adjusted * retry training twice at the same bitrate unless FTT (26 Aug 2021) * add missing reason messages for session failures (21 Aug 2021) * stop attempts to send or receive signals if the call ended prematurely (16-19 Aug 2021) * add Class1HasRMHookIndication (16 Aug 2021) * don't attempt sending DCN if we're already on hook (15, 17 Aug 2021) * end session sooner if receiver hangs up immediately after TCF or during prologue (14 Aug 2021) * fix some behavior following frame reception timeouts (13 Aug 2021) * improve behavior if procedural interrupt fails (12 Aug 2021) * handle sender repeating RR after we transmit MCF (10 Aug 2021) * add session logging of receipt of CFR/FTT signals (3 Aug 2021) * cope with receipt of PPR following CTC (3 Aug 2021) * attempt to cope with NSF/CSI/DIS after PPS, CTR, ERR, RR and improve coping with the same after MPS/EOP/EOM (2, 12, 14, 18 Aug 2021) * identify DCN after PPS as a receiver abort (2 Aug 2021) * attempt to cope with receipt of CTR after sending PPS (2 Aug 2021) * remove use of deprecated libtiff integer types and 'register' storage class specifier (25 Jul 2021) * don't employ senderFumblesECM if V.34-Fax was negotiated (25 Jul 2021) * update configure to accept libtiff v4.2 and v4.3 (24 Jul 2021) * fix page handling 'botch' if a job's first and previous attempts were on a proxy (20 Jul 2021) * fix data timeout for bitrates less than 14400 bps when non-zero scanline time (15 Jul 2021) * try to cope with T.38 invite stutter at beginning of send (15 Jul 2021) * decouple session logging from direct filesystem I/O (15 Jul 2021) * try to help receivers who may expect initial 1-bits to start high-speed data (8, 9 Jul, 4 Aug 2021) * improve tenacity of 'persistent' ECM (26 Jun 2021) * maintain the same SSL Fax passcode during a single session (20 May 2021) * log detection of binary file transfer support in receivers (1 Apr 2021) * add support for SiLabs Si2417/Si2435 (5 Feb 2021) Moderate SUSE bug 1191571 cpe:/o:opensuse:leap:15.3 Security update for tor (Moderate) openSUSE Leap 15.3 This update for tor fixes the following issues: tor 0.4.6.8: * Improving reporting of general overload state for DNS timeout errors by relays * Regenerate fallback directories for October 2021 * Bug fixes for onion services * CVE-2021-22929: do not log v2 onion services access attempt warnings on disk excessively (TROVE-2021-008, boo#1192658) Moderate SUSE bug 1192658 CVE-2021-22929 cpe:/o:opensuse:leap:15.3 Security update for permissions (Moderate) openSUSE Leap 15.3 This update for permissions fixes the following issues: Update to version 20200127: * Makefile: Leap 15.3 still uses /etc, so adjust the installation setup Update to version 20181225: * mgetty: faxq-helper now finally reside in /usr/libexec * libksysguard5: Updated path for ksgrd_network_helper * kdesu: Updated path for kdesud * sbin_dirs cleanup: these binaries have already been moved to /usr/sbin * mariadb: revert auth_pam_tool to /usr/lib{,64} again * cleanup: revert virtualbox back to plain /usr/lib * cleanup: remove deprecated /etc/ssh/sshd_config * hawk_invoke is not part of newer hawk2 packages anymore * cleanup: texlive-filesystem: public now resides in libexec * cleanup: authbind: helper now resides in libexec * cleanup: polkit: the agent now also resides in libexec * libexec cleanup: 'inn' news binaries now reside in libexec * whitelist please (boo#1183669) * Fix enlightenment paths * usbauth: drop compatibility variable for libexec * usbauth: Updated path for usbauth-npriv * profiles: finish usage of variable for polkit-agent-helper-1 * Makefile: fix custom flags support when using make command line variables * added information about know limitations of this approach * Makefile: compile with LFO support to fix 32-bit emulation on 64-bit hosts (boo#1178476) * Makefile: support CXXFLAGS and LDFLAGS override / extension via make/env variables (boo#1178475) * profiles: prepare /usr/sbin versions of profile entries (boo#1029961) * profiles: use new variables feature to remove redundant entries * profiles: remove now superfluous squid pinger paths (boo#1171569) * tests: implement basic tests for new the new variable feature * tests: avoid redundant specification of test names by using class names * regtests: split up base types and actual test implementation * man pages: add documentation about variables, update copyrights * chkstat: implement support for variables in profile paths * chkstat: prepare reuse of config file locations * chkstat: fix some typos and whitespace * etc/permissions: remove unnecessary, duplicate, outdated entries * etc/permissions: remove trailing whitespace * ksgrd_network_helper: remove obviously wrong path * adjust squid pinger path (boo#1171569) * mgetty: remove long dead (or never existing) locks directory (boo#1171882) * squid: remove basic_pam_auth which doesn't need special perms (boo#1171569) * cleanup now useless /usr/lib entries after move to /usr/libexec (boo#1171164) * drop (f)ping capabilities in favor of ICMP_PROTO sockets (boo#1174504) * whitelist Xorg setuid-root wrapper (boo#1175867) * screen: remove /run/uscreens covered by systemd-tmpfiles (boo#1171879) * Add /usr/libexec for cockpit-session as new path * physlock: whitelist with tight restrictions (boo#1175720) * mtr-packet: stop requiring dialout group * etc/permissions: fix mtr permission * list_permissions: improve output format * list_permissions: support globbing in --path argument * list_permissions: implement simplifications suggested in PR#92 * list_permissions: new tool for better path configuration overview * regtest: support new getcap output format in libcap-2.42 * regtest: print individual test case errors to stderr * etc/permissions: remove static /var/spool/* dirs * etc/permissions: remove outdated entries * etc/permissions: remove unnecessary static dirs and devices * screen: remove now unused /var/run/uscreens * Revert 'etc/permissions: remove entries for bind-chrootenv' * rework permissions.local text (boo#1173221) * dbus-1: adjust to new libexec dir location (boo#1171164) * permission profiles: reinstate kdesud for kde5 * etc/permissions: remove entries for bind-chrootenv * etc/permissions: remove traceroute entry * VirtualBox: remove outdated entry which is only a symlink any more * /bin/su: remove path refering to symlink * etc/permissions: remove legacy RPM directory entries * /etc/permissions: remove outdated sudo directories * singularity: remove outdated setuid-binary entries * chromium: remove now unneeded chrome_sandbox entry (boo#1163588) * dbus-1: remove deprecated alternative paths * PolicyKit: remove outdated entries last used in SLE-11 * pcp: remove no longer needed / conflicting entries * gnats: remove entries for package removed from Factory * kdelibs4: remove entries for package removed from Factory * v4l-base: remove entries for package removed from Factory * mailman: remove entries for package deleted from Factory * gnome-pty-helper: remove dead entry no longer part of the vte package * gnokii: remove entries for package no longer in Factory * xawtv (v4l-conf): correct group ownership in easy profile * systemd-journal: remove unnecessary profile entries * thttp: make makeweb entry usable in the secure profile (boo#1171580) * profiles: add entries for enlightenment (boo#1171686) * permissions fixed profile: utempter: reinstate libexec compatibility entry * chkstat: fix sign conversion warnings on non 32-bit architectures * chkstat: allow simultaneous use of `--set` and `--system` * regtest: adjust TestUnkownOwnership test to new warning output behaviour * whitelist texlive public binary (boo#1171686) * fixed permissions: adjust to new libexec dir location (boo#1171164) * chkstat: don't print warning about unknown user/group by default * Makefile: link with --as-needed, move libs to the end of the command line * setuid bit for cockpit (boo#1169614) * Fix paranoid mode for newgidmap and newuidmap (boo#1171173) * chkstat: collectProfilePaths(): use directory_iterator to simplify code * chkstat: collectProfilePaths(): prefer /usr over /etc * regtest: add relative symlink corner case to TestSymlinkBehaviour * Chkstat::parseProfile(): avoid use of raw pointer * parseSysconfig(): only emmit warning if value is non-empty * incorporate a bunch of PR #56 review comments * regtest: add test for correct ownership change * chkstat: final pass over refactored code * chkstat: finish refactoring of safeOpen() * chkstat: improve/fix output of mismatches * chkstat: support numerical owner/group specification in profiles * chkstat: safeOpen: simplify path handling by using a std::string * chkstat regtest: support debug build * chkstat: start refactoring of safe_open() -> safeOpen() * chkstat: processEntries: pull out change logic into applyChanges() * chkstat: processEntries: pull out safety check logic * chkstat: processEntries: separate printing code and simplify ownership flags * chkstat: processEntries: also add file_status and *_ok flags to EntryContext * chkstat: processEntries: also add caps to EntryContext * chkstat: also move fd_path into EntryContext * chkstat: processEntries(): introduce EntryContext data structure * chkstat: introduce class type to deal with capabilities * chkstat: overhaul of the main entry processing loop * chkstat: smaller cleanup of Chkstat::run() * chkstat: remove last global variables `root` and `rootl` * chkstat: refactor parsing of permission profiles * chkstat: replace global `permlist` by STL map * chkstat: remove now obsolete usage() function * chkstat: refactor collection of permission files * regtest: support --after-test-enter-shell * chkstat: change global euid variable into const class member * chkstat: replace global level, nlevel by a vector data structure * chkstat: refactor check_fscaps_enabled() * chkstat: refactor parse_sysconfig as a member function Chkstat::parseSysconfig * chkstat: introduce separate processArguments() and refactor --files logic * chkstat: replace C style chkecklist by std::set * chkstat: refactor command line parsing * allow /usr/libexec in addition to /usr/lib (boo#1171164) * whitelist s390-tools setgid bit on log directory (boo#1167163) * whitelist WMP (boo#1161335) * regtest: improve readability of path variables by using literals * regtest: adjust test suite to new path locations in /usr/share/permissions * regtest: only catch explicit FileNotFoundError * regtest: provide valid home directory in /root * regtest: mount permissions src repository in /usr/src/permissions * regtest: move initialialization of TestBase paths into the prepare() function * chkstat: suppport new --config-root command line option * fix spelling of icingacmd group * chkstat: fix readline() on platforms with unsigned char * remove capability whitelisting for radosgw * whitelist ceph log directory (boo#1150366) * adjust testsuite to post CVE-2020-8013 link handling * testsuite: add option to not mount /proc * do not follow symlinks that are the final path element: CVE-2020-8013 * add a test for symlinked directories * fix relative symlink handling * include cpp compat headers, not C headers * Move permissions and permissions.* except .local to /usr/share/permissions * regtest: fix the static PATH list which was missing /usr/bin * regtest: also unshare the PID namespace to support /proc mounting * regtest: bindMount(): explicitly reject read-only recursive mounts * Makefile: force remove upon clean target to prevent bogus errors * regtest: by default automatically (re)build chkstat before testing * regtest: add test for symlink targets * regtest: make capability setting tests optional * regtest: fix capability assertion helper logic * regtests: add another test case that catches set*id or caps in world-writable sub-trees * regtest: add another test that catches when privilege bits are set for special files * regtest: add test case for user owned symlinks * regtest: employ subuid and subgid feature in user namespace * regtest: add another test case that covers unknown user/group config * regtest: add another test that checks rejection of insecure mixed-owner paths * regtest: add test that checks for rejection of world-writable paths * regtest: add test for detection of unexpected parent directory ownership * regtest: add further helper functions, allow access to main instance * regtest: introduce some basic coloring support to improve readability * regtest: sort imports, another piece of rationale * regtest: add capability test case * regtest: improve error flagging of test cases and introduce warnings * regtest: support caps * regtest: add a couple of command line parameter test cases * regtest: add another test that checks whether the default profile works * regtests: add tests for correct application of local profiles * regtest: add further test cases that test correct profile application * regtest: simplify test implementation and readability * regtest: add helpers for permissions.d per package profiles * regtest: support read-only bind mounts, also bind-mount permissions repo * tests: introduce a regression test suite for chkstat * Makefile: allow to build test version programmatically * README.md: add basic readme file that explains the repository's purpose * chkstat: change and harmonize coding style * chkstat: switch to C++ compilation unit * remove obsolete/broken entries for rcp/rsh/rlogin * chkstat: handle symlinks in final path elements correctly * Revert 'Revert 'mariadb: settings for new auth_pam_tool (boo#1160285)'' * Revert 'mariadb: settings for new auth_pam_tool (boo#1160285)' * mariadb: settings for new auth_pam_tool (boo#1160285) * add read-only fallback when /proc is not mounted (boo#1160764) * capability handling fixes (boo#1161779) * better error message when refusing to fix dir perms (#32) * fix paths of ksysguard whitelisting * fix zero-termination of error message for overly long paths * fix misleading indendation * fix changing of capabilities * fix warning text for unlisted files * fix error message with insecure sym links * remove useless if around realloc() * fix invalid free() when permfiles points to argv * use path-based operations with /proc/self/fd/X to avoid errors due to O_PATH * add .gitignore for chkstat binary * add/fix compiler warnings, free memory at exit * only open regular files/directories without O_PATH, fix stat buffer initialization * update * rewrite while protecting against symlinks and races * fix whitespace * faxq-helper: correct 'secure' permission for trusted group (boo#1157498) * whitelist ksysguard network helper (boo#1151190) * fix syntax of paranoid profile * fix squid permissions (boo#1093414, CVE-2019-3688) * setgid bit for nagios directory (boo#1028975, boo#1150345) * global: removal of unneeded SuSEconfig file and directory * global: restructure repository layout * dumpcap: remove 'other' executable bit because of capabilities (boo#1148788, CVE-2019-3687) * add one more missing slash for icinga2 * fix more missing slashes for directories * cron directory permissions: add slashes * iputils: Add capability permissions for clockdiff * iputils/ping: Drop effective capability * iputils/ping6: Remove definitions * singluarity: Add starter-suid for version 3.2.0 * removed entry for /var/cache/man. Conflicts with packaging and man:man is the better setting anyway (boo#1133678) * fixed error in description of permissions.paranoid. Make it clear that this is not a usable profile, but intended as a base for own developments * Misleading comment fix * removed old entry for wodim * removed old entry for netatalk * removed old entry for suidperl * removed old entriy for utempter * removed old entriy for hostname * removed old directory entries * removed old entry for qemu-bridge-helper * removed old entries for pccardctl * removed old entries for isdnctrl * removed old entries for unix(2)_chkpwd * removed old entries for mount.nfs * removed old entries for (u)mount * removed old entry for fileshareset * removed old entries for KDE * removed old entry for heartbeat * removed old entry for gnome-control-center * removed old entry for pcp * removed old entry for lpdfilter * removed old entry for scotty * removed old entry for ia32el * removed old entry for squid * removed old qpopper whitelist * removed pt_chown entries. Not needed anymore and a bad idea anyway * removed old majordomo entry * removed stale entries for old ncpfs tools * removed old entry for rmtab * Fixed type in icinga2 whitelist entry * New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale entries for VirtualBox * Removed whitelist for /usr/bin/su.core. According to comment a temporary hack introduced 2012 to help moving su from coretuils to util-linux. I couldn't find it anywhere, so we don't need it anymore * Remove entry for /usr/bin/yaps. We don't ship it anymore and the group that is used doesn't exists anymore starting with Leap 15, so it will not work there anyway. Users using this (old) package can do this individually * removed entry for /etc/ftpaccess. We currently don't have it anywhere (and judging from my search this has been the case for quite a while) * Ensure consistency of entries, otherwise switching between settings becomes problematic * Fix spelling of SUSE * adjust settings for amanda to current binary layout Moderate SUSE bug 1028975 SUSE bug 1029961 SUSE bug 1093414 SUSE bug 1133678 SUSE bug 1148788 SUSE bug 1150345 SUSE bug 1150366 SUSE bug 1151190 SUSE bug 1157498 SUSE bug 1160285 SUSE bug 1160764 SUSE bug 1161335 SUSE bug 1161779 SUSE bug 1163588 SUSE bug 1167163 SUSE bug 1169614 SUSE bug 1171164 SUSE bug 1171173 SUSE bug 1171569 SUSE bug 1171580 SUSE bug 1171686 SUSE bug 1171879 SUSE bug 1171882 SUSE bug 1173221 SUSE bug 1174504 SUSE bug 1175720 SUSE bug 1175867 SUSE bug 1178475 SUSE bug 1178476 SUSE bug 1183669 CVE-2019-3687 CVE-2019-3688 CVE-2020-8013 cpe:/o:opensuse:leap:15.3 Security update for singularity (Moderate) openSUSE Leap 15.3 This update for singularity fixes the following issues: Update to 3.8.5: - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (boo#1193273). - Building Singularity from source requires go greater or equal 1.16. We now aim to support the two most recent stable versions of Go. This corresponds to the Go Release Maintenance Policy - Sourcing a script based on PATH is now permitted, fixing a regression introduced in 3.6.0. - Environment variables in container definition files are properly scoped, fixing a regression introduced in 3.8.0. - Fix the oras contexts to avoid hangs upon failed pushes to Harbor registry. Moderate SUSE bug 1193273 CVE-2021-41190 cpe:/o:opensuse:leap:15.3 Security update for hiredis (Moderate) openSUSE Leap 15.3 This update for hiredis fixes the following issues: - CVE-2021-32765: Fix integer/buffer (boo#1191331) Moderate SUSE bug 1191331 CVE-2021-32765 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: - Ensure newer libs and LLVM is used on Leap (boo#1192310) - Explicitly BuildRequire python3-six. Chromium 96.0.4664.93 (boo#1193519): * CVE-2021-4052: Use after free in web apps * CVE-2021-4053: Use after free in UI * CVE-2021-4079: Out of bounds write in WebRTC * CVE-2021-4054: Incorrect security UI in autofill * CVE-2021-4078: Type confusion in V8 * CVE-2021-4055: Heap buffer overflow in extensions * CVE-2021-4056: Type Confusion in loader * CVE-2021-4057: Use after free in file API * CVE-2021-4058: Heap buffer overflow in ANGLE * CVE-2021-4059: Insufficient data validation in loader * CVE-2021-4061: Type Confusion in V8 * CVE-2021-4062: Heap buffer overflow in BFCache * CVE-2021-4063: Use after free in developer tools * CVE-2021-4064: Use after free in screen capture * CVE-2021-4065: Use after free in autofill * CVE-2021-4066: Integer underflow in ANGLE * CVE-2021-4067: Use after free in window manager * CVE-2021-4068: Insufficient validation of untrusted input in new tab page Chromium 96.0.4664.45 (boo#1192734): * CVE-2021-38007: Type Confusion in V8 * CVE-2021-38008: Use after free in media * CVE-2021-38009: Inappropriate implementation in cache * CVE-2021-38006: Use after free in storage foundation * CVE-2021-38005: Use after free in loader * CVE-2021-38010: Inappropriate implementation in service workers * CVE-2021-38011: Use after free in storage foundation * CVE-2021-38012: Type Confusion in V8 * CVE-2021-38013: Heap buffer overflow in fingerprint recognition * CVE-2021-38014: Out of bounds write in Swiftshader * CVE-2021-38015: Inappropriate implementation in input * CVE-2021-38016: Insufficient policy enforcement in background fetch * CVE-2021-38017: Insufficient policy enforcement in iframe sandbox * CVE-2021-38018: Inappropriate implementation in navigation * CVE-2021-38019: Insufficient policy enforcement in CORS * CVE-2021-38020: Insufficient policy enforcement in contacts picker * CVE-2021-38021: Inappropriate implementation in referrer * CVE-2021-38022: Inappropriate implementation in WebAuthentication Lord of the Browsers: The Two Compilers: * Go back to GCC Lord of the Browsers: The Two Compilers: * Go back to GCC * GCC: LTO removes needed assembly symbols * Clang: issues with libstdc++ * GCC: LTO removes needed assembly symbols * Clang: issues with libstdc++ Important SUSE bug 1192310 SUSE bug 1192734 SUSE bug 1193519 CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022 CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4078 CVE-2021-4079 cpe:/o:opensuse:leap:15.3 Security update for seamonkey (Important) openSUSE Leap 15.3 This update for seamonkey fixes the following issues: update to SeaMonkey 2.53.10.1 * Security fix for NSS code bug 1737470. * Only use networks and servers in lower case in ChatZilla bug 1742502. * Change classic form icon in SeaMonkey composer bug 1710915. * Addition fixes for SeaMonkey 32x32 default icons on Windows and macOS bug 1729153. * SeaMonkey 2.53.10.1 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.10.1 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 91.4 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. update to SeaMonkey 2.53.10 * Minor fixes for testdisplay command in ChatZilla bug 1727976. * Show CTCP requests (excluding ACTION and DCC) bug 1722156. * IRCv3: Add support for server-time bug 1724586. * Add localization note for network editor dialog width in ChatZilla bug 1727977. * IRCv3: Add support for extended-join and account-notify bug 1722159. * Add ability to collapse message groups in ChatZilla bug 1724588. * Fix JS strict warnings in unescapeTagValue in ChatZilla bug 1727989. * IRCv3: Add support for invite-notify bug 1722161. * IRCv3: Add support for batch bug 1724589. * Fix JS strict warning in addHistory in cZ static.js bug 1727992. * IRCv3: Add support for cap-notify bug 1722162. * Stop using canonical name as collection keys in ChatZilla bug 1728025. * IRCv3: Add support for TLS and STS bug 1722166. * Helper function for renaming irc server properties in ChatZilla bug 1728027. * IRCv3: Add support for MONITOR bug 1722174. * Remove use of msg.commasp in ChatZilla bug 1726965. * Allow shiftKey to modify behaviour of link clicking in cZ bug 1713458. * IRCv3: Add support for echo-message bug 1722211. * In ChatZilla make /commands return all matches starting with pattern bug 1726966. * Use SeaMonkey prefs to determine how links behave in cZ bug 1713467. * Allow parameters to be localised in ChatZilla bug 1724105. * Add identify command to cZ and hook into password management bug 1713470. * IRCv3.1: Implement SASL with PLAIN mechanism bug 1717545. * IRCv3: Add support for message tags bug 1724584. * Add last read message divider to ChatZilla bug 1729159. * IRCv3: Add support for account-tag bug 1724585. * Missing option 'text encoding Unicode/UTF-8' in preferences - Mailnews bug 1679260. * Detect Crashreporter using AppConstants in SeaMonkey bug 1735236. * Link about LEGACY extensions in Add-ons Manager is broken bug 1656797. * Update help for clear private data preferences and dialog bug 1728911. * Fix typo in cs_nav_prefs_appearance bug 1737473. * Drop leftover 'Edit Menu' comment from messageWindow.xul and addressbook.xul bug 1725121. * Add dummy tab routines to SeaMonkey mailnews tab browser bug 1735243. * Folder pane and tab/window title not updated correctly when opening in new tab bug 1726940. * Allow mail tab bar to be controlled separately to browser tab bar bug 1724515. * Copy any user set values for new mail.tabs prefs bug 1729165. * Merge Master Passwords and Passwords pref panes into a single pref pane bug 1728099. * Move warning about redirection pref from Content to Privacy & Security pane bug 1728185. * Move website icons prefs from content pref pane to browser pref pane bug 1727425. * Move browser / mailnews system integration prefs into advanced pane bug 1727659. * Have separate opentabfor.middleclick for mailnews bug 1727948. * Add removeBrowser helper for tabbrowser bug 1730391. * Put <browser> in a <stack> so it's easy to overlay bug 1730392. * Allow browser focus to be avoided bug 1720003. * SeaMonkey 32x32 default icon has light stripe at the bottom bug 1729153. * Support <input type=time> and <input type=date> in SeaMonkey bug 1730408. * Middleclick on browser tab handled twice (closes tab and loads URL from primary or clipboard) bug 1734407. * Unable to create a new 'Saved Search Folder' using 'Save View as a Folder...' bug 1738669. * Enable compression for standard http connections bug 1728996. * Support VS2022 for compiling under Windows bug 1728988. * SeaMonkey 2.53.10 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.10 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 78.15 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. update to SeaMonkey 2.53.9.1 * Fix the lazy loading of images from some websites bug 1727967. * Move certain font family defaults from serif to sans serif bug 1727982. * SeaMonkey 2.53.9.1 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.9.1 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 78.14 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. update to SeaMonkey 2.53.9 * There is now an option to clear browser history during shutdown bug 1621445. * Uninstall plugin command for ChatZilla bug 541719. * Update icons used in ChatZilla status bar bug 1710238 and bug 1710249. * Make ChatZilla understand mIRC color code 99 bug 1710298. * Implement IRCv3 basic CAP negotiation bug 1717539 and CAP LIST and update CAP ACK and CAP LS bug 1710313. * Use Unicode instead of images for emojis in ChatZilla bug 1711375 and add some extra emojis bug 1711376. * Use SeaMonkey's configured web search rather than a separate one in ChatZilla bug 1712498. * Add a networks editor to ChatZilla bug 1716232. * Implement IRCv3 away-notify bug 1717543, chghost and userhost-in-names bug 1717544, self-messaging bug 1722212 and WHOX bug 1722214. * Link to SeaMonkey website in debugQA for verification sites and development section bug 1685606. * Send button should be disable until we have a recipient bug 104973. * Remove need to use a modifier for marking messages as unread bug 1719216. * SeaMonkey 2.53.9 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.9 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 78.13 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. Important cpe:/o:opensuse:leap:15.3 Security update for barrier (Moderate) openSUSE Leap 15.3 This update for barrier fixes the following issues: Updated to version 2.4.0: Barrier now supports client identity verification (fixes CVE-2021-42072, CVE-2021-42073). Previously a malicious client could connect to Barrier server without any authentication and send application-level messages. This made the attack surface of Barrier significantly larger. Additionally, in case the malicious client got possession of a valid screen name by brute forcing or other means it could modify the clipboard contents of the server. To support seamless upgrades from older versions of Barrier this is currently disabled by default. The feature can be enabled in the settings dialog. If enabled, older clients of Barrier will be rejected. Barrier now uses SHA256 fingerprints for establishing security of encrypted SSL connections. After upgrading client to new version the existing server fingerprint will need to be approved again. Client and server will show both SHA1 and SHA256 server fingerprints to allow interoperability with older versions of Barrier. Bugfixes: * Fixed build failure on mips*el and riscv64 architecture. * Barrier no longer uses openssl CLI tool for any operations and hooks into the openssl library directly. * More X11 clipboard MIME types have been mapped to corresponding converters (#344). * Fixed setup of multiple actions associated with a hotkey. * Fixed setup of hotkeys with special characters such as comma and semicolon (#778). * Fixed transfer of non-ASCII characters coming from a Windows server in certain cases (#527). * Barrier will now regenerate server certificate if it's invalid instead of failing to launch (#802) * Added support for additional keys on Sun Microsystems USB keyboards (#784). * Updated Chinese translation. * Updated Slovak translation. * Theme icons are now preferred to icons distributed together with Barrier (#471). Features: * Added --drop-target option that improves drag and drop support on Windows when Barrier is being run as a portable app. * The --enable-crypto command line option has been made the default to reduce chances of accidental security mishaps when configuring Barrier from command line. A new --disable-crypto command line option has been added to explicitly disable encryption. * Added support for randomart images for easier comparison of SSL certificate fingerprints. The algorithm is identical to what OpenSSH uses. * Implemented a configuration option for Server GUI auto-start. * Made it possible to use keyboard instead of mouse to modify screen layout. * Added support for keyboard backlight media keys * Added support for Eisu_toggle and Muhenkan keys * Added --profile-dir option that allows to select custom profile directory. submitted upstream at https://github.com/symless/synergy-core/pull/6261 * Bug #4749 - Clipboard thread race condition causes assertion * Bug #4720 - Plugin download shows 'Could not get Linux package * Bug #4712 - Unable to send clipboard with size above 1KB when * Bug #4690 - Log line 'activeDesktop' does not use logging * Enhancement #4901 - Auto restart when running from GUI in * Bug #4650 - SSL error log message repeats excessively and * Bug #4601 - Large clipboard data with SSL causes 'protocol is * Bug #4593 - Locking Windows server causes SSL_ERROR_SSL to * Bug #4538 - Windows service crashes intermittently with no * Bug #4566 - Client or server crashes with 'ssl handshake * Bug #4706 - Installer is not output to build config dir * Bug #4704 - Plugin 'ns' release build is overwritten with * Bug #4697 - Timing can allow an SSL socket to be used after * Enhancement #4661 - Log error but do not crash when failing * Enhancement #4708 - Download ns plugin for specific Mac * Enhancement #4587 - Include OpenSSL binaries in source for * Enhancement #4695 - Automatically upload plugins as Moderate CVE-2021-42072 CVE-2021-42073 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 96.0.4664.110 (boo#1193713): * CVE-2021-4098: Insufficient data validation in Mojo * CVE-2021-4099: Use after free in Swiftshader * CVE-2021-4100: Object lifecycle issue in ANGLE * CVE-2021-4101: Heap buffer overflow in Swiftshader * CVE-2021-4102: Use after free in V8 Important SUSE bug 1193713 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 cpe:/o:opensuse:leap:15.3 Security update for nextcloud (Important) openSUSE Leap 15.3 This update for nextcloud fixes the following issues: Update to 20.0.14 Security issues fixed: * CVE-2021-41179: Fix boo#1192028 - (CWE-304): Two-Factor Authentication not enforced for pages marked as public * CVE-2021-41178: Fix boo#1192030 - (CWE-434): File Traversal affecting SVG files on Nextcloud Server * CVE-2021-41177: Fix boo#1192031 - (CWE-799): Rate-limits not working on instances without configured memory cache backend Changes: - Add command to repair broken filesystem trees (server#26630) - Ensure that user and group IDs in LDAP's tables are also max 64chars (server#28971) - Change output format of Psalm to Github (server#29048) - File-upload: Correctly handle error responses for HTTP2 (server#29069) - Allow 'TwoFactor Nextcloud Notifications' to pull the state of the 2F… (server#29072) - Add a few sensitive config keys (server#29085) - Fix path of file_get_contents (server#29095) - Update the certificate bundle (server#29098) - Keep pw based auth tokens valid when pw-less login happens (server#29131) - Properly handle folder deletion on external s3 storage (server#29158) - Tokens without password should not trigger changed password invalidation (server#29166) - Don't further setup disabled users when logging in with apache (server#29167) - Add 'supported'-label to all supported apps (server#29181) - 21] generate a better optimized query for path prefix search filters (server#29192) - Keep group restrictions when reenabling apps after an update (server#29198) - Add proper message to created share not found (server#29205) - Add documentation for files_no_background_scan (server#29219) - Don't setup the filesystem to check for a favicon we don't use anyway (server#29223) - Fix background scan doc in config (server#29253) - Get `filesize()` if `file_exists()` (server#29290) - Fix unable to login errors due to file system not being initialized (server#29291) - Update 3rdparty ref (server#29297) - Bump icewind/streams from 0.7.3 to 0.7.5 in files_external (server#29298) - Fix app upgrade (server#29303) - Avoid PHP errors when the LDAP attribute is not found (server#29314) - Fix security issues when copying groupfolder with advanced ACL (server#29366) - Scheduling plugin not updating responding attendee status (server#29387) - Make calendar schedule options translatable (server#29388) - Add whitelist for apps inside of the server repo (server#29396) - Handle files with `is_file` instead of `file_exists` (server#29417) - Fixes an undefined index when getAccessList returns an empty array (server#29421) - Extra fixes needed for icewind/streams update to 0.7.2 (server#29426) - Backport #29260: Respect user enumeration settings in user status lists (server#29429) - Implement local filtering in file list (server#29441) - Detect mimetype by content only with content (server#29457) - Update CRL (server#29505) - Update update-psalm-baseline workflow (server#29548) - Bump icewind/streams from 0.7.1 to 0.7.5 (3rdparty#855) - Bump version (files_pdfviewer#512) - Fix deleting notifications with numeric user ID (notifications#1090) - Add integration tests for push registration (notifications#1097) - Restore old device signature so the proxy works again (notifications#1105) - Bump vue and vue-template-compiler (photos#864) - Bump prosemirror-schema-list from 1.1.5 to 1.1.6 (text#1868) - Additional checks for workspace controller (text#1887) Important SUSE bug 1192028 SUSE bug 1192030 SUSE bug 1192031 CVE-2021-41177 CVE-2021-41178 CVE-2021-41179 cpe:/o:opensuse:leap:15.3 Security update for netdata (Moderate) openSUSE Leap 15.3 This update for netdata fixes the following issues: Update to 1.31.0 (go.d.plugin 0.29.0) The v1.31.0 release of Netdata comes with re-packaged and redesigned elements of the dashboard to help you focus on your metrics, even more Linux kernel insights via eBPF, on-node machine learning to help you find anomalies, and much more. This release contains 10 new collectors, 54 improvements (7 in the dashboard), 31 documentation updates, and 29 bug fixes. At a glance We re-packaged and redesigned portions of the dashboard to improve the overall experience. Part of this effort is better handling of dashboard code during installation—anyone using third-party packages (such as the Netdata Homebrew formula) will start seeing new features and the new designs starting today. The timeframe picker has moved to the top panel, and just to its right are two counters with live CRITICAL and WARNING alarm statuses for your node. Click on either of these two open the alarms modal. We've also pushed a number of powerful new collectors, including directory cache monitoring via eBPF. By monitoring directory cache, developers and SREs alike can find opportunities to optimize memory usage and reduce disk-intensive operations. Our new Z-scores and changefinder collectors use machine learning to let you know, at a glance, when key metrics start to behave oddly. We'd love to get feedback on these sophisticated, subjective new brand of collectors! Improvements * Automatically trigger Helmchart PR on Agent release. (gh#netdata/netdata#11084) * Implement ACLK env endpoint. (gh#netdata/netdata#10833) * Implement new HTTPS client for ACLK. (gh#netdata/netdata#10805) * Update ACLK passwd endpoint to match specifications of the new architecture. (gh#netdata/netdata#10859) * Implement ACLK new backoff (TBEB) architecture. (gh#netdata/netdata#10941) * Add functionality to store node_id for a host. (gh#netdata/netdata#11059) * Remove version negotiation from ACLK-NG. (gh#netdata/netdata#10980) * Persist claim IDs in local database for parent and children. (gh#netdata/netdata#10993) * Provide more agent analytics to PostHog. (gh#netdata/netdata#11020) * Reduce logging when sending agent analytics. (gh#netdata/netdata#11091) * Remove error message on Netdata restart. (gh#netdata/netdata#8685) * Add a timeout when sending anonymous statistics using curl. (gh#netdata/netdata#11010) * Improve dash-example.html. (gh#netdata/netdata#10870) * Add host_cloud_enabled attribute to analytics. (gh#netdata/netdata#11100) Dashboard * Bundle the react dashboard code into the agent repo directly. (gh#netdata/netdata#11139) * Add dashboard info strings for systemdunits collector. (gh#netdata/netdata#10904) * Update dashboard version to v2.17.0. (gh#netdata/netdata#10856) + Top bar, side panel and overall navigation has been redesigned. + Top bar now includes a light bulb icon with news/features and the number of CRITICAL or WARNING alarms. + Documentation and settings buttons moved to the sidebar. + Improved rendering of sign in/sign up option button along with an operational status option (under user settings). + In the left panel, nodes show a status badge and are now searchable if there are more than 4. Health * Improvements + Add charts configuration option to templates. (gh#netdata/netdata#11054) + Add new attributes to health configuration files. (gh#netdata/netdata#10961) + Add inconsistent state to the mysql_galera_cluster_state alarm. (gh#netdata/netdata#10945) + Add systemdunits collector alarms. (gh#netdata/netdata#10906) + Use average instead of sum in VerneMQ alarms. (gh#netdata/netdata#11037) + Check configuration for CUSTOM and MSTEAM. (gh#netdata/netdata#11113) + Reduce alarms notifications dump logging. (gh#netdata/netdata#11116) * Bug fixes + Add synchronization.conf to the Makefile. (gh#netdata/netdata#10907) + Fix Microsoft Teams naming. (gh#netdata/netdata#9905) Collectors * New + Add a chart for out of memory kills. (gh#netdata/netdata#10880) + Add a chart with Netdata uptime. (gh#netdata/netdata#10997) + Add a module for ZFS pool state. (gh#netdata/netdata#11071) + Add a plugin for the system clock synchronization state. (gh#netdata/netdata#10895) + Add new charts for extended disk metrics. (gh#netdata/netdata#10939) + Add support for renaming libvirtd LXC containers. (gh#netdata/netdata#11006) + Add a metric for Percpu memory. (gh#netdata/netdata#10964) + Add an eBPF directory cache collector. (gh#netdata/netdata#10855) + Add a Z-scores python collector. (gh#netdata/netdata#10673) + Add changefinder python collector. (gh#netdata/netdata#10672) * Improvements + Remove dots in cgroup IDs. (gh#netdata/netdata#11050) + Add support for attribute 249 (NAND Writes 1GiB) to the smartd_log module. (gh#netdata/netdata#10872) + Add RAID level to the mdstat collector chart families. (gh#netdata/netdata#11024) + Update fping version. (gh#netdata/netdata#10977) + Add plugin and module names to the python.d.plugin runtime charts. (gh#netdata/netdata#11007) + Move global stats to a separate thread. (gh#netdata/netdata#10991) + Add memory size adjustments for eBPF hash tables. (gh#netdata/netdata#10962) + Add improvements to anomalies collector. (gh#netdata/netdata#11003) + Add support for loading of kprobe names in the eBPF plugin. (gh#netdata/netdata#11034) + Don't repeat the cgroup discovery cleanup info message. (gh#netdata/netdata#11101) + Change ACLK statistics charts units from kB/s to KiB/s. (gh#netdata/netdata#11103) * Bug fixes + Fix the detection of cgroups v2 by checking the version of the default cgroup mountpoint. (gh#netdata/netdata#11102) + Fix eBPF cachestat chart type. (gh#netdata/netdata#11074) + Fix gaps in eBPF cachestat charts. (gh#netdata/netdata#10972) + Fix detection of opensipsctl executable. (gh#netdata/netdata#10978) + Fix network interfaces detection when using virsh. (gh#netdata/netdata#11096) + Fix eBPF plugin crash during shutdown. (gh#netdata/netdata#10957) Exporting * Improvements + Allow the remote write configuration to have multiple destinations (gh#netdata/netdata#11005) * Bug fixes + Fix backend chart filtering backward compatibility. (gh#netdata/netdata#11002) Bug fixes * Reduce the number of ACLK chart updates during chart obsoletion. (gh#netdata/netdata#11133) * Fix SSL random failures when using multithreaded web server with OpenSSL < 1.1.0. (gh#netdata/netdata#11089) * Fix storing an NULL claim ID on a parent node. (gh#netdata/netdata#11036) * Prevent MQTT connection attempt on OTP failure. (gh#netdata/netdata#10839) * Rename struct fields from class to classification. (gh#netdata/netdata#11019) * Fix spelling mistakes in various components: + aclk (gh#netdata/netdata#10910) + build (gh#netdata/netdata#10909) + collectors (gh#netdata/netdata#10912) + daemon (gh#netdata/netdata#10913) + database (gh#netdata/netdata#10914) + exporting (gh#netdata/netdata#10915) + libnetdata (gh#netdata/netdata#10917) + health (gh#netdata/netdata#10916) + streaming (gh#netdata/netdata#10919) + tests (gh#netdata/netdata#10920) + backend (gh#netdata/netdata#10911) + bidirectional (gh#netdata/netdata#10918) + HTTP API (gh#netdata/netdata#10921) + web (gh#netdata/netdata#10922) Moderate SUSE bug 1139094 SUSE bug 1139095 SUSE bug 1139098 CVE-2018-18836 CVE-2018-18837 CVE-2018-18838 CVE-2018-18839 cpe:/o:opensuse:leap:15.3 Security update for kafka (Important) openSUSE Leap 15.3 This security update of kafka fixes the following issue: - CVE-2021-4104: Remove JMSAppender from log4j jars during build to prevent bsc#1193662, Important SUSE bug 1193662 CVE-2021-4104 cpe:/o:opensuse:leap:15.3 Security update for c-toxcore (Moderate) openSUSE Leap 15.3 c-toxcore was updated fo fix a securiy issue: - CVE-2021-44847: Fixed a buffer overflow in handle_request in DHT.c which could lead to remote DoS and potential code execution (boo#1193667) Moderate SUSE bug 1193667 CVE-2021-44847 cpe:/o:opensuse:leap:15.3 Security update for postrsd (Moderate) openSUSE Leap 15.3 postrsd was updated to release 1.11 [boo#1180251]: * Drop group privileges as well as user privileges * Fixed: The subprocess that talks to Postfix could be caused to hang with a very long email address. [CVE-2020-35573] - Update to release 1.6 * Fix endianness issue with SHA-1 implementation * Add dual stack support * Make SRS separator configurable Moderate SUSE bug 1180251 CVE-2020-35573 cpe:/o:opensuse:leap:15.3 Security update for privoxy (Important) openSUSE Leap 15.3 This update for privoxy fixes the following issues: privoxy was updated to 3.0.33 (boo#1193584): * CVE-2021-44543: Encode the template name to prevent XSS (cross-side scripting) when Privoxy is configured to servce the user-manual itself * CVE-2021-44540: Free memory of compiled pattern spec before bailing * CVE-2021-44541: Free header memory when failing to get the request destination. * CVE-2021-44542: Prevent memory leaks when handling errors * Disable fast-redirects for a number of domains * Update default block lists * Many bug fixes and minor enhancements Important SUSE bug 1193584 CVE-2021-44540 CVE-2021-44541 CVE-2021-44542 CVE-2021-44543 cpe:/o:opensuse:leap:15.3 Security update for upx (Moderate) openSUSE Leap 15.3 This update for upx fixes the following issues: - CVE-2020-24119: Fixed a heap buffer overflow in p_lx_elf.cpp (boo#1186238) Moderate SUSE bug 1186238 CVE-2020-24119 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Update to version 76.0.4017.154 - CHR-8420 Update chromium on desktop-stable-90-4017 to 90.0.4430.212 - DNA-92411 Bookmarks breadcrumbs wrong color when pressed in dark mode - DNA-92587 Sync settings: “Use old password” button doesn’t work - DNA-92672 Make it possible for agent to inject scripts into startpage - DNA-92712 Add SD reload API - DNA-93190 The bookmark can’t be opened in Workspace 5-6 - DNA-93247 Reopen last closed tab shortcut opens random tab on new window - DNA-93294 Binary diff for opera_browser.dll is not created on 32-bit builds - DNA-93313 Add opauto test to cover DNA-93190 - DNA-93368 Fix an error in Polish translation - DNA-93408 [Windows] widevine_cdm_component_installer does not compile on desktop-stable-90-4017 - The update to chromium 90.0.4430.212 fixes following issues: CVE-2021-30506, CVE-2021-30507, CVE-2021-30508, CVE-2021-30509, CVE-2021-30510, CVE-2021-30511, CVE-2021-30512, CVE-2021-30513, CVE-2021-30514, CVE-2021-30515, CVE-2021-30516, CVE-2021-30517, CVE-2021-30518, CVE-2021-30519, CVE-2021-30520 Important CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 91.0.4472.77 (boo#1186458): * Support Managed configuration API for Web Applications * WebOTP API: cross-origin iframe support * CSS custom counter styles * Support JSON Modules * Clipboard: read-only files support * Remove webkitBeforeTextInserted & webkitEditableCOntentChanged JS events * Honor media HTML attribute for link icon * Import Assertions * Class static initializer blocks * Ergonomic brand checks for private fields * Expose WebAssembly SIMD * New Feature: WebTransport * ES Modules for service workers ('module' type option) * Suggested file name and location for the File System Access API * adaptivePTime property for RTCRtpEncodingParameters * Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack * Support WebSockets over HTTP/2 * Support 103 Early Hints for Navigation * CVE-2021-30521: Heap buffer overflow in Autofill * CVE-2021-30522: Use after free in WebAudio * CVE-2021-30523: Use after free in WebRTC * CVE-2021-30524: Use after free in TabStrip * CVE-2021-30525: Use after free in TabGroups * CVE-2021-30526: Out of bounds write in TabStrip * CVE-2021-30527: Use after free in WebUI * CVE-2021-30528: Use after free in WebAuthentication * CVE-2021-30529: Use after free in Bookmarks * CVE-2021-30530: Out of bounds memory access in WebAudio * CVE-2021-30531: Insufficient policy enforcement in Content Security Policy * CVE-2021-30532: Insufficient policy enforcement in Content Security Policy * CVE-2021-30533: Insufficient policy enforcement in PopupBlocker * CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox * CVE-2021-30535: Double free in ICU * CVE-2021-21212: Insufficient data validation in networking * CVE-2021-30536: Out of bounds read in V8 * CVE-2021-30537: Insufficient policy enforcement in cookies * CVE-2021-30538: Insufficient policy enforcement in content security policy * CVE-2021-30539: Insufficient policy enforcement in content security policy * CVE-2021-30540: Incorrect security UI in payments * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1186458 CVE-2021-21212 CVE-2021-30521 CVE-2021-30522 CVE-2021-30523 CVE-2021-30524 CVE-2021-30525 CVE-2021-30526 CVE-2021-30527 CVE-2021-30528 CVE-2021-30529 CVE-2021-30530 CVE-2021-30531 CVE-2021-30532 CVE-2021-30533 CVE-2021-30534 CVE-2021-30535 CVE-2021-30536 CVE-2021-30537 CVE-2021-30538 CVE-2021-30539 CVE-2021-30540 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 91.0.4472.114 (boo#1187481) * CVE-2021-30554: Use after free in WebGL * CVE-2021-30555: Use after free in Sharing * CVE-2021-30556: Use after free in WebAudio * CVE-2021-30557: Use after free in TabGroups * CVE-2021-30544: Use after free in BFCache * CVE-2021-30545: Use after free in Extensions * CVE-2021-30546: Use after free in Autofill * CVE-2021-30547: Out of bounds write in ANGLE * CVE-2021-30548: Use after free in Loader * CVE-2021-30549: Use after free in Spell check * CVE-2021-30550: Use after free in Accessibility * CVE-2021-30551: Type Confusion in V8 * CVE-2021-30552: Use after free in Extensions * CVE-2021-30553: Use after free in Network service * Fix use-after-free in SendTabToSelfSubMenuModel * Destroy system-token NSSCertDatabase on the IO thread * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1187141 SUSE bug 1187481 CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547 CVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551 CVE-2021-30552 CVE-2021-30553 CVE-2021-30554 CVE-2021-30555 CVE-2021-30556 CVE-2021-30557 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Update to version 77.0.4054.146 - CHR-8458 Update chromium on desktop-stable-91-4054 to 91.0.4472.114 - DNA-92171 Create active linkdiscovery service - DNA-92388 Fix and unskip WorkspacesEmoji.testChooseEmojiAsWorkspaceIcon when possible - DNA-93101 Tabs are being snoozed when tab snoozing is disabled - DNA-93386 Update pinboard view when item changes - DNA-93448 Make browser ready for Developer release - DNA-93491 Fix failing tests after enabling #pinboard flag - DNA-93498 Add additional music services - DNA-93503 Blank popup on clicking toolbar icon with popup open - DNA-93561 Do not allow zoom different from 100% in Pinboard popup - DNA-93637 ctrl+9 shortcut is inconsistent with other browsers - DNA-93644 Create route for `import open tabs` to `pinboard` - DNA-93664 Adapt popup to design - DNA-93702 Turn on flags on developer - DNA-93737 [Pinboard] Remove Mock API - DNA-93745 Unable to open the popup after opening it several times - DNA-93776 Popup closes and reopens when clicking the toolbar button - DNA-93786 DCHECK after opening popup - DNA-93802 Crash at views::Widget::GetNativeView() const - DNA-93810 Add pinboard icon to sidebar - DNA-93825 Add pinboard to Opera menu - DNA-93833 [Player] Implement seeking for new services - DNA-93845 Do not log output of snapcraft on console - DNA-93864 Create feature flag for start page sync banner - DNA-93865 Implement start page banner - DNA-93867 Use version from package instead of repository - DNA-93878 [Player] Crash when current player service becomes unavailable when user location changes - DNA-93953 ‘Send image to Pinboard’ has the wrong position in the context menu - DNA-93987 Disable zooming popup contents like in other popups - DNA-93989 Change internal URL to opera://pinboards - DNA-93990 Update strings to reflect new standards - DNA-93992 Add Pinboards to Opera settings - DNA-93993 Pinboard translations from Master - DNA-94011 Enable feature flags for Reborn 5 on stable - DNA-94019 Add a direct link to settings - DNA-94088 Internal pages provoke not saving other pages to the Pinboard - DNA-94111 [O77] Sidebar setup does not open - DNA-94139 Crash at opera::(anonymous namespace)::PinboardPopupWebView::RemovedFromWidget() - The update to chromium 91.0.4472.114 fixes following issues: CVE-2021-30554, CVE-2021-30555, CVE-2021-30556, CVE-2021-30557 CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547, CVE-2021-30548, CVE-2021-30549, CVE-2021-30550, CVE-2021-30551, CVE-2021-30552, CVE-2021-30553 Important CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547 CVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551 CVE-2021-30552 CVE-2021-30553 CVE-2021-30554 CVE-2021-30555 CVE-2021-30556 CVE-2021-30557 cpe:/o:opensuse:leap:15.3 Security update for virtualbox (Important) openSUSE Leap 15.3 This update for virtualbox fixes the following issues: - Update vboxdrv.sh per boo#1186361 Version bump to 6.1.22 (released April 29 2021 by Oracle) - This is a maintenance release. The following items were fixed and/or added: - VMM: Improved performance of 64-bit Windows and Solaris guests when Hyper-V is used on recent Windows 10 hosts - VMM: Fixed frequent crashes of 64-bit Windows Vista and Server 2003 guests when Hyper-V is used - GUI: Fixed regression where user was not able to save unset default shortcuts (bug #20305) - Storage: Fixed regression in LsiLogic SAS controller emulation caused VM crash (bug #20323) - Linux Guest Additions: Fixed issue when it was not possible to run executables from mounted share (bug #20320) - Fixes for CVE-2021-2145 CVE-2021-2250 CVE-2021-2264 CVE-2021-2266 CVE-2021-2279 CVE-2021-2280 CVE-2021-2281 CVE-2021-2282 CVE-2021-2283 CVE-2021-2284 CVE-2021-2285 CVE-2021-2286 CVE-2021-2287 CVE-2021-2291 CVE-2021-2296 CVE-2021-2297 CVE-2021-2306 CVE-2021-2309 CVE-2021-2310 CVE-2021-2312 - Improve autostart security boo#1182918. Important SUSE bug 1182918 SUSE bug 1186361 CVE-2021-2145 CVE-2021-2250 CVE-2021-2264 CVE-2021-2266 CVE-2021-2279 CVE-2021-2280 CVE-2021-2281 CVE-2021-2282 CVE-2021-2283 CVE-2021-2284 CVE-2021-2285 CVE-2021-2286 CVE-2021-2287 CVE-2021-2291 CVE-2021-2296 CVE-2021-2297 CVE-2021-2306 CVE-2021-2309 CVE-2021-2310 CVE-2021-2312 CVE-2021-25319 cpe:/o:opensuse:leap:15.3 Security update for inn (Important) openSUSE Leap 15.3 This update for inn fixes the following issues: - CVE-2021-31998: change user to news before calling innupgrade to avoid a 'inn' to 'root' privilege escalation [boo#1182321] Important SUSE bug 1182321 CVE-2021-31998 cpe:/o:opensuse:leap:15.3 Security update for singularity (Important) openSUSE Leap 15.3 This update for singularity fixes the following issues: Update to version 3.7.4 (boo#1186619) - Fix for CVE-2021-32635: Due to incorrect use of a default URL, singularity action commands (run/shell/exec) specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint (cloud.sylabs.io) rather than the configured remote endpoint. An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint, thus executing the malicious container. - Disabled ppc64le builds as these are non pie builds and so not suiteable for the distribution in SLE and ppc64le is not relevant for openSUSE Update to version 3.7.3 - Fix for CVE-2021-29136: A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name '.' (or '/'), when running as root. Important SUSE bug 1186619 CVE-2021-29136 CVE-2021-32635 cpe:/o:opensuse:leap:15.3 Security update for htmldoc (Important) openSUSE Leap 15.3 This update for htmldoc fixes the following issues: htmldoc was updated to version 1.9.12: * Fixed buffer-overflow CVE-2021-20308 ( boo#1184424 ) * Fixed a crash bug with 'data:' URIs and EPUB output * Fixed several other crash bugs * Fixed JPEG error handling * Fixed some minor issues * Removed the bundled libjpeg, libpng, and zlib. update to 1.9.11: - Added high-resolution desktop icons for Linux. - Updated the internal HTTP library to fix truncation of redirection URLs - Fixed a regression in the handling of character entities for UTF-8 input - The `--numbered` option did not work when the table-of-contents was disabled - Fixed packaging issues on macOS and Windows - Now ignore sRGB profile errors in PNG files - The GUI would crash when saving - Page comments are now allowed in `pre` text update to 1.9.9: - Added support for a `HTMLDOC.filename` META keyword that controls the filename reported in CGI mode; the default remains 'htmldoc.pdf' (Issue #367) - Fixed a paragraph formatting issue with large inline images (Issue #369) - Fixed a buffer underflow issue (Issue #370) - Fixed PDF page numbers (Issue #371) - Added support for a new `L` header/footer format (`$LETTERHEAD`), which inserts a letterhead image at its full size (Issue #372, Issue #373, Issue #375) - Updated the build documentation (Issue #374) - Refactored the PRE rendering code to work around compiler optimization bugs - Added support for links with targets (Issue #351) - Fixed a table rowspan + valign bug (Issue #360) - Added support for data URIs (Issue #340) - HTMLDOC no longer includes a PDF table of contents when converting a single web page (Issue #344) - Updated the markdown support with external links, additional inline markup, and hard line breaks. - Links in markdown text no longer render with a leading space as part of the link (Issue #346) - Fixed a buffer underflow bug discovered by AddressSanitizer. - Fixed a bug in UTF-8 support (Issue #348) - PDF output now includes the base language of the input document(s) - Optimized the loading of font widths (Issue #354) - Optimized PDF page resources (Issue #356) - Optimized the base memory used for font widths (Issue #357) - Added proper `&shy;` support (Issue #361) - Title files can now be markdown. - The GUI did not support EPUB output. - Empty markdown table cells were not rendered in PDF or PostScript output. - The automatically-generated title page now supports both 'docnumber' and 'version' metadata. - Added support for dc:subject and dc:language metadata in EPUB output from the HTML keywords and lang values. - Added support for the subject and language metadata in markdown input. - Fixed a buffer underflow bug (Issue #338) - `htmldoc --help` now reports whether HTTPS URLs are supported (Issue #339) - Fixed an issue with HTML title pages and EPUB output. - Inline fixed-width text is no longer reduced in size automatically - Optimized initialization of font width data (Issue #334) - Fixed formatting bugs with aligned images (Issue #322, Issue #324) - Fixed support for three digit '#RGB' color values (Issue #323) - Fixed character set support for markdown metadata. - Updated libpng to v1.6.34 (Issue #326) - The makefiles did not use the CPPFLAGS value (Issue #328) - Added Markdown table support. - Fixed parsing of TBODY, TFOOT, and THEAD elements in HTML files. Important SUSE bug 1184424 CVE-2021-20308 cpe:/o:opensuse:leap:15.3 Security update for tor (Important) openSUSE Leap 15.3 This update for tor fixes the following issues: tor 0.4.5.9 * Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell (CVE-2021-34548, boo#1187322) * Detect more failure conditions from the OpenSSL RNG code (boo#1187323) * Resist a hashtable-based CPU denial-of-service attack against relays (CVE-2021-34549, boo#1187324) * Fix an out-of-bounds memory access in v3 onion service descriptor parsing (CVE-2021-34550, boo#1187325) tor 0.4.5.8 * https://lists.torproject.org/pipermail/tor-announce/2021-May/000219.html * allow Linux sandbox with Glibc 2.33 * several other minor features and bugfixes (see announcement) - Fix logging issue due to systemd picking up stdout - boo#1181244 Continue to log notices to syslog by default. Important SUSE bug 1179331 SUSE bug 1181244 SUSE bug 1187322 SUSE bug 1187323 SUSE bug 1187324 SUSE bug 1187325 CVE-2021-34548 CVE-2021-34549 CVE-2021-34550 cpe:/o:opensuse:leap:15.3 Security update for prosody (Moderate) openSUSE Leap 15.3 This update for prosody fixes the following issues: - Update to 0.11.9: * mod_limits, prosody.cfg.lua: Enable rate limits by default * certmanager: Disable renegotiation by default * mod_proxy65: Restrict access to local c2s connections by default * util.startup: Set more aggressive defaults for GC * mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits * mod_authinternal{plain,hashed}: Use constant-time string comparison for secrets * mod_dialback: Remove dialback-without-dialback feature * mod_dialback: Use constant-time comparison with hmac - Prosody XMPP server advisory 2021-05-12 (boo#1186027) * Including CVE-2021-32919, CVE-2021-32917, CVE-2021-32917, CVE-2021-32920, CVE-2021-32918 Moderate SUSE bug 1186027 CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 cpe:/o:opensuse:leap:15.3 Security update for libxls (Moderate) openSUSE Leap 15.3 This update for libxls fixes the following issues: libxls was updated to release 1.6.2: * Fix NULL pointer dereferences in the xls2csv tool [boo#1179532] [CVE-2020-27819] Update to release 1.6.1 * Enabled decoding of non-Unicode character sets in older (BIFF5) XLS files. * Improved string conversion performance in newer files. update to 1.5.3: * Allow truncated XLS files * Fix long-standing 'extra column' bug #73 * Support for RSTRING records (rich-text cells in older BIFF5 files) tidyverse/readxl#611 Moderate SUSE bug 1179532 CVE-2020-27819 cpe:/o:opensuse:leap:15.3 Security update for abcm2ps (Moderate) openSUSE Leap 15.3 This update for abcm2ps fixes the following issues: Update to 8.14.13: * fix: don't start/stop slurs above/below decorations * fix: crash when too many notes in a grace note sequence (#102) * fix: crash when too big value in M: (#103) * fix: loop or crash when too big width of y (space) (#104) * fix: bad font definition with SVG output when spaces in font name * fix: bad check of note length again (#106) * fix: handle %%staffscale at the global level (#108) * fix: bad vertical offset of lyrics when mysic line starts with empty staves Update to 8.14.12: Fixes: * crash when '%%break 1' and no measure bar in the tune * crash when duplicated voice ending on %%staves with repeat variant * crash when voice duplication with symbols without width * crash or bad output when null value in %%scale * problem when only bars in 2 voices followed %%staves of the second voice only * crash when tuplet error in grace note sequence * crash when grace note with empty tuplet * crash when many broken rhythms after a single grace note * access outside the deco array when error in U: * crash when !xstem! with no note in the previous voice * crash on tuplet without any note/rest * crash when grace notes at end of line and voice overlay * crash when !trem2! at start of a grace note sequence * crash when wrong duration in 2 voice overlays and bad ties * crash when accidental without a note at start of line after K: (CVE-2021-32435) * array overflow when wrong duration in voice overlay (CVE-2021-32434, CVE-2021-32436) * loss of left margin after first page since previous commit * no respect of %%leftmargin with -E or -g * bad placement of chord symbols when in a music line with only invisible rests Syntax: * Accept and remove one or two '%'s at start of all %%beginxxx lines Generation: * Move the CSS from XHTML to SVG Update to 8.14.11: * fix: error ''staffwidth' too small' when generating sample3.abc Update to 8.14.10: * fix: bad glyph when defined by SVG containing 'v' in * fix: bad check of note length since commit 191fa55 * fix: memory corruption when error in %%staves/%%score * fix: crash when too big note duration * fix: crash when staff width too small Update to 8.14.9: * fix: bad natural accidental when %%MIDI temperamentequal Update to 8.14.8: * fix: no respect the width in %%staffbreak * fix: don't draw a staff when only %%staffbreak inside * fix: bad repeat bracket when continued on next line, line starting by a bar * fix: bad tuplet bracket again when at end of a voice overlay sequence * fix: bad tuplet bracket when at end of a voice overlay sequence * handle '%%MIDI temperamentequal ' * accept '^1' and '_1' as microtone accidentals Moderate SUSE bug 1197355 CVE-2021-32434 CVE-2021-32435 CVE-2021-32436 cpe:/o:opensuse:leap:15.3 Security update for pcmanfm (Moderate) openSUSE Leap 15.3 This update for pcmanfm fixes the following issues: update to 1.3.2: * Fixed case when some keyboard shortcuts stopped working: Alt+Home, Alt+Up * Fixed sytem reboot delayed for 90 seconds in some cases new upstream release of pcmanfm 1.3.1 * fixed crash on reload while directory changes * changed size of large thumbnails to 512 * added application/gzip to archivers.list * added image/x-compressed-xcf to archivers.list * allowed bigger sizes of icons and thumbnails new upstream release of pcmanfm 1.3.0 * Fixed potential access violation, use runtime user dir instead of tmp diri for single instance socket. boo#1039140 CVE-2017-8934 * Fixed an issue with losing icons on desktop, when file name has a ‘[‘ char. * Added a missing tooltip for ‘New Window’ toolbar button. * Fixed an issue when single instance socket directory did not exist Moderate SUSE bug 1039140 CVE-2017-8934 cpe:/o:opensuse:leap:15.3 Security update for chromium (Critical) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 102.0.5005.115 (boo#1200423) * CVE-2022-2007: Use after free in WebGPU * CVE-2022-2008: Out of bounds memory access in WebGL * CVE-2022-2010: Out of bounds read in compositing * CVE-2022-2011: Use after free in ANGLE Chromium 102.0.5001.61 (boo#1199893) * CVE-2022-1853: Use after free in Indexed DB * CVE-2022-1854: Use after free in ANGLE * CVE-2022-1855: Use after free in Messaging * CVE-2022-1856: Use after free in User Education * CVE-2022-1857: Insufficient policy enforcement in File System API * CVE-2022-1858: Out of bounds read in DevTools * CVE-2022-1859: Use after free in Performance Manager * CVE-2022-1860: Use after free in UI Foundations * CVE-2022-1861: Use after free in Sharing * CVE-2022-1862: Inappropriate implementation in Extensions * CVE-2022-1863: Use after free in Tab Groups * CVE-2022-1864: Use after free in WebApp Installs * CVE-2022-1865: Use after free in Bookmarks * CVE-2022-1866: Use after free in Tablet Mode * CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer * CVE-2022-1868: Inappropriate implementation in Extensions API * CVE-2022-1869: Type Confusion in V8 * CVE-2022-1870: Use after free in App Service * CVE-2022-1871: Insufficient policy enforcement in File System API * CVE-2022-1872: Insufficient policy enforcement in Extensions API * CVE-2022-1873: Insufficient policy enforcement in COOP * CVE-2022-1874: Insufficient policy enforcement in Safe Browsing * CVE-2022-1875: Inappropriate implementation in PDF * CVE-2022-1876: Heap buffer overflow in DevTools Critical SUSE bug 1199893 SUSE bug 1200139 SUSE bug 1200423 CVE-2022-1853 CVE-2022-1854 CVE-2022-1855 CVE-2022-1856 CVE-2022-1857 CVE-2022-1858 CVE-2022-1859 CVE-2022-1860 CVE-2022-1861 CVE-2022-1862 CVE-2022-1863 CVE-2022-1864 CVE-2022-1865 CVE-2022-1866 CVE-2022-1867 CVE-2022-1868 CVE-2022-1869 CVE-2022-1870 CVE-2022-1871 CVE-2022-1872 CVE-2022-1873 CVE-2022-1874 CVE-2022-1875 CVE-2022-1876 CVE-2022-2007 CVE-2022-2008 CVE-2022-2010 CVE-2022-2011 cpe:/o:opensuse:leap:15.3 Security update for tensorflow2 (Moderate) openSUSE Leap 15.3 This update for tensorflow fixes the following issues: Update to TF2 2.6.0 which fixes multiple CVEs (boo#1189423). - Introduction of bazel6.3 and basel-skylib1.0.3 as build dependencies. The latter has been adapted to all a version in its package name (if %set_ver_suffix is set to 1). This allows multiple versions to exist for one product (not installed). NOTE: basel-skylib1.0.3 does not exist in oS:Factory: basel-skylib in oS:Factory - the base version - is 1.0.3. Moderate SUSE bug 1173128 SUSE bug 1173314 SUSE bug 1178287 SUSE bug 1178564 SUSE bug 1179455 SUSE bug 1181864 SUSE bug 1186860 SUSE bug 1189423 CVE-2020-26266 CVE-2020-26267 CVE-2020-26268 CVE-2020-26270 CVE-2020-26271 CVE-2021-37635 CVE-2021-37636 CVE-2021-37637 CVE-2021-37638 CVE-2021-37639 CVE-2021-37640 CVE-2021-37641 CVE-2021-37642 CVE-2021-37643 CVE-2021-37644 CVE-2021-37645 CVE-2021-37646 CVE-2021-37647 CVE-2021-37648 CVE-2021-37649 CVE-2021-37650 CVE-2021-37651 CVE-2021-37652 CVE-2021-37653 CVE-2021-37654 CVE-2021-37655 CVE-2021-37656 CVE-2021-37657 CVE-2021-37658 CVE-2021-37659 CVE-2021-37660 CVE-2021-37661 CVE-2021-37662 CVE-2021-37663 CVE-2021-37664 CVE-2021-37665 CVE-2021-37666 CVE-2021-37667 CVE-2021-37668 CVE-2021-37669 CVE-2021-37670 CVE-2021-37671 CVE-2021-37672 CVE-2021-37673 CVE-2021-37674 CVE-2021-37675 CVE-2021-37676 CVE-2021-37677 CVE-2021-37678 CVE-2021-37679 CVE-2021-37680 CVE-2021-37681 CVE-2021-37682 CVE-2021-37683 CVE-2021-37684 CVE-2021-37685 CVE-2021-37686 CVE-2021-37687 CVE-2021-37688 CVE-2021-37689 CVE-2021-37690 CVE-2021-37691 CVE-2021-37692 cpe:/o:opensuse:leap:15.3 Security update for firejail (Important) openSUSE Leap 15.3 This update for firejail fixes the following issues: firejail was updated to version 0.9.70: -CVE-2022-31214: - root escalation in --join logic (boo#1199148) Reported by Matthias Gerstner, working exploit code was provided to our development team. In the same time frame, the problem was independently reported by Birk Blechschmidt. Full working exploit code was also provided. - feature: enable shell tab completion with --tab (#4936) - feature: disable user profiles at compile time (#4990) - feature: Allow resolution of .local names with avahi-daemon in the apparmor - profile (#5088) - feature: always log seccomp errors (#5110) - feature: firecfg --guide, guided user configuration (#5111) - feature: --oom, kernel OutOfMemory-killer (#5122) - modif: --ids feature needs to be enabled at compile time (#5155) - modif: --nettrace only available to root user - rework: whitelist restructuring (#4985) - rework: firemon, speed up and lots of fixes - bugfix: --private-cwd not expanding macros, broken hyperrogue (#4910) - bugfix: nogroups + wrc prints confusing messages (#4930 #4933) - bugfix: openSUSE Leap - whitelist-run-common.inc (#4954) - bugfix: fix printing in evince (#5011) - bugfix: gcov: fix gcov functions always declared as dummy (#5028) - bugfix: Stop warning on safe supplementary group clean (#5114) - build: remove ultimately unused INSTALL and RANLIB check macros (#5133) - build: mkdeb.sh.in: pass remaining arguments to ./configure (#5154) - ci: replace centos (EOL) with almalinux (#4912) - ci: fix --version not printing compile-time features (#5147) - ci: print version after install & fix apparmor support on build_apparmor (#5148) - docs: Refer to firejail.config in configuration files (#4916) - docs: firejail.config: add warning about allow-tray (#4946) - docs: mention that the protocol command accumulates (#5043) - docs: mention inconsistent homedir bug involving --private=dir (#5052) - docs: mention capabilities(7) on --caps (#5078) - new profiles: onionshare, onionshare-cli, opera-developer, songrec - new profiles: node-gyp, npx, semver, ping-hardened - removed profiles: nvm Important SUSE bug 1199148 CVE-2022-31214 cpe:/o:opensuse:leap:15.3 Security update for atheme (Important) openSUSE Leap 15.3 This update for atheme fixes the following issues: atheme was updated to release 7.2.12: * CVE-2022-24976: Fixed General authentication bypass in Atheme IRC services with InspIRCd 3 [boo#1195989] * Track SASL login EID Update to release 7.2.11 * Add a preliminary Turkish translation * Add HMAC-MD5 verify-only support to crypto/pbkdf2v2 * modules/chanserv/akick: fix unload crash with akicks that have timeouts * modules/nickserv/multimark: use IRC case canonicalisation for restored nicks * modules/nickserv/multimark: forbid unloading due to the potential for data loss * CA_ constants: include CA_EXEMPT (+e) where appropriate Update to new upstream release 7.2.10.r2 * Fix potential NULL dereference in modules/crypto/posix. * Bump E-Mail address maximum length to 254 characters. * Use flags setter information in modules/chanserv/access & modules/chanserv/flags. * Fix issue where modules/misc/httpd was not closing its listening socket on deinit. * Fix GroupServ data loss issue when a group was the founder of another group. Important SUSE bug 1174075 SUSE bug 1195989 CVE-2022-24976 cpe:/o:opensuse:leap:15.3 Security update for tor (Important) openSUSE Leap 15.3 This update for tor fixes the following issues: tor was updated to 0.4.7.8: * Fix a scenario where RTT estimation can become wedged, seriously degrading congestion control performance on all circuits. This impacts clients, onion services, and relays, and can be triggered remotely by a malicious endpoint. (TROVE-2022-001, CVE-2022-33903, boo#1200672) * Regenerate fallback directories generated on June 17, 2022. * Update the geoip files to match the IPFire Location Database, as retrieved on 2022/06/17. * Allow the rseq system call in the sandbox * logging bug fixes Important SUSE bug 1200672 CVE-2022-33903 cpe:/o:opensuse:leap:15.3 Security update for chafa (Moderate) openSUSE Leap 15.3 This update for chafa fixes the following issues: - CVE-2022-1507: Fix NULL pointer deref in gif_internal_decode_frame (boo#1198965) Moderate SUSE bug 1198965 CVE-2022-1507 cpe:/o:opensuse:leap:15.3 Security update for various openSUSE kernel module packages (Important) openSUSE Leap 15.3 This update of various openSUSE kernel module packages fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 103.0.5060.53 (boo#1200783) * CVE-2022-2156: Use after free in Base * CVE-2022-2157: Use after free in Interest groups * CVE-2022-2158: Type Confusion in V8 * CVE-2022-2160: Insufficient policy enforcement in DevTools * CVE-2022-2161: Use after free in WebApp Provider * CVE-2022-2162: Insufficient policy enforcement in File System API * CVE-2022-2163: Use after free in Cast UI and Toolbar * CVE-2022-2164: Inappropriate implementation in Extensions API * CVE-2022-2165: Insufficient data validation in URL formatting Important SUSE bug 1200783 CVE-2022-2156 CVE-2022-2157 CVE-2022-2158 CVE-2022-2160 CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164 CVE-2022-2165 cpe:/o:opensuse:leap:15.3 Security update for python-ipython (Important) openSUSE Leap 15.3 This update for python-ipython fixes the following issues: - CVE-2022-21699: Confining executed process to have limited privileges. (boo#1194936). Important SUSE bug 1194936 CVE-2022-21699 cpe:/o:opensuse:leap:15.3 Security update for chafa (Moderate) openSUSE Leap 15.3 This update for chafa fixes the following issues: - CVE-2022-2301: Fix buffer over-read (boo#1201211) Moderate SUSE bug 1201211 CVE-2022-2301 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 103.0.5060.114 (boo#1201216) * CVE-2022-2294: Heap buffer overflow in WebRTC * CVE-2022-2295: Type Confusion in V8 * CVE-2022-2296: Use after free in Chrome OS Shell Important SUSE bug 1201216 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: opera was updated to 88.0.4412.74: - DNA-100645 Cherry-pick CVE-2022-2294 onto stabilization branches Update to 88.0.4412.53 - DNA-99108 [Lin] Options on video pop out not possible to change - DNA-99832 On automatic video popout, close button should not stop video - DNA-99833 Allow turning on and off of each 'BABE' section from gear icon - DNA-99852 Default browser in Mac installer - DNA-99993 Crashes in AudioFileReaderTest, FFmpegAACBitstreamConverterTest - DNA-100045 iFrame Exception not unblocked with Acceptable Ads - DNA-100291 Update snapcraft uploading/releasing in scripts to use craft store Changes in 88.0.4412.40 - CHR-8905 Update chromium on desktop-stable-102-4412 to 102.0.5005.115 - DNA-99713 Sizing issues with video conferencing controls in PiP window - DNA-99831 Add 'back to tab' button like on video pop-out - The update to chromium 102.0.5005.115 fixes following issues: CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, CVE-2022-2011 Changes in 88.0.4412.27 - DNA-99725 Crash at opera::ModalDialogViews::Show() - DNA-99752 Do not allow to uncheck all lists for adBlock - DNA-99918 Enable #scrollable-tab-strip on desktop-stable-102-4412 - DNA-99969 Promote O88 to stable - Complete Opera 88.0 changelog at: https://blogs.opera.com/desktop/changelog-for-88/ Update to 87.0.4390.45 - DNA-99478 Top Sites don’t always has big icon - DNA-99702 Enable Acceptable Ads for stable stream - DNA-99725 Crash at opera::ModalDialogViews::Show() - DNA-99752 Do not allow to uncheck all lists for adBlock - Update to 87.0.4390.36 - CHR-8883 Update chromium on desktop-stable-101-4390 to 101.0.4951.67 - DNA-99190 Investigate windows installer signature errors on win7 - DNA-99502 Sidebar – API to open panels - DNA-99593 Report sad tab displayed counts per kind - DNA-99628 Personalized Speed Dial context menu issue fix Important CVE-2022-2007 CVE-2022-2008 CVE-2022-2010 CVE-2022-2011 CVE-2022-2294 cpe:/o:opensuse:leap:15.3 Security update for phpPgAdmin (Critical) openSUSE Leap 15.3 This update for phpPgAdmin fixes the following issues: - CVE-2019-10784: Fixed improper source validation that could lead to CSRF (boo#1162794) Critical SUSE bug 1162794 CVE-2019-10784 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium was updated to 103.0.5060.134 (boo#1201679): * CVE-2022-2477 : Use after free in Guest View * CVE-2022-2478 : Use after free in PDF * CVE-2022-2479 : Insufficient validation of untrusted input in File * CVE-2022-2480 : Use after free in Service Worker API * CVE-2022-2481: Use after free in Views * CVE-2022-2163: Use after free in Cast UI and Toolbar * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1201679 CVE-2022-2163 CVE-2022-2477 CVE-2022-2478 CVE-2022-2479 CVE-2022-2480 CVE-2022-2481 cpe:/o:opensuse:leap:15.3 Security update for seamonkey (Important) openSUSE Leap 15.3 This update for seamonkey fixes the following issues: update to SeaMonkey 2.53.13 * Updates to devtools. * Updates to build configuration. * Starting the switch from Python 2 to Python 3 in the build system. * Removal of array comprehensions, legacy iterators and generators bug 1414340 and bug 1098412. * Adding initial optional chaining and Promise.allSettled() support. * SeaMonkey 2.53.13 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.13 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.11 and Thunderbird 91.11 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. Important cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: opera was updated to 89.0.4447.71 - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134 - DNA-100492 authPrivate.storeCredentials should work with running auth session - DNA-100649 “Sign out” from settings doesn’t also sign out from auth - DNA-100653 VPN Badge popup – not working well with different page zoom being set in browser settings - DNA-100712 Wrong spacing on text to reset sync passphrase in settings - DNA-100799 VPN icon is “pro” on disconnected - DNA-100841 Remove Get Subscription and Get button from VPN pro settings - DNA-100883 Update missing translations from chromium - DNA-100899 Translation error in Turkish - DNA-100912 Unable to select pinboards when sync everything is enabled - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB - DNA-100960 Use after move CountryBlacklistServiceImpl::DownloadCountryBlacklist - DNA-100961 Use after move CategorizationDataCollection::Iterator::Iterator - DNA-100989 Crash at opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&) - The update to chromium 103.0.5060.134 fixes following issues: CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479 CVE-2022-2480, CVE-2022-2481 opera was updated to 89.0.4447.51 - DNA-99538 Typed content of address bar shared between tabs - DNA-100418 Set 360 so as search engine in China - DNA-100629 Launch Auth login when enabling sync while logged in - DNA-100776 Popup is too long if there are no services available opera was updated to 89.0.4447.48 - CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114 - DNA-100247 Make it possible to display hint when tab scrolling gets triggered - DNA-100482 Shopping corner icon availability - DNA-100575 Add unique IDs to all web element in opera account popup - DNA-100625 Opera account popup appears too high on Linux - DNA-100627 Enable #snap-from-panel on all stream - DNA-100636 DCHECK at suggestion_item.cc(484) - DNA-100685 Fix crash when attaching to tab strip scroll buttons - DNA-100693 Enable Sticky Site sidebar item to have notification bubble - DNA-100698 [AdBlock] Unhandled Disconnect list category: 'emailaggressive' - DNA-100716 Misstype Settings 'Enhanced address bar' - DNA-100732 Fix &amp; escaping in translated strings - DNA-100759 Crash when loading personal news in private window - The update to chromium 103.0.5060.114 fixes following issues: CVE-2022-2294, CVE-2022-2295, CVE-2022-2296 opera was updated to 89.0.4447.38 - DNA-100283 Translations for O89 - Complete Opera 89.0 changelog at: https://blogs.opera.com/desktop/changelog-for-89/ opera was updated to 89.0.4447.37 - CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66 - DNA-99780 Crash at zmq::zmq_abort(char const*) - DNA-100377 New opera account popup doesn’t open on Linux - DNA-100589 Crash at base::internal::Invoker<T>::RunOnce (base::internal::BindStateBase*, scoped_refptr<T>&&) - DNA-100607 Sync “Sign in” button doesn’t work with Opera Account popup Important CVE-2022-2163 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296 CVE-2022-2477 CVE-2022-2478 CVE-2022-2479 CVE-2022-2480 CVE-2022-2481 cpe:/o:opensuse:leap:15.3 Security update for canna (Important) openSUSE Leap 15.3 This update for canna fixes the following issues: - CVE-2022-21950: move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. Use systemd-tmpfiles for cleaning old sockets (boo#1199280). Important SUSE bug 1199280 CVE-2022-21950 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 104.0.5112.79 (boo#1202075) * CVE-2022-2603: Use after free in Omnibox * CVE-2022-2604: Use after free in Safe Browsing * CVE-2022-2605: Out of bounds read in Dawn * CVE-2022-2606: Use after free in Managed devices API * CVE-2022-2607: Use after free in Tab Strip * CVE-2022-2608: Use after free in Overview Mode * CVE-2022-2609: Use after free in Nearby Share * CVE-2022-2610: Insufficient policy enforcement in Background Fetch * CVE-2022-2611: Inappropriate implementation in Fullscreen API * CVE-2022-2612: Side-channel information leakage in Keyboard input * CVE-2022-2613: Use after free in Input * CVE-2022-2614: Use after free in Sign-In Flow * CVE-2022-2615: Insufficient policy enforcement in Cookies * CVE-2022-2616: Inappropriate implementation in Extensions API * CVE-2022-2617: Use after free in Extensions API * CVE-2022-2618: Insufficient validation of untrusted input in Internals * CVE-2022-2619: Insufficient validation of untrusted input in Settings * CVE-2022-2620: Use after free in WebUI * CVE-2022-2621: Use after free in Extensions * CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing * CVE-2022-2623: Use after free in Offline * CVE-2022-2624: Heap buffer overflow in PDF - Switch back to Clang so that we can use BTI on aarch64 * Gold is too old - doesn't understand BTI * LD crashes on aarch64 - Re-enable LTO - Prepare move to FFmpeg 5 for new channel layout (requires 5.1+) Important SUSE bug 1202075 CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612 CVE-2022-2613 CVE-2022-2614 CVE-2022-2615 CVE-2022-2616 CVE-2022-2617 CVE-2022-2618 CVE-2022-2619 CVE-2022-2620 CVE-2022-2621 CVE-2022-2622 CVE-2022-2623 CVE-2022-2624 cpe:/o:opensuse:leap:15.3 Security update for trivy (Moderate) openSUSE Leap 15.3 This update for trivy fixes the following issues: Update to version 0.30.4: * fix: remove the first arg when running as a plugin (#2595) * fix: k8s controlplaner scanning (#2593) * fix(vuln): GitLab report template (#2578) Update to version 0.30.3: * fix(server): use a new db worker for hot updates (#2581) * docs: add trivy with download-db-only flag to Air-Gapped Environment (#2583) * docs: split commands to download db for different versions of oras (#2582) * feat(report): export exitcode for license checks (#2564) * fix: cli can use lowercase for severities (#2565) * fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577) * fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569) * fix: enable some features of the wasm runtime (#2575) * fix(k8s): no error logged if trivy can't get docker image in kubernetes mode (#2521) * docs(sbom): improve sbom attestation documentation (#2566) Update to version 0.30.2: * fix(report): show the summary without results (#2548) * fix(cli): replace '-' to '_' for env vars (#2561) Update to version 0.30.1: * chore: remove a test repository (#2551) * fix(license): lazy loading of classifiers (#2547) * fix: CVE-2022-1996 in Trivy (#2499) * docs(sbom): add sbom attestation (#2527) * feat(rocky): set Rocky Linux 9 EOL (#2543) * docs: add attributes to the video tag to autoplay demo videos (#2538) * fix: yaml files with non-string chart name (#2534) * fix: skip dirs (#2530) * feat(repo): add support for branch, commit, & tag (#2494) * fix: remove auto configure environment variables via viper (#2526) Update to version 0.30.0: * fix: separating multiple licenses from one line in dpkg copyright files (#2508) * fix: change a capital letter for `plugin uninstall` subcommand (#2519) * fix: k8s hide empty report when scanning resource (#2517) * refactor: fix comments (#2516) * fix: scan vendor dir (#2515) * feat: Add support for license scanning (#2418) * chore: add owners for secret scanning (#2485) * fix: remove dependency-tree flag for image subcommand (#2492) * fix(k8s): add shorthand for k8s namespace flag (#2495) * docs: add information about using multiple servers to troubleshooting (#2498) * ci: add pushing canary build images to registries (#2428) * feat(dotnet): add support for .Net core .deps.json files (#2487) * feat(amazon): add support for 2022 version (#2429) * Type correction bitnami chart (#2415) * docs: add config file and update CLI references (#2489) * feat: add support for flag groups (#2488) * refactor: move from urfave/cli to spf13/cobra (#2458) * fix: Fix secrets output not containing file/lines (#2467) * fix: clear output with modules (#2478) * docs(cbl): distroless 1.0 supported (#2473) * fix: Fix example dockerfile rego policy (#2460) * fix(config): add helm to list of config analyzers (#2457) * feat: k8s resouces scan (#2395) * feat(sbom): add cyclonedx sbom scan (#2203) * docs: remove links to removed content (#2431) * ci: added rpm build for rhel 9 (#2437) * fix(secret): remove space from asymmetric private key (#2434) * test(integration): fix golden files for debian 9 (#2435) * fix(cli): fix version string in docs link when secret scanning is enabled (#2422) * refactor: move CycloneDX marshaling (#2420) * docs(nodejs): add docs about pnpm support (#2423) * docs: improve k8s usage documentation (#2425) * feat: Make secrets scanning output consistant (#2410) * ci: create canary build after main branch changes (#1638) * fix(misconf): skip broken scans (#2396) * feat(nodejs): add pnpm support (#2414) * fix: Fix false positive for use of COS images (#2413) * eliminate nerdctl dependency (#2412) * Add EOL date for SUSE SLES 15.3, 15.4 and OpenSUSE 15.4 (#2403) * fix(go): no cast to lowercase go package names (#2401) * BREAKING(sbom): change 'trivy sbom' to scan SBOM (#2408) * fix(server): hot update the db from custom repository (#2406) * feat: added license parser for dpkg (#2381) * fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key (#2400) * feat: extract stripe publishable and secret keys (#2392) * feat: rbac support k8s sub-command (#2339) * feat(ruby): drop platform strings from dependency versions bundled with bundler v2 (#2390) * docs: Updating README with new CLI command (#2359) * fix(misconf): Update defsec to v0.68.4 to resolve CF detection bug (#2383) * chore: add integration label and merge security label (#2316) Update to version 0.29.2: * chore: skip Visual Studio Code project folder (#2379) * fix(helm): handle charts with templated names (#2374) * docs: redirect operator docs to trivy-operator repo (#2372) * fix(secret): use secret result when determining Failed status (#2370) * try removing libdb-dev * run integration tests in fanal * use same testing images in fanal * feat(helm): add support for trivy dbRepository (#2345) * fix: Fix failing test due to deref lint issue * test: Fix broken test * fix: Fix makefile when no previous named ref is visible in a shallow clone * chore: Fix linting issues in fanal * refactor: Fix fanal import paths and remove dotfiles Update to version 0.29.1: * fix(report): add required fields to the SARIF template (#2341) * chore: fix spelling errors (#2352) * Omit Remediation if PrimaryURL is empty (#2006) * docs(repo): Link to installation documentation in readme shows 404 (#2348) * feat(alma): support for scanning of modular packages for AlmaLinux (#2347) Update to version 0.29.0: * fix(lang): fix dependency graph in client server mode (#2336) * feat: allow expiration date for .trivyignore entries (#2332) * feat(lang): add dependency origin graph (#1970) * docs: update nix installation info (#2331) * feat: add rbac scanning support (#2328) * refactor: move WordPress module to another repository (#2329) * ci: add support for ppc64le (#2281) * feat: add support for WASM modules (#2195) * feat(secret): show recommendation for slow scanning (#2051) * fix(flag): remove --clear-cache flag client mode (#2301) * fix(java): added check for looping for variable evaluation in pom file (#2322) * BREAKING(k8s): change CLI API (#2186) * feat(alpine): add Alpine Linux 3.16 (#2319) * ci: add `go mod tidy` check (#2314) * chore: run `go mod tidy` (#2313) * fix: do not exit if one resource is not found (#2311) * feat(cli): use stderr for all log messages (resolve #381) (#2289) * test: replace deprecated subcommand client in integration tests (#2308) * feat: add support for containerd (#2305) * fix(kubernetes): Support floats in manifest yaml (#2297) * docs(kubernetes): dead links (#2307) * chore: add license label (#2304) * feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293) * feat(helm): add pod annotations (#2272) * refactor: do not import defsec in fanal types package (#2292) * feat(report): Add misconfiguration support to ASFF report template (#2285) * test: use images in GHCR (#2275) * feat(helm): support pod annotations (#2265) * feat(misconf): Helm chart scanning (#2269) * docs: Update custom rego policy docs to reflect latest defsec/fanal changes (#2267) * fix: mask redis credentials when logging (#2264) * refactor: extract commands Runner interface (#2147) * docs: update operator release (#2263) * feat(redhat): added architecture check (#2172) * docs: updating links in the docs to work again (#2256) * docs: fix readme (#2251) * fix: fixed incorrect CycloneDX output format (#2255) * refactor(deps): move dependencies to package (#2189) * fix(report): change github format version to required (#2229) * docs: update readme (#2110) * docs: added information about choosing advisory database (#2212) * chore: update trivy-kubernetes (#2224) * docs: clarifying parts of the k8s docs and updating links (#2222) * fix(k8s): timeout error logging (#2179) * chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214) * feat(k8s): add --context flag (#2171) * fix(k8s): properly instantiate TableWriter (#2175) * test: fixed integration tests after updating testcontainers to v0.13.0 (#2208) * chore: update labels (#2197) * fix(report): fixed panic if all misconf reports were removed in filter (#2188) * feat(k8s): scan secrets (#2178) * feat(report): GitHub Dependency Snapshots support (#1522) * feat(db): added insecure skip tls verify to download trivy db (#2140) * fix(redhat): always use vulns with fixed version if there is one (#2165) * chore(redhat): Add support for Red Hat UBI 9. (#2183) * fix(k8s): update trivy-kubernetes (#2163) * fix misconfig start line for code quality tpl (#2181) * fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176) * docs(vuln): Include GitLab 15.0 integration (#2153) * docs: fix the operator version (#2167) * fix(k8s): summary report when when only vulns exit (#2146) * chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives in ksv038) (#2156) * perf(misconf): Improve performance when scanning very large files (#2152) * docs(misconf): Update examples and docs to refer to builtin/defsec instead of appshield (#2150) * chore(deps): Update fanal (for less verbose code in misconf results) (#2151) * docs: fixed installation instruction for rhel/centos (#2143) Update to version 0.28.0 (boo#1199760, CVE-2022-28946): * fix: remove Highlighted from json output (#2131) * fix: remove trivy-kubernetes replace (#2132) * docs: Add Operator docs under Kubernetes section (#2111) * fix(k8s): security-checks panic (#2127) * ci: added k8s scope (#2130) * docs: Update misconfig output in examples (#2128) * fix(misconf): Fix coloured output in Goland terminal (#2126) * docs(secret): Fix default value of --security-checks in docs (#2107) * refactor(report): move colorize function from trivy-db (#2122) * feat: k8s resource scanning (#2118) * chore: add CODEOWNERS (#2121) * feat(image): add `--server` option for remote scans (#1871) * refactor: k8s (#2116) * refactor: export useful APIs (#2108) * docs: fix k8s doc (#2114) * feat(kubernetes): Add report flag for summary (#2112) * fix: Remove problematic advanced rego policies (#2113) * feat(misconf): Add special output format for misconfigurations (#2100) * feat: add k8s subcommand (#2065) * chore: fix make lint version (#2102) * fix(java): handle relative pom modules (#2101) * fix(misconf): Add missing links for non-rego misconfig results (#2094) * feat(misconf): Added fs.FS based scanning via latest defsec (#2084) * chore(os): updated fanal version and alpine distroless test (#2086) * feat(report): add support for SPDX (#2059) * chore: app version 0.27.0 (#2046) * fix(misconf): added to skip conf files if their scanning is not enabled (#2066) * docs(secret) fix rule path in docs (#2061) * docs: change from go.sum to go.mod (#2056) Update to version 0.27.1: * refactor(fs): scanner options (#2050) * feat(secret): truncate long line (#2052) * docs: fix a broken bullets (#2042) * feat(ubuntu): add 22.04 approx eol date (#2044) * docs: update installation.md (#2027) * docs: add Containerfile (#2032) Update to version 0.27.0: * fix(go): fixed panic to scan gomod without version (#2038) * docs(mariner): confirm it works with Mariner 2.0 VM (#2036) * feat(secret): support enable rules (#2035) * chore: app version 26.0 (#2030) * docs(secret): add a demo movie (#2031) * feat: support cache TTL in Redis (#2021) * fix(go): skip system installed binaries (#2028) * fix(go): check if go.sum is nil (#2029) * feat: add secret scanning (#1901) * chore: gh publish only with push the tag release (#2025) * fix(fs): ignore permission errors (#2022) * test(mod): using correct module inside test go.mod (#2020) * feat(server): re-add proxy support for client/server communications (#1995) * fix(report): truncate a description before escaping in ASFF template (#2004) * fix(cloudformation): correct margin removal for empty lines (#2002) * fix(template): correct check of old sarif template files (#2003) Update to version 0.26.0: * feat(alpine): warn mixing versions (#2000) * Update ASFF template (#1914) * chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994) * test(go): add integration tests for gomod (#1989) * fix(python): fixed panic when scan .egg archive (#1992) * fix(go): set correct go modules type (#1990) * feat(alpine): support apk repositories (#1987) * docs: add CBL-Mariner (#1982) * docs(go): fix version (#1986) * feat(go): support go.mod in Go 1.17+ (#1985) * ci: fix URLs in the PR template (#1972) * ci: add semantic pull requests check (#1968) * docs(issue): added docs for wrong detection issues (#1961) Update to version 0.25.4: * docs: move CONTRIBUTING.md to docs (#1971) * refactor(table): use file name instead package path (#1966) * fix(sbom): add --db-repository (#1964) * feat(table): add PkgPath in table result (#1960) * fix(pom): merge multiple pom imports in a good manner (#1959) Update to version 0.25.3: * fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956) * fix(misconf): update BurntSushi/toml for fix runtime error (#1948) * fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947) * feat(jar): allow setting Maven Central URL using environment variable (#1939) * chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931) * chore(chart): remove version comments (#1933) Update to version 0.25.2: * fix(downloadDB): add flag to server command (#1942) Update to version 0.25.1: * fix(misconf): update defsec to resolve panics (#1935) * docs: restructure the documentation (#1887) * Add trivy horizontal logo (#1932) * feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873) - Buildrequire go1.18 as upstream says in go.mod Update to version 0.25.0: * docs(filter vulnerabilities): fix link (#1880) * feat(template) Add misconfigurations to gitlab codequality report (#1756) * fix(rpc): add PkgPath field to client / server mode (#1643) * fix(vulnerabilities): fixed trivy-db vulns (#1883) * feat(cache): remove temporary cache after filesystem scanning (#1868) * feat(sbom): add a dedicated sbom command (#1799) * feat(cyclonedx): add vulnerabilities (#1832) * fix(option): hide false warning about remote options (#1865) * feat(filesystem): scan in client/server mode (#1829) * refactor(template): remove unused test (#1861) * fix(cli): json format for trivy version (#1854) * docs: change URL for tfsec-checks (#1857) Moderate SUSE bug 1199760 CVE-2022-1996 CVE-2022-23648 CVE-2022-28946 cpe:/o:opensuse:leap:15.3 Security update for nim (Important) openSUSE Leap 15.3 This update for nim fixes the following issues: Includes upstream security fixes for: * (boo#1175333, CVE-2020-15693) httpClient is vulnerable to a CR-LF injection * (boo#1175334, CVE-2020-15692) mishandle of argument to browsers.openDefaultBrowser * (boo#1175332, CVE-2020-15694) httpClient.get().contentLength() fails to properly validate the server response * (boo#1192712, CVE-2021-41259) null byte accepted in getContent function, leading to URI validation bypass * (boo#1185948, CVE-2021-29495) stdlib httpClient does not validate peer certificates by default * (boo#1185085, CVE-2021-21374) Improper verification of the SSL/TLS certificate * (boo#1185084, CVE-2021-21373) 'nimble refresh' falls back to a non-TLS URL in case of error * (boo#1185083, CVE-2021-21372) doCmd can be leveraged to execute arbitrary commands * (boo#1181705, CVE-2020-15690) Standard library asyncftpclient lacks a check for newline character Following nim tools now work as expected: * nim_dbg is now installed. * nim-gdb can be successfully launched as it finds and loads nim-gdb.py correctly under gdb. * nimble package manager stores package information per user. * compiler package can be found and used, as it may be required by other packages. Update to 1.6.6 * standard library use consistent styles for variable names so it can be used in projects which force a consistent style with --styleCheck:usages option. * ARC/ORC are now considerably faster at method dispatching, bringing its performance back on the level of the refc memory management. * Full changelog: https://nim-lang.org/blog/2022/05/05/version-166-released.html - Previous updates and changelogs: * 1.6.4: https://nim-lang.org/blog/2022/02/08/version-164-released.html * 1.6.2: https://nim-lang.org/blog/2021/12/17/version-162-released.html * 1.6.0: https://nim-lang.org/blog/2021/10/19/version-160-released.html * 1.4.8: https://nim-lang.org/blog/2021/05/25/version-148-released.html * 1.4.6: https://nim-lang.org/blog/2021/04/15/versions-146-and-1212-released.html * 1.4.4: https://nim-lang.org/blog/2021/02/23/versions-144-and-1210-released.html * 1.4.2: https://nim-lang.org/blog/2020/12/01/version-142-released.html * 1.4.0: https://nim-lang.org/blog/2020/10/16/version-140-released.html Update to 1.2.16 * oids: switch from PRNG to random module * nimc.rst: fix table markup * nimRawSetjmp: support Windows * correctly enable chronos * bigints are not supposed to work on 1.2.x * disable nimpy * misc bugfixes * fixes a 'mixin' statement handling regression [backport:1.2 Update to version 1.2.12 * Fixed GC crash resulting from inlining of the memory allocation procs * Fixed “incorrect raises effect for $(NimNode)” (#17454) - from version 1.2.10 * Fixed “JS backend doesn’t handle float->int type conversion “ (#8404) * Fixed “The “try except” not work when the “OSError: Too many open files” error occurs!” (#15925) * Fixed “Nim emits #line 0 C preprocessor directives with –debugger:native, with ICE in gcc-10” (#15942) * Fixed “tfuturevar fails when activated” (#9695) * Fixed “nre.escapeRe is not gcsafe” (#16103) * Fixed ““Error: internal error: genRecordFieldAux” - in the “version-1-4” branch” (#16069) * Fixed “-d:fulldebug switch does not compile with gc:arc” (#16214) * Fixed “osLastError may randomly raise defect and crash” (#16359) * Fixed “generic importc proc’s don’t work (breaking lots of vmops procs for js)” (#16428) * Fixed “Concept: codegen ignores parameter passing” (#16897) * Fixed “{.push exportc.} interacts with anonymous functions” (#16967) * Fixed “memory allocation during {.global.} init breaks GC” (#17085) * Fixed 'Nimble arbitrary code execution for specially crafted package metadata' + https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p + (boo#1185083, CVE-2021-21372) * Fixed 'Nimble falls back to insecure http url when fetching packages' + https://github.com/nim-lang/security/security/advisories/GHSA-8w52-r35x-rgp8 + (boo#1185084, CVE-2021-21373) * Fixed 'Nimble fails to validate certificates due to insecure httpClient defaults' + https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx + (boo#1185085, CVE-2021-21374) - from version 1.2.8 * Fixed “Defer and –gc:arc” (#15071) * Fixed “Issue with –gc:arc at compile time” (#15129) * Fixed “Nil check on each field fails in generic function” (#15101) * Fixed “[strscans] scanf doesn’t match a single character with $+ if it’s the end of the string” (#15064) * Fixed “Crash and incorrect return values when using readPasswordFromStdin on Windows.” (#15207) * Fixed “Inconsistent unsigned -> signed RangeDefect usage across integer sizes” (#15210) * Fixed “toHex results in RangeDefect exception when used with large uint64” (#15257) * Fixed “Mixing ‘return’ with expressions is allowed in 1.2” (#15280) * Fixed “proc execCmdEx doesn’t work with -d:useWinAnsi” (#14203) * Fixed “memory corruption in tmarshall.nim” (#9754) * Fixed “Wrong number of variables” (#15360) * Fixed “defer doesnt work with block, break and await” (#15243) * Fixed “Sizeof of case object is incorrect. Showstopper” (#15516) * Fixed “Mixing ‘return’ with expressions is allowed in 1.2” (#15280) * Fixed “regression(1.0.2 => 1.0.4) VM register messed up depending on unrelated context” (#15704) - from version 1.2.6 * Fixed “The pegs module doesn’t work with generics!” (#14718) * Fixed “[goto exceptions] {.noReturn.} pragma is not detected in a case expression” (#14458) * Fixed “[exceptions:goto] C compiler error with dynlib pragma calling a proc” (#14240) * Fixed “Nim source archive install: ‘install.sh’ fails with error: cp: cannot stat ‘bin/nim-gdb’: No such file or directory” (#14748) * Fixed “Stropped identifiers don’t work as field names in tuple literals” (#14911) * Fixed “uri.decodeUrl crashes on incorrectly formatted input” (#14082) * Fixed “odbcsql module has some wrong integer types” (#9771) * Fixed “[ARC] Compiler crash declaring a finalizer proc directly in ‘new’” (#15044) * Fixed “code with named arguments in proc of winim/com can not been compiled” (#15056) * Fixed “javascript backend produces javascript code with syntax error in object syntax” (#14534) * Fixed “[ARC] SIGSEGV when calling a closure as a tuple field in a seq” (#15038) * Fixed “Compiler crashes when using string as object variant selector with else branch” (#14189) * Fixed “Constructing a uint64 range on a 32-bit machine leads to incorrect codegen” (#14616) Update to version 1.2.2: * See https://nim-lang.org/blog.html for details - Enable the full testsuite in the %check section * Add build dependencies to run the testsuite * Whitelists a few tests that are not passing yet Update to version 1.0.2: * See https://nim-lang.org/blog.html for details - Update dependencies (based on changes by Federico Ceratto Important SUSE bug 1175332 SUSE bug 1175333 SUSE bug 1175334 SUSE bug 1181705 SUSE bug 1185083 SUSE bug 1185084 SUSE bug 1185085 SUSE bug 1185948 SUSE bug 1192712 CVE-2020-15690 CVE-2020-15692 CVE-2020-15693 CVE-2020-15694 CVE-2021-21372 CVE-2021-21373 CVE-2021-21374 CVE-2021-29495 CVE-2021-41259 cpe:/o:opensuse:leap:15.3 Security update for freeciv (Important) openSUSE Leap 15.3 This update for freeciv fixes the following issues: - update to 3.0.3 (boo#1202548, CVE-2022-6083): * 3.0.3 is a bugfix release * see https://freeciv.fandom.com/wiki/NEWS-3.0.3 - update to 3.0.2: * 3.0.2 is a generic bugfix release * see https://freeciv.fandom.com/wiki/NEWS-3.0.2 - update to 3.0.1: * 3.0.1 is a generic bugfix release * see https://freeciv.fandom.com/wiki/NEWS-3.0.1 - update to 3.0.0: * This release is a major upgrade which with some changes that can support backward compatible rulesets * see https://freeciv.fandom.com/wiki/NEWS-3.0.0#WHAT.27S_CHANGED_SINCE_2.6 - update to 2.6.6: * https://freeciv.fandom.com/wiki/NEWS-2.6.5 * 2.6.6 is a bugfix release. - update to 2.6.5: * https://freeciv.fandom.com/wiki/NEWS-2.6.5 * 2.6.5 is a bugfix release. Notably it fixes regression in 2.6.4 gtk3-client that present units in city dialog had no overlays drawn at all. - Update to 2.6.4: * Bugfix release, see https://freeciv.fandom.com/wiki/NEWS-2.6.4 - update to 2.6.3: * see http://www.freeciv.org/wiki/NEWS-2.6.3 * Fixed trouble when a new city is founded to the ruins of a former city, and that new city establish a trade route with a player who had seen former city, and is unaware that it had been destroyed HRM#871606 * Fixed a case where shared vision did not completely update recipient's map HRM#846106 * Fixed a bug where one could paradrop to peaceful nation's territory after continuing game from an old savegame HRM#879084 * Fixed a bug causing game sometimes to tell wrong reason of why an action failed HRM#879880 * Cease fire no longer runs out with an already dead player, making his former allies to hate the alive party of the treaty HRM#879055 * Made server not to end in a infinite loop after loading savegame with too high phase number. Such a savegame was reported to be created after spaceship was launched but game was still continued HRM#815196 * Unified writing of the city name Washington-on-the-Brazos between rulesets, so it doesn't appear multiple times in the same game in a bit different form HRM#867817 * Stealth units are no longer erroneously hidden even from allies HRM#764976 * Placing initial units is now done in shuffled player order HRM#850656 * Corrupt worker tasks are cleared. Those can originate, e.g., from buggy pre-2.6.2.1 Qt-client, and live in old savegames HRM#901938 * In a ruleset, such as civ2civ3, where caravans can help building wonder in a foreign city, refresh city info of the city owner when one does HRM#907977 * Display of success probabilities for diplomats was off when targeting stack of units instead of individual unit HRM#859761 * Fixed pillaging of extras that are caused by something else than player actions. For the fix to work, both server and client must be at least version 2.6.3 HRM#861508 * Civilian unit trying to paradrop to an enemy city dies HRM#870004 * Prevented dead player from getting techs via Tech_Parasite effect. This caused trouble in alien ruleset where Tech_Parasite is granted by a tech HRM#873692 * Improved support of CityTile requirement type HRM#877780 * Fixed trouble preventing Small Wonders from working as impr_reqs for units HRM#884993 * Corrected success probability shown by action dialog when it depends on a special kind of road HRM#897490 * The included Lua engine has been upgraded from 5.3.5 to 5.3.6. HRM#889425 - update to 2.6.2.1: * Fixed server crash when unit with zero move_rate is transformed * Fixed crashes when using Direction objects in lua scripts * Fixed crash when chatline text had opening tag without closing tag * Fixes to the Qt client * Updated translations * Fixed Qt-client build against Qt-5.15 (removes freeciv-qt-5.15.patch ) * Documentation updates Important SUSE bug 1202548 CVE-2022-6083 cpe:/o:opensuse:leap:15.3 Security update for python-treq (Moderate) openSUSE Leap 15.3 This update for python-treq fixes the following issues: - Fixed CVE-2022-23607 (boo#1195432) binding cookies to the domain. Moderate SUSE bug 1195432 CVE-2022-23607 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 104.0.5112.101 (boo#1202509): * CVE-2022-2852: Use after free in FedCM * CVE-2022-2854: Use after free in SwiftShader * CVE-2022-2855: Use after free in ANGLE * CVE-2022-2857: Use after free in Blink * CVE-2022-2858: Use after free in Sign-In Flow * CVE-2022-2853: Heap buffer overflow in Downloads * CVE-2022-2856: Insufficient validation of untrusted input in Intents * CVE-2022-2859: Use after free in Chrome OS Shell * CVE-2022-2860: Insufficient policy enforcement in Cookies * CVE-2022-2861: Inappropriate implementation in Extensions API - Re-enable our version of chrome-wrapper - Set no sandbox if root is being used (https://crbug.com/638180) Important SUSE bug 1202509 CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: - Update to 90.0.4480.54 - CHR-8981 Update chromium on desktop-stable-104-4480 to 104.0.5112.102 - DNA-98165 [buildsign] Whitelist Silent.nib when creating universal NI package on Mac - DNA-101309 Use base filename in PUT request when uploading files to buildbot - The update to chromium 104.0.5112.102 fixes following issues: CVE-2022-2852, CVE-2022-2854, CVE-2022-2855, CVE-2022-2857, CVE-2022-2858, CVE-2022-2853, CVE-2022-2856, CVE-2022-2859, CVE-2022-2860, CVE-2022-2861 - Update to 90.0.4480.48 - DNA-100835 AddressBarModelTestWithCategories.RefreshUnfiltered SuggestionsWhenPrefsChanged fails on beta stream - DNA-101171 Translations for O90 - DNA-101216 Remove empty string from flow client_capabilities - DNA-101357 Promote O90 to Stable - DNA-101383 Revert DNA-101033 - Complete Opera 90.0 changelog at: https://blogs.opera.com/desktop/changelog-for-90/ - Update to 89.0.4447.91 - DNA-100673 Crash at void opera::ModalDialogBaseView::OnExtraButtonPressed (const class ui::Event& const) - DNA-100915 [Sync Settings] Confirm your identity to enable encryption message flickers - DNA-100937 Missing links to ToS and Privacy Statement in launcher dialog when running installer with –show-eula-window-on-start - DNA-101002 Make errors from webpack compilation appear in the log - DNA-101045 Popup contents are pushed outside of popup in 'Unprotected' VPN state - DNA-101076 Disabled Pinboards should have another color in Account popup - DNA-101086 Sync – Clicking Next on auth.opera.com/account/v3/desktop/login/confirm-password does not redirect anywhere - Update to 89.0.4447.83 - DNA-99507 Badge deactivates on a basket page of the shop - DNA-99840 Add speed dials to start page - DNA-100127 Enable #enable-force-dark-from-settings on all streams - DNA-100233 [Settings] 'Sync everything' and 'Do not sync' unselects itself - DNA-100560 Add 'suggested speed dials' in the Google search box on the start page - DNA-100568 Fix icon in suggestions and update layout - DNA-100646 Add synchronization states to Opera account popup - DNA-100665 Create private API to open Account popup + allow rich hints - DNA-100668 Use a category based suggestion list to sort search box suggestions - DNA-100701 'Force dark page' shortcut don’t work - DNA-100711 Unable to click suggestions on start page search box - DNA-100725 [WinLin] Opera account logo is offcenter - DNA-100762 Suggestions from networks get favicon from network - DNA-100764 Fix 'Confirm Identity' URL - DNA-100905 Request to update event_sd_tile_used.type - DNA-100921 Add accessibility info about sync state to opera account button - DNA-100943 VPN pro popup can be zoomed - DNA-100945 Disable Context Menu for VPN and VPN Pro popups - DNA-100958 Opera account popup should display actual state of synchronization instead of selected option - DNA-100994 'Secure More devices' is pushed outside of popup - DNA-101009 Free VPN – 'Try for free' disappear after clicked - DNA-101012 Remove VPN Pro service available from VPN pro settings when logged in without subscription - DNA-101094 Unable to close a window from JavaScript - DNA-101121 chrome.operaAccountPrivate is undefined Important CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Update to 90.0.4480.84 - DNA-101690 Cherry-pick fix for CVE-2022-3075 from chromium Update to 90.0.4480.80 - DNA-99188 Tab Tooltip doesn't disappear - DNA-100664 Shopping corner widget - DNA-100843 Options to install and update VPN Pro app, when it's not installed - DNA-100901 Disappearing 'X' when closing tabs. - DNA-101093 Changing News section is not working - DNA-101246 Use long tail list for suggesting instead of current Speed Dial Suggestions - DNA-101278 PDF don't work on Opera with CN location - DNA-101312 Allow changing logged in user with BrowserAPI - DNA-101315 Can not connect to free VPN in private window - DNA-101411 [Linux] Clicking VpnPopup Settings to 'vpnWithDisclaimer' leads to black popup - DNA-101422 Crash at void content::NavigationControllerImpl:: NavigateToExistingPendingEntry(content::ReloadType, int, bool) - DNA-101429 News loads for Global-EN language by default - DNA-101482 Crash at ProfileKey::GetProtoDatabaseProvider() - DNA-101485 Crash at base::SequencedTaskRunnerHandle::Get() via extensions::OperaTouchPrivateGetImageFunction::PerformGetImage - DNA-101524 [Mac] Tab should be highlighted again after dismissing context menu - DNA-101549 Crash at views::View::IsMouseHovered() Important CVE-2022-3075 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 105.0.5195.102 (boo#1203102): * CVE-2022-3075: Insufficient data validation in Mojo Chromium 105.0.5195.52 (boo#1202964): * CVE-2022-3038: Use after free in Network Service * CVE-2022-3039: Use after free in WebSQL * CVE-2022-3040: Use after free in Layout * CVE-2022-3041: Use after free in WebSQL * CVE-2022-3042: Use after free in PhoneHub * CVE-2022-3043: Heap buffer overflow in Screen Capture * CVE-2022-3044: Inappropriate implementation in Site Isolation * CVE-2022-3045: Insufficient validation of untrusted input in V8 * CVE-2022-3046: Use after free in Browser Tag * CVE-2022-3071: Use after free in Tab Strip * CVE-2022-3047: Insufficient policy enforcement in Extensions API * CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen * CVE-2022-3049: Use after free in SplitScreen * CVE-2022-3050: Heap buffer overflow in WebUI * CVE-2022-3051: Heap buffer overflow in Exosphere * CVE-2022-3052: Heap buffer overflow in Window Manager * CVE-2022-3053: Inappropriate implementation in Pointer Lock * CVE-2022-3054: Insufficient policy enforcement in DevTools * CVE-2022-3055: Use after free in Passwords * CVE-2022-3056: Insufficient policy enforcement in Content Security Policy * CVE-2022-3057: Inappropriate implementation in iframe Sandbox * CVE-2022-3058: Use after free in Sign-In Flow - Update chromium-symbolic.svg: this fixes boo#1202403. - Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH Important SUSE bug 1202403 SUSE bug 1202964 SUSE bug 1203102 CVE-2022-3038 CVE-2022-3039 CVE-2022-3040 CVE-2022-3041 CVE-2022-3042 CVE-2022-3043 CVE-2022-3044 CVE-2022-3045 CVE-2022-3046 CVE-2022-3047 CVE-2022-3048 CVE-2022-3049 CVE-2022-3050 CVE-2022-3051 CVE-2022-3052 CVE-2022-3053 CVE-2022-3054 CVE-2022-3055 CVE-2022-3056 CVE-2022-3057 CVE-2022-3058 CVE-2022-3071 CVE-2022-3075 cpe:/o:opensuse:leap:15.3 Security update for virtualbox (Moderate) openSUSE Leap 15.3 This update for virtualbox fixes the following issues: - Remove package virtualbox-guest-x11, which is no longer needed. - Fix screen resizing under Wayland (boo#1194126 and boo#1194126) Version bump to 6.1.36 released by Oracle July 19 2022 This is a maintenance release. The following items were fixed and/or added: - VMM: Fixed possible Linux guest kernel crash when configuring Speculative Store Bypass for a single vCPU VM - GUI: In the storage page of the virtual machine settings dialog, fixed a bug which disrupted mouse interaction with the native file selector on KDE - NAT: Prevent issue when host resolver incorrectly returned NXDOMAIN for unsupported queries (bug #20977) - Audio: General improvements in saved state area - Recording: Various fixes for settings handling - VGA: Performance improvements for screen updates when VBE banking is used - USB: Fixed rare crashes when detaching a USB device - ATA: Fixed NT4 guests taking a minute to eject CDs - vboximg-mount: Fixed broken write support (bug #20896) - SDK: Fixed Python bindings incorrectly trying to convert arbitrary byte data into unicode objects with Python 3, causing exceptions (bug #19740) - API: Fixed an issue when virtual USB mass storage devices or virtual USB DVD drives are added while the VM is not running are by default not marked as hot-pluggable - API: Initial support for Python 3.10 - API: Solaris OS types cleanup - Linux and Solaris hosts: Allow to mount shared folder if it is represented as a symlink on a host side (bug #17491) - Linux Host and Guest drivers: Introduced initial support for kernels 5.18, 5.19 and RHEL 9.1 (bugs #20914, #20941) - Linux Host and Guest drivers: Better support for kernels built with clang compiler (bugs #20425 and #20998) - Solaris Guest Additions: General improvements in installer area - Solaris Guest Additions: Fixed guest screen resize in VMSVGA graphics configuration - Linux and Solaris Guest Additions: Fixed multi-screen handling in VBoxVGA and VBoxSVGA graphics configuration - Linux and Solaris Guest Additions: Added support for setting primary screen via VBoxManage - Linux and Solaris Guest Additions: Fixed X11 resources leak when resizing guest screens - Linux and Solaris Guest Additions: Fixed file descriptor leak when starting a process using guest control (bug #20902) - Linux and Solaris Guest Additions: Fixed guest control executing processes as root - Linux Guest Additions: Improved guests booting time by preventing kernel modules from being rebuilt when it is not necessary (bug #20502) - Windows Guest Additions: Fixed VBoxTray crash on startup in NT4 guests on rare circumstances - Fixes CVE-2022-21571) VUL-0: CVE-2022-21571,CVE-2022-21554 - boo#1201720 Moderate SUSE bug 1194126 SUSE bug 1201720 CVE-2022-21554 CVE-2022-21571 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 105.0.5195.127 (boo#1203419): * CVE-2022-3195: Out of bounds write in Storage * CVE-2022-3196: Use after free in PDF * CVE-2022-3197: Use after free in PDF * CVE-2022-3198: Use after free in PDF * CVE-2022-3199: Use after free in Frames * CVE-2022-3200: Heap buffer overflow in Internals * CVE-2022-3201: Insufficient validation of untrusted input in DevTools * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1203419 CVE-2022-3195 CVE-2022-3196 CVE-2022-3197 CVE-2022-3198 CVE-2022-3199 CVE-2022-3200 CVE-2022-3201 cpe:/o:opensuse:leap:15.3 Security update for mupdf (Moderate) openSUSE Leap 15.3 This update for mupdf fixes the following issues: - CVE-2021-4216: Fixed division by zero for zero width pages in muraster (boo#1202858) Moderate SUSE bug 1202858 CVE-2021-4216 cpe:/o:opensuse:leap:15.3 Security update for permissions (Moderate) openSUSE Leap 15.3 This update for permissions fixes the following issues: Update to version 20200127: * chkstat: also consider group controlled paths (boo#1203018, CVE-2022-31252) Moderate SUSE bug 1203018 CVE-2022-31252 cpe:/o:opensuse:leap:15.3 Security update for virtualbox (Important) openSUSE Leap 15.3 This update for virtualbox fixes the following issues: Version bump to 6.1.38r86 released by Oracle September 02 2022 This is a maintenance release. The following items were fixed and/or added: - GUI: Improvements in Native Language Support area - Main: OVF Export: Added support for exporting VMs containing Virtio-SCSI controllers - Recording settings: Fixed a regression which could cause not starting the COM server (VBoxSVC) under certain circumstances (bug #21034) - Recording: More deterministic naming for recorded files (will now overwrite old .webm files if present) - Linux Host and Guest Additions installer: Improved check for systemd presence in the system (bug #19033) - Linux Guest Additions: Introduced initial support for kernel 6.0 - Linux Guest Additions: Additional fixes for kernel RHEL 9.1 (bug #21065) - Windows Guest Additions: Improvements in Drag and Drop area - Fixes permission problem with /dev/vboxuser (boo#1203370) - Fixes missing firewall opening (boo#1203086) - Fixes boo#1201720 CVE items for CVE-2022-21571, CVE-2022-21554 Important SUSE bug 1201720 SUSE bug 1203086 SUSE bug 1203306 SUSE bug 1203370 CVE-2022-21554 CVE-2022-21571 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Update to 91.0.4516.20 - CHR-9019 Update chromium on desktop-stable-105-4516 to 105.0.5195.127 - DNA-101312 Allow changing logged in user with BrowserAPI - The update to chromium 105.0.5195.127 fixes following issues: CVE-2022-3196, CVE-2022-3197, CVE-2022-3198, CVE-2022-3199, CVE-2022-3200, CVE-2022-3201 Update to 91.0.4516.16 - CHR-9010 Update chromium on desktop-stable-105-4516 to 105.0.5195.102 - DNA-101447 Incorrect translation in Russian - DNA-101482 Crash at ProfileKey::GetProtoDatabaseProvider() - DNA-101495 Performance Stint 2022 - DNA-101551 Add version number info to browser API - DNA-101662 Suppress 'Allowing special test code paths' warning on buildbot - DNA-101753 News don't show after close browser - DNA-101760 Translations for O91 - DNA-101799 Crash at opera::SuggestionList::SortAndCull - DNA-101812 Sponsored site gets chosen as default entry when typing part of top-level domain - DNA-101876 Promote 91 to stable - Complete Opera 91.0 changelog at: https://blogs.opera.com/desktop/changelog-for-91/ Update to 90.0.4480.107 - DNA-100664 Shopping corner widget - DNA-101495 Performance Stint 2022 - DNA-101753 News don’t show after close browser - DNA-101799 Crash at opera::SuggestionList::SortAndCull Important CVE-2022-3196 CVE-2022-3197 CVE-2022-3198 CVE-2022-3199 CVE-2022-3200 CVE-2022-3201 cpe:/o:opensuse:leap:15.3 Security update for lighttpd (Moderate) openSUSE Leap 15.3 This update for lighttpd fixes the following issues: lighttpd was updated to 1.4.66: * a number of bug fixes * Fix HTTP/2 downloads >= 4GiB * Fix SIGUSR1 graceful restart with TLS * futher bug fixes * CVE-2022-37797: null pointer dereference in mod_wstunnel, possibly a remotely triggerable crash (boo#1203358) * In an upcoming release the TLS modules will default to using stronger, modern chiphers and will default to allow client preference in selecting ciphers. “CipherString” => “EECDH+AESGCM:AES256+EECDH:CHACHA20:SHA256:!SHA384”, “Options” => “-ServerPreference” old defaults: “CipherString” => “HIGH”, “Options” => “ServerPreference” * A number of TLS options are how deprecated and will be removed in a future release: – ssl.honor-cipher-order – ssl.dh-file – ssl.ec-curve – ssl.disable-client-renegotiation – ssl.use-sslv2 – ssl.use-sslv3 The replacement option is ssl.openssl.ssl-conf-cmd, but lighttpd defaults should be prefered * A number of modules are now deprecated and will be removed in a future release: mod_evasive, mod_secdownload, mod_uploadprogress, mod_usertrack can be replaced by mod_magnet and a few lines of lua. update to 1.4.65: * WebSockets over HTTP/2 * RFC 8441 Bootstrapping WebSockets with HTTP/2 * HTTP/2 PRIORITY_UPDATE * RFC 9218 Extensible Prioritization Scheme for HTTP * prefix/suffix conditions in lighttpd.conf * mod_webdav safe partial-PUT * webdav.opts += (“partial-put-copy-modify” => “enable”) * mod_accesslog option: accesslog.escaping = “json” * mod_deflate libdeflate build option * speed up request body uploads via HTTP/2 * Behavior Changes * change default server.max-keep-alive-requests = 1000 to adjust * to increasing HTTP/2 usage and to web2/web3 application usage * (prior default was 100) * mod_status HTML now includes HTTP/2 control stream id 0 in the output * which contains aggregate counts for the HTTP/2 connection * (These lines can be identified with URL ‘*’, part of “PRI *” preface) * alternative: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_status * MIME type application/javascript is translated to text/javascript (RFC 9239) Moderate SUSE bug 1203358 CVE-2022-37797 cpe:/o:opensuse:leap:15.3 Security update for connman (Critical) openSUSE Leap 15.3 This update for connman fixes the following issues: - CVE-2022-32292: Add refcounting to wispr portal detection to avoid heap overflow (boo#1200190) - CVE-2022-32292: Fix OOB write in received_data (boo#1200189) Critical SUSE bug 1200189 SUSE bug 1200190 CVE-2022-32292 CVE-2022-32293 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 106.0.5249.91 (boo#1203808): * CVE-2022-3370: Use after free in Custom Elements * CVE-2022-3373: Out of bounds write in V8 Uncludes changes from 106.0.5249.61: * CVE-2022-3304: Use after free in CSS * CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools * CVE-2022-3305: Use after free in Survey * CVE-2022-3306: Use after free in Survey * CVE-2022-3307: Use after free in Media * CVE-2022-3308: Insufficient policy enforcement in Developer Tools * CVE-2022-3309: Use after free in Assistant * CVE-2022-3310: Insufficient policy enforcement in Custom Tabs * CVE-2022-3311: Use after free in Import * CVE-2022-3312: Insufficient validation of untrusted input in VPN * CVE-2022-3313: Incorrect security UI in Full Screen * CVE-2022-3314: Use after free in Logging * CVE-2022-3315: Type confusion in Blink * CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing * CVE-2022-3317: Insufficient validation of untrusted input in Intents * CVE-2022-3318: Use after free in ChromeOS Notifications Important SUSE bug 1203808 CVE-2022-3201 CVE-2022-3304 CVE-2022-3305 CVE-2022-3306 CVE-2022-3307 CVE-2022-3308 CVE-2022-3309 CVE-2022-3310 CVE-2022-3311 CVE-2022-3312 CVE-2022-3313 CVE-2022-3314 CVE-2022-3315 CVE-2022-3316 CVE-2022-3317 CVE-2022-3318 CVE-2022-3370 CVE-2022-3373 cpe:/o:opensuse:leap:15.3 Security update for lighttpd (Moderate) openSUSE Leap 15.3 This update for lighttpd fixes the following issues: lighttpd was updated to 1.4.67: * Update comment about TCP_INFO on OpenBSD * [mod_ajp13] fix crash with bad response headers (fixes #3170) * [core] handle RDHUP when collecting chunked body CVE-2022-41556 (boo#1203872) * [core] tweak streaming request body to backends * [core] handle ENOSPC with pwritev() (#3171) * [core] manually calculate off_t max (fixes #3171) * [autoconf] force large file support (#3171) * [multiple] quiet coverity warnings using casts * [meson] add license keyword to project declaration Moderate SUSE bug 1203872 CVE-2022-41556 cpe:/o:opensuse:leap:15.3 Security update for pngcheck (Moderate) openSUSE Leap 15.3 This update for pngcheck fixes the following issues: version update to 3.0.3 [boo#1202662] * fixed a crash bug (and probable vulnerability) in large (MNG) LOOP chunks * fixed a divide-by-zero crash bug (and probable vulnerability) in interlaced images with extra compressed data beyond the nominal end of the image data (found by 'chiba of topsec alpha lab') version update to 3.0.0 * tweaked color definitions slightly to work better on terminals with white/light backgrounds * fixed DHDR (pre-MNG-1.0) bug identified by Winfried <szukw000@arcor.de> * added eXIf support (GRR: added check for II/MM/unknown format) * converted static const help/usage-related strings to macros so -Werror=format-security doesn't trigger (Ben Beasley) * added (help2man-generated) man pages for all three utils added top-level LICENSE file; fixed various compiler warnings * fixed buffer-overflow vulnerability discovered by 'giantbranch of NSFOCUS Security Team' * https://bugzilla.redhat.com/show_bug.cgi?id=1897485 * found and fixed four additional vulnerabilities (null-pointer dereference and three buffer overruns) * an off-by-one bug in check_magic() (Lucy Phipps) * converted two zlib-version warnings/errors to go to stderr (Lemures Lemniscati, actually from 20180318; forwarded by LP) * fixed another buffer-overflow vulnerability discovered by 'giantbranch of NSFOCUS Security Team' https://bugzilla.redhat.com/show_bug.cgi?id=1905775 * removed -f ('force') option due to multiple security issues Moderate SUSE bug 1202662 CVE-2020-35511 cpe:/o:opensuse:leap:15.3 Security update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer (Important) openSUSE Leap 15.3 This update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer fixes the following issues: Changes in gdcm: - Provides/obsoletes moved to lbgdcm-package (Thx DimStar) - rename of gdcm-libgdcm3_0 to libgdcm3_0 (proposal S. Br?ns) - version 3.0.18 no changelog - version 3.0.12 * support for poppler 22.03 added - version 3.0.11 * Fix for a significant issue with JPEG-LS and RGB color space * tons of small bug fixes - version 3.0.10 (no changelog) Changes in orthanc-gdcm: - changed dependency gdcm-libgdcm3_0 -> libgdcm3_0 - Version 1.5 * Take the configuration option 'RestrictTransferSyntaxes' into account not only for decoding, but also for transcoding * Upgrade to GDCM 3.0.10 for static builds- Changes in orthanc: - version 1.11.2 * Added support for RGBA64 images in tools/create-dicom and /preview * New configuration 'MaximumStorageMode' to choose between recyling of old patients (default behavior) and rejection of new incoming data when the MaximumStorageSize has been reached. * New sample plugin: 'DelayedDeletion' that will delete files from disk asynchronously to speed up deletion of large studies. * Lua: new 'SetHttpTimeout' function * Lua: new 'OnHeartBeat' callback called at regular interval provided that you have configured 'LuaHeartBeatPeriod' > 0. * 'ExtraMainDicomTags' configuration now accepts Dicom Sequences. Sequences are stored in a dedicated new metadata 'MainDicomSequences'. This should improve DicomWeb QIDO-RS and avoid warnings like 'Accessing Dicom tags from storage when accessing series : 0040,0275'. Main dicom sequences can now be returned in 'MainDicomTags' and in 'RequestedTags'. * Fix the 'Never' option of the 'StorageAccessOnFind' that was sill accessing files (bug introduced in 1.11.0). * Fix the Storage Cache for compressed files (bug introduced in 1.11.1). * Fix the storage cache that was not used by the Plugin SDK. This fixes the DicomWeb plugin '/rendered' route performance issues. * DelayedDeletion plugin: Fix leaking of symbols * SQLite now closes and deletes WAL and SHM files on exit. This should improve handling of SQLite DB over network drives. * Fix static compilation of boost 1.69 on Ubuntu 22.04 * Upgraded dependencies for static builds: - boost 1.80.0 - dcmtk 3.6.7 (fixes CVE-2022-2119 and CVE-2022-2120) - openssl 3.0.5 * Housekeeper plugin: Fix resume of previous processing * Added missing MOVEPatientRootQueryRetrieveInformationModel in DicomControlUserConnection::SetupPresentationContexts() * Improved HttpClient error logging (add method + url) * API version upgraded to 18 * /system is now reporting 'DatabaseServerIdentifier' * Added an Asynchronous mode to /modalities/../move. * 'RequestedTags' option can now include DICOM sequences. * New function in the SDK: 'OrthancPluginGetDatabaseServerIdentifier' * DicomMap::ParseMainDicomTags has been deprecated -> retrieve 'full' tags and use DicomMap::FromDicomAsJson instead - version 1.11.0 * new API version 1.7 * new configuration parameter * for detailed changelog see NEWS - version 1.10.1 * for detailed changelog see NEWS - Version 1.9.7 * New configuration option 'DicomAlwaysAllowMove' to disable verification of the remote modality in C-MOVE SCP * API version upgraded to 15 * Added 'Level' option to POST /tools/bulk-modify * Added missing OpenAPI documentation of 'KeepSource' in '.../modify' and '.../anonymize' * Added file CITATION.cff * Linux Standard Base (LSB) builds of Orthanc can load non-LSB builds of plugins * Fix upload of ZIP archives containing a DICOMDIR file * Fix computation of the estimated time of arrival in jobs * Support detection of windowing and rescale in Philips multiframe images Changes in orthanc-webviewer: - version 2.8 * Fix XSS inside DICOM in Orthanc Web Viewer (as reported by Stuart Kurutac, NCC Group) * framework190.diff removed (covered in actual version) Important SUSE bug 1181400 CVE-2022-2119 CVE-2022-2120 cpe:/o:opensuse:leap:15.3 Security update for roundcubemail (Important) openSUSE Leap 15.3 This update for roundcubemail fixes the following issues: roundcubemail was updated to 1.5.3 * Enigma: Fix initial synchronization of private keys * Enigma: Fix double quoted-printable encoding of pgp-signed messages with no attachments (#8413) * Fix various PHP8 warnings (#8392) * Fix mail headers injection via the subject field on mail compose (#8404) * Fix bug where small message/rfc822 parts could not be decoded (#8408) * Fix setting HTML mode on reply/forward of a signed message (#8405) * Fix handling of RFC2231-encoded attachment names inside of a message/rfc822 part (#8418) * Fix bug where some mail parts (images) could have not be listed as attachments (#8425) * Fix bug where attachment icons were stuck at the top of the messages list in Safari (#8433) * Fix handling of message/rfc822 parts that are small and are multipart structures with a single part (#8458) * Fix bug where session could time out if DB and PHP timezone were different (#8303) * Fix bug where DSN flag state wasn't stored with a draft (#8371) * Fix broken encoding of HTML content encapsulated in a RTF attachment (#8444) * Fix problem with aria-hidden=true on toolbar menus in the Elastic skin (#8517) * Fix bug where title tag content was displayed in the body if it contained HTML tags (#8540) * Fix support for DSN specification without host e.g. pgsql:///dbname (#8558) update to 1.5.2 * OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214) * OAuth: fix expiration of short-lived oauth tokens (#8147) * OAuth: fix relative path to assets if /index.php/foo/bar url is used (#8144) * OAuth: no auto-redirect on imap login failures (#8370) * OAuth: refresh access token in 'refresh' plugin hook (#8224) * Fix so folder search parameters are honored by subscriptions_option plugin (#8312) * Fix password change with Directadmin driver (#8322, #8329) * Fix so css files in plugins/jqueryui/themes will be minified too (#8337) * Fix handling of unicode/special characters in custom From input (#8357) * Fix some PHP8 compatibility issues (#8363) * Fix chpass-wrapper.py helper compatibility with Python 3 (#8324) * Fix scrolling and missing Close button in the Select image dialog in Elastic/mobile (#8367) * Security: fix cross-site scripting (XSS) via HTML messages with malicious CSS content - added Suggests: php-sqlite - use the virtual provides from each PHP module, to allow the installation of roundcubemail with various PHP versions. The only problem, we are currently facing is the automatic enablement of the PHP apache module during post-installation: Trying to evaluate the correct PHP module now during post as well, which should eleminate the pre-definition of the required PHP-Version during build completely. See https://build.opensuse.org/request/show/940859 for the initial discussion. update to 1.5.1 * Fix importing contacts with no email address (#8227) * Fix so session's search scope is not used if search is not active (#8199) * Fix some PHP8 warnings (#8239) * Fix so dark mode state is retained after closing the browser (#8237) * Fix bug where new messages were not added to the list on refresh if skip_deleted=true (#8234) * Fix colors on 'Show source' page in dark mode (#8246) * Fix handling of dark_mode_support:false setting in skins meta.json - also when devel_mode=false (#8249) * Fix database initialization if db_prefix is a schema prefix (#8221) * Fix undefined constant error in Installer on Windows (#8258) * Fix installation/upgrade on MySQL 5.5 - Index column size too large (#8231) * Fix regression in setting of contact listing name (#8260) * Fix bug in Larry skin where headers toggle state was reset on full page preview (#8203) * Fix bug where \u200b characters were added into the recipient input preventing mail delivery (#8269) * Fix charset conversion errors on PHP < 8 for charsets not supported by mbstring (#8252) * Fix bug where adding a contact to trusted senders via 'Always allow from...' button didn't work (#8264, #8268) * Fix bug with show_images setting where option 1 and 3 were swapped (#8268) * Fix PHP fatal error on an undefined constant in contacts import action (#8277) * Fix fetching headers of multiple message parts at once in rcube_imap_generic::fetchMIMEHeaders() (#8282) * Fix bug where attachment download could sometimes fail with a CSRF check error (#8283) * Fix an infinite loop when parsing environment variables with float/integer values (#8293) * Fix so 'small-dark' logo has more priority than the 'small' logo (#8298) update to 1.5.0 + full PHP8 support + Dark mode for Elastic skin + OAuth2/XOauth support (with plugin hooks) + Collected recipients and trusted senders + Moving recipients between inputs with drag & drop + Full unicode support with MySQL database + Support of IMAP LITERAL- extension RFC 7888 <https://datatracker.ietf.org/doc/html/rfc7888> + Support of RFC 2231 <https://datatracker.ietf.org/doc/html/rfc2231> encoded names + Cache refactoring More at https://github.com/roundcube/roundcubemail/releases/tag/1.5.0 + added SECURITY.md to documentation + mark the whole documentation directory as documentation instead of listing some files and others not (avoid duplicate entries in RPM-DB) + adjust requirements: php-intl is now required update to 1.4.11 with security fix: - Fix cross-site scripting (XSS) via HTML messages with malicious CSS content - add PHP version to Requires: and Recommends: to make sure the same version is installed as used during packaging - drop Requires: http_daemon (fixes boo#1180132) and Suggests: apache2 (which is already required though mod_php_any) update to 1.4.10: * Stored cross-site scripting (XSS) via HTML or plain text messages with malicious content ( CVE-2020-35730 boo#1180399 ) * Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655) * Fix folder list issue when special folder is a subfolder (#7647) * Fix Elastic's folder subscription toggle in search result (#7653) * Fix state of subscription toggle on folders list after changing folder state from the search result (#7653) * Security: Fix cross-site scripting (XSS) via HTML or plain text messages with malicious content update to 1.4.9: * Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11 (#7615) * Add missing localization for some label/legend elements in userinfo plugin (#7478) * Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD) * Fix restoring Cc/Bcc fields from local storage (#7554) * Fix jstz.min.js installation, bump version to 1.0.7 * Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564) * Fix link to closure compiler in bin/jsshrink.sh script (#7567) * Fix bug where some parts of a message could have been missing in a reply/forward body (#7568) * Fix empty space on mail printouts in Chrome (#7604) * Fix empty output from HTML5 parser when content contains XML tag (#7624) * Fix scroll jump on key press in plain text mode of the HTML editor (#7622) * Fix so autocompletion list does not hide on scroll inside it (#7592) update to 1.4.8 with security fixes: * Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145) * Fix cross-site scripting (XSS) via HTML messages with malicious math content update to 1.4.7 with security fix: * Fix bug where subfolders of special folders could have been duplicated on folder list * Increase maximum size of contact jobtitle and department fields to 128 characters * Fix missing newline after the logged line when writing to stdout (#7418) * Elastic: Fix context menu (paste) on the recipient input (#7431) * Fix problem with forwarding inline images attached to messages with no HTML part (#7414) * Fix problem with handling attached images with same name when using database_attachments/redundant_attachments (#7455) - add http.inc file * include one file for php5/php7 admin flags/values update to 1.4.5 Security fixes * Fix XSS issue in template object 'username' (#7406) * Fix cross-site scripting (XSS) via malicious XML attachment * Fix a couple of XSS issues in Installer (#7406) * Better fix for CVE-2020-12641 Other changes * Fix bug in extracting required plugins from composer.json that led to spurious error in log (#7364) * Fix so the database setup description is compatible with MySQL 8 (#7340) * Markasjunk: Fix regression in jsevent driver (#7361) * Fix missing flag indication on collapsed thread in Larry and Elastic (#7366) * Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367) * Password: Fix issue with Modoboa driver (#7372) * Mailvelope: Use sender's address to find pubkeys to check signatures (#7348) * Mailvelope: Fix Encrypt button hidden in Elastic (#7353) * Fix PHP warning: count(): Parameter must be an array or an object... in ID command handler (#7392) * Fix error when user-configured skin does not exist anymore (#7271) * Elastic: Fix aspect ratio of a contact photo in mail preview (#7339) * Fix bug where PDF attachments marked as inline could have not been attached on mail forward (#7382) * Security: Fix a couple of XSS issues in Installer (#7406) * Security: Better fix for CVE-2020-12641 update to 1.4.4 * Fix bug where attachments with Content-Id were attached to the message on reply (#7122) * Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211) * Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230) * Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231) * Elastic: Fix color of a folder with recent messages (#7281) * Elastic: Restrict logo size in print view (#7275) * Fix invalid Content-Type for messages with only html part and inline images * Mail_Mime-1.10.7 (#7261) * Fix missing contact display name in QR Code data (#7257) * Fix so button label in Select image/media dialogs is 'Close' not 'Cancel' (#7246) * Fix regression in testing database schema on MSSQL (#7227) * Fix cursor position after inserting a group to a recipient input using autocompletion (#7267) * Fix string literals handling in IMAP STATUS (and various other) responses (#7290) * Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293) * Fix handling keyservers configured with protocol prefix (#7295) * Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189) * Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206) * Fix so imap error message is displayed to the user on folder create/update (#7245) * Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147) * Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312) * Fix characters encoding in group rename input after group creation/rename (#7330) * Fix bug where some message/rfc822 parts could not be attached on forward (#7323) * Make install-jsdeps.sh script working without the 'file' program installed (#7325) * Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331) * Fix so Print button for PDF attachments works on Firefox >= 75 (#5125) update to 1.4.3 * Enigma: Fix so key list selection is reset when opening key creation form (#7154) * Enigma: Fix so using list checkbox selection does not load the key preview frame * Enigma: Fix generation of key pairs for identities with IDN domains (#7181) * Enigma: Display IDN domains of key users and identities in UTF8 * Enigma: Fix bug where 'Send unencrypted' button didn't work in Elastic skin (#7205) * Managesieve: Fix bug where it wasn't possible to save flag actions (#7188) * Markasjunk: Fix bug where marking as spam/ham didn't work on moving messages with drag-and-drop (#7137) * Password: Make chpass-wrapper.py Python 3 compatible (#7135) * Elastic: Fix disappearing sidebar in mail compose after clicking Mail button * Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button in mail compose * Elastic: Fix bug where it was possible to switch editor mode when 'htmleditor' was in 'dont_override' (#7143) * Elastic: Fix text selection in recipient inputs (#7129) * Elastic: Fix missing Close button in 'more recipients' dialog * Elastic: Fix non-working folder subscription checkbox for newly added folders (#7174) * Fix regression where 'Open in new window' action didn't work (#7155) * Fix PHP Warning: array_filter() expects parameter 1 to be array, null given in subscriptions_option plugin (#7165) * Fix unexpected error message when mail refresh involves folder auto-unsubscribe (#6923) * Fix recipient duplicates in print-view when the recipient list has been expanded (#7169) * Fix bug where files in skins/ directory were listed on skins list (#7180) * Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list (#7117) * Fix display issues with mail subject that contains line-breaks (#7191) * Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170) * Fix regression where using an absolute path to SQLite database file on Windows didn't work (#7196) * Fix using unix:///path/to/socket.file in memcached driver (#7210) - prefer brotli over gzip if brotli is available: + enable mod_brotli in roundcubemail-httpd.conf (after deflate) + enable brotli via a2enmod for new installations update to 1.4.2: * Plugin API: Make actionbefore, before, actionafter and after events working with plugin actions (#7106) * Managesieve: Replace 'Filter disabled' with 'Filter enabled' (#7028) * Managesieve: Fix so modifier type select wasn't hidden after hiding modifier select on header change * Managesieve: Fix filter selection after removing a first filter (#7079) * Markasjunk: Fix marking more than one message as spam/ham with email_learn driver (#7121) * Password: Fix kpasswd and smb drivers' double-escaping bug (#7092) * Enigma: Add script to import keys from filesystem to the db storage (for multihost) * Installer: Fix DB Write test on SQLite database ('database is locked' error) (#7064) * Installer: Fix so SQLite DSN with a relative path to the database file works in Installer * Elastic: Fix contrast of warning toasts (#7058) * Elastic: Simple search in pretty selects (#7072) * Elastic: Fix hidden list widget on mobile/tablet when selecting folder while search menu is open (#7120) * Fix so type attribute on script tags is not used on HTML5 pages (#6975) * Fix unread count after purge on a folder that is not currently selected (#7051) * Fix bug where Enter key didn't work on messages list in 'List' layout (#7052) * Fix bug where deleting a saved search in addressbook caused display issue on sources/groups list (#7061) * Fix bug where a new saved search added after removing all searches wasn't added to the list (#7061) * Fix bug where a new contact group added after removing all groups from addressbook wasn't added to the list * Fix so install-jsdeps.sh removes Bootstrap's sourceMappingURL (#7035) * Fix so use of Ctrl+A does not scroll the list (#7020) * Fix/remove useless keyup event handler on username input in logon form (#6970) * Fix bug where cancelling switching from HTML to plain text didn't set the flag properly (#7077) * Fix bug where HTML reply could add an empty line with extra indentation above the original message (#7088) * Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107) * Fix so displayed maximum attachment size depends also on 'max_message_size' (#7105) * Fix bug where 'skins_allowed' option didn't enforce user skin preference (#7080) * Fix so contact's organization field accepts up to 128 characters (it was 50) * Fix bug where listing tables in PostgreSQL database with db_prefix didn't work (#7093) * Fix bug where 'text' attribute on body tag was ignored when displaying HTML message (#7109) * Fix bug where next message wasn't displayed after delete in List mode (#7096) * Fix so number of contacts in a group is not limited to 200 when redirecting to mail composer from Contacts (#6972) * Fix malformed characters in HTML message with charset meta tag not in head (#7116) - php documentor is not needed on a productive system -> remove - also fix /usr/bin/env calls for two vendor scripts - skins now have some configurable files in their directories: move those files over to /etc/roundcubemail/skins/ - move other text files (incl. vendor ones) out of the root directory (and handle the LICENSE file a bit different) - enable mod_filter and add AddOutputFilterByType for common media types like html, javascript or xml - enable php7 on newer openSUSE versions - enable deflate, expires, filter, headers and setenvif on a new installation - do not enable any module in case of an update - recommend php-imagick for additional features - fixed most of the shell scripts to contain /usr/bin/php Upgrade to version 1.4.1: * new defaults for smtp_* config options * changed default password_charset to UTF-8 * login page returning 401 Unauthorized status Upgrade to version 1.4.0: * Update to jQuery 3.4.1 * Update to TinyMCE 4.8.2 * Update to jQuery-MiniColors 2.3.4 * Clarified 'address_book_type' option behavior (#6680) * Added cookie mismatch detection, display an error message informing the user to clear cookies * Renamed 'log_session' option to 'session_debug' * Removed 'delete_always' option (#6782) * Don't log full session identifiers in userlogins log (#6625) * Support $HasAttachment/$HasNoAttachment keywords (#6201) * Support PECL memcached extension as a session and cache storage driver (experimental) * Switch to IDNA2008 variant (#6806) * installto.sh: Add possibility to run the update even on the up-to-date installation (#6533) * Plugin API: Add 'render_folder_selector' hook * Added 'keyservers' option to define list of HKP servers for Enigma/Mailvelope (#6326) * Added flag to disable server certificate validation via Mysql DSN argument (#6848) * Select all records on the current list page with CTRL + A (#6813) * Use Left/Right Arrow keys to faster move over threaded messages list (#6399) * Changes in display_next setting (#6795): * * Move it to Preferences > User Interface > Main Options * * Make it apply to Contacts interface too * * Make it apply only if deleting/moving a previewed message/contact * Redis: Support connection to unix socket * Put charset meta specification before a title tag, add page title automatically (#6811) * Elastic: Various internal refactorings * Elastic: Add Prev/Next buttons on message page toolbar (#6648) * Elastic: Close search options on Enter key press in quick-search input (#6660) * Elastic: Changed some icons (#6852) * Elastic: Changed read/unread icons (#6636) * Elastic: Changed 'Move to...' icon (#6637) * Elastic: Add hide/show for advanced preferences (#6632) * Elastic: Add default icon on Settings/Preferences lists for external plugins (#6814) * Elastic: Add indicator for popover menu items that open a submenu (#6868) * Elastic: Move compose attachments/options to the right side (#6839) * Elastic: Add border/background to attachments list widget (#6842) * Elastic: Add 'Show unread messages' button to the search bar (#6587) * Elastic: Fix bug where toolbar disappears on attachment menu use in Chrome (#6677) * Elastic: Fix folders list scrolling on touch devices (#6706) * Elastic: Fix non-working pretty selects in Chrome browser (#6705) * Elastic: Fix issue with absolute positioned mail content (#6739) * Elastic: Fix bug where some menu actions could cause a browser popup warning * Elastic: Fix handling mailto: URL parameters in contact menu (#6751) * Elastic: Fix keyboard navigation in some menus, e.g. the contact menu * Elastic: Fix visual issue with long buttons in .boxwarning (#6797) * Elastic: Fix handling new-line in text pasted to a recipient input * Elastic: Fix so search is not reset when returning from the message preview page (#6847) * Larry: Fix regression where menu actions didn't work with keyboard (#6740) * ACL: Display user/group names (from ldap) instead of acl identifier * Password: Added ldap_exop driver (#4992) * Password: Added support for SSHA512 password algorithm (#6805) * Managesieve: Fix bug where global includes were requested for vacation (#6716) * Managesieve: Use RFC-compliant line endings, CRLF instead of LF (#6686) * Managesieve: Fix so 'Create filter' option does not show up when Filters menu is disabled (#6723) * Enigma: For verified signatures, display the user id associated with the sender address (#5958) * Enigma: Fix bug where revoked users/keys were not greyed out in key info * Enigma: Fix error message when trying to encrypt with a revoked key (#6607) * Enigma: Fix 'decryption oracle' bug [CVE-2019-10740] (#6638) * Enigma: Fix bug where signature verification could have been skipped for some message structures (#6838) * Fix language selection for spellchecker in html mode (#6915) * Fix css styles leak from replied/forwarded message to the rest of the composed text (#6831) * Fix invalid path to 'add contact' icon when using assets_path setting * Fix invalid path to blocked.gif when using assets_path setting (#6752) * Fix so advanced search dialog is not automatically displayed on searchonly addressbooks (#6679) * Fix so an error is logged when more than one attachment plugin has been enabled, initialize the first one (#6735) * Fix bug where flag change could have been passed to a preview frame when not expected * Fix bug in HTML parser that could cause missing text fragments when there was no head/body tag (#6713) * Fix bug where HTML messages with a xml:namespace tag were not rendered (#6697) * Fix TinyMCE download location (#6694) * Fix so 'Open in new window' consistently displays 'external window' interface (#6659) * Fix bug where next row wasn't selected after deleting a collapsed thread (#6655) * Fix bug where external content (e.g. mail body) was passed to templates parsing code (#6640) * Fix bug where attachment preview didn't work with x_frame_options=deny (#6688) * Fix so bin/install-jsdeps.sh returns error code on error (#6704) * Fix bug where bmp images couldn't be displayed on some systems (#6728) * Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744) * Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758) * Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746) * Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793) * Fix bug where selection of columns on messages list wasn't working * Fix bug in converting multi-page Tiff images to Jpeg (#6824) * Fix bug where handling multiple messages from multi-folder search result could not work (#6845) * Fix bug where unread count wasn't updated after moving multi-folder result (#6846) * Fix wrong messages order after returning to a multi-folder search result (#6836) * Fix some PHP 7.4 compat. issues (#6884, #6866) * Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898) * Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) * Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) * Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896) * Changed 'password_charset' default to 'UTF-8' (#6522) * Add skins_allowed option (#6483) * SMTP GSSAPI support via krb_authentication plugin (#6417) * Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385) * Removed 'referer_check' option (#6440) * Use constant prefix for temp file names, don't remove temp files from other apps (#6511) * Ignore 'Sender' header on Reply-All action (#6506) * deluser.sh: Add option to delete users who have not logged in for more than X days (#6340) * HTML5 Upload Progress - as a replacement for the old server-side solution (#6177) * Prevent from using deprecated timezone names from jsTimezoneDetect * Force session.gc_probability=1 when using custom session handlers (#6560) * Support simple field labels (e.g. LetterHub examples) in csv imports (#6541) * Add cache busters also to images used by templates (#6610) * Plugin API: Added 'raise_error' hook (#6199) * Plugin API: Added 'common_headers' hook (#6385) * Plugin API: Added 'ldap_connected' hook * Enigma: Update to OpenPGPjs 4.2.1 - fixes user name encoding issues in key generation (#6524) * Enigma: Fixed multi-host synchronization of private and deleted keys and pubring.kbx file * Managesieve: Added support for 'editheader' extension - RFC5293 (#5954) * Managesieve: Fix bug where custom header or variable could be lost on form submission (#6594) * Markasjunk: Integrate markasjunk2 features into markasjunk - marking as non-junk + learning engine (#6504) * Password: Added 'modoboa' driver (#6361) * Password: Fix bug where password_dovecotpw_with_method setting could be ignored (#6436) * Password: Fix bug where new users could skip forced password change (#6434) * Password: Allow drivers to override default password comparisons (eg new is not same as current) (#6473) * Password: Allow drivers to override default strength checks (eg allow for 'not the same as last x passwords') (#246) * Passowrd: Allow drivers to define password strength rules displayed to the user * Password: Allow separate password saving and strength drivers for use of strength checking services (#5040) * Password: Add zxcvbn driver for checking password strength (#6479) * Password: Disallow control characters in passwords * Password: Add support for Plesk >= 17.8 (#6526) * Elastic: Improved datepicker displayed always in parent window * Elastic: On touch devices display attachment icons on messages list (#6296) * Elastic: Make menu button inactive if all subactions are inactive (#6444) * Elastic: On mobile/tablet jump to the list on folder selection (#6415) * Elastic: Various improvements on mail compose screen (#6413) * Elastic: Support new-line char as a separator for pasted recipients (#6460) * Elastic: Improved UX of search dialogs (#6416) * Elastic: Fix unwanted thread expanding when selecting a collapsed thread in non-mobile mode (#6445) * Elastic: Fix too small height of mailvelope mail preview frame (#6600) * Elastic: Add 'status bar' for mobile in mail composer * Elastic: Add selection options on contacts list (#6595) * Elastic: Fix unintentional layout preference overwrite (#6613) * Elastic: Fix bug where Enigma options in mail compose could sometimes be ignored (#6515) * Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433) * Fix regression where drafts were not deleted after sending the message (#6756) * Fix so max_message_size limit is checked also when forwarding messages as attachments (#6580) * Fix so performance stats are logged to the main console log also when per_user_logging=true * Fix malformed message saved into Sent folder when using big attachments and low memory limit (#6498) * Fix incorrect IMAP SASL GSSAPI negotiation (#6308) * Fix so unicode in local part of the email address is also supported in recipient inputs (#6490) * Fix bug where autocomplete list could be displayed out of screen (#6469) * Fix style/navigation on error page depending on authentication state (#6362) * Fix so invalid smtp_helo_host is never used, fallback to localhost (#6408) * Fix custom logo size in Elastic (#6424) * Fix listing the same attachment multiple times on forwarded messages * Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494) * Fix inconsistent offset for various time zones - always display Standard Time offset (#6531) * Fix dummy Message-Id when resuming a draft without Message-Id header (#6548) * Fix handling of empty entries in vCard import (#6564) * Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577) * Fix PHP 7.2 compatibility in debug_logger plugin (#6586) * Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581) * Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599) * Fix missing CSRF token on a link to download too-big message part (#6621) * Fix bug when aborting dragging with ESC key didn't stop the move action (#6623) * Improved Mailvelope integration * * Added private key listing and generating to identity settings * * Enable encrypt & sign option if Mailvelope supports it * Allow contacts without an email address (#5079) * Support SMTPUTF8 and relax email address validation to support unicode in local part (#5120) * Support for IMAP folders that cannot contain both folders and messages (#5057) * Remove sample PHP configuration from .htaccess and .user.ini files (#5850) * Extend skin_logo setting to allow per skin logos (#6272) * Use Masterminds/HTML5 parser for better HTML5 support (#5761) * Add More actions button in Contacts toolbar with Copy/Move actions (#6081) * Display an error when clicking disabled link to register protocol handler (#6079) * Add option trusted_host_patterns (#6009, #5752) * Support additional connect parameters in PostgreSQL database wrapper * Use UI dialogs instead of confirm() and alert() where possible * Display value of the SMTP message size limit in the error message (#6032) * Show message flagged status in message view (#5080) * Skip redundant INSERT query on successful logon when using PHP7 * Replace display_version with display_product_version (#5904) * Extend disabled_actions config so it accepts also button names (#5903) * Handle remote stylesheets the same as remote images, ask the user to allow them (#5994) * Add Message-ID to the sendmail log (#5871) * Add option to hide folders in share/other-user namespace or outside of the personal namespace root (#5073) * Archive: Fix archiving by sender address on cyrus-imap * Archive: Style Archive folder also on folder selector and folder manager lists * Archive: Add Thunderbird compatible Month option (#5623) * Archive: Create archive folder automatically if it's configured, but does not exist (#6076) * Enigma: Add button to send mail unencrypted if no key was found (#5913) * Enigma: Add options to set PGP cipher/digest algorithms (#5645) * Enigma: Multi-host support * Managesieve: Add ability to disable filter sets and other actions (#5496, #5898) * Managesieve: Add option managesieve_forward to enable settings dialog for simple forwarding (#6021) * Managesieve: Support filter action with custom IMAP flags (#6011) * Managesieve: Support 'mime' extension tests - RFC5703 (#5832) * Managesieve: Support GSSAPI authentication with krb_authentication plugin (#5779) * Managesieve: Support enabling the plugin for specified hosts only (#6292) * Password: Support host variables in password_db_dsn option (#5955) * Password: Automatic virtualmin domain setting, removed password_virtualmin_format option (#5759) * Password: Added password_username_format option (#5766) * subscriptions_option: show \Noselect folders greyed out (#5621) * zipdownload: Added option to define size limit for multiple messages download (#5696) * vcard_attachments: Add possibility to send contact vCard from Contacts toolbar (#6080) * Changed defaults for smtp_user (%u), smtp_pass (%p) and smtp_port (587) * Composer: Fix certificate validation errors by using packagist only (#5148) * Add --get and --extract arguments and CACHEDIR env-variable support to install-jsdeps.sh (#5882) * Support _filter and _scope as GET arguments for opening mail UI (#5825) * Various improvements for templating engine and skin behaviours * * Support conditional include * * Support for 'link' objects * * Support including files with path relative to templates directory * * Use instead of for submit button on logon screen * Support skin localization (#5853) * Reset onerror on images if placeholder does not exist to prevent from requests storm * Unified and simplified code for loading content frame for responses and identities * Display contact import and advanced search in popup dialogs * Display a dialog for mail import with supported format description and upload size hint * Make possible to set (some) config options from a skin * Added optional checkbox selection for the list widget * Make 'compose' command always enabled * Add .log suffix to all log file names, add option log_file_ext to control this (#313) * Return '401 Unauthorized' status when login fails (#5663) * Support both comma and semicolon as recipient separator, drop recipients_separator option (#5092) * Plugin API: Added 'show_bytes' hook (#5001) * Add option to not indent quoted text on top-posting reply (#5105) * Removed global $CONFIG variable * Removed debug_level setting * Support AUTHENTICATE LOGIN for IMAP connections (#5563) * Support LDAP GSSAPI authentication (#5703) * Localized timezone selector (#4983) * Use 7bit encoding for ISO-2022-* charsets in sent mail (#5640) * Handle inline images also inside multipart/mixed messages (#5905) * Allow style tags in HTML editor on composed/reply messages (#5751) * Use Github API as a fallback to fetch js dependencies to workaround throttling issues (#6248) * Show confirm dialog when moving folders using drag and drop (#6119) * Fix bug where new_user_dialog email check could have been circumvented by deleting / abandoning session (#5929) * Fix skin extending for assets (#5115) * Fix handling of forwarded messages inside of a TNEF message (#5632) * Fix bug where attachment size wasn't visible when the filename was too long (#6033) * Fix checking table columns when there's more schemas/databases in postgres/mysql (#6047) * Fix css conflicts in user interface and e-mail content (#5891) * Fix duplicated signature when using Back button in Chrome (#5809) * Fix touch event issue on messages list in IE/Edge (#5781) * Fix so links over images are not removed in plain text signatures converted from HTML (#4473) * Fix various issues when downloading files with names containing non-ascii chars, use RFC 2231 (#5772) Upgrade to version 1.3.10: * Enigma: Fix 'decryption oracle' bug [CVE-2019-10740] (#6638) Upgrade to version 1.3.9: * Fix TinyMCE download location(s) (#6694) * Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599) Upgrade to version 1.3.8: * Fix support for 'allow-from ' in x_frame_options config option (#6449) - add files with .log entry to logrotate config enhance apache configuration by: + disable mbstring function overload (http://bugs.php.net/bug.php?id=30766) + do not allow to see README*, INSTALL, LICENSE or CHANGELOG files + set additional headers: + Content-Security-Policy: ask browsers to not set the referrer + Cache-Control: ask not to cache the content + Strict-Transport-Security: set HSTS rules for SSL traffic + X-XSS-Protection: configure built in reflective XSS protection adjust README.openSUSE: + db.inc.php is not used any longer + flush privileges after creating/changing users in mysql Important SUSE bug 1180132 SUSE bug 1180399 CVE-2019-10740 CVE-2020-12641 CVE-2020-16145 CVE-2020-35730 cpe:/o:opensuse:leap:15.3 Security update for seamonkey (Important) openSUSE Leap 15.3 This update for seamonkey fixes the following issues: Update to SeaMonkey 2.53.14 * Updates to the following DOM HTML element interfaces: Embed, Object, Anchor, Area, Button, Frame, Canvas, IFrame, Link, Image, MenuItem, TextArea, Source, Select, Option, Script and Html. Please test add-ons. * Continue the switch from Python 2 to Python 3 in the build system. * Add ESR 102 links to debugQA bug 1779028. * Remove about plugins from help menu bug 1779031. * Dead links in cs_nav_prefs_advanced.xhtml [en-US] bug 1783558. * Dead links in cs_nav_prefs_advanced.xhtml bug 1786030. * Remove obsolete chat services from SeaMonkey address book bug 1779034. * Address Book: 'Get Map' button is not shown for home addresses bug 1779319. * Added compatibility for rust 1.63 * SeaMonkey 2.53.14 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.14 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.11 and Thunderbird 91.11 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. Important SUSE bug 1203916 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 106.0.5249.119 (boo#1204223): * CVE-2022-3445: Use after free in Skia * CVE-2022-3446: Heap buffer overflow in WebSQL * CVE-2022-3447: Inappropriate implementation in Custom Tabs * CVE-2022-3448: Use after free in Permissions API * CVE-2022-3449: Use after free in Safe Browsing * CVE-2022-3450: Use after free in Peer Connection Important SUSE bug 1204223 CVE-2022-3445 CVE-2022-3446 CVE-2022-3447 CVE-2022-3448 CVE-2022-3449 CVE-2022-3450 cpe:/o:opensuse:leap:15.3 Security update for v4l2loopback (Moderate) openSUSE Leap 15.3 This update for v4l2loopback fixes the following issues: - Fix string format vulnerability (boo#1202156, CVE-2022-2652) Moderate SUSE bug 1202156 CVE-2022-2652 cpe:/o:opensuse:leap:15.3 Security update for cacti, cacti-spine (Moderate) openSUSE Leap 15.3 This update for cacti, cacti-spine fixes the following issues: cacti-spine 1.2.22, delivering a number of bug fixes: * When polling time is exceed, spine does not always exit as expected * Spine logging at `-V 5` includes an extra line feed * Incorrect SNMP responses can cause spine to crash * Properly handle devices that timeout responding to the Extended Uptime * MariaDB can cause spine to abort prematurely despite error handling * Spine should log the error time when exiting via signal cacti-spine 1.2.21: * Disable DES if Net-SNMP doesn't have it cacti 1.2.22, providing one security fix, a number of bug fixes and a collection of improvements: * When creating new graphs, cross site injection is possible (boo#1203952) * When creating user from template, multiple Domain FullName and Mail are not propagated * Nectar Aggregate 95th emailed report broken * Boost may not find archive tables correctly * Users may be unable to change their password when forced during a login * Net-SNMP Memory Graph Template has Wrong GPRINT * Search in tree view unusable on larger installations * Increased bulk insert size to avoid partial inserts and potential data loss. * Call to undefined function boost_debug in Cacti log * When no guest template is set, login cookies are not properly set * Later RRDtool releases do not need to check last_update time * Regex filters are not always long enough * Domains based LDAP and AD Fullname and Email not auto-populated * Cacti polling and boost report the wrong number of Data Sources when Devices are disabled * When editing Graph Template Items there are cases where VDEF's are hidden when they should be shown * Database SSL setting lacks default value * Update default path cacti under *BSD by xmacan * Web Basic authentication not creating template user * Unable to change the Heartbeat of a Data Source Profile * Tree Search Does Not Properly Search All Trees * When structured paths are setup, RRDfiles may not always be created when possible * When parsing the logs, caching would help speed up processing * Deprecation warnings when attempting real-time Graphs with PHP8.1 * Custom Timespan is lost when clicking other tree branches * Non device based Data Sources not being polled * When Resource XML file inproperly formatted, graph creation can fail with errors * Update code style to support PHP 8 requirements * None' shows all graphs * Realtime popup window experiences issues on some browsers * Auth settings do not always properly reflect the options selected by ddb4github * MySQL can cause cacti to become stalled due to locking issues * Boost process can get hung under rare conditions until the poller times out * Exporting graphs under PHP 8 can cause errors * Host table has wrong default for disabled and deleted columns * RRD storage paths do not scale properly * When importing, make it possible to only import certain components * Update change_device script to include new features by bmfmancini * Make help pages use latest online version wherever possible * Cacti should show PHP INI locations during install * Detect PHP INI values that are different in the INI vs running config * Added Gradient Color support for AREA charts by thurban * Update CDEF functions for RRDtool * When boost is running, it's not clear which processes are running and how long they have to complete cacti 1.2.21: * Add a CLI script to install/enable/disable/uninstall plugins * Add log message when purging DS stats and poller repopulate * A collection of bug fixes Moderate SUSE bug 1203952 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 107.0.5304.87 (boo#1204819) * CVE-2022-3723: Type Confusion in V8 Chromium 107.0.5304.68 (boo#1204732) * CVE-2022-3652: Type Confusion in V8 * CVE-2022-3653: Heap buffer overflow in Vulkan * CVE-2022-3654: Use after free in Layout * CVE-2022-3655: Heap buffer overflow in Media Galleries * CVE-2022-3656: Insufficient data validation in File System * CVE-2022-3657: Use after free in Extensions * CVE-2022-3658: Use after free in Feedback service on Chrome OS * CVE-2022-3659: Use after free in Accessibility * CVE-2022-3660: Inappropriate implementation in Full screen mode * CVE-2022-3661: Insufficient data validation in Extensions Important SUSE bug 1204732 SUSE bug 1204819 CVE-2022-3652 CVE-2022-3653 CVE-2022-3654 CVE-2022-3655 CVE-2022-3656 CVE-2022-3657 CVE-2022-3658 CVE-2022-3659 CVE-2022-3660 CVE-2022-3661 CVE-2022-3723 cpe:/o:opensuse:leap:15.3 Security update for jhead (Important) openSUSE Leap 15.3 This update for jhead fixes the following issues: - CVE-2022-41751: Fixed shell injection via filenames (boo#1204409) Important SUSE bug 1204409 CVE-2022-41751 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Update to 92.0.4561.21 - CHR-9037 Update chromium on desktop-stable-106-4561 to 106.0.5249.119 - DNA-102295 Missing GX.games section in settings - DNA-102308 Presubmit errors - DNA-102329 [Consent flow] clicking on 'Customize settings' doesn't resize the popup - DNA-102340 Sidebar control panel doesn't hide - DNA-102348 Replace old Dify url with a new one - DNA-102430 Translations for O92 - DNA-102534 Allow staging RH Agent extension to use VPN Pro API - DNA-102548 Rich hints extension crashes on Linux - DNA-102551 Promote O92 to stable - Complete Opera 92.0 changelog at: https://blogs.opera.com/desktop/changelog-for-92/ - The update to chromium 106.0.5249.119 fixes following issues: CVE-2022-3445, CVE-2022-3446, CVE-2022-3447, CVE-2022-3448, CVE-2022-3449, CVE-2022-3450 Update to 91.0.4516.77 - DNA-101988 Implement dark mode for consent flow popups - DNA-102348 Replace old Dify url with a new one Update to 91.0.4516.65 - DNA-101240 Save “remind in 3 days” setting - DNA-101622 Add a way to check if browser is connected to webenv - DNA-101838 Unfiltered dropdown disabled by default on stable - DNA-101990 Boost sites into top sites - DNA-101998 flag tiktok-panel doesn’t work - DNA-102075 Crash at extensions::ExtensionApiFrameIdMap:: OnRenderFrameDeleted(content::RenderFrameHost*) Important CVE-2022-3445 CVE-2022-3446 CVE-2022-3447 CVE-2022-3448 CVE-2022-3449 CVE-2022-3450 cpe:/o:opensuse:leap:15.3 Security update for EternalTerminal (Important) openSUSE Leap 15.3 This update for EternalTerminal fixes the following issues: Update to 6.2.1: * CVE-2022-24949: Fixed race condition allows local attacker to hijack IPC socket (boo#1202435) * CVE-2022-24950: Fixed privilege escalation to root (boo#1202434) * CVE-2022-24951: Fixed DoS triggered remotely by invalid sequence numbers (boo#1202433) * CVE-2022-24952: Fixed race condition allows authenticated attacker to hijack other users' SSH authorization socket (boo#1202432) Important SUSE bug 1202432 SUSE bug 1202433 SUSE bug 1202434 SUSE bug 1202435 CVE-2022-24949 CVE-2022-24950 CVE-2022-24951 CVE-2022-24952 cpe:/o:opensuse:leap:15.3 Security update for deluge (Moderate) openSUSE Leap 15.3 This update for deluge fixes the following issues: Update to version 2.1.1: - CVE-2021-3427: Fixed a XSS in webui via crafted torrent file (boo#1203162). Moderate SUSE bug 1203162 CVE-2021-3427 cpe:/o:opensuse:leap:15.3 Security update for exim (Important) openSUSE Leap 15.3 This update for exim fixes the following issues: - CVE-2022-3559: Fixed use after free in processing of the component Regex Handler (boo#1204427, Bug 2915) Important SUSE bug 1204427 CVE-2022-3559 cpe:/o:opensuse:leap:15.3 Security update for autotrace (Important) openSUSE Leap 15.3 This update for autotrace fixes the following issues: - CVE-2022-32323: Fixed Heap overflow in ReadImage() (boo#1201529). Important SUSE bug 1201529 CVE-2022-32323 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: - Chromium 107.0.5304.110 (boo#1205221) * CVE-2022-3885: Use after free in V8 * CVE-2022-3886: Use after free in Speech Recognition * CVE-2022-3887: Use after free in Web Workers * CVE-2022-3888: Use after free in WebCodecs * CVE-2022-3889: Type Confusion in V8 * CVE-2022-3890: Heap buffer overflow in Crashpad Important SUSE bug 1205221 CVE-2022-3885 CVE-2022-3886 CVE-2022-3887 CVE-2022-3888 CVE-2022-3889 CVE-2022-3890 cpe:/o:opensuse:leap:15.3 Security update for jhead (Important) openSUSE Leap 15.3 This update for jhead fixes the following issues: * CVE-2021-34055: Fix out of bounds write in ClearOrientation() due to unchecked error (boo#1205167) Important SUSE bug 1205167 CVE-2021-34055 cpe:/o:opensuse:leap:15.3 Security update for tumbler (Moderate) openSUSE Leap 15.3 This update for tumbler fixes the following issues: tumbler was updated to version 4.16.1 (boo#1205210) * gst-thumbnailer: Add mime type check (gxo#xfce/tumbler#65) * desktop-thumbnailer: Guard against null path * Fix typo in gthread version (gxo#xfce/tumbler!14) - Add Recommends: ffmpegthumbnailer Moderate SUSE bug 1203644 SUSE bug 1205210 cpe:/o:opensuse:leap:15.3 Security update for libpano (Moderate) openSUSE Leap 15.3 This update for libpano fixes the following issues: - CVE-2021-33293: Fixes out-of-bounds read in the function panoParserFindOLine() in parser.c. (boo#1197011) Moderate SUSE bug 1197011 CVE-2021-33293 cpe:/o:opensuse:leap:15.3 Security update for tor (Moderate) openSUSE Leap 15.3 This update for tor fixes the following issues: tor 0.4.7.11: * Improve security of DNS cache by randomly clipping the TTL value (boo#1205307, TROVE-2021-009) * Improved defenses against network-wide DoS, multiple counters and metrics added to MetricsPorts * Apply circuit creation anti-DoS defenses if the outbound circuit max cell queue size is reached too many times. This introduces two new consensus parameters to control the queue size limit and number of times allowed to go over that limit. * Directory authority updates * IPFire database and geoip updates * Bump the maximum amount of CPU that can be used from 16 to 128. The NumCPUs torrc option overrides this hardcoded maximum. * onion service: set a higher circuit build timeout for opened client rendezvous circuit to avoid timeouts and retry load * Make the service retry a rendezvous if the circuit is being repurposed for measurements Moderate SUSE bug 1205307 cpe:/o:opensuse:leap:15.3 Security update for Botan (Moderate) openSUSE Leap 15.3 This update for Botan fixes the following issues: - CVE-2022-43705: Fixed validation of embedded certificates was when checking OCSP responses (boo#1205509). Moderate SUSE bug 1205509 CVE-2022-43705 cpe:/o:opensuse:leap:15.3 Security update for python-joblib (Important) openSUSE Leap 15.3 This update for python-joblib fixes the following issues: - CVE-2022-21797: Fixed arbitrary code execution in joblib (boo#1204232) Important SUSE bug 1204232 CVE-2022-21797 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Update to 93.0.4585.11: - CHR-9051 Update chromium on desktop-stable-107-4585 to 107.0.5304.88 - DNA-95965 Add support for more UD TLDs - DNA-102960 Replace messengers icons - DNA-102964 Crash at -[FramedBrowserWindow sendEvent:] - DNA-103125 Translations for O93 - DNA-103287 Bump O93 to stable Important CVE-2022-3723 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 107.0.5304.121 (boo#1205736) * CVE-2022-4135: Heap buffer overflow in GPU Important SUSE bug 1205736 CVE-2022-4135 cpe:/o:opensuse:leap:15.3 Security update for rxvt-unicode (Important) openSUSE Leap 15.3 This update for rxvt-unicode fixes the following issues: Update to 9.26 - ev_iouring.c was wrongly required during compilation, and wrongly not packaged. Update to 9.25 (boo#1186174 CVE-2021-33477) - for the 17.5th anniversary, and because many distributions seem to remove rxvt in favour of urxvt, this release resurrects rclock as urclock. - add support for systemd socket-based activation - debian bug #917105, freebsd bug #234276. - do not destruct perl on exit anymore: this might fail for a variety of reasons, and takes unneccessary time. - remove any macros from urxvtperl manpage(s), should fix debian bug 858385. - the old bg image resources are now provided by the background extension, and perl is thus required for bg image support. No configuration change is needed: urxvt autoloads the background ext if any bg image resource/option is present (for OSC sequences to work you need to enable it explicity). The old bg image resources are also now deprecated; users are encouraged to switch to the new bg image interface (see man urxvt-background). - confirm-paste now checks for any ctlchars, not just newlines. - searchable scrollback will now ignore bracketed paste mode sequences (prompted by Daniel Gr?ber's patch). - drop ISO 2022 locale support. ISO 2022 encodings are not supported in POSIX locales and clash with vt100 charset emulation (the luit program can be used as a substitute). - perl didn't parse rgba colours specified as an array correctly, only allowing 0 and 100% intensity for each component (this affected fill and tint). - when iterating over resources, urxvt will now try to properly handle multipart resources (such as '*background.expr'), for the benefit of autoloading perl extensions. - ESC G (query rxvt graphics mode) has been disabled due to security implications. The rxvt graphics mode was removed in rxvt-unicode 1.5, and no programs relying on being able to query the mode are known. - work around API change breakage in perl 5.28, based on a patch by Roman Bogorodskiy. - improved security: rob nation's (obsolete) graphics mode queries no longer reply with linefeed in secure/default mode. - ISO 8613-3 direct colour SGR sequences (patch by Fengguang Wu). - xterm focus reporting mode (patch by Daniel Hahler). - xterm SGR mouse mode. - implement DECRQM. Patch by Přemysl Eric Janouch. - add missing color index parameter to OSC 4 response. Patch by Přemysl Eric Janouch. - in some window managers, if smart resize was enabled, urxvt erroneously moved the window on font change - awesome bug #532, arch linux bug ##34807 (patch by Uli Schlachter). - fix urxvtd crash when using a background expression. - properly restore colors when using fading and reverse video is enabled while urxvt is focused and then disabled while it is not focused, or vice versa (patch by Daniel Hahler). - fix high memory usage when an extension repeatedly hides and shows an overlay (reported by Marcel Lautenbach). - expose priv_modes member and constants to perl extensions (patch by Rastislav Barlik). - fix a whole slew of const sillyness, unfortunately forced upon us by ISO C++. - update to libecb 0x00010006. - disable all thread support in ecb.h as we presumably don't need it. - slightly improve Makefile source dependencies. - work around bugs in newer Pod::Xhtml versions (flags incorrect formatting codes in xhtml/html sections but does not interpret correct ones). - New file: /usr/bin/urclock - restore the -256color binaries Important SUSE bug 1186174 CVE-2008-1142 CVE-2021-33477 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 108.0.5359.71 (boo#1205871) - CVE-2022-4174: Type Confusion in V8. - CVE-2022-4175: Use after free in Camera Capture. - CVE-2022-4176: Out of bounds write in Lacros Graphics. - CVE-2022-4177: Use after free in Extensions. - CVE-2022-4178: Use after free in Mojo. - CVE-2022-4179: Use after free in Audio. - CVE-2022-4180: Use after free in Mojo. - CVE-2022-4181: Use after free in Forms. - CVE-2022-4182: Inappropriate implementation in Fenced Frames. - CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. - CVE-2022-4184: Insufficient policy enforcement in Autofill. - CVE-2022-4185: Inappropriate implementation in Navigation. - CVE-2022-4186: Insufficient validation of untrusted input in Downloads. - CVE-2022-4187: Insufficient policy enforcement in DevTools. - CVE-2022-4188: Insufficient validation of untrusted input in CORS. - CVE-2022-4189: Insufficient policy enforcement in DevTools. - CVE-2022-4190: Insufficient data validation in Directory. - CVE-2022-4191: Use after free in Sign-In. - CVE-2022-4192: Use after free in Live Caption. - CVE-2022-4193: Insufficient policy enforcement in File System API. - CVE-2022-4194: Use after free in Accessibility. - CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Important SUSE bug 1205871 CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177 CVE-2022-4178 CVE-2022-4179 CVE-2022-4180 CVE-2022-4181 CVE-2022-4182 CVE-2022-4183 CVE-2022-4184 CVE-2022-4185 CVE-2022-4186 CVE-2022-4187 CVE-2022-4188 CVE-2022-4189 CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193 CVE-2022-4194 CVE-2022-4195 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 108.0.5359.94 (boo#1205999) - CVE-2022-4262: Type Confusion in V8 Important SUSE bug 1205999 CVE-2022-4262 cpe:/o:opensuse:leap:15.3 Security update for python-slixmpp (Moderate) openSUSE Leap 15.3 This update for python-slixmpp fixes the following issues: - CVE-2022-45197: Fixed certificate hostname validation (boo#1205433) Moderate SUSE bug 1205433 CVE-2022-45197 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Update to version 108.0.5359.124 (boo#1206403): - CVE-2022-4436: Use after free in Blink Media - CVE-2022-4437: Use after free in Mojo IPC - CVE-2022-4438: Use after free in Blink Frames - CVE-2022-4439: Use after free in Aura - CVE-2022-4440: Use after free in Profiles Important SUSE bug 1205433 CVE-2022-4436 CVE-2022-4437 CVE-2022-4438 CVE-2022-4439 CVE-2022-4440 cpe:/o:opensuse:leap:15.3 Security update for mbedtls (Important) openSUSE Leap 15.3 This update for mbedtls fixes the following issues: - CVE-2022-35409: Fixed buffer overread in DTLS ClientHello parsing (boo#1201581). Important SUSE bug 1201581 CVE-2021-35409 CVE-2022-35409 cpe:/o:opensuse:leap:15.3 Security update for vlc (Important) openSUSE Leap 15.3 This update for vlc fixes the following issues: - Update to version 3.0.18 (CVE-2022-41325, boo#1206142): + macOS: Fix audio device listing with non-latin names. + Misc: Fix rendering and performance issue with older GPUs. + Updated translations. - Changes from version 3.0.18-rc2: + Codec/Demux: - Add support for Y16 chroma. - Fix build of gme plugin. + Lua: - Fix script for vocaroo. - Fix script for youtube to allow throttled playback. + Service Discovery: Fix UPnP regression on Windows. + Video Output: Fix video placement with caopengllayer. + Misc: Fix password search in kwallet module. - Changes from version 3.0.18-rc: + Demux: - Major adaptive streaming update, notably for multiple timelies and webvtt. - Fix seeking with some fragmented MP4 files. - Add support for DVBSub inside MKV. - Fix some Flac files that could not be played. - Improve seeking in Ogg files. + Decoders: - Fix DxVA/D3D11 crashes on HEVC files with bogus references. - Fix libass storage size and crash. - Fix decoding errors on macOS hw decoding on some HEVC files. + Video Output: - Fix color regression with VAAPI/iOS and OpenGL output. - Fix some resizing issues with OpenGL on GLX/EGL/X11/XV. - Fix Direct3d9 texture stretching. - Fix 10-bit accelerated video filters on macOS. + Playlist: Avoid playlist liveloop on failed/tiny items (temporize EOS bursts). + Misc: - Misc fixes for the extension UI on macOS. - Improve SMBv1 and SMBv2 behaviours. - Improve FTP compatibility. - Support RISC-V. - Fix AVI muxing for Windows Media Player compatibility. - Fix seeking speed on macOS. Important SUSE bug 1200944 SUSE bug 1206142 CVE-2020-0499 CVE-2021-0561 CVE-2022-41325 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Opera was updated to 85.0.4341.28 - CHR-8816 Update chromium on desktop-stable-99-4341 to 99.0.4844.84 - DNA-98092 Crash at views::MenuItemView::GetMenuController() - DNA-98278 Translations for O85 - DNA-98320 [Mac] Unable to delete recent search entries - DNA-98614 Show recent searches for non-BABE users - DNA-98615 Allow removal of recent searches - DNA-98616 Add recent searches to ‘old’ BABE - DNA-98617 Make it possible to disable ad-blocker per-country - DNA-98651 Remove Instagram and Facebook Messenger in Russia - DNA-98653 Add flag #recent-searches - DNA-98696 smoketest PageInfoHistoryDataSourceTest.FormatTimestampString failing - DNA-98703 Port Chromium issue 1309225 to Opera Stable - The update to chromium 99.0.4844.84 fixes following issues: CVE-2022-1096 - Changes in 85.0.4341.18 - CHR-8789 Update chromium on desktop-stable-99-4341 to 99.0.4844.51 - DNA-98059 [Linux] Crash at opera::FreedomSettingsImpl::IsBypassForDotlessDomainsEnabled - DNA-98349 [Linux] Crash at bluez::BluezDBusManager::Get() - DNA-98126 System crash dialog shown on macOS <= 10.15 - DNA-98331 [Snap] Meme generator cropping / resizing broken - DNA-98394 Audio tab indicator set to 'muted' on videoconferencing sites - DNA-98481 Report errors in opauto_collector - The update to chromium 99.0.4844.51 fixes following issues: CVE-2022-0789, CVE-2022-0790, CVE-2022-0791, CVE-2022-0792, CVE-2022-0793, CVE-2022-0794, CVE-2022-0795, CVE-2022-0796, CVE-2022-0797, CVE-2022-0798, CVE-2022-0799, CVE-2022-0800, CVE-2022-0801, CVE-2022-0802, CVE-2022-0803, CVE-2022-0804, CVE-2022-0805, CVE-2022-0806, CVE-2022-0807, CVE-2022-0808, CVE-2022-0809 - Changes in 85.0.4341.13 - DNA-94119 Upgrade curl to 7.81.0 - DNA-97849 [Mac monterey] System shortcut interfere with Opera’s `ToggleSearchInOpenTabs` shortcut - DNA-98204 Automatic popout happens when video is paused - DNA-98231 Shortcuts are blocked by displayed tab tooltip when triggered quickly after tooltip appears - DNA-98321 Add thinlto-cache warnings to suppression list - DNA-98395 Promote O85 to stable - Complete Opera 85.0 changelog at: https://blogs.opera.com/desktop/changelog-for-85/ - Update to 84.0.4316.42 - DNA-94119 Upgrade curl to 7.81.0 - DNA-98092 Crash at views::MenuItemView::GetMenuController() - DNA-98204 Automatic popout happens when video is paused - DNA-98231 Shortcuts are blocked by displayed tab tooltip when triggered quickly after tooltip appears - Update to 84.0.4316.31 - CHR-8772 Update chromium on desktop-stable-98-4316 to 98.0.4758.109 - DNA-97573 [Win][Lin]”Close tab” button is not displayed on tabs playing media when many tabs are open - DNA-97729 cancelling the process uploading custom Wallpaper crashes the browser - DNA-97871 Google meet tab’s icons don’t fit on pinned tab - DNA-97872 Tab is being unpinned when video conferencing button is clicked - DNA-98039 Dark theme top sites have black background - DNA-98117 Clicking current tab information should hide tooltip Important CVE-2022-0789 CVE-2022-0790 CVE-2022-0791 CVE-2022-0792 CVE-2022-0793 CVE-2022-0794 CVE-2022-0795 CVE-2022-0796 CVE-2022-0797 CVE-2022-0798 CVE-2022-0799 CVE-2022-0800 CVE-2022-0801 CVE-2022-0802 CVE-2022-0803 CVE-2022-0804 CVE-2022-0805 CVE-2022-0806 CVE-2022-0807 CVE-2022-0808 CVE-2022-0809 CVE-2022-1096 cpe:/o:opensuse:leap:15.3 Security update for pdns (Important) openSUSE Leap 15.3 This update for pdns fixes the following issues: - CVE-2022-27227: Fixes incomplete validation of incoming IXFR transfer (boo#1197525) Important SUSE bug 1197525 CVE-2022-27227 cpe:/o:opensuse:leap:15.3 Security update for pdns-recursor (Important) openSUSE Leap 15.3 This update for pdns-recursor fixes the following issues: - CVE-2022-27227: Fixed incomplete validation of incoming IXFR transfers. It applies to setups retrieving one or more RPZ zones from a remote server if the network path to the server is not trusted. (boo#1197525) Important SUSE bug 1197525 CVE-2022-27227 cpe:/o:opensuse:leap:15.3 Security update for seamonkey (Important) openSUSE Leap 15.3 SeaMonkey was updated to 2.53.11.1: Update to SeaMonkey 2.53.11.1 * Fix edge case when setting IntersectionObserver threshold bug 1758291. * OAuth2 prefs should use realuserName instead of username bug 1518126. * SeaMonkey 2.53.11.1 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.11.1 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.7 and Thunderbird 91.7 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. * Remove obsolete MOZ_EXTENSIONS check in suite * Add connect button to cZ Networks Editor * Remove freenode remnants from ChatZilla in SeaMonkey * Prefer secure over insecure protocol in network list in ChatZilla * Composer - Change tag textbox is not removed after use * Clean up repo links in debugQA * Fix misspelled references to macOS in suite * Remove obsolete references to Java and Flash * Help button not working in delete cert dialog * Rearrange Message Filter Dialog to make room for new features * Use Insert key as shortcut to create new message filters * Rename some variables used in SeaMonkey's FilterListDialog to match Thunderbird's * Implement Copy to New message filter functionality * Add move to top / bottom buttons to message filters * Add preference to not prompt for message filter deletion * Clean up folder handling in FilterListDialog * Add refresh function to Filter list dialog so that it can be updated when already open and new filters are added externally * Use listbox rather than tree in FilterListDialog * MsgFilterList(args) should take targetFilter and pass it to FilterListDialog * Mail&News' start.xhtml: 'We' link broken * Add search functionality to filter dialog Important SUSE bug 1197518 cpe:/o:opensuse:leap:15.3 Security update for jawn (Moderate) openSUSE Leap 15.3 This update for jawn fixes the following issues: * CVE-2022-21653: DoS caused by a hash collision in SimpleFacade and MutableFacade (boo#1194358) Moderate SUSE bug 1194358 CVE-2022-21653 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Updated to Chromium 100.0.4896.88 (boo#1198361) - CVE-2022-1305: Use after free in storage - CVE-2022-1306: Inappropriate implementation in compositing - CVE-2022-1307: Inappropriate implementation in full screen - CVE-2022-1308: Use after free in BFCache - CVE-2022-1309: Insufficient policy enforcement in developer tools - CVE-2022-1310: Use after free in regular expressions - CVE-2022-1311: Use after free in Chrome OS shell - CVE-2022-1312: Use after free in storage - CVE-2022-1313: Use after free in tab groups - CVE-2022-1314: Type Confusion in V8 - Various fixes from internal audits, fuzzing and other initiatives Updated to version 100.0.4896.75: - CVE-2022-1232: Type Confusion in V8 (boo#1198053) Update to version 100.0.4896.60 (boo#1197680): - CVE-2022-1125: Use after free in Portals - CVE-2022-1127: Use after free in QR Code Generator - CVE-2022-1128: Inappropriate implementation in Web Share API - CVE-2022-1129: Inappropriate implementation in Full Screen Mode - CVE-2022-1130: Insufficient validation of untrusted input in WebOTP - CVE-2022-1131: Use after free in Cast UI - CVE-2022-1132: Inappropriate implementation in Virtual Keyboard - CVE-2022-1133: Use after free in WebRTC - CVE-2022-1134: Type Confusion in V8 - CVE-2022-1135: Use after free in Shopping Cart - CVE-2022-1136: Use after free in Tab Strip - CVE-2022-1137: Inappropriate implementation in Extensions - CVE-2022-1138: Inappropriate implementation in Web Cursor - CVE-2022-1139: Inappropriate implementation in Background Fetch API - CVE-2022-1141: Use after free in File Manager - CVE-2022-1142: Heap buffer overflow in WebUI - CVE-2022-1143: Heap buffer overflow in WebUI - CVE-2022-1144: Use after free in WebUI - CVE-2022-1145: Use after free in Extensions - CVE-2022-1146: Inappropriate implementation in Resource Timing Important SUSE bug 1197680 SUSE bug 1198053 SUSE bug 1198361 CVE-2022-1125 CVE-2022-1127 CVE-2022-1128 CVE-2022-1129 CVE-2022-1130 CVE-2022-1131 CVE-2022-1132 CVE-2022-1133 CVE-2022-1134 CVE-2022-1135 CVE-2022-1136 CVE-2022-1137 CVE-2022-1138 CVE-2022-1139 CVE-2022-1141 CVE-2022-1142 CVE-2022-1143 CVE-2022-1144 CVE-2022-1145 CVE-2022-1146 CVE-2022-1232 CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308 CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312 CVE-2022-1313 CVE-2022-1314 cpe:/o:opensuse:leap:15.3 Security update for htmldoc (Moderate) openSUSE Leap 15.3 This update for htmldoc fixes the following issues: - CVE-2022-24191: Fix a potential stack overflow bug with GIF images (boo#1198204). Moderate SUSE bug 1198204 CVE-2022-24191 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Updated Chromium to 100.0.4896.127 (boo#1198509) - CVE-2022-1364: Type Confusion in V8 - Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1198509 CVE-2022-1364 cpe:/o:opensuse:leap:15.3 Security update for prosody (Important) openSUSE Leap 15.3 This update for prosody fixes the following issues: Update to 0.11.12: * CVE-2022-0217: util.xml: Do not allow doctypes, comments or processing instructions (bsc#1194596) Important SUSE bug 1194596 CVE-2022-0217 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Update to 86.0.4363.23: - CHR-8843 Update chromium on desktop-stable-100-4363 to 100.0.4896.127 - DNA-98236 Turn on #snap-text-selection on all streams - DNA-98507 DCHECK at address_bar_controller.cc(547) - DNA-98528 Suggestions for internal pages disappear when typing their full name - DNA-98538 Change name of 'Opera Crypto Wallet' to 'Crypto Wallet' - DNA-98540 Booking.com used instead of custom search engine - DNA-98587 Favicon of booking suggestion in the city category is unexpectedly changing - DNA-98605 City suggestions should show URL in address field when selected - DNA-98608 #address-bar-dropdown-categories expired - DNA-98616 Add recent searches to 'old' BABE - DNA-98668 Switch to tab button leads to wrong tab - DNA-98673 Improve suggestion removal handling in suggestion providers - DNA-98681 Remove unused suggestion consumers - DNA-98684 Have a dedicated SuggestionList for the new address bar dropdown - DNA-98685 Enable #native-crypto-wallet on developer - DNA-98688 'Disable this feature' mini-menu settings is non-intuitive - DNA-98690 Autocompleted text stayed in address field after removing suggestion - DNA-98738 Inline autocomplete suggestion for SD disappears after typing 3rd letter of SD name - DNA-98743 Blank dropdown after pressing space key - DNA-98783 Improve showing suggestions with long URLs or page titles - DNA-98785 'Switch to tab' button not shown for suggestions with www subdomain when typing domain text - DNA-98879 'Disable suggestions before typing' mini-menu option should change to 'Enable suggestions before typing' when being selected - DNA-98917 Translations for O86 - DNA-98975 Turn on #snap-crop-tool on all channels - DNA-98980 Enable #native-crypto-wallet on all streams - DNA-99005 The sidebar item is not visible for already active crypto wallet users when #native-crypto-wallet flag is enabled. - DNA-99007 Crash at TemplateURLRef::ParseIfNecessary(SearchTermsData const&) const - DNA-99047 Promote O86 to stable - The update to chromium 100.0.4896.127 fixes following issues: CVE-2022-1364 - Complete Opera 86.0 changelog at: https://blogs.opera.com/desktop/changelog-for-86/ Update to 85.0.4341.60: - DNA-98666 Set baidu as default search engine in China - DNA-98707 Hint is not displayed for new crypto wallet sidebar icon - DNA-98775 RichHintsSearchEngineCondition.testSogouSearchEngine errors Update to 85.0.4341.47: - DNA-98249 Add feature flag #native-crypto-wallet - DNA-98250 Install extension on startup - DNA-98251 Make Crypto Wallet setting enable / disable extension - DNA-98252 Deactivate old desktop crypto wallet - DNA-98253 Always show “Crypto Wallet” in Sidebar Setup - DNA-98497 Crash when installing extension - DNA-98506 Enable opera_feature_crypto_wallet_encryption on desktop - DNA-98510 Blank icon in sidebar setup - DNA-98538 Change name of 'Opera Crypto Wallet' to 'Crypto Wallet' - DNA-98685 Enable #native-crypto-wallet on developer - DNA-98766 Crash at opera::AddressBarControllerImpl::OpenNativeDropdown() - DNA-98768 Crash at extensions::ContentFilterPrivateIsWhitelistedFunction::Run() - DNA-98770 Recent searches stay in address field after selecting entry from dropdown - DNA-98772 Screen sharing broken - DNA-98803 Autofilled part appended after selecting address bar using shortcut Important CVE-2022-1364 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 101.0.4951.54 (boo#1199118) Chromium 101.0.4951.41 (boo#1198917): * CVE-2022-1477: Use after free in Vulkan * CVE-2022-1478: Use after free in SwiftShader * CVE-2022-1479: Use after free in ANGLE * CVE-2022-1480: Use after free in Device API * CVE-2022-1481: Use after free in Sharing * CVE-2022-1482: Inappropriate implementation in WebGL * CVE-2022-1483: Heap buffer overflow in WebGPU * CVE-2022-1484: Heap buffer overflow in Web UI Settings * CVE-2022-1485: Use after free in File System API * CVE-2022-1486: Type Confusion in V8 * CVE-2022-1487: Use after free in Ozone * CVE-2022-1488: Inappropriate implementation in Extensions API * CVE-2022-1489: Out of bounds memory access in UI Shelf * CVE-2022-1490: Use after free in Browser Switcher * CVE-2022-1491: Use after free in Bookmarks * CVE-2022-1492: Insufficient data validation in Blink Editing * CVE-2022-1493: Use after free in Dev Tools * CVE-2022-1494: Insufficient data validation in Trusted Types * CVE-2022-1495: Incorrect security UI in Downloads * CVE-2022-1496: Use after free in File Manager * CVE-2022-1497: Inappropriate implementation in Input * CVE-2022-1498: Inappropriate implementation in HTML Parser * CVE-2022-1499: Inappropriate implementation in WebAuthentication * CVE-2022-1500: Insufficient data validation in Dev Tools * CVE-2022-1501: Inappropriate implementation in iframe Important SUSE bug 1198917 SUSE bug 1199118 CVE-2022-1477 CVE-2022-1478 CVE-2022-1479 CVE-2022-1480 CVE-2022-1481 CVE-2022-1482 CVE-2022-1483 CVE-2022-1484 CVE-2022-1485 CVE-2022-1486 CVE-2022-1487 CVE-2022-1488 CVE-2022-1489 CVE-2022-1490 CVE-2022-1491 CVE-2022-1492 CVE-2022-1493 CVE-2022-1494 CVE-2022-1495 CVE-2022-1496 CVE-2022-1497 CVE-2022-1498 CVE-2022-1499 CVE-2022-1500 CVE-2022-1501 cpe:/o:opensuse:leap:15.3 Security update for php-composer (Important) openSUSE Leap 15.3 This update for php-composer fixes the following issues: php-composer was updated to version 1.10.26: * Security: Fixed command injection vulnerability in HgDriver/GitDriver: CVE-2022-24828 boo#1198494 Update to version 1.10.25 * Fix regression with PHP 8.1.0 and 8.1.1 Update to version 1.10.24 * Fixed PHP 8.1 compatibility Update to version 1.10.23 * Security: Fixed command injection vulnerability CVE-2021-41116 Important SUSE bug 1198494 CVE-2021-41116 CVE-2022-24828 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium was updated to 101.0.4951.64 (boo#1199409) * CVE-2022-1633: Use after free in Sharesheet * CVE-2022-1634: Use after free in Browser UI * CVE-2022-1635: Use after free in Permission Prompts * CVE-2022-1636: Use after free in Performance APIs * CVE-2022-1637: Inappropriate implementation in Web Contents * CVE-2022-1638: Heap buffer overflow in V8 Internationalization * CVE-2022-1639: Use after free in ANGLE * CVE-2022-1640: Use after free in Sharing * CVE-2022-1641: Use after free in Web UI Diagnostics Important SUSE bug 1199409 CVE-2022-1633 CVE-2022-1634 CVE-2022-1635 CVE-2022-1636 CVE-2022-1637 CVE-2022-1638 CVE-2022-1639 CVE-2022-1640 CVE-2022-1641 cpe:/o:opensuse:leap:15.3 Recommended update for dxflib (Important) openSUSE Leap 15.3 This update for dxflib fixes the following issues: - CVE-2021-21897: Fixed a heap-based buffer overflow in the DL_Dxf:handleLWPolylineData function (boo#1190345) Important SUSE bug 1190345 CVE-2021-21897 cpe:/o:opensuse:leap:15.3 Security update for virtualbox (Important) openSUSE Leap 15.3 This update for virtualbox fixes the following issues: - Version bump to 6.1.34 (released March 22 2022) by Oracle This is a maintenance release. The following items were fixed and/or added: - VMM: Fix instruction emulation for 'cmpxchg16b' - GUI: Improved GUI behavior on macOS Big Sur and later when kernel extensions are not loaded - EHCI: Addressed an issue with handling short packets (bug #20726) - Storage: Fixed a potential hang during disk I/O when the host I/O cache is disabled (bug #20875) - NVMe: Fixed loading saved state when nothing is attached to it (bug #20791) - DevPcBios: Addressed an issue which resulted in rejecting the detected LCHS geometry when the head count was above 16 - virtio-scsi: Improvements - E1000: Improve descriptor handling - VBoxManage: Fixed handling of command line arguments with incomplete quotes (bug #20740) - VBoxManage: Improved 'natnetwork list' output - VBoxManage: NATNetwork: Provide an option (--ipv6-prefix) to set IPv6 prefix - VBoxManage: NATNetwork: Provide an option (--ipv6-default) to advertise default IPv6 route (bug #20714) - VBoxManage: Fix documentation of 'usbdevsource add' (bug #20849) - Networking: General improvements in IPv4 and IPv6 area (bug #20714) - OVF Import: Allow users to specify a different storage controller and/or controller port for hard disks when importing a VM - Unattended install: Improvements - Shared Clipboard: Improved HTML clipboard handling for Windows host - Linux host and guest: Introduced initial support for kernel 5.17 - Solaris package: Fixes for API access from Python - Solaris IPS package: Suppress dependency on libpython2.7.so.* - Linux host and guest: Fixes for Linux kernel 5.14 - Linux Guest Additions: Fixed guest screen resize for older guests which are running libXrandr older than version 1.4 - Linux Guest Additions: Introduced initial support for RHEL 8.6 kernels (bug #20877) - Windows guest: Make driver install smarter - Solaris guest: Addressed an issue which prevented VBox GAs 6.1.30 or 6.1.32 from being removed in Solaris 10 guests (bug #20780) - EFI: Fixed booting from FreeBSD ISO images (bug #19910) - Fixes CVE-2022-21465 (boo#1198676), CVE-2022-21471 (boo#1198677), CVE-2022-21491 (boo#1198680), CVE-2022-21487 (boo#1198678), and CVE-2022-21488 (boo#1198679). - Fixed boo#1198703 - package virtualbox-websrv needs sysvinit-tools Important SUSE bug 1198676 SUSE bug 1198677 SUSE bug 1198678 SUSE bug 1198679 SUSE bug 1198680 SUSE bug 1198703 CVE-2022-21465 CVE-2022-21471 CVE-2022-21487 CVE-2022-21488 CVE-2022-21491 cpe:/o:opensuse:leap:15.3 Security update for civetweb (Moderate) openSUSE Leap 15.3 civetweb was updated to: - do not load libcrypto/libssl dynamically, just link against them (bsc#1199047) Version 1.15 * New configuration for URL decoding * CVE-2020-27304: Sanitize filenames in handle form (bsc#1191938) * Example “embedded_c.c”: Do not overwrite files (possible security issue) * Remove obsolete examples * Remove “experimental” label for some features * Remove MG_LEGACY_INTERFACE that have been declared obsolete in 2017 or earlier * Modifications to build scripts, required due to changes in the test environment * Unix domain socket support fixed * Fixes for NO_SSL_DL * Fixes for some warnings / static code analysis Moderate SUSE bug 1191938 SUSE bug 1199047 CVE-2020-27304 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 97.0.4692.71 (boo#1194331): * CVE-2022-0096: Use after free in Storage * CVE-2022-0097: Inappropriate implementation in DevTools * CVE-2022-0098: Use after free in Screen Capture * CVE-2022-0099: Use after free in Sign-in * CVE-2022-0100: Heap buffer overflow in Media streams API * CVE-2022-0101: Heap buffer overflow in Bookmarks * CVE-2022-0102: Type Confusion in V8 * CVE-2022-0103: Use after free in SwiftShader * CVE-2022-0104: Heap buffer overflow in ANGLE * CVE-2022-0105: Use after free in PDF * CVE-2022-0106: Use after free in Autofill * CVE-2022-0107: Use after free in File Manager API * CVE-2022-0108: Inappropriate implementation in Navigation * CVE-2022-0109: Inappropriate implementation in Autofill * CVE-2022-0110: Incorrect security UI in Autofill * CVE-2022-0111: Inappropriate implementation in Navigation * CVE-2022-0112: Incorrect security UI in Browser UI * CVE-2022-0113: Inappropriate implementation in Blink * CVE-2022-0114: Out of bounds memory access in Web Serial * CVE-2022-0115: Uninitialized Use in File API * CVE-2022-0116: Inappropriate implementation in Compositing * CVE-2022-0117: Policy bypass in Service Workers * CVE-2022-0118: Inappropriate implementation in WebShare * CVE-2022-0120: Inappropriate implementation in Passwords - Revert wayland fixes because it doesn't handle GPU correctly (boo#1194182) Important SUSE bug 1194055 SUSE bug 1194182 SUSE bug 1194331 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098 CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 CVE-2022-0120 cpe:/o:opensuse:leap:15.3 Security update for autotrace (Important) openSUSE Leap 15.3 This update for autotrace fixes the following issues: - CVE-2019-19004: Fixed a biWidth*biBitCnt integer overflow fix (boo#1182158) - CVE-2019-19005, CVE-2017-9182, CVE-2017-9190: Bitmap double free fix (boo#1182159) Important SUSE bug 1182158 SUSE bug 1182159 CVE-2017-9182 CVE-2017-9190 CVE-2019-19004 CVE-2019-19005 cpe:/o:opensuse:leap:15.3 Security update for libxls (Moderate) openSUSE Leap 15.3 This update for libxls fixes the following issues: - CVE-2021-27836: Fixed possible NULL pointer dereference via crafted XLS (boo#1192323) Moderate SUSE bug 1192323 CVE-2021-27836 cpe:/o:opensuse:leap:15.3 Security update for librecad (Critical) openSUSE Leap 15.3 This update for librecad fixes the following issues: - CVE-2021-45341: Fixed a buffer overflow vulnerability in LibreCAD that allowed an attacker to achieve remote code execution via a crafted JWW document [boo#1195105] - CVE-2021-45342: Fixed a buffer overflow vulnerability in jwwlib in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195122] Critical SUSE bug 1195105 SUSE bug 1195122 CVE-2021-45341 CVE-2021-45342 cpe:/o:opensuse:leap:15.3 Security update for cacti, cacti-spine (Moderate) openSUSE Leap 15.3 This update for cacti, cacti-spine fixes the following issues: cacti-spine was updated to 1.2.20: * Add support for newer versions of MySQL/MariaDB * When checking for uptime of device, don't assume a non-response is always fatal * Fix description and command trunctation issues * Improve spine performance when only one snmp agent port is in use cacti-spine 1.2.19: * Fix 1ssues with polling loop may skip some datasources * Fix ping no longer works due to hostname changes * Fix RRD steps are not always calculated correctly * Fix unable to build when DES no longer supported * Fix IPv6 devices are not properly parsed * Reduce a number of compiler warnings * Fix compiler warnings due to lack of return in thread_mutex_trylock * Fix Spine will not look at non-timetics uptime when sysUpTimeInstance overflows * Improve performance of Cacti poller on heavily loaded systems cacti-spine 1.2.20: * Add support for newer versions of MySQL/MariaDB * When checking for uptime of device, don't assume a non-response is always fatal * Fix description and command trunctation issues * Improve spine performance when only one snmp agent port is in use cacti was updated to 1.2.20: * Security fix for CVE-2022-0730, boo#1196692 Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. * Security fix: Device, Graph, Graph Template, and Graph Items may be vulnerable to XSS issues * Security fix: Lockout policies are not properly applied to LDAP and Domain Users * Security fix: When using 'remember me' option, incorrect realm may be selected * Security fix: User and Group maintenance are vulnerable to SQL attacks * Security fix: Color Templates are vulnerable to XSS attack * Features: * When creating a Data Source Profile, allow additional choices for Heartbeat * Change select all options to use Font Awesome icons * Improve spine performance by storing the total number of system snmp_ports in use * Prevent Template User Accounts from being Removed * When managing by users, allow filtering by Realm * Allow plugins to supply template account names * When viewing logs, additional message types should be filterable * When creating a Graph Template Item, allow filtering by Data Template * Allow language handler to be selected via UI * Updated Device packages for Synology, Citrix NetScaler, Cisco ASA/Cisco * Add Advanced Ping Graph Template to initial Installable templates * Add LDAP Debug Mode option * Allow Reports to include devices not on a Tree * Allow Basic Authentication to display custom failure message * Fix: When replicating data during installation/upgrade, system may appear to hang * Fix: Graph Template Items may have duplicated entries * Fix: Unable to Save Graph Settings * Fix: Script Server may crash if an OID is missing or unavailable * Fix: When system-wide polling is disabled, remote pollers may fail to sync changed settings * Fix: When updating poller name, duplicate name protection may be over zealous * Fix: Titles may show 'Missing Datasource' incorectly * Fix: Checking for MIB Cache can cause crashes * Fix: Polling cycles may not always complete as expected * Fix: When viewing graph data, non-numeric values may appear * Fix: Utilities view has calculation errors when there are no data sources * Fix: When editing Reports, drag and drop may not function as intended * Fix: When data drive is full, viewing a Graph can result in errors * Various other bug fixes cacti 1.2.19: * Further fixes for grave character security protection (boo#1192408) * Fix Over aggressive escaping causing menu visibility issues on Create Device page * Add SHA256 and AES256 security levels for SNMP polling * Import graph template(Preview Only) show color_id new value as a blank area * Fix Editing graphs errors due to missing sequence * Fix 2hen hovering over a Tree Graph, row shows same highlighting as Graph Edit screen * Fix 2hen RealTime is not active, console errors may appear * Fix race conditions may occur when multiple RRDtool processes are running * Fix errors creating graphs from templates * Fix errors when duplicating reports * Fix Boost may be blocked by overflowing poller_output table * Fix Template import may be blocked due to unmet dependency warnings with snmp ports * Fix Newer MySQL versions may error if committing a transaction when not in one * Fix SNMP Agent may not find a cache item * Fix Correct issues running under PHP 8.x * Fix When polling is disabled, boost may crash and creates many arch tables * Fix When poller runs, memory tables may not always be present * Fix Timezones may sometimes be incorrectly calculated * Fix Allow monitoring IPv6 with interface graphs * Fix When a data source uses a Data Input Method, those without a mapping should be flagged * Fix When RRDfile is not yet created, errors may appear when displaying the graph * Fix Cacti missing key indexes that result in Preset pages slowdowns * Fix Data Sources page shows no name when Data Source has no name cache * Fix db_update_table function can not alter table from signed to unsigned * Fix data remains in poller_output table even if it's flushed to rrd files * Fix Parameter list for lib/database.php:db_connect_real() is not correct in 3 places * Fix Offset is a reserved word in MariaDB 10.6 affecting Report * Fix Rendering large trees slowed due to lack of permission caching * Fix Error on interpretation of snmpUtime, when to big * Fix Applying right axis formatting creates an error-image * Fix Unable to Save Graph Settings from the Graphs pages * Fix Graph Template Cache is nullified too often when Graph Automation is running * Fix When Adding a Data Query to a Device, no Progress Spinner is shown * Fix New Browser Breaks Plugins that depend on non UTC date time data * Fix errors when testing remote poller connectivity * Fix errors when renaming poller * Fix Removing spikes by Variance does not appear to be working beyond the first RRA * Fix LDAP API lacks timeout options leading to bad login experiences * Add a normal/wrap class for general use * Limit File Types available for Template Import operations * Fix Cacti does not provide an option of providing a client side certificate for LDAP/AD authentication * Support Stronger Encryption Available Starting in Net-SNMP v5.8 * Allow Cacti to use multiple possible LDAP servers * Add a 15 minute polling/sampling interval * Provide additional admin email notifications * Add warnings for undesired changes to plugin hook return values * When creating a Graph, make testing the Data Sources optional by Template * Update phpseclib to 2.0.33 * Update jstree.js to 3.3.12 * Improve performance of Cacti poller on heavily loaded systems * MariaDB recommendations need some tuning for recent updates Moderate SUSE bug 1192408 SUSE bug 1196692 CVE-2022-0730 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Update to 87.0.4390.25: - CHR-8870 Update chromium on desktop-stable-101-4390 to 101.0.4951.64 - DNA-99209 Enable #easy-files-multiupload on all streams - DNA-99325 Use a preference to set number of recent searches and recently closed in unfiltered dropdown - DNA-99353 Translations for O87 - DNA-99365 Adding title to the first category duplicates categories titles in the dropdown - DNA-99385 Feedback button in filtered dropdown can overlap with other web buttons for highlighted suggestion - DNA-99391 Add bookmarks at the bottom of a bookmarks bar folder - DNA-99491 Suggestion is not immediately removed form recent searches view in dropdown. - DNA-99501 Promote O87 to stable - DNA-99504 “Switch to tab” button is not aligned to the right for some categories in dropdown - The update to chromium 101.0.4951.64 fixes following issues: CVE-2022-1633, CVE-2022-1634, CVE-2022-1635, CVE-2022-1636, CVE-2022-1637, CVE-2022-1638, CVE-2022-1639, CVE-2022-1640, CVE-2022-1641 - Complete Opera 87.0 changelog at: https://blogs.opera.com/desktop/changelog-for-87/ - Update to 86.0.4363.59 - DNA-99021 Crash in sidebar when extension of sidebar item was uninstalled - DNA-99359 Crash at opera:: ContinueShoppingExpiredProductRemoverImpl::RemoveExpiredProducts() - Update to 86.0.4363.50 - DNA-68493 Opera doesn’t close address field drop-down when dragging text from the address field - DNA-99003 Crash at views::Widget::GetNativeView() const - DNA-99133 BrowserSidebarWithProxyAuthTest.PreloadWithWebModalDialog fails - DNA-99230 Switching search engine with shortcut stopped working after DNA-99178 - DNA-99317 Make history match appear on top - Update to 86.0.4363.32 - DNA-98510 Blank icon in sidebar setup - DNA-98525 Unable to drag tab to far right - DNA-98893 Sound indicator is too precise in Google Meet - DNA-98919 Shopping corner internal API access update - DNA-98924 Tab tooltip gets stuck on screen - DNA-98981 Enable easy-files-multiupload on developer stream - DNA-99041 Move Shopping Corner to sidebar entry - DNA-99061 Enable #address-bar-dropdown-categories on all streams - DNA-99062 Create flag to show top sites and recently closed in unfiltered suggestions - DNA-99064 Hard to drag & drop current URL to a specific folder on bookmarks bar when unfiltered dropdown is displayed - DNA-99070 Make scroll button in Continue On scroll multiple items - DNA-99089 Shopping corner tab is not preserved after restart - DNA-99115 Request updating the Avro schema for sidebar event - DNA-99117 Make sure shopping corner is enabled by default - DNA-99178 Left/right not working in address bar dropdown - DNA-99204 Hide Shopping Corner by default Important CVE-2022-1633 CVE-2022-1634 CVE-2022-1635 CVE-2022-1636 CVE-2022-1637 CVE-2022-1638 CVE-2022-1639 CVE-2022-1640 CVE-2022-1641 cpe:/o:opensuse:leap:15.3 Security update for varnish (Important) openSUSE Leap 15.3 This update for varnish fixes the following issues: varnish was updated to release 7.1.0 [boo#1195188] [CVE-2022-23959] * VCL: It is now possible to assign a BLOB value to a BODY variable, in addition to STRING as before. * VMOD: New STRING strftime(TIME time, STRING format) function for UTC formatting. Update to release 6.6.1 * CVE-2021-36740: Fix an HTTP/2.0 request smuggling vulnerability. [boo#1188470] Update to release 6.6.0: * The ban_cutoff parameter now refers to the overall length of the ban list, including completed bans, where before only non-completed (“active”) bans were counted towards ban_cutoff. * Body bytes accounting has been fixed to always represent the number of body bytes moved on the wire, exclusive of protocol-specific overhead like HTTP/1 chunked encoding or HTTP/2 framing. * The connection close reason has been fixed to properly report SC_RESP_CLOSE where previously only SC_REQ_CLOSE was reported. * Unless the new validate_headers feature is disabled, all newly set headers are now validated to contain only characters allowed by RFC7230. * The filter_re, keep_re and get_re functions from the bundled cookie vmod have been changed to take the VCL_REGEX type. This implies that their regular expression arguments now need to be literal, not e.g. string. * The interface for private pointers in VMODs has been changed, the VRT backend interface has been changed, many filter (VDP/VFP) related signatures have been changed, and the stevedore API has been changed. (Details thereto, see online changelog.) Update to release 6.5.1 * Bump the VRT_MAJOR_VERSION number defined in the vrt.h Update to release 6.5.0 * `PRIV_TOP` is now thread-safe to support parallel ESI implementations. * varnishstat's JSON output format (-j option) has been changed. * Behavior for 304-type responses was changed not to update the Content-Encoding response header of the stored object. - Update Git-Web repository link Update to release 6.4.0 * The MAIN.sess_drop counter is gone. * backend 'none' was added for 'no backend'. * The hash algorithm of the hash director was changed, so backend selection will change once only when upgrading. * It is now possible for VMOD authors to customize the connection pooling of a dynamic backend. * For more, see changes.rst. Update to release 6.3.2 * Fix a denial of service vulnerability when using the proxy protocol version 2. Update to release 6.3.0 * The Host: header is folded to lower-case in the builtin_vcl. * Improved performance of shared memory statistics counters. * Synthetic objects created from vcl_backend_error {} now replace existing stale objects as ordinary backend fetches would (for details see changes.rst) Important SUSE bug 1181400 SUSE bug 1188470 SUSE bug 1195188 CVE-2021-36740 CVE-2022-23959 cpe:/o:opensuse:leap:15.3 Security update for libredwg (Important) openSUSE Leap 15.3 This update for libredwg fixes the following issues: Update to release 0.12.5 [boo#1193372] [CVE-2021-28237] * Restricted accepted DXF objects to all stable and unstable classes, minus MATERIAL, ARC_DIMENSION, SUN, PROXY*. I.e. most unstable objects do not allow unknown DXF codes anymore. This fixed most oss-fuzz errors. Important SUSE bug 1193372 CVE-2021-28237 cpe:/o:opensuse:leap:15.3 Security update for seamonkey (Important) openSUSE Leap 15.3 This update for seamonkey fixes the following issues: Update to SeaMonkey 2.53.12 * Format Toolbar forgets its hidden status when switching to other view modes bug 1719020. * Remove obsolete plugin code from SeaMonkey bug 1762733. * Fix a few strict warnings in SeaMonkey bug 1755553. * Remove Run Flash from Site permissions and page info bug 1758289. * Use fixIterator and replace use of removeItemAt in FilterListDialog bug 1756359. * Remove RDF usage in tabmail.js bug 1758282. * Implement 'Edit Template' and 'New Message From Template' commands and UI bug 1759376. * [SM] Implement 'Edit Draft' command and hide it when not in a draft folder (port Thunderbird bug 1106412) bug 1256716. * Messages in Template folder need 'Edit Template' button in header (like for Drafts) bug 80280. * Refactor and simplify the feed Subscribe dialog options updates bug 1420473. * Add system memory and disk size and placeDB page limit to about:support bug 1753729. * Remove warning about missing plugins in SeaMonkey 2.53 and 2.57 bug 1755558. * SeaMonkey 2.53.12 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.12 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.9 and Thunderbird 91.9 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. Important cpe:/o:opensuse:leap:15.3 Security update for htmldoc (Moderate) openSUSE Leap 15.3 This update for htmldoc fixes the following issues: - CVE-2022-27114: Fixed an integer overflow in image_load_jpeg (boo#1199370) Moderate SUSE bug 1199370 CVE-2022-27114 cpe:/o:opensuse:leap:15.3 Security update for watchman (Important) openSUSE Leap 15.3 This update for watchman fixes the following issues: - ship README.suse that explains how to use the template systemd units - add user writable bit for systemd service and socket files - properly handle state directory creation in /run/watchman/$USER-state. The former approach was susceptible to a local privilege escalation using symlinks (CVE-2022-21944, boo#1194470). - Added hardening to systemd service(s) (boo#1181400). Modified: * watchman@.service - removed python2 bindings - enabled python3 bindings as python3-watchman - Changes in 4.8.0: * New command `flush-subscriptions` to synchronize subscriptions associated with the current session. * Enforce socket Unix groups more strongly — Watchman will now refuse to start if it couldn't gain the right group memberships, as can happen for sites that are experiencing intermittent LDAP connectivity problems. * pywatchman now officially supports Python 3. pywatchman will return Unicode strings (possibly with surrogate escapes) by default, but can optionally return bytestrings. Note that on Python 3, pywatchman requires Watchman 4.8 and above. The Python 2 interface and requirements remain unchanged. * Prior to 4.8, methods on the Java WatchmanClient that returned ListenableFutures would swallow exceptions and hang in an unfinished state under situations like socket closure or thread death. This has been fixed, and now ListenableFutures propagate exception conditions immediately. (Note that this is typically unrecoverable, and users should create a new WatchmanClient to re-establish communication with Watchman.) See #412. * The minimum Java version for the Watchman Java client has always been 1.7, but it was incorrectly described to be 1.6. The Java client's build file has been fixed accordingly. * Watchman was converted from C to C++. The conversion exposed several concurrency bugs, all of which have now been fixed. * Subscription queries are now executed in the context of the client thread, which means that subscriptions are dispatched in parallel. Previously, subscriptions would be serially dispatched and block the disk IO thread. * Triggers are now dispatched in parallel and waits are managed in their own threads (one thread per trigger). This improves concurrency and resolves a couple of waitpid related issues where watchman may not reap spawned children in a timely fashion, or may spin on CPU until another child is spawned. * Fixed an object lifecycle management issue that could cause a crash when aging out old/transient files. * Implement an upgraded wire protocol, BSERv2, on the server and in pywatchman. BSERv2 can carry information about string encoding over the wire. This lets pywatchman convert to Unicode strings on Python 3. Clients and servers know how to transparently fall back to BSERv1. - Changes in 4.9.0: * New field: `content.sha1hex`. This field expands to the SHA1 hash of the file contents, expressed in hex digits (40 character hex string). Watchman maintains a cache of the content hashes and can compute the hash on demand and also heuristically as files are changed. This is useful for tooling that wants to perform more intelligent cache invalidation or build artifact fetching from content addressed storage. * Fixed an issue that resulted in the perf logging thread deadlocking when `perf_logger_command` is enabled in the global configuration * Fixed an issue where queries larger than 1MB would likely result in a PDU error response. * Reduced lock contention for subscriptions that do no use the advanced settling (`drop`, `defer`) options. * Fixed `since` generator behavior when using unix timestamps rather than the preferred clock string syntax * Improved the reporting of 'new' files in watchman results * Improved performance of handling changes on case insensitive filesystems * pywatchman: the python wheel format is used for publishing watchman pypi package * pywatchman: now watchman path is configurable in python client * pywatchman: now python client can be used as a context manager Important SUSE bug 1181400 SUSE bug 1194470 CVE-2022-21944 cpe:/o:opensuse:leap:15.3 Security update for stb (Important) openSUSE Leap 15.3 This update for stb fixes the following issues: - CVE-2021-42716: fixed buffer overflow in stb_image PNM loader (boo#1191743) Important SUSE bug 1191743 CVE-2021-42716 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 97.0.4692.99 (boo#1194919): * CVE-2022-0289: Use after free in Safe browsing * CVE-2022-0290: Use after free in Site isolation * CVE-2022-0291: Inappropriate implementation in Storage * CVE-2022-0292: Inappropriate implementation in Fenced Frames * CVE-2022-0293: Use after free in Web packaging * CVE-2022-0294: Inappropriate implementation in Push messaging * CVE-2022-0295: Use after free in Omnibox * CVE-2022-0296: Use after free in Printing * CVE-2022-0297: Use after free in Vulkan * CVE-2022-0298: Use after free in Scheduling * CVE-2022-0300: Use after free in Text Input Method Editor * CVE-2022-0301: Heap buffer overflow in DevTools * CVE-2022-0302: Use after free in Omnibox * CVE-2022-0303: Race in GPU Watchdog * CVE-2022-0304: Use after free in Bookmarks * CVE-2022-0305: Inappropriate implementation in Service Worker API * CVE-2022-0306: Heap buffer overflow in PDFium * CVE-2022-0307: Use after free in Optimization Guide * CVE-2022-0308: Use after free in Data Transfer * CVE-2022-0309: Inappropriate implementation in Autofill * CVE-2022-0310: Heap buffer overflow in Task Manager * CVE-2022-0311: Heap buffer overflow in Task Manager Important SUSE bug 1194919 CVE-2022-0289 CVE-2022-0290 CVE-2022-0291 CVE-2022-0292 CVE-2022-0293 CVE-2022-0294 CVE-2022-0295 CVE-2022-0296 CVE-2022-0297 CVE-2022-0298 CVE-2022-0300 CVE-2022-0301 CVE-2022-0302 CVE-2022-0303 CVE-2022-0304 CVE-2022-0305 CVE-2022-0306 CVE-2022-0307 CVE-2022-0308 CVE-2022-0309 CVE-2022-0310 CVE-2022-0311 cpe:/o:opensuse:leap:15.3 Security update for virtualbox (Important) openSUSE Leap 15.3 This update for virtualbox fixes the following issues: - CVE-2022-21394: Fixed vulnerability where low privileged attacker could compromise Oracle VM VirtualBox. (boo#1194924) Important SUSE bug 1194065 SUSE bug 1194126 SUSE bug 1194128 SUSE bug 1194924 CVE-2022-21394 cpe:/o:opensuse:leap:15.3 Security update for lighttpd (Important) openSUSE Leap 15.3 This update for lighttpd fixes the following issues: lighttpd was updated to 1.4.64: * CVE-2022-22707: off-by-one stack overflow in the mod_extforward plugin (boo#1194376) * graceful restart/shutdown timeout changed from 0 (disabled) to 8 seconds. configure an alternative with: server.feature-flags += (“server.graceful-shutdown-timeout” => 8) * deprecated modules (previously announced) have been removed: mod_authn_mysql, mod_mysql_vhost, mod_cml, mod_flv_streaming, mod_geoip, mod_trigger_b4_dl update to 1.4.63: * import xxHash v0.8.1 * fix reqpool mem corruption in 1.4.62 includes changes in 1.4.62: * [mod_alias] fix use-after-free bug * many developer visible bug fixes update to 1.4.61: * mod_dirlisting: sort '../' to top * fix HTTP/2 upload > 64k w/ max-request-size * code level and developer visible bug fixes update to 1.4.60: * HTTP/2 smoother and lower memory use (in general) * HTTP/2 tuning to better handle aggressive client initial requests * reduce memory footprint; workaround poor glibc behavior; jemalloc is better * mod_magnet lua performance improvements * mod_dirlisting performance improvements and new caching option * memory constraints for extreme edge cases in mod_dirlisting, mod_ssi, mod_webdav * connect(), write(), read() time limits on backends (separate from client timeouts) * lighttpd restarts if large discontinuity in time occurs (embedded systems) * RFC7233 Range support for all non-streaming responses, not only static files * connect() to backend now has default 8 second timeout (configurable) - Added hardening to systemd service(s) (boo#1181400). update to 1.4.59: * HTTP/2 enabled by default * mod_deflate zstd suppport * new mod_ajp13 Update to 1.4.58: * [mod_wolfssl] use wolfSSL TLS version defines * [mod_wolfssl] compile with earlier wolfSSL vers * [core] prefer IPv6+IPv4 func vs IPv4-specific func * [core] reuse large mem chunks (fix mem usage) (fixes #3033) * [core] add comment for FastCGI mem use in hctx->rb (#3033) * [mod_proxy] fix sending of initial reqbody chunked * [multiple] fdevent_waitpid() wrapper * [core] sys-time.h - localtime_r,gmtime_r macros * [core] http_date.[ch] encapsulate HTTP-date parse * [core] specialized strptime() for HTTP date fmts * [multiple] employ http_date.h, sys-time.h * [core] http_date_timegm() (portable timegm()) * buffer_append_path_len() to join paths * [core] inet_ntop_cache -> sock_addr_cache * [multiple] etag.[ch] -> http_etag.[ch]; better imp * [core] fix crash after specific err in config file * [core] fix bug in FastCGI uploads (#3033) * [core] http_response_match_if_range() * [mod_webdav] typedef off_t loff_t for FreeBSD * [multiple] chunkqueue_write_chunk() * [build] add GNUMAKEFLAGS=--no-print-directory * [core] fix bug in read retry found by coverity * [core] attempt to quiet some coverity warnings * [mod_webdav] compile fix for Mac OSX/11 * [core] handle U+00A0 in config parser * [core] fix lighttpd -1 one-shot with pipes * [core] quiet start/shutdown trace in one-shot mode * [core] allow keep-alives in one-shot mode (#3042) * [mod_webdav] define _ATFILE_SOURCE if AT_FDCWD * [core] setsockopt IPV6_V6ONLY if server.v4mapped * [core] prefer inet_aton() over inet_addr() * [core] add missing mod_wolfssl to ssl compat list * [mod_openssl] remove ancient preprocessor logic * [core] SHA512_Init, SHA512_Update, SHA512_Final * [mod_wolfssl] add complex preproc logic for SNI * [core] wrap a macro value with parens * [core] fix handling chunked response from backend (fixes #3044) * [core] always set file.fd = -1 on FILE_CHUNK reset (fixes #3044) * [core] skip some trace if backend Upgrade (#3044) * [TLS] cert-staple.sh POSIX sh compat (fixes #3043) * [core] portability fix if st_mtime not defined * [mod_nss] portability fix * [core] warn if mod_authn_file needed in conf * [core] fix chunked decoding from backend (fixes #3044) * [core] reject excess data after chunked encoding (#3046) * [core] track chunked encoding state from backend (fixes #3046) * [core] li_restricted_strtoint64() * [core] track Content-Length from backend (fixes #3046) * [core] enhance config parsing debugging (#3047) * [core] reorder srv->config_context to match ndx (fixes #3047) * [mod_proxy] proxy.header = ('force-http10' => ...) * [mod_authn_ldap] fix crash (fixes #3048) * [mod_authn_ldap, mod_vhostdb_ldap] default cafile * [core] fix array_copy_array() sorted[] * [multiple] replace fall through comment with attr * [core] fix crash printing trace if backend is down * [core] fix decoding chunked from backend (fixes #3049) * [core] attempt to quiet some coverity warnings * [core] perf: request processing * [core] http_header_str_contains_token() * [mod_flv_streaming] parse query string w/o copying * [mod_evhost] use local array to split values * [core] remove srv->split_vals * [core] add User-Agent to http_header_e enum * [core] store struct server * in struct connection * [core] use func rc to indicate done reading header * [core] replace connection_set_state w/ assignment * [core] do not pass srv to http header parsing func * [core] cold buffer_string_prepare_append_resize() * [core] chunkqueue_compact_mem() * [core] connection_chunkqueue_compact() * [core] pass con around request, not srv and con * [core] reduce use of struct parse_header_state * [core] perf: HTTP header parsing using \n offsets * [core] no need to pass srv to connection_set_state * [core] perf: connection_read_header_more() * [core] perf: connection_read_header_hoff() hot * [core] inline connection_read_header() * [core] pass ptr to http_request_parse() * [core] more 'const' in request.c prototypes * [core] handle common case of alnum or - field-name * [mod_extforward] simplify code: use light_isxdigit * [core] perf: array.c performance enhancements * [core] mark some data_* funcs cold * [core] http_header.c internal inline funcs * [core] remove unused array_reset() * [core] prefer uint32_t to size_t in base.h * [core] uint32_t for struct buffer sizes * [core] remove unused members of struct server * [core] short-circuit path to clear request.headers * [core] array keys are non-empty in key-value list * [core] keep a->data[] sorted; remove a->sorted[] * [core] __attribute_returns_nonnull__ * [core] differentiate array_get_* for ro and rw * [core] (const buffer *) in (struct burl_parts_t) * [core] (const buffer *) for con->server_name * [core] perf: initialize con->conf using memcpy() * [core] run config_setup_connection() fewer times * [core] isolate data_config.c, vector.c * [core] treat con->conditional_is_valid as bitfield * [core] http_header_hkey_get() over const array * [core] inline buffer as part of DATA_UNSET key * [core] inline buffer key for *_patch_connection() * [core] (data_unset *) from array_get_element_klen * [core] inline buffer as part of data_string value * [core] add const to callers of http_header_*_get() * [core] inline array as part of data_array value * [core] const char *op in data_config * [core] buffer string in data_config * [core] streamline config_check_cond() * [core] keep a->data[] sorted (REVERT) * [core] array a->sorted[] as ptrs rather than pos * [core] inline header and env arrays into con * [mod_accesslog] avoid alloc for parsing cookie val * [core] simpler config_check_cond() * [mod_redirect,mod_rewrite] store context_ndx * [core] const char *name in struct plugin * [core] srv->plugin_slots as compact list * [core] rearrange server_config, server members * [core] macros CONST_LEN_STR and CONST_STR_LEN * [core] struct plugin_data_base * [core] improve condition caching perf * [core] config_plugin_values_init() new interface * [mod_access] use config_plugin_values_init() * [core] (const buffer *) from strftime_cache_get() * [core] mv config_setup_connection to connections.c * [core] use (const char *) in config file parsing * [mod_staticfile] use config_plugin_values_init() * [mod_skeleton] use config_plugin_values_init() * [mod_setenv] use config_plugin_values_init() * [mod_alias] use config_plugin_values_init() * [mod_indexfile] use config_plugin_values_init() * [mod_expire] use config_plugin_values_init() * [mod_flv_streaming] use config_plugin_values_init() * [mod_magnet] use config_plugin_values_init() * [mod_usertrack] use config_plugin_values_init() * [mod_userdir] split policy from userdir path build * [mod_userdir] use config_plugin_values_init() * [mod_ssi] use config_plugin_values_init() * [mod_uploadprogress] use config_plugin_values_init() * [mod_status] use config_plugin_values_init() * [mod_cml] use config_plugin_values_init() * [mod_secdownload] use config_plugin_values_init() * [mod_geoip] use config_plugin_values_init() * [mod_evasive] use config_plugin_values_init() * [mod_trigger_b4_dl] use config_plugin_values_init() * [mod_accesslog] use config_plugin_values_init() * [mod_simple_vhost] use config_plugin_values_init() * [mod_evhost] use config_plugin_values_init() * [mod_vhostdb*] use config_plugin_values_init() * [mod_mysql_vhost] use config_plugin_values_init() * [mod_maxminddb] use config_plugin_values_init() * [mod_auth*] use config_plugin_values_init() * [mod_deflate] use config_plugin_values_init() * [mod_compress] use config_plugin_values_init() * [core] add xsendfile* check if xdocroot is NULL * [mod_cgi] use config_plugin_values_init() * [mod_dirlisting] use config_plugin_values_init() * [mod_extforward] use config_plugin_values_init() * [mod_webdav] use config_plugin_values_init() * [core] store addtl data in pcre_keyvalue_buffer * [mod_redirect] use config_plugin_values_init() * [mod_rewrite] use config_plugin_values_init() * [mod_rrdtool] use config_plugin_values_init() * [multiple] gw_backends config_plugin_values_init() * [core] config_get_config_cond_info() * [mod_openssl] use config_plugin_values_init() * [core] use config_plugin_values_init() * [core] collect more config logic into configfile.c * [core] config_plugin_values_init_block() * [core] gw_backend config_plugin_values_init_block * [core] remove old config_insert_values_*() funcs * [multiple] plugin.c handles common FREE_FUNC code * [core] run all trigger and sighup handlers * [mod_wstunnel] change DEBUG_LOG to use log_error() * [core] stat_cache_path_contains_symlink use errh * [core] isolate use of data_config, configfile.h * [core] split cond cache from cond matches * [mod_auth] inline arrays in http_auth_require_t * [core] array_init() arg for initial size * [core] gw_exts_clear_check_local() * [core] gw_backend less pointer chasing * [core] connection_handle_errdoc() separate func * [multiple] prefer (connection *) to (srv *) * [core] create http chunk header on the stack * [multiple] connection hooks no longer get (srv *) * [multiple] plugin_stats array * [core] read up-to fixed size chunk before fionread * [core] default chunk size 8k (was 4k) * [core] pass con around gw_backend instead of srv * [core] log_error_multiline_buffer() * [multiple] reduce direct use of srv->cur_ts * [multiple] extern log_epoch_secs * [multiple] reduce direct use of srv->errh * [multiple] stat_cache singleton * [mod_expire] parse config into structured data * [multiple] generic config array type checking * [multiple] rename r to rc rv rd wr to be different * [core] (minor) config_plugin_keys_t data packing * [core] inline buffer in log_error_st errh * [multiple] store srv->tmp_buf in tb var * [multiple] quiet clang compiler warnings * [core] http_status_set_error_close() * [core] http_request_host_policy w/ http_parseopts * [multiple] con->proto_default_port * [core] store log filename in (log_error_st *) * [core] separate log_error_open* funcs * [core] fdevent uses uint32_t instead of size_t * [mod_webdav] large buffer reuse * [mod_accesslog] flush file log buffer at 8k size * [core] include settings.h where used * [core] static buffers for mtime_cache * [core] convenience macros to check req methods * [core] support multiple error logs * [multiple] omit passing srv to fdevent_handler * [core] remove unused arg to fdevent_fcntl_set_nb* * [core] slightly simpify server_(over)load_check() * [core] isolate fdevent subsystem * [core] isolate stat_cache subsystem * [core] remove include base.h where unused * [core] restart dead piped loggers every 64 sec * [mod_webdav] use copy_file_range() if available * [core] perf: buffer copy and append * [core] copy some srv->srvconf into con->conf * [core] move keep_alive flag into request_st * [core] pass scheme port to http_request_parse() * [core] pass http_parseopts around request.c * [core] rename specific_config to request_config * [core] move request_st,request_config to request.h * [core] pass (request_st *) to request.c funcs * [core] remove unused request_st member 'request' * [core] rename content_length to reqbody_length * [core] t/test_request.c using (request_st *) * [core] (const connection *) in http_header_*_get() * [mod_accesslog] log_access_record() fmt log record * [core] move request start ts into (request_st *) * [core] move addtl request-specific struct members * [core] move addtl request-specific struct members * [core] move plugin_ctx into (request_st *) * [core] move addtl request-specific struct members * [core] move request state into (request_st *) * [core] store (plugin *) in p->data * [core] store subrequest_handler instead of mode * [multiple] copy small struct instead of memcpy() * [multiple] split con, request (very large change) * [core] r->uri.path always set, though might be '' * [core] C99 restrict on some base funcs * [core] dispatch handler in handle_request func * [core] http_request_parse_target() * [mod_magnet] modify r->target with 'uri.path-raw' * [core] remove r->uri.path_raw; generate as needed * [core] http_response_comeback() * [core] http_response_config() * [tests] use buffer_eq_slen() for str comparison * [core] http_status_append() short-circuit 200 OK * [core] mark some chunk.c funcs as pure * [core] use uint32_t in http_header.[ch] * [core] perf: tighten some code in some hot paths * [core] parse header label before end of line * [mod_auth] 'nonce_secret' option to validate nonce (fixes #2976) * [build] fix build on MacOS X Tiger * [doc] lighttpd.conf: lighttpd choose event-handler * [config] blank server.tag if whitespace-only * [mod_proxy] stream request using HTTP/1.1 chunked (fixes #3006) * [multiple] correct misspellings in comments * [multiple] fix some cc warnings in 32-bit, powerpc * [tests] fix skip count in mod-fastcgi w/o php-cgi * [multiple] ./configure --with-nettle to use Nettle * [core] skip excess close() when FD_CLOEXEC defined * [mod_cgi] remove redundant calls to set FD_CLOEXEC * [core] return EINVAL if stat_cache_get_entry w/o / * [mod_webdav] define PATH_MAX if not defined * [mod_accesslog] process backslash-escapes in fmt * [mod_openssl] disable cert vrfy if ALPN acme-tls/1 * [core] add seed before openssl RAND_pseudo_bytes() * [mod_mbedtls] mbedTLS option for TLS * [core] prefer getxattr() instead of get_attr() * [multiple] use *(unsigned char *) with ctypes * [mod_openssl] do not log ECONNRESET unless debug * [mod_openssl] SSL_R_UNEXPECTED_EOF_WHILE_READING * [mod_gnutls] GnuTLS option for TLS (fixes #109) * [mod_openssl] rotate session ticket encryption key * [mod_openssl] set cert from callback in 1.0.2+ (fixes #2842) * [mod_openssl] set chains from callback in 1.0.2+ (#2842) * [core] RFC-strict parse of Content-Length * [build] point ./configure --help to support forum * [core] stricter parse of numerical digits * [multiple] add summaries to top of some modules * [core] sys-crypto-md.h w/ inline message digest fn * [mod_openssl] enable read-ahead, if set, after SNI * [mod_openssl] issue warning for deprecated options * [mod_openssl] use SSL_OP_NO_RENEGOTIATION if avail * [mod_openssl] use openssl feature define for ALPN * [mod_openssl] update default DH params * [core] SecureZeroMemory() on _WIN32 * [core] safe memset calls memset() through volatile * [doc] update comments in doc/config/modules.conf * [core] more precise check for request stream flags * [mod_openssl] rotate session ticket encryption key * [mod_openssl] ssl.stek-file to specify encrypt key * [mod_mbedtls] ssl.stek-file to specify encrypt key * [mod_gnutls] ssl.stek-file to specify encrypt key * [mod_openssl] disable session cache; prefer ticket * [mod_openssl] compat with LibreSSL * [mod_openssl] compat with WolfSSL * [mod_openssl] set SSL_OP_PRIORITIZE_CHACHA * [mod_openssl] move SSL_CTX curve conf to new func * [mod_openssl] basic SSL_CONF_cmd for alt TLS libs * [mod_openssl] OCSP stapling (fixes #2469) * [TLS] cert-staple.sh - refresh OCSP responses (#2469) * [mod_openssl] compat with BoringSSL * [mod_gnutls] option to override GnuTLS priority * [mod_gnutls] OCSP stapling (#2469) * [mod_extforward] config warning for module order * [mod_webdav] store webdav.opts as bitflags * [mod_webdav] limit webdav_propfind_dir() recursion * [mod_webdav] unsafe-propfind-follow-symlink option * [mod_webdav] webdav.opts 'propfind-depth-infinity' * [mod_openssl] detect certs marked OCSP Must-Staple * [mod_gnutls] detect certs marked OCSP Must-Staple * [mod_openssl] default to set MinProtocol TLSv1.2 * [mod_nss] NSS option for TLS (fixes #1218) * [core] fdevent_load_file() shared code * [mod_openssl,mbedtls,gnutls,nss] fdevent_load_file * [core] error if s->socket_perms chmod() fails * [mod_openssl] prefer some WolfSSL native APIs * quiet clang analyzer scan-build warnings * [core] uint32_t is plenty large for path names * [mod_mysql_vhost] deprecated; use mod_vhostdb_mysql * [core] splaytree_djbhash() in splaytree.h (reuse) * [cmake] update deps for src/t/test_* * [cmake] update deps for src/t/test_* * [build] remove tests/mod-userdir.t from builds * [build] fix typo in src/Makefile.am EXTRA_DIST * [core] remove unused mbedtls_enabled flag * [core] store fd in srv->stdin_fd during setup * [multiple] address coverity warnings * [mod_webdav] fix theoretical NULL dereference * [mod_webdav] update rc for PROPFIND allprop * [mod_webdav] build fix: ifdef live_properties * [multiple] address coverity warnings * [meson] fix libmariadb dependency * [meson] add missing libmaxminddb section * [mod_auth,mod_vhostdb] add caching option (fixes #2805) * [mod_authn_ldap,mod_vhostdb_ldap] add timeout opt (#2805) * [mod_auth] accept 'nonce-secret' & 'nonce_secret' * [mod_openssl] fix build warnings on MacOS X * [core] Nettle assert()s if buffer len > digest sz * [mod_authn_dbi] authn backend employing DBI * [mod_authn_mysql,file] use crypt() to save stack * [mod_vhostdb_dbi] allow strings and ints in config * add ci-build.sh * move ci-build.sh to scripts * [build] build fixes for AIX * [mod_deflate] Brotli support * [build] bzip2 default to not-enabled in build * [mod_deflate] fix typo in config option * [mod_deflate] propagate errs from internal funcs * [mod_deflate] deflate.cache-dir compressed cache * [mod_deflate] mod_deflate subsumes mod_compress * [doc] mod_compress -> mod_deflate * [tests] mod_compress -> mod_deflate * [mod_compress] remove mod_compress * [build] add --with-brotli to CI build * [core] server.feature-flags extensible config * [core] con layer plugin_ctx separate from request * [multiple] con hooks store ctx in con->plugin_ctx * [core] separate funcs to reset (request_st *) * [multiple] rename connection_reset hook to request * [mod_nss] func renames for consistency * [core] detect and reject TLS connect to cleartext * [mod_deflate] quicker check for Content-Encoding * [mod_openssl] read secret data w/ BIO_new_mem_buf * [core] decode Transfer-Encoding: chunked from gw * [mod_fastcgi] decode Transfer-Encoding: chunked * [core] stricter parsing of POST chunked block hdr * [mod_proxy] send HTTP/1.1 requests to backends * [tests] test_base64.c clear buf vs reset * [core] http_header_remove_token() * [mod_webdav] fix inadvertent string truncation * [core] add some missing standard includes * [mod_extforward] attempt to quiet Coverity warning * [mod_authn_dbi,mod_authn_mysql] fix coverity issue * scons: fix check environment * Add avahi service file under doc/avahi/ * [mod_webdav] fix fallback if linkat() fails * [mod_proxy] do not forward Expect: 100-continue * [core] chunkqueue_compact_mem() must upd cq->last * [core] dlsym for FAMNoExists() for compat w/ fam * [core] disperse settings.h to appropriate headers * [core] inline buffer_reset() * [mod_extforward] save proto per connection * [mod_extforward] skip after HANDLER_COMEBACK * [core] server.feature-flags to enable h2 * [core] HTTP_VERSION_2 * [multiple] allow TLS ALPN 'h2' if 'server.h2proto' * [mod_extforward] preserve changed addr for h2 con * [core] do not send Connection: close if h2 * [core] lowercase response hdr field names for h2 * [core] recognize status: 421 Misdirected Request * [core] parse h2 pseudo-headers * [core] request_headers_process() * [core] connection_state_machine_loop() * [core] reset connection counters per connection * [mod_accesslog,mod_rrdtool] HTTP/2 basic accounting * [core] connection_set_fdevent_interest() * [core] HTTP2-Settings * [core] adjust http_request_headers_process() * [core] http_header_parse_hoff() * [core] move http_request_headers_process() * [core] reqpool.[ch] for (request_st *) * [multiple] modules read reqbody via fn ptr * [multiple] isolate more con code in connections.c * [core] isolate more resp code in response.c * [core] h2.[ch] with stub funcs (incomplete) * [core] alternate between two joblists * [core] connection transition to HTTP/2; incomplete * [core] mark some error paths with attribute cold * [core] discard 100 102 103 responses from backend * [core] skip write throttle for 100 Continue * [core] adjust (disabled) debug code * [core] update comment * [core] link in ls-hpack (EXPERIMENTAL) * [core] HTTP/2 HPACK using LiteSpeed ls-hpack * [core] h2_send_headers() specialized for resp hdrs * [core] http_request_parse_header() specialized * [core] comment possible future ls-hpack optimize * [mod_status] separate funcs to print request table * [mod_status] adjust to print HTTP/2 requests * [core] redirect to dir using relative-path * [core] ignore empty field-name from backends * [mod_auth] fix crash if auth.require misconfigured (fixes #3023) * [core] fix 1-char trunc of default server.tag * [core] request_acquire(), request_release() * [core] keep pool of (request_st *) for HTTP/2 * [mod_status] dedicated funcs for r->state labels * [core] move connections_get_state to connections.c * [core] fix crash on master after graceful restart * [core] defer optimization to read small files * [core] do not require '\0' term for k,v hdr parse * [scripts] cert-staple.sh enhancements * [core] document algorithm used in lighttpd etag * [core] ls-hpack optimizations * [core] fix crash on master if blank line request * [core] use djbhash in gw_backend to choose host * [core] rename md5.[ch] to algo_md5.[ch] * [core] move djbhash(), dekhash() to algo_md.h * [core] rename splaytree.[ch] to algo_splaytree.[ch] * [core] import xxHash v0.8.0 * [build] modify build, includes for xxHash v0.8.0 * [build] remove ls-hpack/deps * [core] xxhash no inline hints; let compiler choose * [mod_dirlisting] fix config parsing crash * [mod_openssl] clarify trace w/ deprecated options * [doc] refresh doc/config/*/* * [core] code size: disable XXH64(), XXH3() * [doc] update README and INSTALL * [core] combine Cookie request headers with ';' * [core] log stream id with debug.log-state-handling * [core] set r->state in h2.c * [mod_ssi] update chunk after shell output redirect * [mod_webdav] preserve bytes_out when chunks merged * [multiple] inline chunkqueue_length() * [core] cold h2_log_response_header*() funcs * [core] update HTTP status codes list from IANA * [mod_wolfssl] standalone module * [core] Content-Length in http_response_send_file() * [core] adjust response header prep for common case * [core] light_isupper(), light_islower() * [core] tst,set,clr macros for r->{rqst,resp}_htags * [core] separate http_header_e from _htags bitmask * [core] http_header_hkey_get_lc() for HTTP/2 * [core] array.[ch] using uint32_t instead of size_t * [core] extend (data_string *) to store header id * [multiple] extend enum http_header_e list * [core] http_header_e <=> lshpack_static_hdr_idx * [core] skip ls-hpack decode work unused by lighttpd * [TLS] error if inherit empty TLS cfg from globals * [core] connection_check_expect_100() * [core] support multiple 1xx responses from backend * [core] reload c after chunkqueue_compact_mem() * [core] relay 1xx from backend over HTTP/2 * [core] relay 1xx from backend over HTTP/1.1 * [core] chunkqueue_{peek,read}_data(), squash * [multiple] TLS modules use chunkqueue_peek_data() * [mod_magnet] magnet.attract-response-start-to * [multiple] code reuse chunkqueue_peek_data() * [core] reuse r->start_hp.tv_sec for r->start_ts * [core] config_plugin_value_tobool() accept '0','1' * [core] graceful and immediate restart option * [mod_ssi] init status var before waitpid() * [core] graceful shutdown timeout option * [core] lighttpd -1 supports pipes (e.g. netcat) * [core] perf adjustments to avoid load miss * [multiple] use sock_addr_get_family in more places * [multiple] inline chunkqueue where always alloc'd * [core] propagate state after writing * [core] server_run_con_queue() * [core] defer handling FDEVENT_HUP and FDEVENT_ERR * [core] handle unexpected EOF reading FILE_CHUNK * [core] short-circuit connection_write_throttle() * [core] walk queue in connection_write_chunkqueue() * [core] connection_joblist global * [core] be more precise checking streaming flags * [core] fdevent_load_file_bytes() * [TLS] use fdevent_load_file_bytes() for STEK file * [core] allow symlinks under /dev for rand devices * [multiple] use light_btst() for hdr existence chk * [mod_deflate] fix potential NULL deref in err case * [core] save errno around close() if fstat() fails * [mod_ssi] use stat_cache_open_rdonly_fstat() * [core] fdevent_dup_cloexec() * [core] dup FILE_CHUNK fd when splitting FILE_CHUNK * [core] stat_cache_path_isdir() * [multiple] use stat_cache_path_isdir() * [mod_mbedtls] quiet CLOSE_NOTIFY after conn reset * [mod_gnutls] quiet CLOSE_NOTIFY after conn reset * [core] limit num ranges in Range requests * [core] remove unused r->content_length * [core] http_response_parse_range() const file sz * [core] pass open fd to http_response_parse_range * [core] stat_cache_get_entry_open() * [core,mod_deflate] leverage cache of open fd * [doc] comment out config disabling Range for .pdf * [core] coalesce nearby ranges in Range requests * [mod_fastcgi] decode chunked is cold code path * [core] fix chunkqueue_compact_mem w/ partial chunk * [core] alloc optim reading file, sending chunked * [core] reuse chunkqueue_compact_mem*() * [mod_cgi] use splice() to send input to CGI * [multiple] ignore openssl 3.0.0 deprecation warns * [mod_openssl] migrate ticket cb to openssl 3.0.0 * [mod_openssl] construct OSSL_PARAM on stack * [mod_openssl] merge ssl_tlsext_ticket_key_cb impls * [multiple] openssl 3.0.0 digest interface migrate * [tests] detect multiple SSL/TLS/crypto providers * [core] sys-crypto-md.h consistent interfaces * [wolfssl] wolfSSL_CTX_set_mode differs from others * [multiple] use NSS crypto if no other crypto avail * [multiple] stat_cache_path_stat() for struct st * [TLS] ignore empty 'CipherString' in ssl-conf-cmd * [multiple] remove chunk file.start member * [core] modify use of getrlimit() to not be fatal * [mod_webdav] add missing update to cq accounting * [mod_webdav] update defaults after worker_init * [mod_openssl] use newer openssl 3.0.0 func * [core] config_plugin_value_to_int32() * [core] minimize pause during graceful restart * [mod_deflate] use large mmap chunks to compress * [core] stat_cache_entry reference counting * [core] FILE_CHUNK can hold stat_cache_entry ref * [core] http_chunk_append_file_ref_range() * [multiple] use http_chunk_append_file_ref() * [core] always lseek() with shared fd * [core] silence coverity warnings (false positives) * [core] silence coverity warnings in ls-hpack * [core] silence coverity warnings (another try) * [core] fix fd sharing when splitting file chunk * [mod_mbedtls] quiet unused variable warning * [core] use inline funcs in sys-crypto-md.h * [core] add missing declaration for NSS rand * [core] init NSS lib for basic crypto algorithms * [doc] change mod_compress refs to mod_deflate * [doc] replace bzip2 refs with brotli * [build] remove svnversion from versionstamp rule * [doc] /var/run -> /run * [multiple] test for nss includes * [mod_nss] more nss includes fixes * [mod_webdav] define _NETBSD_SOURCE on NetBSD * [core] silence coverity warnings (another try) * [mod_mbedtls] newer mbedTLS vers support TLSv1.3 * [mod_accesslog] update defaults after cycling log * [multiple] add some missing config cleanup * [core] fix (startup) mem leaks in configparser.y * [core] STAILQ_* -> SIMPLEQ_* on OpenBSD * [mod_wolfssl] use more wolfssl/options.h defines * [mod_wolfssl] cripple SNI if not built OPENSSL_ALL * [mod_wolfssl] need to build --enable-alpn for ALPN * [mod_secdownload] fix compile w/ NSS on FreeBSD * [mod_mbedtls] wrap addtl code in preproc defines * [TLS] server.feature-flags 'ssl.session-cache' * [core] workaround fragile code in wolfssl types.h * [core] move misplaced error trace to match option * [core] adjust wolfssl workaround for another case * [multiple] consistent order for crypto lib select * [multiple] include mbedtls/config.h after select * [multiple] include wolfssl/options.h after select * [core] set NSS_VER_INCLUDE after crypto lib select * [core] use system xxhash lib if available * [doc] refresh doc/config/conf.d/mime.conf * [meson] add matching -I for lua lib version * [build] prepend search for lua version 5.4 * [core] use inotify in stat_cache.[ch] on Linux * [build] detect inotify header <sys/inotify.h> * [mod_nss] update session ticket NSS devel comment * [core] set last_used on rd/wr from backend (fixes #3029) * [core] cold func for gw_recv_response error case * [core] use kqueue() instead of FAM/gamin on *BSD * [core] no graceful-restart-bg on OpenBSD, NetBSD * [mod_openssl] add LIBRESSL_VERSION_NUMBER checks * [core] use struct kevent on stack in stat_cache * [core] stat_cache preprocessor paranoia * [mod_openssl] adjust LIBRESSL_VERSION_NUMBER check * [mod_maxminddb] fix config validation typo * [tests] allow LIGHTTPD_EXE_PATH override * [multiple] handle NULL val as empty in *_env_add (fixes #3030) * [core] accept 'HTTP/2.0', 'HTTP/3.0' from backends (fixes #3031) * [build] check for xxhash in more ways * [core] accept 'HTTP/2.0', 'HTTP/3.0' from backends (#3031) * [core] http_response_buffer_append_authority() * [core] define SHA*_DIGEST_LENGTH macros if missing * [doc] update optional pkg dependencies in INSTALL * [mod_alias] validate given order, not sorted order * [core] filter out duplicate modules * [mod_cgi] fix crash if initial write to CGI fails * [mod_cgi] ensure tmp file open() before splice() * [multiple] add back-pressure gw data pump (fixes #3033) * [core] fix bug when HTTP/2 frames span chunks * [multiple] more forgiving config str to boolean (fixes #3036) * [core] check for __builtin_expect() availability * [core] quiet more request parse errs unless debug * [core] consolidate chunk size checks * [mod_flv_streaming] use stat_cache_get_entry_open * [mod_webdav] pass full path to webdav_unlinkat() * [mod_webdav] fallbacks if _ATFILE_SOURCE not avail * [mod_fastcgi] move src/fastcgi.h into src/compat/ * [mod_status] add additional HTML-encoding * [core] server.v4mapped option * [mod_webdav] workaround for gvfs dir redir bug - Remove SuSEfirewall2 service files, SuSEfirewall2 does not exist anymore - Changed /etc/logrotate.d/lighttpd from init.d to systemd fix boo#1146452. Important SUSE bug 1146452 SUSE bug 1181400 SUSE bug 1194376 CVE-2022-22707 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 98.0.4758.80 (boo#1195420) * CVE-2022-0452: Use after free in Safe Browsing * CVE-2022-0453: Use after free in Reader Mode * CVE-2022-0454: Heap buffer overflow in ANGLE * CVE-2022-0455: Inappropriate implementation in Full Screen Mode * CVE-2022-0456: Use after free in Web Search * CVE-2022-0457: Type Confusion in V8 * CVE-2022-0459: Use after free in Screen Capture * CVE-2022-0460: Use after free in Window Dialog * CVE-2022-0461: Policy bypass in COOP * CVE-2022-0462: Inappropriate implementation in Scroll * CVE-2022-0463: Use after free in Accessibility * CVE-2022-0464: Use after free in Accessibility * CVE-2022-0465: Use after free in Extensions * CVE-2022-0466: Inappropriate implementation in Extensions Platform * CVE-2022-0467: Inappropriate implementation in Pointer Lock * CVE-2022-0468: Use after free in Payments * CVE-2022-0469: Use after free in Cast * CVE-2022-0470: Out of bounds memory access in V8 * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1195420 CVE-2022-0452 CVE-2022-0453 CVE-2022-0454 CVE-2022-0455 CVE-2022-0456 CVE-2022-0457 CVE-2022-0459 CVE-2022-0460 CVE-2022-0461 CVE-2022-0462 CVE-2022-0463 CVE-2022-0464 CVE-2022-0465 CVE-2022-0466 CVE-2022-0467 CVE-2022-0468 CVE-2022-0469 CVE-2022-0470 cpe:/o:opensuse:leap:15.3 Security update for zabbix (Moderate) openSUSE Leap 15.3 This update for zabbix fixes the following issues: - Updated to latest realease 4.0.37. Security issues fixed: - CVE-2022-23134: Fixed possible view of the setup pages by unauthenticated users if config file already exists (boo#1194681). - CVE-2021-27927: Fixed CSRF protection mechanism inside CControllerAuthenticationUpdate controller (boo#1183014). - CVE-2020-15803: Fixed stored XSS in the URL Widget (boo#1174253). Bugfixes: - boo#1181400: Added hardening to systemd service(s) - boo#1144018: Restructured for easier maintenance because FATE#324346 Moderate SUSE bug 1144018 SUSE bug 1174253 SUSE bug 1181400 SUSE bug 1183014 SUSE bug 1194681 CVE-2020-15803 CVE-2021-27927 CVE-2022-23134 cpe:/o:opensuse:leap:15.3 Security update for firejail (Important) openSUSE Leap 15.3 This update for firejail fixes the following issues: - Update Leap 15.3 package to 0.9.68 (boo#1195880) update to firejail 0.9.68: - security: on Ubuntu, the PPA is now recommended over the distro package - (see README.md) (#4748) - security: bugfix: private-cwd leaks access to the entire filesystem - (#4780); reported by Hugo Osvaldo Barrera - feature: remove (some) environment variables with auth-tokens (#4157) - feature: ALLOW_TRAY condition (#4510 #4599) - feature: add basic Firejail support to AppArmor base abstraction (#3226 - #4628) - feature: intrusion detection system (--ids-init, --ids-check) - feature: deterministic shutdown command (--deterministic-exit-code, - --deterministic-shutdown) (#928 #3042 #4635) - feature: noprinters command (#4607 #4827) - feature: network monitor (--nettrace) - feature: network locker (--netlock) (#4848) - feature: whitelist-ro profile command (#4740) - feature: disable pipewire with --nosound (#4855) - feature: Unset TMP if it doesn't exist inside of sandbox (#4151) - feature: Allow apostrophe in whitelist and blacklist (#4614) - feature: AppImage support in --build command (#4878) - modifs: exit code: distinguish fatal signals by adding 128 (#4533) - modifs: firecfg.config is now installed to /etc/firejail/ (#408 #4669) - modifs: close file descriptors greater than 2 (--keep-fd) (#4845) - modifs: nogroups now stopped causing certain system groups to be dropped, - which are now controlled by the relevant 'no' options instead (such as - nosound -> drop audio group), which fixes device access issues on systems - not using (e)logind (such as with seatd) (#4632 #4725 #4732 #4851) - removal: --disable-whitelist at compile time - removal: whitelist=yes/no in /etc/firejail/firejail.config - bugfix: Fix sndio support (#4362 #4365) - bugfix: Error mounting tmpfs (MS_REMOUNT flag not being cleared) (#4387) - bugfix: --build clears the environment (#4460 #4467) - bugfix: firejail hangs with net parameter (#3958 #4476) - bugfix: Firejail does not work with a custom hosts file (#2758 #4560) - bugfix: --tracelog and --trace override /etc/ld.so.preload (#4558 #4586) - bugfix: PATH_MAX is undeclared on musl libc (#4578 #4579 #4583 #4606) - bugfix: firejail symlinks are not skipped with private-bin + globs (#4626) - bugfix: Firejail rejects empty arguments (#4395) - bugfix: firecfg does not work with symlinks (discord.desktop) (#4235) - bugfix: Seccomp list output goes to stdout instead of stderr (#4328) - bugfix: private-etc does not work with symlinks (#4887) - bugfix: Hardware key not detected on keepassxc (#4883) - build: allow building with address sanitizer (#4594) - build: Stop linking pthread (#4695) - build: Configure cleanup and improvements (#4712) - ci: add profile checks for sorting disable-programs.inc and - firecfg.config and for the required arguments in private-etc (#2739 #4643) - ci: pin GitHub actions to SHAs and use Dependabot to update them (#4774) - docs: Add new command checklist to CONTRIBUTING.md (#4413) - docs: Rework bug report issue template and add both a question and a - feature request template (#4479 #4515 #4561) - docs: fix contradictory descriptions of machine-id ('preserves' vs - 'spoofs') (#4689) - docs: Document that private-bin and private-etc always accumulate (#4078) - new includes: whitelist-run-common.inc (#4288), disable-X11.inc (#4462) - new includes: disable-proc.inc (#4521) - removed includes: disable-passwordmgr.inc (#4454 #4461) - new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim - new profiles: io.github.lainsce.Notejot, rednotebook, gallery-dl - new profiles: yt-dlp, goldendict, goldendict, bundle, cmake - new profiles: make, meson, pip, codium, telnet, ftp, OpenStego - new profiles: imv, retroarch, torbrowser, CachyBrowser, - new profiles: notable, RPCS3, wget2, raincat, conitop, 1passwd, - new profiles: Seafile, neovim, com.github.tchx84.Flatseal firejail 0.9.66: * deprecated --audit options, relpaced by jailcheck utility * deprecated follow-symlink-as-user from firejail.config * new firejail.config settings: private-bin, private-etc * new firejail.config settings: private-opt, private-srv * new firejail.config settings: whitelist-disable-topdir * new firejail.config settings: seccomp-filter-add * removed kcmp syscall from seccomp default filter * rename --noautopulse to keep-config-pulse * filtering environment variables * zsh completion * command line: --mkdir, --mkfile * --protocol now accumulates * jailtest utility for testing running sandboxes * faccessat2 syscall support * --private-dev keeps /dev/input * added --noinput to disable /dev/input * add support for subdirs in --private-etc * subdirs support in private-etc * input devices support in private-dev, --no-input * support trailing comments on profile lines * many new profiles - split shell completion into standard subpackages Important SUSE bug 1195880 cpe:/o:opensuse:leap:15.3 Security update for kafka (Important) openSUSE Leap 15.3 This update for kafka, kafka-kit fixes following issues: - Remove JDBCAppender, JMSSink, chainsaw from log4j jars during build to prevent bsc#1194842, CVE-2022-23302, bsc#1194843, CVE-2022-23305, bsc#1194844, CVE-2022-23307 - Rebuild with kafka-kit change to Remove JMSAppender from log4j jars during build to prevent bsc#1193662, CVE-2021-4104 Important SUSE bug 1193662 SUSE bug 1194842 SUSE bug 1194843 SUSE bug 1194844 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: - Chromium 98.0.4758.102 (boo#1195986) * CVE-2022-0603: Use after free in File Manager * CVE-2022-0604: Heap buffer overflow in Tab Groups * CVE-2022-0605: Use after free in Webstore API * CVE-2022-0606: Use after free in ANGLE * CVE-2022-0607: Use after free in GPU * CVE-2022-0608: Integer overflow in Mojo * CVE-2022-0609: Use after free in Animation * CVE-2022-0610: Inappropriate implementation in Gamepad API * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1195986 CVE-2022-0603 CVE-2022-0604 CVE-2022-0605 CVE-2022-0606 CVE-2022-0607 CVE-2022-0608 CVE-2022-0609 CVE-2022-0610 cpe:/o:opensuse:leap:15.3 Security update for htmldoc (Important) openSUSE Leap 15.3 htmldoc was updated to fix issues: - CVE-2021-40985: Fixed buffer overflow may lead to DoS via a crafted BMP image (bsc#1192357) - CVE-2021-43579: Fixed stack-based buffer overflow in image_load_bmp() results in remote code execution if the victim converts an HTML document linking to a crafted BMP file (bsc#1194487) - CVE-2022-0534: Fixed stack out-of-bounds read in gif_get_code() when opening a malicious GIF file results in a segmentation fault (bsc#1195758) Important SUSE bug 1192357 SUSE bug 1194487 SUSE bug 1195758 CVE-2021-40985 CVE-2021-43579 CVE-2022-0534 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Update to 83.0.4254.27 - CHR-8737 Update chromium on desktop-stable-97-4254 to 97.0.4692.99 - DNA-96336 [Mac] Translate new network installer slogan - DNA-96678 Add battery level monitoring capability to powerSavePrivate - DNA-96939 Crash at opera::ExternalVideoService::MarkAsManuallyClosed() - DNA-97276 Enable #static-tab-audio-indicator on all streams - The update to chromium 97.0.4692.99 fixes following issues: CVE-2022-0289, CVE-2022-0290, CVE-2022-0291, CVE-2022-0292, CVE-2022-0293, CVE-2022-0294, CVE-2022-0295, CVE-2022-0296, CVE-2022-0297, CVE-2022-0298, CVE-2022-0300, CVE-2022-0301, CVE-2022-0302, CVE-2022-0304, CVE-2022-0305, CVE-2022-0306, CVE-2022-0307, CVE-2022-0308, CVE-2022-0309, CVE-2022-0310, CVE-2022-0311 Update to 83.0.4254.19 - DNA-96079 Turn on #automatic-video-popout on developer - DNA-97070 Opera 83 translations - DNA-97119 [LastCard] Stop showing used burner cards - DNA-97131 Enable automatic-video-popout on all streams from O84 on - DNA-97257 Crash at views::ImageButton::SetMinimumImageSize(gfx::Size const&) - DNA-97259 Promote O83 to stable - Complete Opera 83.0 changelog at: https://blogs.opera.com/desktop/changelog-for-83/ - Update to 83.0.4254.16 - DNA-96968 Fix alignment of the 'Advanced' button in Settings - Update to 83.0.4254.14 - CHR-8701 Update chromium on desktop-stable-97-4254 to 97.0.4692.45 - CHR-8713 Update chromium on desktop-stable-97-4254 to 97.0.4692.56 - CHR-8723 Update chromium on desktop-stable-97-4254 to 97.0.4692.71 - DNA-96780 Crash at ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*) - DNA-96822 Tab close resize behavior change - DNA-96861 Create Loomi Options menu - DNA-96904 Support Win11 snap layout popup - DNA-96951 Tab close animation broken - DNA-96991 Tab X button doesn’t work correctly - DNA-97027 Incorrect tab size after tab close - The update to chromium 97.0.4692.71 fixes following issues: CVE-2022-0096, CVE-2022-0097, CVE-2022-0098, CVE-2022-0099, CVE-2022-0100, CVE-2022-0101, CVE-2022-0102, CVE-2022-0103, CVE-2022-0104, CVE-2022-0105, CVE-2022-0105, CVE-2022-0106, CVE-2022-0107, CVE-2022-0108, CVE-2022-0109, CVE-2022-0110, CVE-2022-0111, CVE-2022-0111, CVE-2022-0112, CVE-2022-0113, CVE-2022-0114, CVE-2022-0115, CVE-2022-0116, CVE-2022-0117, CVE-2022-0118, CVE-2022-0120 - Update to version 82.0.4227.58 - DNA-96780 Crash at ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*) - DNA-96890 Settings default browser not working for current user on Windows 7 - Update to version 82.0.4227.43 - CHR-8705 Update chromium on desktop-stable-96-4227 to 96.0.4664.110 - DNA-93284 Unstable obj/opera/desktop/common/installer_rc_generated/installer.res - DNA-95908 Interstitial/internal pages shown as NOT SECURE after visiting http site - DNA-96404 Opera doesn’t show on main screen when second screen is abruptly disconnected - The update to chromium 96.0.4664.110 fixes following issues: CVE-2021-4098, CVE-2021-4099, CVE-2021-4100, CVE-2021-4101, CVE-2021-4102 - Update to version 82.0.4227.33 - CHR-8689 Update chromium on desktop-stable-96-4227 to 96.0.4664.93 - DNA-96559 Tooltip popup looks bad in dark theme - DNA-96570 [Player] Tidal logging in via PLAY doesn’t work - DNA-96594 Unnecessary extra space in fullscreen mode on M1 Pro MacBooks - DNA-96649 Update Meme button - DNA-96676 Add Icon in the Sidebar Setup - DNA-96677 Add default URL - The update to chromium 96.0.4664.93 fixes following issues: CVE-2021-4052, CVE-2021-4053, CVE-2021-4079, CVE-2021-4054, CVE-2021-4078, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057, CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062, CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066, CVE-2021-4067, CVE-2021-4068 - Update to version 82.0.4227.23 - DNA-95632 With new au-logic UUID is set with delay and may be not set for pb-builds (when closing fast) - DNA-96349 Laggy tooltip animation - DNA-96483 [Snap][Linux] Video not working / wrong ffmpeg snap version for Opera 82 - DNA-96493 Create 'small' enticement in credit card autofill - DNA-96533 Opera 82 translations - DNA-96535 Make the URL configurable - DNA-96553 Add switch to whitelist test pages - DNA-96557 Links not opened from panel - DNA-96558 AdBlock bloks some trackers inside the panel - DNA-96568 [Player] Tidal in sidebar Player opens wrong site when logging in - DNA-96659 Siteprefs not applied after network service crash - DNA-96593 Promote O82 to stable - Complete Opera 82.0 changelog at: https://blogs.opera.com/desktop/changelog-for-82/ - Update to version 82.0.4227.13 - CHR-8668 Update chromium on desktop-stable-96-4227 to 96.0.4664.45 - DNA-76987 [Mac] Update desktop EULA with geolocation split - DNA-93388 Problem with symlinks on windows when creating file list - DNA-95734 Discarded Recently Closed items get revived after restart - DNA-96134 'Your profile has been updated' does not disappear - DNA-96190 Opera freezes when trying to drag expanded bookmark folder with nested subfolders - DNA-96223 Easy Files not working in Full Screen - DNA-96274 Checkout autofill shouldn't show used burner card - DNA-96275 Change the notification message for pausing multi-use cards - DNA-96295 'Video pop out' setting doesn't sync - DNA-96316 Highlight text wrong colour on dark mode - DNA-96326 Wrong translation Private Mode > Turkish - DNA-96351 macOS window controls are missing in full screen - DNA-96440 Update video URL - DNA-96448 add option to pin extension via rich hints - DNA-96453 Register user-chosen option on client-side, read on hint side - DNA-96454 Choosing an option from the settings menu should close the popup - DNA-96484 Enable AB test for a new autoupdater logic (for 50%) - DNA-96500 Add 'don't show me again' prefs to allowed whitelist - DNA-96538 Inline audiocomplete for www.mediaexpert.pl incorrectly suggested - The update to chromium 96.0.4664.45 fixes following issues: CVE-2021-38005, CVE-2021-38006, CVE-2021-38007, CVE-2021-38008, CVE-2021-38009, CVE-2021-38010, CVE-2021-38011, CVE-2021-38012, CVE-2021-38013, CVE-2021-38014, CVE-2021-38015, CVE-2021-38016, CVE-2021-38017, CVE-2021-38019, CVE-2021-38020, CVE-2021-38021, CVE-2021-38022 - Update to version 81.0.4196.54 - CHR-8644 Update chromium on desktop-stable-95-4196 to 95.0.4638.69 - DNA-95773 ExtensionWebRequestApiTest crashes on mac - DNA-96062 Opera 81 translations - DNA-96134 “Your profile has been updated’ does not disappear - DNA-96274 Checkout autofill shouldn’t show used burner card - DNA-96275 Change the notification message for pausing multi-use cards - DNA-96440 Update video URL - The update to chromium 95.0.4638.69 fixes following issues: CVE-2021-37997, CVE-2021-37998, CVE-2021-37999, CVE-2021-37980, CVE-2021-38001, CVE-2021-38002, CVE-2021-38003, CVE-2021-38004 - Update to version 81.0.4196.37 - DNA-96008 Crash at content::WebContentsImpl::OpenURL(content::OpenURLParams const&) - DNA-96032 Closing the videoconference pop-up force leaving the meeting - DNA-96092 Crash at void opera::ModalDialogViews::OnWidgetClosing(opera::ModalDialog::Result) - DNA-96142 [Yat] Emoji icon cut off in URL for Yat Important CVE-2021-37980 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022 CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4078 CVE-2021-4079 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098 CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 CVE-2022-0120 CVE-2022-0289 CVE-2022-0290 CVE-2022-0291 CVE-2022-0292 CVE-2022-0293 CVE-2022-0294 CVE-2022-0295 CVE-2022-0296 CVE-2022-0297 CVE-2022-0298 CVE-2022-0300 CVE-2022-0301 CVE-2022-0302 CVE-2022-0304 CVE-2022-0305 CVE-2022-0306 CVE-2022-0307 CVE-2022-0308 CVE-2022-0309 CVE-2022-0310 CVE-2022-0311 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: - Update to 84.0.4316.14 - CHR-8753 Update chromium on desktop-stable-98-4316 to 98.0.4758.82 - DNA-97177 Battery saver – the icon looks bad for DPI!=100% - DNA-97614 automatic video pop-out for most popular websites broadcasting Winter Olympic Games 2022 - DNA-97804 Promote O84 to stable - The update to chromium 98.0.4758.82 fixes following issues: CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0455, CVE-2022-0456, CVE-2022-0457, CVE-2022-0458, CVE-2022-0459, CVE-2022-0460, CVE-2022-0461, CVE-2022-0462, CVE-2022-0463, CVE-2022-0464, CVE-2022-0465, CVE-2022-0466, CVE-2022-0467, CVE-2022-0468, CVE-2022-0469, CVE-2022-0470 - Complete Opera 84.0 changelog at: https://blogs.opera.com/desktop/changelog-for-84/ - Update to 83.0.4254.54 - DNA-96581 Fast tab tooltip doesn’t always show related sites with scrollable tab strip - DNA-96608 Cannot drag a tab to create a new window - DNA-96657 Do not make tab tooltip hoverable if there’s no list of tabs - DNA-97291 Crash at opera::flow::FlowSessionImpl::RegisterDevice(base::OnceCallback) - DNA-97468 Incorrect number of restored tabs when video-popout is detached - DNA-97476 Add retry to stapling during signing - DNA-97609 Failing MetricsReporterTest.TimeSpent* smoketests Important CVE-2022-0452 CVE-2022-0453 CVE-2022-0454 CVE-2022-0455 CVE-2022-0456 CVE-2022-0457 CVE-2022-0458 CVE-2022-0459 CVE-2022-0460 CVE-2022-0461 CVE-2022-0462 CVE-2022-0463 CVE-2022-0464 CVE-2022-0465 CVE-2022-0466 CVE-2022-0467 CVE-2022-0468 CVE-2022-0469 CVE-2022-0470 cpe:/o:opensuse:leap:15.3 Security update for sphinx (Moderate) openSUSE Leap 15.3 This update for sphinx fixes the following issues: - CVE-2020-29050: SphinxSearch in Sphinx Technologies Sphinx allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). (boo#1195227) - update to 2.0.6 release Moderate SUSE bug 1157590 SUSE bug 1195227 CVE-2020-29050 cpe:/o:opensuse:leap:15.3 Security update for connman (Important) openSUSE Leap 15.3 This update for connman fixes the following issues: Update to 1.41: (boo#1194177, boo#1194176, boo#1194175) * Fix issue with RTNL netlink message alignment. * Fix issue with dnsproxy and timeout for TCP feature. (CVE-2022-23097, CVE-2022-23096) * Fix issue with dnsproxy and busy loop in TCP server. (CVE-2022-23098) * Fix issue with WiFi connection with no passphrase. * Add support for wpa_supplicant and WPA3-SAE functionality. * Add support for D-Bus ObjectManager interface. - Add systemd hardening configuration - Disabled openconnect plugin due to version conflict - Disabled vpnc plugin for i568 missing dependency - Disabled hh2serial and tist_working for ppc64le due to version conflict Important SUSE bug 1194175 SUSE bug 1194176 SUSE bug 1194177 CVE-2022-23096 CVE-2022-23097 CVE-2022-23098 cpe:/o:opensuse:leap:15.3 Security update for zabbix (Moderate) openSUSE Leap 15.3 This update for zabbix fixes the following issues: Zabbix is shipped in version 4.0.38. Moderate SUSE bug 1144018 SUSE bug 1181400 SUSE bug 1194681 CVE-2020-15803 CVE-2021-27927 CVE-2022-23134 cpe:/o:opensuse:leap:15.3 Security update for mc (Moderate) openSUSE Leap 15.3 This update for mc fixes the following issues: Midnight Commander 4.8.27: * Core - Reimplement version detection (#3603, #4249) - Significantly reduce rebuilt time after version change (#2252, #4266) - Drop automatic migration of configuration from ~/.mc to XDG-based directories (#3682) - zsh: support custom configuration file: ~/.local/share/mc/.zshrc (#4203) - Widgets: implement WST_VISIBLE state to show/hide widgets (#2919) - Find File: add Follow symlinks option (#2020) * VFS - extfs: support unrar-6 (#4154) - extfs: support official 7z binary (7zz) (#4239) - ftpfs: apply file list parser from lftp project (#2841, #3174) * Editor - Word completion: get candidates from all open files (#4160) - etags: get rid of hardcoded list length and window width (#4132) - Update syntax files: - python (#4140) - Add syntax highlighting: - Verilog and SystemVerilog? header files (#4215) - JSON (#4250) - openrc-run scripts (#4246) * Misc - Filehighlight of c++ and h++ files as sources (#4194) - Filehighlight of JSON files as documents (#4250) - Support of alacritty terminal emulator (​https://github.com/alacritty/alacritty) (#4248) - Support of foot terminal emulator (​https://codeberg.org/dnkl/foot) (#4251) - Support of (alt+)shift+arrow keys in st terminal emulator (st.suckless.org) (#4267) - Mouse support in screen: don't check variable (#4233) - mc.ext: support fb2 e-books (#4167) - ext.d: use mediainfo to view info about various media files (#4167) - Remove OS/distro-specific package-related stuff from source tree (#4217) * Fixes - FTBFS against NCurses on OS X 10.9.5 (#4181) - Segfault on dialog before panels get visible (#4244) - Crash if shadow is out of screen (build against NCurses) (#4192) - Crash in search (#4222) - Crash on startup with enabled subshell in FreeBSD (workaround) (#4213) - Hang on start randomly with zsh as subshell (#4198) - If command line is invisible it's partially displayed (#4182) - Broken handling of zip archives (#4180, #4183) - Broken handling of jar files as zip archives (#4223) - Timestamps of symlinks, sockets, fifos, etc are not preserved after copy/move (#3985) - %view action in the user menu doesn't work on no-exec filesystem (#4242) - Hardlinks are not colored by file type or extension (#3375) - mcedit: silent macro makes terminal disrupted (#4171) - mcedit: disrupting of TAGS file path (#4207) - vfs: unable to browse compressed tar archives (#4191) - sftpfs vfs: CVE-2021-36370: server fingerprint isn't verified (discovered by AUT-milCERT during an audit of open source software) (#4259) - ftpfs vfs: month of file is always January (#4260) - Tests: log files are written by libcheck and automake simultaneously (#3986) Moderate SUSE bug 1190180 CVE-2021-36370 cpe:/o:opensuse:leap:15.3 Security update for cobbler (Important) openSUSE Leap 15.3 This update for cobbler fixes the following issues: - CVE-2021-45083: Fixed unsafe permissions on sensitive files (bsc#1193671). - CVE-2021-45082: Fixed incomplete template sanitation (bsc#1193678). - CVE-2021-40323, CVE-2021-40324, CVE-2021-40325: Fixed Remote Code Execution in the XMLRPC API which additionally allowed arbitrary file read and write as root (boo#1189458). The following non-security bugs were fixed: - Fix issues with installation module logging and validation (boo#1195918) - Move configuration files ownership to apache (boo#1195906) - Remove hardcoded test credentials (boo#1193673) - Prevent log pollution (boo#1193675) - Missing sanity check on MongoDB configuration file (boo#1193676) - Avoid traceback when building tftp files for ppc arch system when boot_loader is not set (boo#1185679) - Prevent some race conditions when writting tftpboot files and the destination directory is not existing (boo#1186124) - Fix trail stripping in case of using UTF symbols (boo#1184561) Important SUSE bug 1184561 SUSE bug 1185679 SUSE bug 1186124 SUSE bug 1189458 SUSE bug 1193671 SUSE bug 1193673 SUSE bug 1193675 SUSE bug 1193676 SUSE bug 1193678 SUSE bug 1195906 SUSE bug 1195918 CVE-2021-40323 CVE-2021-40324 CVE-2021-40325 CVE-2021-45082 CVE-2021-45083 cpe:/o:opensuse:leap:15.3 Security update for envoy-proxy (Important) openSUSE Leap 15.3 This update for envoy-proxy fixes the following issues: Update to 1.14.6: - CVE-2020-35471: Fixed a denial of service via dropped and truncated UDP datagrams (boo#1180121). Important SUSE bug 1167073 SUSE bug 1173559 SUSE bug 1180121 CVE-2020-12603 CVE-2020-12604 CVE-2020-12605 CVE-2020-35471 CVE-2020-8663 cpe:/o:opensuse:leap:15.3 Security update for libdxfrw, librecad (Important) openSUSE Leap 15.3 This update for libdxfrw, librecad fixes the following issues: - Update to version 1.0.1+git.20220109: * fixed ambiguous error for DRW_Dimension::parseDwg() * fixed enless while()-loop for pre 2004 versions * dwgReader::readDwgObjects() stop reading after 1st error * dwgReader::readDwgEntities() stop reading after 1st error * replace ENTRY_PARSE macro with template method * remove unused DRW_Class::parseCode() method * protect vector<>.reserve() calls * Added NULL check for hatch code 93 * Fix bounds check in DRW_LWPolyline * fix, check maxClassNum for valid value * fixed wrong 2010+ check for 64-bit size * Set compiler warnings on by default, because makes harder for bugs to go undetected. modified: CMakeLists.txt * Fixed fall through and other warnings (#54) * fix 'Vertex ID' printout - Update to version 1.0.1+git.20211110: * fixed heap use after free vulnerability CVE-2021-21900 (boo#1192938) * minor improvements to dwg2dxf, formatting and message output on success * fixed heap buffer overflow vulnerability CVE-2021-21899 (boo#1192937) * dwg2dxf - enable debug output of libdxfrw by command line switch * fixed out-of-bounds write vulnerability CVE-2021-21898 (boo#1192936) * fixed please note section formatting * updated README.md for LibreCAD_3 branch and sf.net successor * fixed LibreCAD 2 issue #1371, read failed with binary DXF * Use ununordered_map instead of map * manual merge changes from LibreCAD2 * and much more - Update to version 1.0.1+git.20200429: * Fix includes install dir * Export target as libdxfrw::libdxfrw to keep consistency with Conan packages * Add archive destination in install * Install DXFRW::dxfrw target * Remove duplicate target properties * Remove version from pkg-config file * Let CMake handle C++11 compiler definition * Change minimal required CMake version to 3.0 * cmake: add doc target * README.md: fix typo * cmake: generate and install pkgconfig * cmake: add one for dwg2dxf * cmake: set library VERSIONs * cmake: use GNUInstallDirs - Update to version 0.6.3+git.20190501: * Add build status and update example link * Add Travis-CI script * [#10] Fix compilation on GCC * Fix bugs with .dwg import of TEXT and MTEXT entities * This was unnecessary * Link libdxfrw against libstdc++ * Return an error when the file ends prematurely * Add version getter * Fix polyline 2d/3d write * Initialize return buffers in GetRawChar8 et al. - update to 2.2.0-rc3 * major release * DWG imports are more reliable now * and a lot more of bugfixes and improvements Important SUSE bug 1192936 SUSE bug 1192937 SUSE bug 1192938 CVE-2021-21898 CVE-2021-21899 CVE-2021-21900 cpe:/o:opensuse:leap:15.3 Security update for shapelib (Important) openSUSE Leap 15.3 This update for shapelib fixes the following issues: - CVE-2022-0699: Fixed a Double-free vulnerability in contrib/shpsort.c Important SUSE bug 1196236 CVE-2022-0699 cpe:/o:opensuse:leap:15.3 Security update for nodejs-electron (Important) openSUSE Leap 15.3 This update for nodejs-electron fixes the following issues: - Fix webpack-4 with OpenSSL 3.0 Update to version 16.0.9 * https://github.com/electron/electron/releases/tag/v16.0.9 Update to version 16.0.8 * https://github.com/electron/electron/releases/tag/v16.0.8 - Add devel package with node headers (e.g. for node-gyp) - Update to version 16.0.7 * https://github.com/electron/electron/releases/tag/v16.0.7 - Update to version 15.3.3 * https://github.com/electron/electron/releases/tag/v15.3.3 - Update to version 13.6.3 https://github.com/electron/electron/releases/tag/v13.6.3 - Update to version 13.6.2 https://github.com/electron/electron/releases/tag/v13.6.2 - Fix for CVE-2021-37998 - Fix for CVE-2021-38001 - Fix for CVE-2021-38002 - Fix for CVE-2021-38003 - Do not build with H264 - Update to version 13.6.1 https://github.com/electron/electron/releases/tag/v13.6.1 - Fix for CVE-2021-37981 - Fix for CVE-2021-37984 - Fix for CVE-2021-37987 - Fix for CVE-2021-37989 - Fix for CVE-2021-37992 - Fix for CVE-2021-37996 - Update to version 13.5.1 https://github.com/electron/electron/releases/tag/v13.5.1 - Update to version 13.5.0 https://github.com/electron/electron/releases/tag/v13.5.0 - Fix for CVE-2021-30627 - Fix for CVE-2021-30631 - Fix for CVE-2021-30632 - Fix for CVE-2021-30625 - Fix for CVE-2021-30626 - Fix for CVE-2021-30628 - Fix for CVE-2021-30630 - Fix for CVE-2021-30633 - Version 13.4.0 - Update to version 13.1.8 * https://github.com/electron/electron/releases/tag/v13.1.8 - Update to version 13.1.7 * https://github.com/electron/electron/releases/tag/v13.1.7 - Update to version 13.1.6 * https://github.com/electron/electron/releases/tag/v13.1.6 * https://github.com/electron/electron/releases/tag/v13.1.5 - Update to version 13.1.4 * https://github.com/electron/electron/releases/tag/v13.1.4 * https://github.com/electron/electron/releases/tag/v13.1.3 - Build with vaapi support - Install missing vk_swiftshader_icd.json - Update to version 13.1.2 * https://github.com/electron/electron/releases/tag/v13.1.2 Important CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 CVE-2021-37981 CVE-2021-37984 CVE-2021-37987 CVE-2021-37989 CVE-2021-37992 CVE-2021-37996 CVE-2021-37998 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 cpe:/o:opensuse:leap:15.3 Security update for bitcoin (Moderate) openSUSE Leap 15.3 This update for bitcoin fixes the following issues: Update to version 0.21.2 * P2P protocol and network code * use NetPermissions::HasFlag() in CConnman::Bind() * Rate limit the processing of rumoured addresses * Wallet * Do not iterate a directory if having an error while accessing it * RPC * Reset scantxoutset progress before inferring descriptors * Build System * depends: update Qt 5.9 source url * Update Windows code signing certificate * Use custom MacOS code signing tool * Fix build with Boost 1.77.0 * Tests and QA * Build with --enable-werror by default, and document exceptions * Fix intermittent feature_taproot issue * Fix macOS brew install command * add missing ECCVerifyHandle to base_encode_decode * Run fuzzer task for the master branch only * GUI * Do not use QClipboard::Selection on Windows and macOS. * Remove user input from URI error message * Draw 'eye' sign at the beginning of watch-only addresses * Miscellaneous * Fix crash when parsing command line with -noincludeconf=0 * util: Properly handle -noincludeconf on command line (take 2) Update to version 0.21.1 * Consensus: * Speedy trial support for versionbits * Speedy trial activation parameters for Taproot * P2P protocol and network code * allow CSubNet of non-IP networks * Avoid UBSan warning in ProcessMessage * Wallet * Introduce DeferredSignatureChecker and have SignatureExtractorClass subclass it * Avoid requesting fee rates multiple times during coin selection * RPC and other APIs: * Disallow sendtoaddress and sendmany when private keys disabled CVE-2021-3195 Update to version 0.21.0: * For full details see release-notes-0.21.0.md Update to version 0.20.1 * Mining * Fix GBT: Restore '!segwit' and 'csv' to 'rules' key * P2P protocol and network code * Replace automatic bans with discouragement filter * Wallet * Handle concurrent wallet loading * Minimal fix to restore conflicted transaction notifications * RPC and other APIs * Increment input value sum only once per UTXO in decodepsbt * psbt: Increment input value sum only once per UTXO in decodepsbt * psbt: Include and allow both non_witness_utxo and witness_utxo for segwit inputs * GUI * Add missing QPainterPath include * update Qt base translations for macOS release * Misc * util: Don't reference errno when pthread fails * Fix locking on WSL using flock instead of fcntl Update to version 0.20.0: * See https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.20.0.md - Do not run bitcoind in daemon mode. Running it not as a background process makes it working properly with journald (instead of writing logs in /var/log). Update to version 0.19.1: * Wallet * Fix origfee return for bumpfee with feerate arg * Fix unique_ptr usage in boost::signals2 * Fix issue with conflicted mempool tx in listsinceblock * Bug: IsUsedDestination shouldn't use key id as script id for ScriptHash * IsUsedDestination should count any known single-key address * Reset reused transactions cache * RPC and other APIs * cli: Fix fatal leveldb error when specifying -blockfilterindex=basic twice * require second argument only for scantxoutset start action * zmq: Fix due to invalid argument and multiple notifiers * psbt: handle unspendable psbts * psbt: check that various indexes and amounts are within bounds * GUI * Fix missing qRegisterMetaType for size_t * disable File->CreateWallet during startup * Fix comparison function signature * Fix unintialized WalletView::progressDialog * Tests and QA * Appveyor improvement - text file for vcpkg package list * fix 'bitcoind already running' warnings on macOS * add missing #include to fix compiler errors * Platform support * Update msvc build for Visual Studio 2019 v16.4 * Updates to appveyor config for VS2019 and Qt5.9.8 + msvc project fixes * bug-fix macos: give free bytes to F_PREALLOCATE * Miscellaneous * init: Stop indexes on shutdown after ChainStateFlushed callback * util: Add missing headers to util/fees.cpp * Unbreak build with Boost 1.72.0 * scripts: Fix symbol-check & security-check argument passing * Log to net category for exceptions in ProcessMessages * Update univalue subtree Moderate CVE-2021-3195 cpe:/o:opensuse:leap:15.3 Security update for perl-App-cpanminus (Moderate) openSUSE Leap 15.3 This update for perl-App-cpanminus fixes the following issues: updated to 1.7045 see /usr/share/doc/packages/perl-App-cpanminus/Changes Security fixes: - [CVE-2020-16154] remove the functionality to verify CHECKSUMS signature updated to 1.7044 see /usr/share/doc/packages/perl-App-cpanminus/Changes Moderate CVE-2020-16154 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 99.0.4844.51 (boo#1196641) * CVE-2022-0789: Heap buffer overflow in ANGLE * CVE-2022-0790: Use after free in Cast UI * CVE-2022-0791: Use after free in Omnibox * CVE-2022-0792: Out of bounds read in ANGLE * CVE-2022-0793: Use after free in Views * CVE-2022-0794: Use after free in WebShare * CVE-2022-0795: Type Confusion in Blink Layout * CVE-2022-0796: Use after free in Media * CVE-2022-0797: Out of bounds memory access in Mojo * CVE-2022-0798: Use after free in MediaStream * CVE-2022-0799: Insufficient policy enforcement in Installer * CVE-2022-0800: Heap buffer overflow in Cast UI * CVE-2022-0801: Inappropriate implementation in HTML parser * CVE-2022-0802: Inappropriate implementation in Full screen mode * CVE-2022-0803: Inappropriate implementation in Permissions * CVE-2022-0804: Inappropriate implementation in Full screen mode * CVE-2022-0805: Use after free in Browser Switcher * CVE-2022-0806: Data leak in Canvas * CVE-2022-0807: Inappropriate implementation in Autofill * CVE-2022-0808: Use after free in Chrome OS Shell * CVE-2022-0809: Out of bounds memory access in WebXR Important SUSE bug 1196641 CVE-2022-0789 CVE-2022-0790 CVE-2022-0791 CVE-2022-0792 CVE-2022-0793 CVE-2022-0794 CVE-2022-0795 CVE-2022-0796 CVE-2022-0797 CVE-2022-0798 CVE-2022-0799 CVE-2022-0800 CVE-2022-0801 CVE-2022-0802 CVE-2022-0803 CVE-2022-0804 CVE-2022-0805 CVE-2022-0806 CVE-2022-0807 CVE-2022-0808 CVE-2022-0809 cpe:/o:opensuse:leap:15.3 Security update for opera (Important) openSUSE Leap 15.3 NonFree This update for opera fixes the following issues: Opera was updated to 84.0.4316.21: - CHR-8762 Update chromium on desktop-stable-98-4316 to 98.0.4758.102 - DNA-97333 ‘Add a site’ label on start page tile barely visible - DNA-97691 Opera 84 translations - DNA-97767 Wrong string in FR - DNA-97855 Crash at ScopedProfileKeepAlive::~ScopedProfileKeepAlive() - DNA-97982 Enable #snap-upstream-implementation on all streams - The update to chromium 98.0.4758.102 fixes following issues: CVE-2022-0603, CVE-2022-0604, CVE-2022-0605, CVE-2022-0606, CVE-2022-0607, CVE-2022-0608, CVE-2022-0609, CVE-2022-0610 Important CVE-2022-0603 CVE-2022-0604 CVE-2022-0605 CVE-2022-0606 CVE-2022-0607 CVE-2022-0608 CVE-2022-0609 CVE-2022-0610 cpe:/o:opensuse:leap:15.3 Security update for minidlna (Moderate) openSUSE Leap 15.3 This update for minidlna fixes the following issues: minidlna was updated to version 1.3.1 (boo#1196814) - Fixed a potential crash in SSDP request parsing. - Fixed a configure script failure on some platforms. - Protect against DNS rebinding attacks. (CVE-2022-26505) - Fix an socket leakage issue on some platforms. - Minor bug fixes. - add 'su minidlna minidlna' to the logrotate config - Added hardening to systemd service(s) (boo#1181400). - Use sysusers macros to create minidlna user - Don't hardrequire logrotate, we don't write log files anymore Moderate SUSE bug 1181400 SUSE bug 1196814 CVE-2022-26505 cpe:/o:opensuse:leap:15.3 Security update for ansible (Important) openSUSE Leap 15.3 Ansible was updated to 2.9.21 to fix lots of bugs and security issues. Update to version 2.9.20, maintenance release containing numerous bugfixes. Update to version 2.9.19 with minor changes and a few bug fixes. Update to version 2.9.18: * CVE-2021-20228 where default and fallback values for no_log parameters to modules were not previously masked. (bsc#1181935) * CVE-2021-20178 where several parameters to the snmp_facts module were logged and displayed despite containing sensitive information. (bsc#1180816) * CVE-2021-20180 where several parameters to the bitbucket_pipeline_variable were logged and displayed despite containing sensitive information. (bsc#1180942) * CVE-2021-20191 which addresses a number of modules whose parameters were logged and displayed despite containing sensitive information. For the full list of affected modules, refer to the changelog linked below. (bsc#1181119) Update to version 2.9.17 with minor changes and a few bug fixes. Update to version 2.9.16 with minor changes and many bug fixes. update to version 2.9.15 with following breaking change: * ansible-galaxy login command has been removed update to version 2.9.14 with many small improvements and bug fixes, most notably: * kubectl - connection plugin now redact kubectl_token and kubectl_password in console log (CVE-2020-1753 bsc#1166389). update to version 2.9.13 with many bug fixes, most notably: * A security issue was addressed in the 'dnf' module, which previously did not check GPG signatures of packages. * A bug in the 'cron' module was fixed. In some cases prior to this fix, the module would inadvertently remove cron entries. update to version 2.9.12 with many bug fixes, most notably the following security fixes: * security issue - copy - Redact the value of the no_log 'content' parameter in the result's invocation.module_args in check mode. Previously when used with check mode and with '-vvv', the module would not censor the content if a change would be made to the destination path. (CVE-2020-14332 bsc#1174302) * security issue atomic_move - change default permissions when creating temporary files so they are not world readable (https://github.com/ansible/ansible/issues/67794) (CVE-2020-1736 bsc#1164134) * Fix warning for default permission change when no mode is specified. Follow up to https://github.com/ansible/ansible/issues/67794. (CVE-2020-1736) * Sanitize no_log values from any response keys that might be returned from the uri module (CVE-2020-14330 bsc#1174145). * reset logging level to INFO due to CVE-2019-14846. update to version 2.9.11 with many bug fixes update to version 2.9.10 with many bug fixes. - Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733 (bsc#1164140) update to version 2.9.9 * fix for a regression introduced in 2.9.8 update to version 2.9.8, maintenance release containing numerous bugfixes update to version 2.9.7 with many bug fixes, especially for these security issues: - bsc#1164140 CVE-2020-1733 - insecure temporary directory when running become_user from become directive - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe lookup plugin subprocess - bsc#1164137 CVE-2020-1735 - path injection on dest parameter in fetch module - bsc#1164134 CVE-2020-1736 atomic_move primitive sets permissive permissions - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path - bsc#1164136 CVE-2020-1738 module package can be selected by the ansible facts - bsc#1164133 CVE-2020-1739 - svn module leaks password when specified as a parameter - bsc#1164135 CVE-2020-1740 - secrets readable after ansible-vault edit - bsc#1165393 CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks sensitive information - bsc#1167532 CVE-2020-10684 - code injection when using ansible_facts as a subkey - bsc#1167440 CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up - bsc#1167873 CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] Fixed before 2.9.6, but not yet listed: - bsc#1171162 CVE-2020-10729 two random password lookups in same task return same value - bsc#1157968 CVE-2019-14904 vulnerability in solaris_zone module via crafted solaris zone - bsc#1157969 CVE-2019-14905 malicious code could craft filename in nxos_file_copy module - bsc#1112959 CVE-2018-16837 Information leak in 'user' module patch added - (bsc#1137528) CVE-2019-10156: ansible: templating causing an - bsc#1118896 CVE-2018-16876 Information disclosure in vvv+ mode with no_log on (https://github.com/ansible/ansible/pull/49569) - Includes fix for bsc#1099808 (CVE-2018-10875) ansible.cfg is being read from current working directory allowing possible code execution Important SUSE bug 1099808 SUSE bug 1112959 SUSE bug 1118896 SUSE bug 1126503 SUSE bug 1137528 SUSE bug 1157968 SUSE bug 1157969 SUSE bug 1164133 SUSE bug 1164134 SUSE bug 1164135 SUSE bug 1164136 SUSE bug 1164137 SUSE bug 1164138 SUSE bug 1164139 SUSE bug 1164140 SUSE bug 1165393 SUSE bug 1166389 SUSE bug 1167440 SUSE bug 1167532 SUSE bug 1167873 SUSE bug 1171162 SUSE bug 1174145 SUSE bug 1174302 SUSE bug 1180816 SUSE bug 1180942 SUSE bug 1181119 SUSE bug 1181935 CVE-2018-10875 CVE-2018-16837 CVE-2019-10156 CVE-2019-14846 CVE-2019-14904 CVE-2019-14905 CVE-2020-10684 CVE-2020-10685 CVE-2020-10691 CVE-2020-10729 CVE-2020-14330 CVE-2020-14332 CVE-2020-1733 CVE-2020-1734 CVE-2020-1735 CVE-2020-1736 CVE-2020-1737 CVE-2020-1738 CVE-2020-1739 CVE-2020-1740 CVE-2020-1746 CVE-2020-1753 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 CVE-2021-20228 cpe:/o:opensuse:leap:15.3 Security update for weechat (Moderate) openSUSE Leap 15.3 This update for weechat fixes the following issues: update to 3.2.1: * CVE-2021-40516: relay: fix crash when decoding a malformed websocket frame (boo#1190206) update to 3.2 main changes: * use XDG directories by default (config, data, cache, runtime) * add support of IRC SASL mechanisms SCRAM-SHA-1, SCRAM-SHA-256 and SCRAM-SHA-512 * automatically load system certificates without giving a hardcoded path to the file with certificates * add options to customize commands executed on system signals received (SIGHUP, SIGQUIT, SIGTERM, SIGUSR1, SIGUSR2) * add bar item 'tls_version' and buflist format * add signals 'cursor_start' and 'cursor_end' * add function crypto_hmac in API * add translated string in evaluation of expressions with 'translate:xxx' * add info 'weechat_daemon' * add Python stub for WeeChat API * add variables '${tg_shell_argc}' and '${tg_shell_argvN}' in command trigger evaluated strings * many bugs fixed. for all changes, please visit: https://weechat.org/files/changelog/ChangeLog-3.2.html update to 3.1 New features * core: add options weechat.look.hotlist_update_on_buffer_switch and weechat.look.read_marker_update_on_buffer_switch (issue #992, issue #993) * core: add option sec.crypt.passphrase_command to read passphrase from an external program on startup, remove option sec.crypt.passphrase_file (issue #141) * core: improve debug in command /eval: display more verbose debug with two '-d', add indentation and colors * core: add options 'setvar' and 'delvar' in command /buffer, rename option 'localvar' to 'listvar' * core: add buffer local variable 'completion_default_template' (evaluated) to override the value of option 'weechat.completion.default_template' (issue #1600) * core: add option 'recreate' in command /filter * core: add raw string in evaluation of expressions with 'raw:xxx' (issue #1611) * core: add evaluation of conditions in evaluation of expressions with 'eval_cond:xxx' (issue #1582) * api: add info_hashtable 'secured_data' * irc: add info 'irc_is_message_ignored' * irc: add server option 'default_chantypes', used when the server does not send them in message 005 (issue #1610) * trigger: add variable '${tg_trigger_name}' in command trigger evaluated strings (issue #1580) - Bug fixes * core: fix quoted line in cursor mode (issue #1602) * core: fix wrong size of the new window after vertical split (issue #1612) * core: do not remove quotes in arguments of command /eval as they can be part of the evaluated expression/condition (issue #1601) * core: display an error when the buffer is not found with command /command -buffer * buflist: add option buflist.look.use_items to speed up display of buflist (issue #1613) * irc: add bar item 'irc_nick_prefix' * irc: fix separator between nick and host in bar item 'irc_nick_host' * irc: fix completion of commands /halfop and /dehalfop - Documentation * do not build weechat-headless man page if headless binary is disabled (issue #1607) update to 3.0.1: * exec: fix search of command by identifier * spell: fix refresh of bar item 'spell_suggest' when the input becomes empty (issue #1586) * spell: fix crash with IRC color codes in command line (issue #1589) update to 3.0 New features * api: add optional list of colors in infos 'nick_color' and 'nick_color_name' (issue #1565) * api: add argument 'bytes' in function string_dyn_concat * api: add function string_color_code_size (issue #1547) * exec: add option '-oerr' to send stderr to buffer (now disabled by default) (issue #1566) * fset: add option fset.look.auto_refresh (issue #1553) * irc: add pointer to irc_nick in focus of bar item 'buffer_nicklist' (issue #1535, issue #1538) * irc: allow to send text on buffers with commands /allchan, /allpv and /allserv * irc: evaluate command executed by commands /allchan, /allpv and /allserv (issue #1536) * script: add option script.scripts.download_enabled (issue #1548) * trigger: add variable 'tg_argc' in data set by command trigger (issue #1576) * trigger: add variable 'tg_trigger_name' in data set by all triggers (issue #1567, issue #1568) Bug fixes * core: set 'notify_level' to 3 if there is a highlight in the line (issue #1529) * core: do not add line with highlight and tag 'notify_none' to hotlist (issue #1529) * irc: remove SASL timeout message displayed by error after successful SASL authentication (issue #1515) * irc: send all channels in a single JOIN command when reconnecting to the server (issue #1551) * script: do not automatically download list of scripts on startup if the file is too old (issue #1548) * spell: properly skip WeeChat and IRC color codes when checking words in input (issue #1547) * trigger: fix recursive calls to triggers using regex (issue #1546) * trigger: add ${tg_tags} !!- ,notify_none, in conditions of default trigger 'beep' (issue #1529) - Tests * core: add tests on GUI line functions - Build * core: disable debug by default in autotools build * tests: fix compilation with CppUTest ≥ 4.0 - new .desktop file from weechat sources - update to 2.9 - New features * core: add bar option 'color_bg_inactive': color for window bars in inactive window (issue #732) * core: add Alacritty title escape sequence support (issue #1517) * core: display notify level for current buffer with command /buffer notify (issue #1505) * core: count only visible nicks in bar item 'buffer_nicklist_count', add bar items 'buffer_nicklist_count_groups' and 'buffer_nicklist_count_all' (issue #1506) * core: set default size for input bar to 0 (automatic) (issue #1498) * core: add default key Alt+Enter to insert a newline (issue #1498) * core: add flag 'input_multiline' in buffer (issue #984, issue #1063) * core: add a scalable WeeChat logo (SVG) (issue #1454, issue #1456) * core: add base 16/32/64 encoding/decoding in evaluation of expressions with 'base_encode:base,xxx' and 'base_decode:base,xxx' * core: add case sensitive wildcard matching comparison operator (==* and !!*) and case sensitive/insensitive include comparison operators (==-, !!-, =-, !-) in evaluation of expressions * core: add default key Alt+Shift+N to toggle nicklist bar * core: add command line option '--stdout' in weechat-headless binary to log to stdout rather than ~/.weechat/weechat.log (issue #1475, issue #1477) * core: reload configuration files on SIGHUP (issue #1476) * api: add pointer '_bar_window' in hashtable sent to hook focus callback (issue #1450) * api: add info_hashtable 'focus_info' (issue #1245, issue #1257) * api: rename function hook_completion_get_string to completion_get_string and hook_completion_list_add to completion_list_add * api: add functions completion_new, completion_search and completion_free * api: add hdata 'completion_word' * buflist: add default key Alt+Shift+B to toggle buflist * buflist: add options enable/disable/toggle in command /buflist * buflist: evaluate option buflist.look.sort so that sort can be customized for each of the three buflist bar items (issue #1465) * irc: add support of UTF8MAPPING (issue #1528) * irc: display account messages in buffers (issue #1250) * python: add WeeChat sharedir python directory to PYTHONPATH (issue #1537) * relay: increase default limits for IRC backlog options * relay: add command 'handshake' in weechat relay protocol and nonce to prevent replay attacks, add options relay.network.password_hash_algo, relay.network.password_hash_iterations, relay.network.nonce_size (issue #1474) * relay: add command 'completion' in weechat relay protocol to perform a completion on a string at a given position (issue #1484) * relay: add option relay.network.auth_timeout * relay: update default colors for client status * relay: add status 'waiting_auth' in irc and weechat protocols (issue #1358) * trigger: evaluate arguments of command when the trigger is created (issue #1472) - Bug fixes * core: fix command /window scroll_beyond_end when buffer has fewer lines than chat height (issue #1509) * core: force buffer property 'time_for_each_line' to 0 for buffers with free content (issue #1485) * core: don’t collapse consecutive newlines in lines displayed before the first buffer is created * core: don’t remove consecutive newlines when pasting text (issue #1500) * core: don’t collapse consecutive newlines in bar content (issue #1500) * core: fix WEECHAT_SHAREDIR with CMake build (issue #1461) * core: fix memory leak in calculation of expression on FreeBSD (issue #1469) * core: fix resize of a bar when its size is 0 (automatic) (issue #1470) * api: fix use of pointer after free in function key_unbind * api: replace plugin and buffer name by buffer pointer in argument 'modifier_data' sent to weechat_print modifier callback (issue #42) * buflist: add 'window' pointer in bar item evaluation only if it’s not NULL (if bar type is 'window') * exec: fix use of same task id for different tasks (issue #1491) * fifo: fix errors when writing in the FIFO pipe (issue #713) * guile: enable again /guile eval (issue #1514) * irc: use new default chantypes '#&' when the server does not send it * irc: add support of optional server in info 'irc_is_nick', fix check of nick using UTF8MAPPING isupport value (issue #1528) * irc: fix add of ignore with flags in regex, display full ignore mask in list of ignores (issue #1518) * irc: do not remove spaces at the end of users messages received (issue #1513) * irc: fix realname delimiter color in WHO/WHOX response (issue #1497) * irc: reuse a buffer with wrong type 'channel' when a private message is received (issue #869) * python: fix crash when invalid UTF-8 string is in a WeeChat hashtable converted to a Python dict (issue #1463) * relay: add missing field 'notify_level' in message '_buffer_line_added' (issue #1529) * relay: fix slow send of data to clients when SSL is enabled * trigger: only return trigger’s return code when condition evaluates to true (issue #592) * trigger: fix truncated trigger command with commands /trigger input|output|recreate * trigger: do not hide values of options with /set command in cmd_pass trigger - Documentation * add includes directory * merge 53 auto-generated files into 11 files * fix broken literal blocks in Japanese docs with Firefox (issue #1466) - Tests * core: add CI with GitHub Actions, move codecov.io upload to GitHub Actions * core: switch to Ubuntu Bionic on Travis CI, use pylint3 to lint Python scripts * core: run tests on plugins only if the plugins are enabled and compiled * irc: add tests on IRC color and channel functions - Build * javascript: disable build by default and remove Debian packaging of JavaScript plugin (issue #360) * core: make GnuTLS a required dependency * core: fix build with CMake 3.17.0 * core: fix build with cygport on Cygwin Moderate SUSE bug 1190206 CVE-2021-40516 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Update to version 99.0.4844.74 (boo#1197163) * CVE-2022-0971: Use after free in Blink Layout * CVE-2022-0972: Use after free in Extensions * CVE-2022-0973: Use after free in Safe Browsing * CVE-2022-0974: Use after free in Splitscreen * CVE-2022-0975: Use after free in ANGLE * CVE-2022-0976: Heap buffer overflow in GPU * CVE-2022-0977: Use after free in Browser UI * CVE-2022-0978: Use after free in ANGLE * CVE-2022-0979: Use after free in Safe Browsing * CVE-2022-0980: Use after free in New Tab Page * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1197163 CVE-2022-0971 CVE-2022-0972 CVE-2022-0973 CVE-2022-0974 CVE-2022-0975 CVE-2022-0976 CVE-2022-0977 CVE-2022-0978 CVE-2022-0979 CVE-2022-0980 cpe:/o:opensuse:leap:15.3 Security update for chromium (Important) openSUSE Leap 15.3 This update for chromium fixes the following issues: Chromium 99.0.4844.84: * CVE-2022-1096: Type Confusion in V8 (boo#1197552) Important SUSE bug 1197552 CVE-2022-1096 cpe:/o:opensuse:leap:15.3 Security update for openSUSE-build-key (Moderate) openSUSE Leap 15.3 This update for openSUSE-build-key fixes the following issues: - Disabled the SLE11 build key as SLE11 is EOL now, also key was 1024bit RSA (removed gpg-pubkey-307e3d54-5aaa90a5.asc) Also obsolete old build key. Moderate SUSE bug 1197293 cpe:/o:opensuse:leap:15.3 Security update for fish3 (Important) openSUSE Leap 15.3 This update for fish3 fixes the following issues: - CVE-2022-20001: Navigating to a compromised git repository may lead to arbitrary code execution (bsc#1197139) Important SUSE bug 1197139 CVE-2022-20001 cpe:/o:opensuse:leap:15.3 Security update for icingaweb2 (Important) openSUSE Leap 15.3 This update for icingaweb2 fixes the following issues: icingaweb2 was updated to 2.8.6 This is a security release. * Security Fixes - CVE-2022-24715: SSH resources allow arbitrary code execution for authenticated users (GHSA-v9mv-h52f-7g63 boo#1196911) - CVE-2022-24714: Unwanted disclosure of hosts and related data, linked to decommissioned services (GHSA-qcmg-vr56-x9wf boo#1196913) Important SUSE bug 1196911 SUSE bug 1196913 CVE-2022-24714 CVE-2022-24715 cpe:/o:opensuse:leap:15.3 Security update for nextcloud (Moderate) openSUSE Leap 15.3 This update for nextcloud fixes the following issues: nextcloud was updated to 21.0.9: - CVE-2021-41239 (CWE-200): user enumeration setting not obeyed in User Status API (boo#1196905) - CVE-2021-41241 (CWE-863): groupfolders advanced permissions is not obeyed for subfolders (boo#1196908) - CVE-2021-41741 (CWE-400): High memory usage for generating preview of broken image (boo#1196952) - For more changes see https://nextcloud.com/changelog/#21-0-9 Moderate SUSE bug 1196905 SUSE bug 1196908 SUSE bug 1196952 CVE-2021-41239 CVE-2021-41241 CVE-2021-41741 cpe:/o:opensuse:leap:15.3 Security update for minetest (Important) openSUSE Leap 15.3 This update for minetest fixes the following issues: Update to version 5.6.0 * Fix CVE-2022-35978 ( boo#1202423 ): Mod scripts can escape sandbox in single player mode * `name` in game.conf is deprecated for the game title, use `title` instead * Add depth sorting for node faces * Various bug fixes * Full changes: https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0 - Introduced mbranch-protection=none CXX flag to resolve boo#1193141 (aarch64). Update to version 5.5.0 & 5.5.1: * Full log for version 5.5.0: https://dev.minetest.net/Changelog#5.4.0_.E2.86.92_5.5.0 * This release switches from Irrlicht to our own fork called IrrlichtMt. * Full log for version 5.5.1: https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.5.1 * This is a maintenance release based on 5.5.0, it contains bugfixes but no new features. - Added hardening to systemd service(s) (boo#1181400). - Update to version 5.4.1: * This is a maintenance release based on 5.4.0, it contains bugfixes but no new features. - Update to version 5.4.0 * Full log: https://dev.minetest.net/Changelog#5.3.0_.E2.86.92_5.4.0 * Removed support for bumpmapping, generated normal maps and parallax occlusion * By default, the crosshair will now change to an 'X' when pointing to objects * Prevent players accessing inventories of other players * Prevent interacting with items out of the hotbar * Prevent players from being able to modify ItemStack meta - Update to version 5.3.0. (see https://dev.minetest.net/Changelog#5.2.0_.E2.86.92_5.3.0) * Formspec improvements, including a scrolling GUI element * Performance improvements to the Server and API * Many bug fixes and small features - Now requires desktop-file-utils version >= 0.25. Important SUSE bug 1181400 SUSE bug 1193141 SUSE bug 1202423 CVE-2022-35978 cpe:/o:opensuse:leap:15.3 Security update for libheimdal (Important) openSUSE Leap 15.3 This update for libheimdal fixes the following issues: Update to version 7.8.0 - CVE-2022-42898 PAC parse integer overflows - CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour - CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array - CVE-2021-44758 A null pointer de-reference DoS in SPNEGO acceptors - CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ - CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec - CVE-2019-14870: Validate client attributes in protocol-transition Important CVE-2019-14870 CVE-2021-3671 CVE-2021-44758 CVE-2022-3437 CVE-2022-41916 CVE-2022-42898 CVE-2022-44640 cpe:/o:opensuse:leap:15.3 Security update for tor (Moderate) openSUSE Leap 15.3 This update for tor fixes the following issues: tor 0.4.7.13: * fix SafeSocks option to avoid DNS leaks (boo#1207110, TROVE-2022-002) * improve congestion control * fix relay channel handling tor 0.4.7.12: * new key for moria1 * new metrics are exported on the MetricsPort for the congestion control subsystem Moderate SUSE bug 1207110 cpe:/o:opensuse:leap:15.3 Security update for multimon-ng (Moderate) openSUSE Leap 15.3 This update for multimon-ng fixes the following issues: - Update to new upstream release 1.2.0 * Separated FLEX and FLEX_NEXT. The former is identical to 1.1.9, while FLEX_NEXT gained new features, as well as known regressions. (See #168) * Fix CVE-2020-36619 (boo#1206542) * Several smaller POCSAG fixes. * Fix for opening large wav files with improper header. - Update to new upstream release 1.1.9 * multimon-ng now has a man page, let's try to keep it updated. * FLEX: Changes to group messages and delimiters. * FMS: Fixed a problem with the direction of telegrams. * POCSAG: Support for the Slovenian charset. Moderate SUSE bug 1206542 CVE-2020-36619 cpe:/o:opensuse:leap:15.3 Security update for pkgconf (Moderate) openSUSE Leap 15.3 This update for pkgconf fixes the following issues: - CVE-2023-24056: FIxed variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c (boo#1207394). Moderate SUSE bug 1207394 CVE-2023-24056 cpe:/o:opensuse:leap:15.3 Security update for python-Django (Important) openSUSE Leap 15.3 This update for python-Django fixes the following issues: - CVE-2022-41323: Fixed potential denial-of-service vulnerability in internationalized URLs (boo#1203793) - CVE-2022-36359: Fixed a potential reflected file download vulnerability in FileResponse (boo#1201923) - Update from 2.2.12 to 2.2.28 (boo#1198297) * Many CVEs fixes (check https://github.com/django/django/blob/main/docs/releases/) 2.2.28: - CVE-2022-28346: Fixed potential SQL injection in QuerySet.annotate(), aggregate(), and extra() (bsc#1198398) - CVE-2022-28347: Fixed potential SQL injection via QuerySet.explain(**options) (bsc#1198399) 2.2.27: - CVE-2022-22818: Fixed possible XSS via ``{% debug %}`` template tag (bsc#1195086) - CVE-2022-23833: Fixed denial-of-service possibility in file uploads (bsc#1195088) 2.2.26: - CVE-2021-45115: Denial-of-service possibility in ``UserAttributeSimilarityValidator`` (bsc#1194115) - CVE-2021-45116: Potential information disclosure in ``dictsort`` template filter (bsc#1194117) - CVE-2021-45452: Potential directory-traversal via ``Storage.save()`` (bsc#) 2.2.25: - CVE-2021-44420: Potential bypass of an upstream access control based on URL paths (bsc#1193240) 2.2.24: - CVE-2021-33203: Potential directory traversal via ``admindocs`` - CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses 2.2.23: - regression fix 2.2.22: - CVE-2021-32052: Header injection possibility since ``URLValidator`` accepted newlines in input on Python 3.9.5+ Important SUSE bug 1185713 SUSE bug 1186608 SUSE bug 1186611 SUSE bug 1193240 SUSE bug 1194115 SUSE bug 1194116 SUSE bug 1194117 SUSE bug 1195086 SUSE bug 1195088 SUSE bug 1198297 SUSE bug 1198398 SUSE bug 1198399 SUSE bug 1201923 SUSE bug 1203793 CVE-2021-32052 CVE-2021-33203 CVE-2021-33571 CVE-2021-44420 CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 CVE-2022-22818 CVE-2022-23833 CVE-2022-28346 CVE-2022-28347 CVE-2022-36359 CVE-2022-41323 cpe:/o:opensuse:leap:15.3 Security update for djvulibre (Important) openSUSE Leap 15.3 This update for djvulibre fixes the following issues: - CVE-2021-32490 [bsc#1185895]: Out of bounds write in function DJVU:filter_bv() via crafted djvu file - CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file Important SUSE bug 1185895 SUSE bug 1185900 SUSE bug 1185904 SUSE bug 1185905 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 cpe:/o:opensuse:leap:15.3 Security update for graphviz (Critical) openSUSE Leap 15.3 This update for graphviz fixes the following issues: - CVE-2020-18032: Fixed possible remote code execution via buffer overflow (bsc#1185833). Critical SUSE bug 1185833 CVE-2020-18032 cpe:/o:opensuse:leap:15.3 Security update for fribidi (Important) openSUSE Leap 15.3 This update for fribidi fixes the following issues: Security issues fixed: - CVE-2019-18397: Avoid buffer overflow. (bsc#1156260) Important SUSE bug 1156260 CVE-2019-18397 cpe:/o:opensuse:leap:15.3 Security update for libass (Moderate) openSUSE Leap 15.3 This update for libass fixes the following issues: - CVE-2020-24994: Fixed a stack overflow in the parse_tag (bsc#1184153). Moderate SUSE bug 1184153 CVE-2020-24994 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-openj9 (Moderate) openSUSE Leap 15.3 This update for java-1_8_0-openj9 fixes the following issues: - Update to OpenJDK 8u292 build 10 with OpenJ9 0.26.0 virtual machine. - CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055). Moderate SUSE bug 1185055 CVE-2021-2163 cpe:/o:opensuse:leap:15.3 Security update for libu2f-host (Moderate) openSUSE Leap 15.3 This update for libu2f-host fixes the following issues: This update ships the u2f-host package (jsc#ECO-3687 bsc#1184648) Version 1.1.10 (released 2019-05-15) - Add new devices to udev rules. - Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140) Version 1.1.9 (released 2019-03-06) - Fix CID copying from the init response, which broke compatibility with some devices. Version 1.1.8 (released 2019-03-05) - Add udev rules - Drop 70-old-u2f.rules and use 70-u2f.rules for everything - Use a random nonce for setting up CID to prevent fingerprinting - CVE-2019-9578: Parse the response to init in a more stable way to prevent leakage of uninitialized stack memory back to the device (bsc#1128140). Version 1.1.7 (released 2019-01-08) - Fix for trusting length from device in device init. - Fix for buffer overflow when receiving data from device. (YSA-2019-01, CVE-2018-20340, bsc#1124781) - Add udev rules for some new devices. - Add udev rule for Feitian ePass FIDO - Add a timeout to the register and authenticate actions. Moderate SUSE bug 1124781 SUSE bug 1128140 SUSE bug 1184648 CVE-2018-20340 CVE-2019-9578 cpe:/o:opensuse:leap:15.3 Security update for rubygem-actionpack-5_1 (Important) openSUSE Leap 15.3 This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack (bsc#1185715). Important SUSE bug 1185715 CVE-2021-22885 cpe:/o:opensuse:leap:15.3 Security update for hivex (Moderate) openSUSE Leap 15.3 This update for hivex fixes the following issues: - CVE-2021-3504: hivex: missing bounds check within hivex_open() (bsc#1185013) Moderate SUSE bug 1185013 CVE-2021-3504 cpe:/o:opensuse:leap:15.3 Security update for curl (Moderate) openSUSE Leap 15.3 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. Moderate SUSE bug 1186114 CVE-2021-22898 cpe:/o:opensuse:leap:15.3 Security update for postgresql13 (Moderate) openSUSE Leap 15.3 This update for postgresql13 fixes the following issues: - Upgrade to version 13.3: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (bsc#1185926). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118). - Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945). Moderate SUSE bug 1179945 SUSE bug 1183118 SUSE bug 1183168 SUSE bug 1185924 SUSE bug 1185925 SUSE bug 1185926 CVE-2021-32027 CVE-2021-32028 CVE-2021-32029 cpe:/o:opensuse:leap:15.3 Security update for python-httplib2 (Moderate) openSUSE Leap 15.3 This update for python-httplib2 fixes the following issues: - Update to version 0.19.0 (bsc#1182053). - CVE-2021-21240: Fixed regular expression denial of service via malicious header (bsc#1182053). - CVE-2020-11078: Fixed unescaped part of uri where an attacker could change request headers and body (bsc#1182053). Moderate SUSE bug 1171998 SUSE bug 1182053 CVE-2020-11078 CVE-2021-21240 cpe:/o:opensuse:leap:15.3 Security update for nginx (Important) openSUSE Leap 15.3 This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write (bsc#1186126) Important SUSE bug 1186126 CVE-2021-23017 cpe:/o:opensuse:leap:15.3 Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (Important) openSUSE Leap 15.3 This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues: gstreamer was updated to version 1.16.3 (bsc#1181255): - delay creation of threadpools - bin: Fix `deep-element-removed` log message - buffer: fix meta sequence number fallback on rpi - bufferlist: foreach: always remove as parent if buffer is changed - bus: Make setting/replacing/clearing the sync handler thread-safe - elementfactory: Fix missing features in case a feature moves to another filename - element: When removing a ghost pad also unset its target - meta: intern registered impl string - registry: Use a toolchain-specific registry file on Windows - systemclock: Invalid internal time calculation causes non-increasing clock time on Windows - value: don't write to `const char *` - value: Fix segfault comparing empty GValueArrays - Revert floating enforcing - aggregator: fix iteration direction in skip_buffers - sparsefile: fix possible crash when seeking - baseparse: cache fix - baseparse: fix memory leak when subclass skips whole input buffer - baseparse: Set the private duration before posting a duration-changed message - basetransform: allow not passthrough if generate_output is implemented - identity: Fix a minor leak using meta_str - queue: protect against lost wakeups for iterm_del condition - queue2: Avoid races when posting buffering messages - queue2: Fix missing/dropped buffering messages at startup - identity: Unblock condition variable on FLUSH_START - check: Use `g_thread_yield()` instead of `g_usleep(1)` - tests: use cpu_family for arch checks - gst-launch: Follow up to missing `s/g_print/gst_print/g` - gst-inspect: Add define guard for `g_log_writer_supports_color()` - gst-launch: go back down to `GST_STATE_NULL` in one step. - device-monitor: list hidden providers before listing devices - autotools build fixes for GNU make 4.3 gstreamer-plugins-good was updated to version 1.16.3 (bsc#1181255): - deinterlace: on-the-fly renegotiation - flacenc: Pass audio info from set_format() to query_total_samples() explicitly - flacparse: fix broken reordering of flac metadata - jack: Use jack_free(3) to release ports - jpegdec: check buffer size before dereferencing - pulse: fix discovery of newly added devices - qtdemux fuzzing fixes - qtdemux: Add 'mp3 ' fourcc that VLC seems to produce now - qtdemux: Specify REDIRECT information in error message - rtpbin: fix shutdown crash in rtpbin - rtpsession: rename RTCP thread - rtpvp8pay, rtpvp9pay: fix caps leak in set_caps() - rtpjpegdepay: outputs framed jpeg - rtpjitterbuffer: Properly free internal packets queue in finalize() - rtspsrc: Don't return TRUE for unhandled query - rtspsrc: Avoid stack overflow recursing waiting for response - rtspsrc: Use the correct type for storing the max-rtcp-rtp-time-diff property - rtspsrc: Error out when failling to receive message response - rtspsrc: Fix for segmentation fault when handling set/get_parameter requests - speex: Fix crash on Windows caused by cross-CRT issue - speexdec: Crash when stopping the pipeline - splitmuxsrc: Properly stop the loop if no part reader is present - use gst_element_class_set_metadata when passing dynamic strings - v4l2videodec: Increase internal bitstream pool size - v4l2: fix crash when handling unsupported video format - videocrop: allow properties to be animated by GstController - videomixer: Don't leak peer caps - vp8enc/vp8enc: set 1 for the default value of VP8E_SET_STATIC_THRESHOLD - wavenc: Fix writing of the channel mask with >2 channels gstreamer-plugins-bad was updated to version 1.16.3 (bsc#1181255): - amcvideodec: fix sync meta copying not taking a reference - audiobuffersplit: Perform discont tracking on running time - audiobuffersplit: Specify in the template caps that only interleaved audio is supported - audiobuffersplit: Unset DISCONT flag if not discontinuous - autoconvert: Fix lock-less exchange or free condition - autoconvert: fix compiler warnings with g_atomic on recent GLib versions - avfvideosrc: element requests camera permissions even with capture-screen property is true - codecparsers: h264parser: guard against ref_pic_markings overflow - dtlsconnection: Avoid segmentation fault when no srtp capabilities are negotiated - dtls/connection: fix EOF handling with openssl 1.1.1e - fdkaacdec: add support for mpegversion=2 - hls: Check nettle version to ensure AES128 support - ipcpipeline: Rework compiler checks - interlace: Increment phase_index before checking if we're at the end of the phase - lv2: Make it build with -fno-common - h264parser: Do not allocate too large size of memory for registered user data SEI - ladspa: fix unbounded integer properties - modplug: avoid division by zero - msdkdec: Fix GstMsdkContext leak - msdkenc: fix leaks on windows - musepackdec: Don't fail all queries if no sample rate is known yet - openslessink: Allow openslessink to handle 48kHz streams. - opencv: allow compilation against 4.2.x - proxysink: event_function needs to handle the event when it is disconnecetd from proxysrc - vulkan: Drop use of VK_RESULT_BEGIN_RANGE - wasapi: added missing lock release in case of error in gst_wasapi_xxx_reset - wasapi: Fix possible deadlock while downwards state change - waylandsink: Clear window when pipeline is stopped - webrtc: Support non-trickle ICE candidates in the SDP - webrtc: Unmap all non-binary buffers received via the datachannel - meson: build with neon 0.31 - Drop upstream fixed patch: gstreamer-h264parser-fix-overflow.patch - h264parser: guard against ref_pic_markings overflow (bsc#1181255 CVE-2021-3185) - Disable the kate/libtiger plugin. Kate streams for karaoke are not used anymore, and the source tarball for libtiger is no longer available upstream. (jsc#SLE-13843) gstreamer-plugins-ugly was updated to version 1.16.3 (bsc#1181255): + x264enc: corrected em_data value in CEA-708 CC SEI message gstreamer-plugins-base was updated to version 1.16.3 (bsc#1181255): - audioaggregator: Check all downstream allowed caps structures if they support the upstream rate - audioaggregator: Fix negotiation with downstream if there is no peer yet - audioencoder: fix segment event leak - discoverer: Fix caps handling in `pad-added` signal handler - discoverer: Start discovering next URI from right thread - fft: Update our kiss fft version, fixes thread-safety and concurrency issues and misc other things - gl: numerous memory fixes (use-after-free, leaks, missing NULL-ify) - gl/display/egl: ensure debug category is initialized - gstglwindow_x11: fix resize - pbutils: Add latest H.264 level values - rtpbuffer: fix header extension length validation - video: Fix NV12_64Z32 number of component - video-format: RGB16/15 are not 16 bit per component but only 5.333 and 5 - video: fix top/bottom field flags - videodecoder: don't copy interlace-mode from reference state - appsrc/appsink: Make setting/replacing callbacks thread-safe - compositor: Fix checkerboard filling for BGRx/RGBx and UYVY/YUY2/YVYU - decodebin3: only force streams-selected seqnum after a select-streams - glupload: Fix fallback from direct dmabuf to dmabuf upload method - glvideomixer: perform `_get_highest_precision()` on the GL thread - libvisual: use `gst_element_class_set_metadata()` when passing dynamic strings - oggstream: Workaround for broken PAR in VP8 BOS - subparse: accept WebVTT timestamps without an hour component - playbin: Handle error message with redirection indication - textrender: Fix AYUV output. - typefind: Consider MPEG-PS PSM to be a PES type - uridecodebin3: default to non-0 buffer-size and buffer-duration, otherwise it could potentially cause big memory allocations over time - videoaggregator: Don't configure NULL chroma-site/colorimetry - videorate/videoscale/audioresample: Ensure that the caps returned from... - build: Replace bashisms in configure for Wayland and GLES3 Important SUSE bug 1181255 CVE-2021-3185 cpe:/o:opensuse:leap:15.3 Security update for lz4 (Important) openSUSE Leap 15.3 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). Important SUSE bug 1185438 CVE-2021-3520 cpe:/o:opensuse:leap:15.3 Security update for bind (Important) openSUSE Leap 15.3 This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - Switched from /var/run to /run (bsc#1185073) - Hardening: Compiled binary with PIE flags to make it position independent Important SUSE bug 1183453 SUSE bug 1185073 CVE-2021-25214 CVE-2021-25215 cpe:/o:opensuse:leap:15.3 Security update for ceph (Important) openSUSE Leap 15.3 This update for ceph fixes the following issues: - Update to 15.2.12-83-g528da226523: - (CVE-2021-3509) fix cookie injection issue (bsc#1186021) - (CVE-2021-3531) RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (bsc#1186020) - (CVE-2021-3524) sanitize \r in s3 CORSConfiguration’s ExposeHeader (bsc#1185619) Important SUSE bug 1185619 SUSE bug 1186020 SUSE bug 1186021 CVE-2021-3509 CVE-2021-3524 CVE-2021-3531 cpe:/o:opensuse:leap:15.3 Security update for xstream (Important) openSUSE Leap 15.3 This update for xstream fixes the following issues: - Upgrade to 1.4.16 - CVE-2021-21351: remote attacker to load and execute arbitrary code (bsc#1184796) - CVE-2021-21349: SSRF can lead to a remote attacker to request data from internal resources (bsc#1184797) - CVE-2021-21350: arbitrary code execution (bsc#1184380) - CVE-2021-21348: remote attacker could cause denial of service by consuming maximum CPU time (bsc#1184374) - CVE-2021-21347: remote attacker to load and execute arbitrary code from a remote host (bsc#1184378) - CVE-2021-21344: remote attacker could load and execute arbitrary code from a remote host (bsc#1184375) - CVE-2021-21342: server-side forgery (bsc#1184379) - CVE-2021-21341: remote attacker could cause a denial of service by allocating 100% CPU time (bsc#1184377) - CVE-2021-21346: remote attacker could load and execute arbitrary code (bsc#1184373) - CVE-2021-21345: remote attacker with sufficient rights could execute commands (bsc#1184372) - CVE-2021-21343: replace or inject objects, that result in the deletion of files on the local host (bsc#1184376) Important SUSE bug 1184372 SUSE bug 1184373 SUSE bug 1184374 SUSE bug 1184375 SUSE bug 1184376 SUSE bug 1184377 SUSE bug 1184378 SUSE bug 1184379 SUSE bug 1184380 SUSE bug 1184796 SUSE bug 1184797 CVE-2021-21341 CVE-2021-21342 CVE-2021-21343 CVE-2021-21344 CVE-2021-21345 CVE-2021-21346 CVE-2021-21347 CVE-2021-21348 CVE-2021-21349 CVE-2021-21350 CVE-2021-21351 cpe:/o:opensuse:leap:15.3 Security update for dhcp (Important) openSUSE Leap 15.3 This update for dhcp fixes the following issues: - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382) Important SUSE bug 1186382 CVE-2021-25217 cpe:/o:opensuse:leap:15.3 Security update for polkit (Important) openSUSE Leap 15.3 This update for polkit fixes the following issues: - CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497). Important SUSE bug 1186497 CVE-2021-3560 cpe:/o:opensuse:leap:15.3 Security update for avahi (Important) openSUSE Leap 15.3 This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521). - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh (bsc#1180827) - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Add sudo to requires: used to drop privileges. Important SUSE bug 1180827 SUSE bug 1184521 CVE-2021-26720 CVE-2021-3468 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Moderate) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.10.2 - CVE-2021-29957: Fixed partial protection of inline OpenPGP message not indicated (bsc#1186198). - CVE-2021-29956: Fixed Thunderbird stored OpenPGP secret keys without master password protection (bsc#1186199). - CVE-2021-29951: Fixed Thunderbird Maintenance Service could have been started or stopped by domain users (bsc#1185633). - CVE-2021-29950: Fixed logic issue potentially leaves key material unlocked (bsc#1185086). Moderate SUSE bug 1185086 SUSE bug 1185633 SUSE bug 1186198 SUSE bug 1186199 CVE-2021-29950 CVE-2021-29951 CVE-2021-29956 CVE-2021-29957 cpe:/o:opensuse:leap:15.3 Security update for python-py (Moderate) openSUSE Leap 15.3 This update for python-py fixes the following issues: - CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505). Moderate SUSE bug 1179805 SUSE bug 1184505 CVE-2020-29651 cpe:/o:opensuse:leap:15.3 Security update for libwebp (Critical) openSUSE Leap 15.3 This update for libwebp fixes the following issues: - CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685). - CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691). - CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674). - CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652). - CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690). - CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into functions (bsc#1185688). - CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654). - CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686). - CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673). - CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247). Critical SUSE bug 1185652 SUSE bug 1185654 SUSE bug 1185673 SUSE bug 1185674 SUSE bug 1185685 SUSE bug 1185686 SUSE bug 1185688 SUSE bug 1185690 SUSE bug 1185691 SUSE bug 1186247 CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25012 CVE-2018-25013 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 cpe:/o:opensuse:leap:15.3 Security update for umoci (Important) openSUSE Leap 15.3 This update for umoci fixes the following issues: Update to v0.4.7 (bsc#1184147). - CVE-2021-29136: Fixed overwriting of host files via malicious layer (bsc#1184147). Important SUSE bug 1184147 CVE-2021-29136 cpe:/o:opensuse:leap:15.3 Security update for snakeyaml (Important) openSUSE Leap 15.3 This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation (bsc#1159488, bsc#1186088) Important SUSE bug 1159488 SUSE bug 1186088 CVE-2017-18640 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.11.0 ESR (bsc#1186696) * CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message * CVE-2021-29967: Memory safety bugs fixed in Firefox Important SUSE bug 1185633 SUSE bug 1186696 CVE-2021-29951 CVE-2021-29964 CVE-2021-29967 cpe:/o:opensuse:leap:15.3 Security update for pam_radius (Moderate) openSUSE Leap 15.3 This update for pam_radius fixes the following issues: - CVE-2015-9542: pam_radius: buffer overflow in password field (bsc#1163933) Moderate SUSE bug 1163933 CVE-2015-9542 cpe:/o:opensuse:leap:15.3 Security update for libX11 (Important) openSUSE Leap 15.3 This update for libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643) Important SUSE bug 1186643 CVE-2021-31535 cpe:/o:opensuse:leap:15.3 Security update for libopenmpt (Moderate) openSUSE Leap 15.3 This update for libopenmpt fixes the following issues: Various bugfix and stability issues were fixed, some of those might have security impact. libopenmpt was updated to 0.3.28: * Fixed excessive memory consumption with malformed files in various formats. Changes in 0.3.27: * AMS: Avoid allocating excessive amount of memory for compressed song message in malformed files. * S3M: Some samples were imported with a too high sample rate if module was saved with Scream Tracker 3. Changes in 0.3.26: * DMF: Improve import of finetune effect with parameters larger than +/-15. Changes in 0.3.25: * AMS: An upper bound for uncompressed sample size is now established to avoid memory exhaustion from malformed files. * MO3: Avoid certain ModPlug hacks from being fixed up twice, which could lead to e.g. very narrow pan swing range for old OpenMPT IT files saved with a recent MO3 encoder version. * IMF: Instrument sample mapping was off by one octave, notable in the guitar part of Astaris by Karsten Koch. * PLM: Percentage offset (Mxx) was slightly off. Changes in 0.3.24: * PP20: The first few bytes of some files were not decompressed properly, making some files unplayable (depending on the original format). Changes in 0.3.23: * IT: Global volume slides with both nibbles set preferred the “slide up” nibble over the “slide down” nibble in old OpenMPT versions, unlike other slides. Such old files are now imported correctly again. * IT: Fixed an edge case where, if the filter hit full cutoff / no resonance on the first tick of a row where a new delayed note would be triggered, the filter would be disabled even though it should stay active. Fixes trace.it by maddie. * XM: Out-of-range arpeggio clamping behaviour broke in OpenMPT 1.23.05.00. The arpeggios in Binary World by Dakota now play correctly again. * S3M: Support old-style sample pre-amp value in very early S3M files. * S3M: Only force-enable fast slides for files ST 3.00. Previously, any S3M file made with an ST3 version older than 3.20 enabled them. * M15: Improve tracker detection heuristics to never assume SoundTracker 2.0 if there is a huge number of Dxx commands, as that is a definite hint that they should be treated as volume slides. Fixes Monty On The Run by Master Blaster. Changes in 0.3.22: * IT: Disable retrigger with short notes quirk for modules saved with Chibi Tracker, as it does not implement that quirk. * MOD: Fix early song ending due to ProTracker pattern jump quirk (EEx + Dxx on same row) if infinite looping is disabled. Fixes Haunted Tracks.mod by Triace. * MOD: Vibrato type “ramp down” was upside down. Changes in 0.3.21: * IT: Vibrato was too fast in Old Effects mode since libopenmpt 0.3. * XM: Treat 8bitbubsy’s FT2 clone exactly like Fasttracker 2 with respect to compatibility and playback flags. For example, FT2 Pan Law was not applied. * DMF: Some files had a wrong tempo since libopenmpt 0.2.5705-beta15. Moderate SUSE bug 1186663 cpe:/o:opensuse:leap:15.3 Security update for libxml2 (Moderate) openSUSE Leap 15.3 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) Moderate SUSE bug 1186015 CVE-2021-3541 cpe:/o:opensuse:leap:15.3 Security update for ucode-intel (Important) openSUSE Leap 15.3 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20210608 release. - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833) See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html - CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) - CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) - CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html Other fixes: - Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details. - Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. - New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2 | ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3 | ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3 | SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB | SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB | TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile | EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11 - Updated platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3 | HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx | SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3 | BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 | BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87 | BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53 | APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5 | DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series | GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx | GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology | AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile | CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10 | CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile | CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile Important SUSE bug 1179833 SUSE bug 1179836 SUSE bug 1179837 SUSE bug 1179839 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 cpe:/o:opensuse:leap:15.3 Security update for qemu (Important) openSUSE Leap 15.3 This update for qemu fixes the following issues: - Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream (bsc#1181103) - Fix OOB access in sdhci interface (CVE-2020-17380, bsc#1175144, CVE-2020-25085, bsc#1176681, CVE-2021-3409, bsc#1182282) - Fix potential privilege escalation in virtiofsd tool (CVE-2021-20263, bsc#1183373) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290) - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-3419, bsc#1182975) Important SUSE bug 1149813 SUSE bug 1163019 SUSE bug 1175144 SUSE bug 1175534 SUSE bug 1176681 SUSE bug 1178683 SUSE bug 1178935 SUSE bug 1179477 SUSE bug 1179484 SUSE bug 1179686 SUSE bug 1181103 SUSE bug 1182282 SUSE bug 1182425 SUSE bug 1182968 SUSE bug 1182975 SUSE bug 1183373 SUSE bug 1186290 CVE-2019-15890 CVE-2020-14364 CVE-2020-17380 CVE-2020-25085 CVE-2020-25707 CVE-2020-25723 CVE-2020-27821 CVE-2020-29129 CVE-2020-29130 CVE-2020-8608 CVE-2021-20263 CVE-2021-3409 CVE-2021-3416 CVE-2021-3419 cpe:/o:opensuse:leap:15.3 Security update for djvulibre (Important) openSUSE Leap 15.3 This update for djvulibre fixes the following issues: - CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253) Important SUSE bug 1186253 CVE-2021-3500 cpe:/o:opensuse:leap:15.3 Security update for salt (Important) openSUSE Leap 15.3 This update for salt fixes the following issues: - Check if dpkgnotify is executable (bsc#1186674) - Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#SLE-18028) - Drop support for Python2. Obsoletes `python2-salt` package (jsc#SLE-18028) - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module (bsc#1185281, CVE-2021-31607) - transactional_update: detect recursion in the executor - Add subpackage `salt-transactional-update` (jsc#SLE-18033) - Remove duplicate directories Important SUSE bug 1185281 SUSE bug 1186674 CVE-2021-31607 cpe:/o:opensuse:leap:15.3 Security update for containerd, docker, runc (Important) openSUSE Leap 15.3 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594) * Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476). * CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) * CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730). * btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081) runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962). * Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821). * Fixed /dev/null is not available (bsc#1168481). * CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405). containerd was updated to v1.4.4 * CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397). * Handle a requirement from docker (bsc#1181594). Important SUSE bug 1168481 SUSE bug 1175081 SUSE bug 1175821 SUSE bug 1181594 SUSE bug 1181641 SUSE bug 1181677 SUSE bug 1181730 SUSE bug 1181732 SUSE bug 1181749 SUSE bug 1182451 SUSE bug 1182476 SUSE bug 1182947 SUSE bug 1183024 SUSE bug 1183855 SUSE bug 1184768 SUSE bug 1184962 SUSE bug 1185405 CVE-2021-21284 CVE-2021-21285 CVE-2021-21334 CVE-2021-30465 cpe:/o:opensuse:leap:15.3 Security update for libjpeg-turbo (Moderate) openSUSE Leap 15.3 This update for libjpeg-turbo fixes the following issues: - CVE-2020-17541: Fixed a stack-based buffer overflow in the 'transform' component (bsc#1186764). Moderate SUSE bug 1186764 CVE-2020-17541 cpe:/o:opensuse:leap:15.3 Security update for squid (Important) openSUSE Leap 15.3 This update for squid fixes the following issues: - update to 4.15: - CVE-2021-28652: Broken cache manager URL parsing (bsc#1185918) - CVE-2021-28651: Memory leak in RFC 2169 response parsing (bsc#1185921) - CVE-2021-28662: Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs (bsc#1185919) - CVE-2021-31806: Handle more Range requests (bsc#1185916) - CVE-2020-25097: HTTP Request Smuggling vulnerability (bsc#1183436) - Handle more partial responses (bsc#1185923) - fix previous change to reinstante permissions macros, because the wrong path has been used (bsc#1171569). - use libexecdir instead of libdir to conform to recent changes in Factory (bsc#1171164). - Reinstate permissions macros for pinger binary, because the permissions package is also responsible for setting up the cap_net_raw capability, currently a fresh squid install doesn't get a capability bit at all (bsc#1171569). - Change pinger and basic_pam_auth helper to use standard permissions. pinger uses cap_net_raw=ep instead (bsc#1171569) Important SUSE bug 1171164 SUSE bug 1171569 SUSE bug 1183436 SUSE bug 1185916 SUSE bug 1185918 SUSE bug 1185919 SUSE bug 1185921 SUSE bug 1185923 CVE-2020-25097 CVE-2021-28651 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 cpe:/o:opensuse:leap:15.3 Security update for postgresql10 (Moderate) openSUSE Leap 15.3 This update for postgresql10 fixes the following issues: - Upgrade to version 10.17: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). Moderate SUSE bug 1183168 SUSE bug 1185924 SUSE bug 1185925 CVE-2021-32027 CVE-2021-32028 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861) - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) - CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). - CVE-2021-28952: Fixed a buffer overflow in the soundwire device driver, triggered when an unexpected port ID number is encountered. (bnc#1184197). - CVE-2021-20268: Fixed an out-of-bounds access flaw in the implementation of the eBPF code verifier. This flaw allowed a local user to crash the system or possibly escalate their privileges. (bnc#1183077) - CVE-2020-27673: Fixed a vulnerability with xen, where guest OS users could cause a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2021-3489: Fixed an issue where the eBPF RINGBUF bpf_ringbuf_reserve did not check that the allocated size was smaller than the ringbuf size (bnc#1185640). - CVE-2021-3490: Fixed an issue where the eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) did not update the 32-bit bounds (bnc#1185641 bnc#1185796 ). - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). The following non-security bugs were fixed: - ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes). - ACPI / idle: override c-state latency when not in conformance with s0ix (bsc#1185840). - ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes). - ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes). - ACPI: PM: Add ACPI ID of Alder Lake Fan (git-fixes). - ACPI: PM: s2idle: Add AMD support to handle _DSM (bsc#1185840). - ACPI: PM: s2idle: Add missing LPS0 functions for AMD (bsc#1185840). - ACPI: PM: s2idle: Drop unused local variables and related code (bsc#1185840). - ACPI: PM: s2idle: Move x86-specific code to the x86 directory (bsc#1185840). - ACPI: custom_method: fix a possible memory leak (git-fixes). - ACPI: custom_method: fix potential use-after-free issue (git-fixes). - ACPI: processor: Fix CPU0 wakeup in acpi_idle_play_dead() (git-fixes). - ACPI: processor: Fix build when CONFIG_ACPI_PROCESSOR=m (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ALSA: Convert strlcpy to strscpy when return value is unused (git-fixes). - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes). - ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes). - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes). - ALSA: dice: fix null pointer dereference when node is disconnected (git-fixes). - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes). - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: firewire-lib: fix amdtp_packet tracepoints event for packet_index field (git-fixes). - ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes). - ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes). - ALSA: hda/ca0132: Add Sound BlasterX AE-5 Plus support (git-fixes). - ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes). - ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes). - ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes). - ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes). - ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes). - ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes). - ALSA: hda/conexant: Add quirk for mute LED control on HP ZBook G5 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ZBook G5 model (git-fixes). - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (bsc#1182377). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/hdmi: fix race in handling acomp ELD notification at resume (git-fixes). - ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes). - ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes). - ALSA: hda/realtek: Add fixup for HP OMEN laptop (git-fixes). - ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Ideapad S740 (git-fixes). - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: Chain in pop reduction fixup for ThinkStation P340 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845 G8 (git-fixes). - ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA (git-fixes). - ALSA: hda/realtek: Fix speaker amp on HP Envy AiO 32 (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes). - ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes). - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes). - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 15 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 17 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 640 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 840 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 850 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 855 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G7 (git-fixes). - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes). - ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes). - ALSA: hda/realtek: the bass speaker can't output sound on Yoga 9i (git-fixes). - ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (bsc#1182377). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: Flush pending unsolicited events before suspend (bsc#1182377). - ALSA: hda: Re-add dropped snd_poewr_change_state() calls (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes). - ALSA: hda: ignore invalid NHLT table (git-fixes). - ALSA: hdsp: do not disable if not enabled (git-fixes). - ALSA: hdspm: do not disable if not enabled (git-fixes). - ALSA: intel8x0: Do not update period unless prepared (git-fixes). - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes). - ALSA: rme9652: do not disable if not enabled (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ALSA: usb-audio: Add DJM-450 to the quirks table (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add DJM750 to Pioneer mixer quirk (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - ALSA: usb-audio: Add Pioneer DJM-850 to quirks-table (git-fixes). - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 (git-fixes). - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes). - ALSA: usb-audio: Add implicit feeback support for the BOSS GT-1 (git-fixes). - ALSA: usb-audio: Add support for Pioneer DJM-750 (git-fixes). - ALSA: usb-audio: Add support for many Roland devices' implicit feedback quirks (git-fixes). - ALSA: usb-audio: Apply implicit feedback mode for BOSS devices (git-fixes). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Carve out connector value checking into a helper (git-fixes). - ALSA: usb-audio: Check connector value on resume (git-fixes). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes). - ALSA: usb-audio: Convert remaining strlcpy() to strscpy() (git-fixes). - ALSA: usb-audio: Convert the last strlcpy() usage (git-fixes). - ALSA: usb-audio: DJM-750: ensure format is set (git-fixes). - ALSA: usb-audio: Declare Pioneer DJM-850 mixer controls (git-fixes). - ALSA: usb-audio: Drop implicit fb quirk entries dubbed for capture (git-fixes). - ALSA: usb-audio: Explicitly set up the clock selector (git-fixes). - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounce access in MIDI EP parser (git-fixes). - ALSA: usb-audio: Fix unintentional sign extension issue (git-fixes). - ALSA: usb-audio: Generic application of implicit fb to Roland/BOSS devices (git-fixes). - ALSA: usb-audio: Re-apply implicit feedback mode to Pioneer devices (git-fixes). - ALSA: usb-audio: Remove redundant assignment to len (git-fixes). - ALSA: usb-audio: Skip probe of UA-101 devices (git-fixes). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes). - ALSA: usb-audio: add mixer quirks for Pioneer DJM-900NXS2 (git-fixes). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: fix Pioneer DJM-850 control label info (git-fixes). - ALSA: usb-audio: fix control-request direction (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: generate midi streaming substream names from jack names (git-fixes). - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes). - ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes). - ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes). - ALSA: usb-audio: use usb headers rather than define structs locally (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes). - ARM64: vdso32: Install vdso32 from vdso_install (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: Intel: boards: sof-wm8804: add check for PLL setting (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: Intel: sof_sdw: add quirk for HP Spectre x360 convertible (git-fixes). - ASoC: Intel: sof_sdw: add quirk for new ADL-P Rvp (git-fixes). - ASoC: Intel: sof_sdw: reorganize quirks by generation (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes). - ASoC: SOF: Intel: unregister DMIC device on probe error (git-fixes). - ASoC: SOF: intel: fix wrong poll bits in dsp power down (git-fixes). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Fix s/show/slow/ typo (git-fixes). - ASoC: ak5558: correct reset polarity (git-fixes). - ASoC: codecs: wcd934x: add a sanity check in set channel map (git-fixes). - ASoC: cs35l33: fix an error code in probe() (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: cs42l42: Regmap must use_single_read/write (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: max98373: Changed amp shutdown register as volatile (git-fixes). - ASoC: qcom: lpass-cpu: Fix lpass dai ids parse (git-fixes). - ASoC: qcom: sdm845: Fix array out of bounds access (git-fixes). - ASoC: qcom: sdm845: Fix array out of range on rx slim channels (git-fixes). - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes). - ASoC: rsnd: check all BUSIF status when error (git-fixes). - ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes). - ASoC: rt1015: fix i2c communication error (git-fixes). - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes). - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5659: Update MCLK rate in set_sysclk() (git-fixes). - ASoC: rt5670: Add a quirk for the Dell Venue 10 Pro 5055 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt711: add snd_soc_component remove callback (git-fixes). - ASoC: samsung: snow: remove useless test (git-fixes). - ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes). - ASoC: soc-core kABI workaround (git-fixes). - ASoC: soc-core: Prevent warning if no DMI table is present (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ASoC: wm8960: Remove bitclk relax condition in wm8960_configure_sysclk (git-fixes). - Bluetooth: Fix incorrect status handling in LE PHY UPDATE event (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes). - Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes). - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes). - Bluetooth: avoid deadlock between hci_dev->lock and socket lock (git-fixes). - Bluetooth: btqca: Add valid le states quirk (git-fixes). - Bluetooth: btusb: Enable quirk boolean flag for Mediatek Chip (git-fixes). - Bluetooth: check for zapped sk before connecting (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes). - Documentation/ABI: sysfs-platform-ideapad-laptop: update device attribute paths (git-fixes). - Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes). - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725). - Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes). - EDAC/amd64: Check for memory before fully initializing an instance (bsc#1183815). - EDAC/amd64: Get rid of the ECC disabled long message (bsc#1183815). - EDAC/amd64: Use cached data when checking for ECC (bsc#1183815). - Goodix Fingerprint device is not a modem (git-fixes). - HID: alps: fix error return code in alps_input_configured() (git-fixes). - HID: google: add don USB id (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HID: plantronics: Workaround for double volume key presses (git-fixes). - HID: wacom: Assign boolean values to a bool variable (git-fixes). - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - Hibernation: Fix Hibernate not blocked in Secure Boot with no EFI secret key - IB/hfi1: Fix probe time panic when AIP is enabled with a buggy BIOS (jsc#SLE-13208). - IB/hfi1: Rework AIP and VNIC dummy netdev usage (jsc#SLE-13208). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes). - Input: i8042 - fix Pegatron C15B ID entry (git-fixes). - Input: nspire-keypad - enable interrupts only when opened (git-fixes). - Input: s6sy761 - fix coordinate read bit shift (git-fixes). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes). - KEYS: trusted: Fix TPM reservation for seal/unseal (git-fixes). - KEYS: trusted: Fix memory leak on object td (git-fixes). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: s390: fix guarded storage control register handling (bsc#1133021). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183323). - KVM: x86: Expose XSAVEERPTR to the guest (jsc#SLE-13573). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183324). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - NFC: nci: fix memory leak in nci_allocate_device (git-fixes). - PCI/AER: Add RCEC AER error injection support (bsc#1174426). - PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426). - PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426). - PCI/AER: Specify the type of Port that was reset (bsc#1174426). - PCI/AER: Use 'aer' variable for capability offset (bsc#1174426). - PCI/AER: Write AER Capability only when we control it (bsc#1174426). - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426). - PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426). - PCI/ERR: Avoid negated conditional for clarity (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (jsc#SLE-13736 jsc#SLE-14845). - PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426). - PCI/ERR: Clear AER status only when we control AER (bsc#1174426). - PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426). - PCI/ERR: Clear status of the reporting device (bsc#1174426). - PCI/ERR: Recover from RCEC AER errors (bsc#1174426). - PCI/ERR: Recover from RCiEP AER errors (bsc#1174426). - PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426). - PCI/ERR: Retain status from error notification (bsc#1174426). - PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426). - PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426). - PCI/ERR: Use 'bridge' for clarity in pcie_do_recovery() (bsc#1174426). - PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426). - PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes). - PCI/RCEC: Fix RCiEP device to RCEC association (jsc#SLE-13736 jsc#SLE-14845 git-fixes). - PCI/portdrv: Report reset for frozen channel (bsc#1174426). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Allow VPD access for QLogic ISP2722 (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes). - PCI: Release OF node in pci_scan_device()'s error path (git-fixes). - PCI: designware-ep: Fix the Header Type check (git-fixes). - PCI: dwc: Move iATU detection earlier (git-fixes). - PCI: endpoint: Fix missing destroy_workqueue() (git-fixes). - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes). - PCI: keystone: Let AM65 use the pci_ops defined in pcie-designware-host.c (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes). - PCI: tegra: Move 'dbi' accesses to post common DWC initialization (git-fixes). - PCI: thunder: Fix compile testing (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/cm: Fix IRQ restore in ib_send_cm_sidr_rep (jsc#SLE-15176). - RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/hns: Delete redundant abnormal interrupt status (git-fixes). - RDMA/hns: Delete redundant condition judgment related to eq (git-fixes). - RDMA/mlx5: Fix drop packet rule in egress table (jsc#SLE-15175). - RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215). - RDMA/rtrs-clt: Close rtrs client conn before destroying rtrs clt session files (jsc#SLE-15176). - RDMA/rtrs-clt: destroy sysfs after removing session from active list (jsc#SLE-15176). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes). - Re-enable yenta socket driver for x86_64 (bsc#1186349) - SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428). - SUNRPC: More fixes for backlog congestion (bsc#1185428). - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes). - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes). - USB: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - USB: CDC-ACM: fix poison/unpoison imbalance (git-fixes). - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: fix TIOCGSERIAL implementation (git-fixes). - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: f81232: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: f81534: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: fix return value for unsupported ioctls (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: opticon: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: pl2303: add support for PL2303HXN (bsc#1186320). - USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320). - USB: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes). - USB: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - USB: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes). - USB: trancevibrator: fix control-request direction (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - Update config files. (bsc#1185010) - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - amdgpu: avoid incorrect %hu format string (git-fixes). - apparmor: Fix aa_label refcnt leak in policy_update (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes). - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes). - arm64: avoid -Woverride-init warning (git-fixes). - arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes). - arm64: kdump: update ppos when reading elfcorehdr (git-fixes). - arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes). - arm64: link with -z norelro for LLD or aarch64-elf (git-fixes). - arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes). - arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes). - arm64: vdso32: make vdso32 install conditional (git-fixes). - arm: mm: use __pfn_to_section() to get mem_section (git-fixes). - ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes). - ata: libahci_platform: fix IRQ check (git-fixes). - ath10k: Fix a use after free in ath10k_htc_send_bundle (git-fixes). - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes). - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes). - blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes). - blk-mq: plug request for shared sbitmap (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - blk-mq: set default elevator as deadline in case of hctx shared tagset (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - blkcg: fix memleak for iolatency (git-fixes). - block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838). - block/genhd: use atomic_t for disk_event->block (bsc#1185497). - block: Fix three kernel-doc warnings (git-fixes). - block: fix get_max_io_size() (git-fixes). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - block: rsxx: select CONFIG_CRC32 (git-fixes). - bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Enforce that struct_ops programs be GPL-only (bsc#1177028). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf: Fix an unitialized value in bpf_iter (bsc#1177028). - bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518). - bpf: Fix masking negation logic upon negative dst register (bsc#1155518). - bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds (bsc#1177028). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf: Refcount task stack in bpf_get_task_stack (bsc#1177028). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET (bsc#1177028). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - bsg: free the request before return error code (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - bus: fsl-mc: add the dpdbg device type (bsc#1185670). - bus: fsl-mc: list more commands as accepted through the ioctl (bsc#1185670). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - bus: qcom: Put child node before return (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - cdc-wdm: untangle a circular dependency between callback and softint (git-fixes). - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes). - cdrom: gdrom: initialize global variable at init time (git-fixes). - ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes). - cfg80211: scan: drop entry from hidden_list on overflow (git-fixes). - ch_ktls: Fix kernel panic (jsc#SLE-15131). - ch_ktls: do not send snd_una update to TCB in middle (jsc#SLE-15131). - ch_ktls: fix device connection close (jsc#SLE-15131). - ch_ktls: fix enum-conversion warning (jsc#SLE-15129). - ch_ktls: tcb close causes tls connection failure (jsc#SLE-15131). - cifs: New optype for session operations (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check pointer before freeing (bsc#1183534). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes). - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes). - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes). - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes). - clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - clk: uniphier: Fix potential infinite loop (git-fixes). - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - coresight: etm4x: Fix issues on trcseqevr access (git-fixes). - coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes). - coresight: remove broken __exit annotations (git-fixes). - coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes). - cpufreq: Kconfig: fix documentation links (git-fixes). - cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes). - cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes). - cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes). - cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758). - cpuidle/pseries: Fixup CEDE0 latency only for POWER10 onwards (bsc#1185550 ltc#192610). - crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes). - crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes). - crypto: chelsio - Read rxchannel-id from firmware (git-fixes). - crypto: mips/poly1305 - enable for all MIPS processors (git-fixes). - crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes). - crypto: qat - Fix a double free in adf_create_ring (git-fixes). - crypto: qat - do not release uninitialized resources (git-fixes). - crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes). - crypto: qat - fix unmap invalid dma address (git-fixes). - crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes). - crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes). - crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - cxgb4: Fix unintentional sign extension issues (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes). - dm era: Fix bitset memory leaks (git-fixes). - dm era: Recover committed writeset after crash (git-fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes). - dm era: Update in-core bitset after committing the metadata (git-fixes). - dm era: Use correct value size in equality function of writeset tree (git-fixes). - dm era: Verify the data block size hasn't changed (git-fixes). - dm era: only resize metadata in preresume (git-fixes). - dm integrity: fix error reporting in bitmap mode after creation (git-fixes). - dm ioctl: fix error return code in target_message (git-fixes). - dm mpath: fix racey management of PG initialization (git-fixes). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - dm raid: fix discard limits for raid1 (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (bsc#1185581). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git-fixes). - dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - dmaengine: Fix a double free in dma_async_device_register (git-fixes). - dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes). - dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes). - dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback (git-fixes). - dmaengine: idxd: Fix potential null dereference on pointer status (git-fixes). - dmaengine: idxd: cleanup pci interrupt vector allocation management (git-fixes). - dmaengine: idxd: clear MSIX permission entry on shutdown (git-fixes). - dmaengine: idxd: fix cdev setup and free device lifetime issues (git-fixes). - dmaengine: idxd: fix delta_rec and crc size field for completion record (git-fixes). - dmaengine: idxd: fix dma device lifetime (git-fixes). - dmaengine: idxd: fix opcap sysfs attribute output (git-fixes). - dmaengine: idxd: fix wq cleanup of WQCFG registers (git-fixes). - dmaengine: idxd: fix wq size store permission state (git-fixes). - dmaengine: idxd: removal of pcim managed mmio mapping (git-fixes). - docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes). - docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes). - dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes). - dpaa_eth: Use random MAC address when none is given (bsc#1184811). - dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - dpaa_eth: update the buffer layout for non-A050385 erratum scenarios (git-fixes). - drivers: hv: Fix whitespace errors (bsc#1185725). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amd/display/dc/dce/dce_aux: Remove duplicate line causing 'field overwritten' issue (git-fixes). - drm/amd/display: Check for DSC support instead of ASIC revision (git-fixes). - drm/amd/display: Correct algorithm for reversed gamma (git-fixes). - drm/amd/display: DCHUB underflow counter increasing in some scenarios (git-fixes). - drm/amd/display: Do not optimize bandwidth before disabling planes (git-fixes). - drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes). - drm/amd/display: Fix UBSAN: shift-out-of-bounds warning (git-fixes). - drm/amd/display: Fix debugfs link_settings entry (git-fixes). - drm/amd/display: Fix nested FPU context in dcn21_validate_bandwidth() (git-fixes). - drm/amd/display: Fix off by one in hdmi_14_process_transaction() (git-fixes). - drm/amd/display: Fix two cursor duplication when using overlay (git-fixes). - drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amd/display: Initialize attribute for hdcp_srm sysfs file (git-fixes). - drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes). - drm/amd/display: Revert dram_clock_change_latency for DCN2.1 (git-fixes). - drm/amd/display: Try YCbCr420 color when YCbCr444 fails (git-fixes). - drm/amd/display: add handling for hdcp2 rx id list validation (git-fixes). - drm/amd/display: changing sr exit latency (git-fixes). - drm/amd/display: fix dml prefetch validation (git-fixes). - drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes). - drm/amd/display: turn DPMS off on connector unplug (git-fixes). - drm/amd/pm: fix workload mismatch on vega10 (git-fixes). - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' (bsc#1152489) - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes). - drm/amdgpu/display/dm: add missing parameter documentation (git-fixes). - drm/amdgpu/display: buffer INTERRUPT_LOW_IRQ_CONTEXT interrupt work (git-fixes). - drm/amdgpu/display: remove redundant continue statement (git-fixes). - drm/amdgpu/display: restore AUX_DPHY_TX_CONTROL for DCN2.x (git-fixes). - drm/amdgpu/display: use GFP_ATOMIC in dcn21_validate_bandwidth_fp() (git-fixes). - drm/amdgpu/swsmu: add interrupt work function (git-fixes). - drm/amdgpu/swsmu: add interrupt work handler for smu11 parts (git-fixes). - drm/amdgpu: Add additional Sienna Cichlid PCI ID (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: Add mem sync flag for IB allocated by SA (git-fixes). - drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE > AMDGPU_PAGE_SIZE (git-fixes). - drm/amdgpu: Fix some unload driver issues (git-fixes). - drm/amdgpu: Init GFX10_ADDR_CONFIG for VCN v3 in DPG mode (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes). - drm/amdgpu: fb BO should be ttm_bo_type_device (git-fixes). - drm/amdgpu: fix NULL pointer dereference (git-fixes). - drm/amdgpu: fix concurrent VM flushes on Vega/Navi v2 (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes). - drm/amdgpu: remove unused variable from struct amdgpu_bo (git-fixes). - drm/amdgpu: update gc golden setting for Navi12 (git-fixes). - drm/amdgpu: update sdma golden setting for Navi12 (git-fixes). - drm/amdkfd: Fix UBSAN shift-out-of-bounds warning (git-fixes). - drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes - drm/amdkfd: dqm fence memory corruption (git-fixes). - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix invalid usage of AST_MAX_HWC_WIDTH in cursor atomic_check (git-fixes). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/compat: Clear bounce structures (git-fixes). - drm/dp_mst: Revise broadcast msg lct & lcr (git-fixes). - drm/dp_mst: Set CLEAR_PAYLOAD_ID_TABLE as broadcast (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915/display: fix compiler warning about array overrun (git-fixes). - drm/i915/gt: Clear CACHE_MODE prior to clearing residuals (git-fixes). - drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 (git-fixes). - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes). - drm/i915/gvt: Set SNOOP for PAT3 on BXT/APL to workaround GPU BB hang (git-fixes). - drm/i915/overlay: Fix active retire callback alignment (git-fixes). - drm/i915/selftests: Fix some error codes (git-fixes). - drm/i915: Avoid div-by-zero on gen2 (git-fixes). - drm/i915: Fix ICL MG PHY vswing handling (git-fixes). - drm/i915: Fix crash in auto_retire (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/i915: Hold onto an explicit ref to i915_vma_work.pinned (git-fixes). - drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (git-fixes). - drm/i915: Wedge the GPU if command parser setup fails (git-fixes). - drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes). - drm/ingenic: Fix non-OSD mode (git-fixes). - drm/ingenic: Register devm action to cleanup encoders (git-fixes). - drm/komeda: Fix bit check to import to value of proper type (git-fixes). - drm/lima: fix reference leak in lima_pm_busy (git-fixes). - drm/mcde/panel: Inverse misunderstood flag (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) Backporting notes: * replaced mtk_ddp_write() with writel() - drm/meson: fix shutdown crash when component not probed (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) Backporting notes: * taken for 9b73bde39cf2 ('drm/msm: Fix use-after-free in msm_gem with carveout') * context changes - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes). - drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes). - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) Backporting notes: * context changes - drm/msm: Fix a5xx/a6xx timestamps (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) Backporting notes: * context changes - drm/msm: Fix suspend/resume on i.MX5 (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) Backporting notes: * context changes - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/nouveau/kms/nv50-: Get rid of bogus nouveau_conn_mode_valid() (git-fixes). - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) - drm/omap: fix misleading indentation in pixinc() (git-fixes). - drm/panfrost: Clear MMU irqs before handling the fault (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) Backporting notes: * context changes - drm/panfrost: Do not try to map pages that are already mapped (git-fixes). - drm/panfrost: Fix job timeout handling (bsc#1152472) Backporting notes: * context changes - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/probe-helper: Check epoch counter in output_poll_execute() (git-fixes). - drm/qxl: do not run release if qxl failed to init (git-fixes). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes). - drm/radeon: Avoid power table parsing memory leaks (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (git-fixes). - drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes). - drm/radeon: fix AGP dependency (git-fixes). - drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes). - drm/shmem-helper: Check for purged buffers in fault handler (git-fixes). - drm/shmem-helper: Do not remove the offset in vm_area_struct pgoff (git-fixes). - drm/shmem-helpers: vunmap: Do not put pages for dma-buf (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) Backporting notes: * context changes - drm/tegra: Fix reference leak when pm_runtime_get_sync() fails (git-fixes). - drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes). - drm/tegra: dc: Restore coupling of display controllers (git-fixes). - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/tilcdc: send vblank event when disabling crtc (git-fixes). - drm/vc4: crtc: Reduce PV fifo threshold on hvs4 (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) Backporting notes: * context changes * change vc4_hdmi to vc4->hdmi * removed references to encoder->hdmi_monitor - drm/vkms: fix misuse of WARN_ON (git-fixes). - drm: Added orientation quirk for OneGX1 Pro (git-fixes). - drm: meson_drv add shutdown function (git-fixes). - drm: rcar-du: Fix PM reference leak in rcar_cmm_enable() (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) Backporting notes: * context changes - drm: rcar-du: Fix leak of CMM platform device reference (git-fixes). - drm: xlnx: zynqmp: fix a memset in zynqmp_dp_train() (git-fixes). - e1000e: Fix duplicate include guard (git-fixes). - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes). - e1000e: add rtnl_lock() to e1000_reset_task (git-fixes). - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes). - enetc: Workaround for MDIO register access issue (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes). - ethtool: fix incorrect datatype in set_eee ops (bsc#1176447). - ethtool: fix missing NLM_F_MULTI flag when dumping (bsc#1176447). - ethtool: pause: make sure we init driver stats (jsc#SLE-15075). - exec: Move would_dump into flush_old_exec (git-fixes). - ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - ext4: fix potential htree index checksum corruption (bsc#1184728). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes). - extcon: arizona: Fix various races on driver unbind (git-fixes). - fbdev: zero-fill colormap in fbcmap.c (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes). - firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes). - firmware: qcom_scm: Fix kernel-doc function names to match (git-fixes). - firmware: qcom_scm: Make __qcom_scm_is_call_available() return bool (git-fixes). - firmware: qcom_scm: Reduce locking section for __get_convention() (git-fixes). - firmware: qcom_scm: Workaround lack of 'is available' call on SC7180 (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851). - fotg210-udc: Complete OUT requests on short packets (git-fixes). - fotg210-udc: Do not DMA more than the buffer can take (git-fixes). - fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes). - fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes). - fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes). - fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes). - fs/epoll: restore waking from ep_done_scan() (bsc#1183868). - fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811). - fsl/fman: tolerate missing MAC address in device tree (bsc#1184811). - fsl/fman: use 32-bit unsigned integer (git-fixes). - ftrace/x86: Tell objtool to ignore nondeterministic ftrace stack layout (bsc#1177028). - ftrace: Fix modify_ftrace_direct (bsc#1177028). - ftrace: Handle commands when closing set_ftrace_filter file (git-fixes). - fuse: fix bad inode (bsc#1184211). - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: fix write deadlock (bsc#1185573). - fuse: verify write return (git-fixes). - futex: Change utime parameter to be 'const ... *' (git-fixes). - futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648). - futex: Get rid of the val2 conditional dance (git-fixes). - futex: Make syscall entry points less convoluted (git-fixes). - gcc-plugins: drop support for GCC &lt;= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - geneve: do not modify the shared tunnel info when PMTU triggers an ICMP reply (bsc#1176447). - geneve: do not modify the shared tunnel info when PMTU triggers an ICMP reply (git-fixes). - genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes) - genirq: Disable interrupts for force threaded handlers (git-fixes) - genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Handle error code at MAC address change (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - gpio: omap: Save and restore sysconfig (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: sysfs: Obey valid_mask (git-fixes). - gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - gpiolib: Do not free if pin ranges are not defined (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes). - gpu/xen: Fix a use after free in xen_drm_drv_init (git-fixes). - hrtimer: Update softirq_expires_next correctly after (git-fixes) - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - hwmon: (occ) Fix poll rate limiting (git-fixes). - i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes). - i2c: bail out early when RDWR parameters are wrong (git-fixes). - i2c: cadence: add IRQ check (git-fixes). - i2c: emev2: add IRQ check (git-fixes). - i2c: i801: Do not generate an interrupt on bus reset (git-fixes). - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: jz4780: add IRQ check (git-fixes). - i2c: mlxbf: add IRQ check (git-fixes). - i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: sh7760: fix IRQ error path (git-fixes). - i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes). - i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: tegra: Add missing pm_runtime_put() (bsc#1184386). - i2c: tegra: Check errors for both positive and negative values (bsc#1184386). - i2c: tegra: Clean up and improve comments (bsc#1184386). - i2c: tegra: Clean up printk messages (bsc#1184386). - i2c: tegra: Clean up probe function (bsc#1184386). - i2c: tegra: Clean up variable names (bsc#1184386). - i2c: tegra: Clean up variable types (bsc#1184386). - i2c: tegra: Clean up whitespaces, newlines and indentation (bsc#1184386). - i2c: tegra: Create i2c_writesl_vi() to use with VI I2C for filling TX FIFO (bsc#1184386). - i2c: tegra: Factor out error recovery from tegra_i2c_xfer_msg() (bsc#1184386). - i2c: tegra: Factor out hardware initialization into separate function (bsc#1184386). - i2c: tegra: Factor out packet header setup from tegra_i2c_xfer_msg() (bsc#1184386). - i2c: tegra: Factor out register polling into separate function (bsc#1184386). - i2c: tegra: Handle potential error of tegra_i2c_flush_fifos() (bsc#1184386). - i2c: tegra: Improve driver module description (bsc#1184386). - i2c: tegra: Improve formatting of variables (bsc#1184386). - i2c: tegra: Initialize div-clk rate unconditionally (bsc#1184386). - i2c: tegra: Make tegra_i2c_flush_fifos() usable in atomic transfer (bsc#1184386). - i2c: tegra: Mask interrupt in tegra_i2c_issue_bus_clear() (bsc#1184386). - i2c: tegra: Move out all device-tree parsing into tegra_i2c_parse_dt() (bsc#1184386). - i2c: tegra: Remove 'dma' variable from tegra_i2c_xfer_msg() (bsc#1184386). - i2c: tegra: Remove error message used for devm_request_irq() failure (bsc#1184386). - i2c: tegra: Remove i2c_dev.clk_divisor_non_hs_mode member (bsc#1184386). - i2c: tegra: Remove likely/unlikely from the code (bsc#1184386). - i2c: tegra: Remove outdated barrier() (bsc#1184386). - i2c: tegra: Remove redundant check in tegra_i2c_issue_bus_clear() (bsc#1184386). - i2c: tegra: Rename wait/poll functions (bsc#1184386). - i2c: tegra: Reorder location of functions in the code (bsc#1184386). - i2c: tegra: Runtime PM always available on Tegra (bsc#1184386). - i2c: tegra: Use clk-bulk helpers (bsc#1184386). - i2c: tegra: Use devm_platform_get_and_ioremap_resource() (bsc#1184386). - i2c: tegra: Use platform_get_irq() (bsc#1184386). - i2c: tegra: Use reset_control_reset() (bsc#1184386). - i2c: tegra: Use threaded interrupt (bsc#1184386). - i2c: tegra: Wait for config load atomically while in ISR (bsc#1184386). - i40e: Add zero-initialization of AQ command structures (git-fixes). - i40e: Added Asym_Pause to supported link modes (git-fixes). - i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes). - i40e: Fix add TC filter for IPv6 (git-fixes). - i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes). - i40e: Fix display statistics for veb_tc (git-fixes). - i40e: Fix endianness conversions (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix kernel oops when i40e driver removes VF's (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - i40e: Fix sparse error: uninitialized symbol 'ring' (jsc#SLE-13701). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse warning: missing error code 'err' (git-fixes). - i40e: Fix use-after-free in i40e_client_subtask() (git-fixes). - i40e: fix broken XDP support (git-fixes). - i40e: fix the panic when running bpf in xdpdrv mode (git-fixes). - i40e: fix the restart auto-negotiation after FEC modified (git-fixes). - i915/perf: Start hrtimer only if sampling the OA buffer (git-fixes). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Cleanup fltr list in case of allocation issues (git-fixes). - ice: Continue probe on link/PHY errors (jsc#SLE-12878). - ice: Fix for dereference of NULL pointer (git-fixes). - ice: Increase control queue timeout (git-fixes). - ice: Use port number instead of PF ID for WoL (jsc#SLE-12878). - ice: fix memory allocation call (jsc#SLE-12878). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: fix memory leak of aRFS after resuming from suspend (jsc#SLE-12878). - ice: prevent ice_open and ice_stop during reset (git-fixes). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - ics932s401: fix broken handling of errors when word reading fails (git-fixes). - igb: Fix duplicate include guard (git-fixes). - igb: XDP extack message on error (jsc#SLE-13536). - igb: XDP xmit back fix error code (jsc#SLE-13536). - igb: avoid premature Rx buffer reuse (jsc#SLE-13536). - igb: avoid transmit queue timeout in xdp path (jsc#SLE-13536). - igb: check timestamp validity (git-fixes). - igb: skb add metasize for xdp (jsc#SLE-13536). - igb: take VLAN double header into account (jsc#SLE-13536). - igb: use xdp_do_flush (jsc#SLE-13536). - igc: Fix Pause Frame Advertising (git-fixes). - igc: Fix Supported Pause Frame Link Setting (git-fixes). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes). - iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes). - iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: fxas21002c: balance runtime power in error path (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: gyro: mpu3050: Fix reported temperature value (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes). - iio: tsl2583: Fix division by a zero lux_val (git-fixes). - iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - intel_th: Consistency and off-by-one fix (git-fixes). - intel_th: pci: Add Alder Lake-M support (git-fixes). - intel_th: pci: Add Rocket Lake CPU support (git-fixes). - interconnect: core: fix error return code of icc_link_destroy() (git-fixes). - iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183310). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183312). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183313). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183315). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183316). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183317). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183318). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183319). - iommu/vt-d: Fix status code for Allocate/Free PASID command (bsc#1183320). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183321). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183322). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - iommu: Check dev->iommu in dev_iommu_priv_get() before dereferencing it (bsc#1183311). - iommu: Switch gather->end to the inclusive end (bsc#1183314). - ionic: linearize tso skb with too many frags (bsc#1167773). - ionic: linearize tso skb with too many frags (bsc#1167773). - iopoll: introduce read_poll_timeout macro (git-fixes). - ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988). - ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855). - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1184264). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1184264). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233). - irqchip: Add support for Layerscape external interrupt lines (bsc#1185233). - isofs: release buffer head before return (bsc#1182613). - iwlwifi: add support for Qu with AX201 device (git-fixes). - iwlwifi: pcie: make cfg vs. trans_cfg more robust (git-fixes). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes). - ixgbe: fix unbalanced device enable/disable in suspend/resume (jsc#SLE-13706). - jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740). - kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426). - kABI: cover up change in struct kvm_arch (bsc#1184969). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kABI: repair after 'nVMX: Properly handle userspace interrupt window request' - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_&lt;basetarget>.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale. - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - kvm: svm: Update svm_xsaves_supported (jsc#SLE-13573). - kvm: x86: Enumerate support for CLZERO instruction (jsc#SLE-13573). - leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - libbpf: Add explicit padding to bpf_xdp_set_link_opts (bsc#1177028). - libbpf: Add explicit padding to btf_dump_emit_type_decl_opts (bsc#1177028). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Fix bail out from 'ringbuf_process_ring()' on error (bsc#1177028). - libbpf: Fix error path in bpf_object__elf_init() (bsc#1177028). - libbpf: Fix signed overflow in ringbuf_process_ring (bsc#1177028). - libbpf: Initialize the bpf_seq_printf parameters array field by field (bsc#1177028). - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - lpfc: Decouple port_template and vport_template (bsc#185032). - mISDN: fix crash in fritzpci (git-fixes). - mac80211: Allow HE operation to be longer than expected (git-fixes). - mac80211: bail out if cipher schemes are invalid (git-fixes). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes). - mac80211: clear the beacon's CRC after channel switch (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes). - md-cluster: fix use-after-free issue when removing rdev (bsc#1184082). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - md: do not flush workqueue unconditionally in md_open (bsc#1184081). - md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081). - md: md_open returns -EBUSY when entering racing area (bsc#1184081). - md: split mddev_find (bsc#1184081). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes). - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes). - media: em28xx: fix memory leak (git-fixes). - media: gspca/sq905.c: fix uninitialized variable (git-fixes). - media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes). - media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes). - media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes). - media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes). - media: ite-cir: check for receive overflow (git-fixes). - media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes). - media: mantis: remove orphan mantis_core.c (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes). - media: omap4iss: return error code when omap4iss_get() failed (git-fixes). - media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes). - media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: saa7134: use sg_dma_len when building pgtable (git-fixes). - media: saa7146: use sg_dma_len when building pgtable (git-fixes). - media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes). - media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes). - media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes). - media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - memory: mtk-smi: Fix PM usage counter unbalance in mtk_smi ops (bsc#1183325). - memory: pl353: fix mask of ECC page_size config register (git-fixes). - mfd: arizona: Fix rumtime PM imbalance on error (git-fixes). - mfd: intel_pmt: Fix nuisance messages and handling of disabled capabilities (git-fixes). - mfd: lpc_sch: Partially revert 'Add support for Intel Quark X1000' (git-fixes). - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc/uss720: fix memory leak in uss720_probe (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes). - mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606). - mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes). - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes). - mmc: core: Do a power cycle when the CMD11 fails (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (bsc#1186009) - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (bsc#1186009) - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes). - mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes). - mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes). - mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes). - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes). - mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes). - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mt7601u: fix always true expression (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - mt76: mt7615: fix entering driver-own state on mt7663 (git-fixes). - mt76: mt7615: support loading EEPROM for MT7613BE (git-fixes). - mt76: mt76x0: disable GTK offloading (git-fixes). - mt76: mt7915: fix aggr len debugfs node (git-fixes). - mt76: mt7915: fix txpower init for TSSI off chips (git-fixes). - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes). - mtd: rawnand: atmel: Update ecc_stats.corrected counter (git-fixes). - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes). - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes). - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes). - mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes). - mtd: require write permissions for locking and badblock ioctls (git-fixes). - mtd: spi-nor: Rename 'n25q512a' to 'mt25qu512a (n25q512a)' (bsc#1167260). - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260). - mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - nbd: fix a block_device refcount leak in nbd_release (git-fixes). - net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx4_en: update moderation when config reset (git-fixes). - net/mlx5: Add back multicast stats for uplink representor (jsc#SLE-15172). - net/mlx5: Delete extra dump stack that gives nothing (git-fixes). - net/mlx5: Do not request more than supported EQs (git-fixes). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net/mlx5: Fix bit-wise and with zero (jsc#SLE-15172). - net/mlx5: Fix health error state handling (bsc#1186467). - net/mlx5e: Allow to match on MPLS parameters only for MPLS over UDP (jsc#SLE-15172). - net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes). - net/mlx5e: Fix ethtool indication of connector type (git-fixes). - net/mlx5e: Fix setting of RS FEC mode (jsc#SLE-15172). - net/mlx5e: Offload tuple rewrite for non-CT flows (jsc#SLE-15172). - net/mlx5e: RX, Mind the MPWQE gaps when calculating offsets (jsc#SLE-15172). - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464). - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes). - net/sched: act_ct: fix wild memory access when clearing fragments (bsc#1176447). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: atlantic: fix out of range usage of active_vlans array (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: cls_api: Fix uninitialised struct field bo->unlocked_driver_cb (bsc#1176447). - net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enetc: allow hardware timestamping on TX queues with tc-etf enabled (git-fixes). - net: enetc: do not disable VLAN filtering in IFF_PROMISC mode (git-fixes). - net: enetc: fix link error again (git-fixes). - net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes). - net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes). - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hns3: Fix for geneve tx checksum bug (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes). - net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes). - net: hns3: clear VF down state bit before request link status (git-fixes). - net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes). - net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes). - net: hns3: fix bug when calculating the TCAM table info (git-fixes). - net: hns3: fix for vxlan gpe tx checksum bug (git-fixes). - net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes). - net: hns3: fix query vlan mask value error for flow director (git-fixes). - net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes). - net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes). - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes). - net: ll_temac: Fix race condition causing TX hang (git-fixes). - net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - net: phy: marvell: fix m88e1011_set_downshift (git-fixes). - net: phy: marvell: fix m88e1111_set_downshift (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes). - net: thunderx: Fix unintentional sign extension issue (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: fix memory leak in smsc75xx_bind (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - net: wan/lmc: unregister device when no matching device is found (git-fixes). - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes). - netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - netfilter: conntrack: Make global sysctls readonly in non-init netns (bsc#1176447). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - netfilter: flowtable: Make sure GC works periodically in idle system (bsc#1176447). - netfilter: flowtable: fix NAT IPv6 offload mangling (bsc#1176447). - netfilter: nftables: allow to update flowtable flags (bsc#1176447). - netfilter: nftables: report EOPNOTSUPP on unsupported flowtable flags (bsc#1176447). - netsec: restore phy power state after controller reset (bsc#1183757). - nfc: pn533: prevent potential memory corruption (git-fixes). - nfp: devlink: initialize the devlink port attribute 'lanes' (bsc#1176447). - nfp: flower: add ipv6 bit to pre_tunnel control message (bsc#1176447). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nfp: flower: ignore duplicate merge hints from FW (git-fixes). - node: fix device cleanups in error handling code (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - nvme-core: add cancel tagset helpers (bsc#1183976). - nvme-fabrics: decode host pathing error for connect (bsc#1179827). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme-fc: check sgl supported by target (bsc#1179827). - nvme-fc: clear q_live at beginning of association teardown (bsc#1186479). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1180197). - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259). - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1180197). - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259). - nvme-fc: short-circuit reconnect retries (bsc#1179827). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259). - nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#1182999). - nvme-pci: Remove tag from process cq (git-fixes). - nvme-pci: Remove two-pass completions (git-fixes). - nvme-pci: Simplify nvme_poll_irqdisable (git-fixes). - nvme-pci: align io queue count with allocted nvme_queue in (git-fixes). - nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes). - nvme-pci: dma read memory barrier for completions (git-fixes). - nvme-pci: fix 'slimmer CQ head update' (git-fixes). - nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes). - nvme-pci: remove last_sq_tail (git-fixes). - nvme-pci: remove volatile cqes (git-fixes). - nvme-pci: slimmer CQ head update (git-fixes). - nvme-pci: use simple suspend when a HMB is enabled (git-fixes). - nvme-tcp: Fix possible race of io_work and direct send (git-fixes). - nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes). - nvme-tcp: add clean action for failed reconnection (bsc#1183976). - nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes). - nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes). - nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - nvme-tcp: use cancel tagset helper for tear down (bsc#1183976). - nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378). - nvme: add 'kato' sysfs attribute (bsc#1179825). - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1180197). - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme: call nvme_identify_ns as the first thing in nvme_alloc_ns_block (bsc#1180197). - nvme: clean up the check for too large logic block sizes (bsc#1180197). - nvme: define constants for identification values (git-fixes). - nvme: do not intialize hwmon for discovery controllers (bsc#1184259). - nvme: do not intialize hwmon for discovery controllers (git-fixes). - nvme: document nvme controller states (git-fixes). - nvme: explicitly update mpath disk capacity on revalidation (git-fixes). - nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378). - nvme: factor out a nvme_configure_metadata helper (bsc#1180197). - nvme: fix controller instance leak (git-fixes). - nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes). - nvme: fix initialization of the zone bitmaps (bsc#1180197). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme: freeze the queue over ->lba_shift updates (bsc#1180197). - nvme: lift the check for an unallocated namespace into nvme_identify_ns (bsc#1180197). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: move nvme_validate_ns (bsc#1180197). - nvme: opencode revalidate_disk in nvme_validate_ns (bsc#1180197). - nvme: query namespace identifiers before adding the namespace (bsc#1180197). - nvme: refactor nvme_validate_ns (bsc#1180197). - nvme: remove nvme_identify_ns_list (bsc#1180197). - nvme: remove nvme_update_formats (bsc#1180197). - nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378). - nvme: remove the 0 lba_shift check in nvme_update_ns_info (bsc#1180197). - nvme: remove the disk argument to nvme_update_zone_info (bsc#1180197). - nvme: rename __nvme_revalidate_disk (bsc#1180197). - nvme: rename _nvme_revalidate_disk (bsc#1180197). - nvme: rename nvme_validate_ns to nvme_validate_or_alloc_ns (bsc#1180197). - nvme: retrigger ANA log update if group descriptor isn't found (git-fixes) - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvme: revalidate zone bitmaps in nvme_update_ns_info (bsc#1180197). - nvme: sanitize KATO setting (bsc#1179825). - nvme: set the queue limits in nvme_update_ns_info (bsc#1180197). - nvme: simplify error logic in nvme_validate_ns() (bsc#1180197). - nvme: simplify error logic in nvme_validate_ns() (bsc#1184259). - nvme: update the known admin effects (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - nvmet: fix a memory leak (git-fixes). - nvmet: seset ns->file when open fails (bsc#1183873). - nvmet: use new ana_log_size instead the old one (bsc#1184259). - nxp-i2c: restore includes for kABI (bsc#1185589). - nxp-nci: add NXP1002 id (bsc#1185589). - ocfs2: fix a use after free on error (bsc#1184738). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - partitions/ibm: fix non-DASD devices (bsc#1185857 LTC#192526). - pata_arasan_cf: fix IRQ check (git-fixes). - pata_ipx4xx_cf: fix IRQ check (git-fixes). - perf/amd/uncore: Fix sysfs type mismatch (bsc#1178134). - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes). - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes). - pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes). - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes). - pinctrl: ingenic: Improve unreachable code generation (git-fixes). - pinctrl: lewisburg: Update number of pins in community (git-fixes). - pinctrl: qcom: spmi-gpio: fix warning about irq chip reusage (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_pmc_core: Do not use global pmcdev in quirks (git-fixes). - platform/x86: intel_pmt_crashlog: Fix incorrect macros (git-fixes). - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes). - posix-timers: Preserve return value in clock_adjtime32() (git-fixes) - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - power: supply: Use IRQF_ONESHOT (git-fixes). - power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes). - power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s/exception: Clean up a missed SRR specifier (jsc#SLE-9246 git-fixes). - powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes). - powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/kexec_file: Use current CPU info while setting up FDT (bsc#1184615 ltc#189835). - powerpc/kuap: Restore AMR after replaying soft interrupts (bsc#1156395). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969). - powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/perf: Fix sampled instruction type for larx/stcx (jsc#SLE-13513). - powerpc/perf: Fix the threshold event selection for memory events in power10 (jsc#SLE-13513). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - powerpc/pseries: Do not trace hcall tracing wrapper (bsc#1185110 ltc#192091). - powerpc/pseries: Fix hcall tracing recursion in pv queued spinlocks (bsc#1185110 ltc#192091). - powerpc/pseries: use notrace hcall variant for H_CEDE idle (bsc#1185110 ltc#192091). - powerpc/pseries: warn if recursing into the hcall tracing code (bsc#1185110 ltc#192091). - powerpc/smp: Reintroduce cpu_core_mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - powerpc/time: Enable sched clock for irqtime (bsc#1156395). - powerpc/uaccess: Avoid might_fault() when user access is enabled (bsc#1156395). - powerpc/uaccess: Perform barrier_nospec() in KUAP allowance helpers (bsc#1156395). - powerpc/uaccess: Simplify unsafe_put_user() implementation (bsc#1156395). - powerpc/xive: Drop check on irq_data in xive_core_debug_show() (bsc#1177437 ltc#188522 jsc#SLE-13294 git-fixes). - powerpc/xmon: Fix build failure for 8xx (jsc#SLE-12936 git-fixes). - powerpc: Fix inverted SET_FULL_REGS bitop (jsc#SLE-9246 git-fixes). - powerpc: Fix missing declaration ofable_kernel_vsx() (git-fixes). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - r8169: do not advertise pause in jumbo mode (git-fixes). - r8169: fix DMA being used after buffer free if WoL is enabled (git-fixes). - r8169: tweak max read request size for newer chips also in jumbo mtu mode (git-fixes). - regmap: set debugfs_name to NULL after it is freed (git-fixes). - regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes). - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - reintroduce cqhci_suspend for kABI (git-fixes). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsi: Use resume_noirq for SDIO (git-fixes). - rsxx: remove extraneous 'const' qualifier (git-fixes). - rtc: ds1307: Fix wday settings for rx8130 (git-fixes). - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454). - rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454). - rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454). - rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454). - rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454). - rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454). - rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454). - rtc: pcf2127: add alarm support (bsc#1185233). - rtc: pcf2127: add pca2129 device id (bsc#1185233). - rtc: pcf2127: add tamper detection support (bsc#1185233). - rtc: pcf2127: add watchdog feature support (bsc#1185233). - rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233). - rtc: pcf2127: cleanup register and bit defines (bsc#1185233). - rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233). - rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233). - rtc: pcf2127: fix alarm handling (bsc#1185233). - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233). - rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233). - rtc: pcf2127: handle timestamp interrupts (bsc#1185495). - rtc: pcf2127: let the core handle rtc range (bsc#1185233). - rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233). - rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233). - rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233). - rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233). - rtc: pcf2127: set regmap max_register (bsc#1185233). - rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233). - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes). - rtw88: Fix an error code in rtw_debugfs_set_rsvd_page() (git-fixes). - rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes). - rtw88: coex: 8821c: correct antenna switch function (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/entry: save the caller of psw_idle (bsc#1185677). - s390/ipl: support NVMe IPL kernel parameters (bsc#1185980 LTC#192679). - s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375). - s390/pci: fix leak of PCI device structure (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - s390/zcrypt: return EIO when msg retry limit reached (git-fixes). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - sata_mv: add IRQ checks (git-fixes). - sched/eas: Do not update misfit status if the task is pinned (git-fixes) - sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes) - sched/fair: Fix shift-out-of-bounds in load_balance() (git fixes (sched)). - sched/fair: Fix unfairness caused by missing load decay (git-fixes) - scripts/git_sort/git_sort.py: add bpf git repo - scsi: aacraid: Improve compat_ioctl handlers (bsc#1186352). - scsi: block: Fix a race in the runtime power management code (git-fixes). - scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851). - scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416). - scsi: core: add scsi_host_busy_iter() (bsc#1179851). - scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851). - scsi: fnic: Remove bogus ratelimit messages (bsc#1183249). - scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573). - scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451). - scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix 'Unexpected timeout' error in direct attach topology (bsc#1186451). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES (bsc#1185954). - scsi: pm80xx: Do not sleep in atomic context (bsc#1186353). - scsi: pm80xx: Fix chip initialization failure (bsc#1186354). - scsi: pm80xx: Fix potential infinite loop (bsc#1186354). - scsi: pm80xx: Increase timeout for pm80xx mpi_uninit_check() (bsc#1186355). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - scsi: target: tcmu: Fix use-after-free of se_cmd->priv (bsc#1186356). - scsi: target: tcmu: Fix warning: 'page' may be used uninitialized (bsc#1186357). - sctp: delay auto_asconf init until binding the first addr (&lt;cover.1620748346.git.mkubecek@suse.cz>). - security: keys: trusted: fix TPM2 authorizations (git-fixes). - selftests/bpf: Fix BPF_CORE_READ_BITFIELD() macro (bsc#1177028). - selftests/bpf: Fix the ASSERT_ERR_PTR macro (bsc#1177028). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Re-generate vmlinux.h and BPF skeletons if bpftool changed (bsc#1177028). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460). - selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460). - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460). - selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460). - selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460). - selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460). - selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460). - selftests: mlxsw: Remove a redundant if statement in tc_flower_scale test (bsc#1176774). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - serial: core: fix suspicious security_locked_down() call (git-fixes). - serial: core: return early on unsupported ioctls (git-fixes). - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes). - serial: stm32: fix incorrect characters on console (git-fixes). - serial: stm32: fix tx_empty condition (git-fixes). - serial: tegra: Fix a mask operation that is always true (git-fixes). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smc: disallow TCP_ULP in smc_setsockopt() (git-fixes). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - soc: aspeed: fix a ternary sign expansion bug (git-fixes). - soc: fsl: qe: replace qe_io{read,write}* wrappers by generic io{read,write}* (git-fixes). - soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes). - soc: qcom: mdt_loader: Validate that p_filesz &lt; p_memsz (git-fixes). - software node: Fix node registration (git-fixes). - soundwire: bus: Fix device found flag correctly (git-fixes). - soundwire: stream: fix memory leak in stream config error path (git-fixes). - spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260). - spi: ath79: always call chipselect function (git-fixes). - spi: ath79: remove spi-master setup and cleanup assignment (git-fixes). - spi: cadence: set cqspi to the driver_data field of struct device (git-fixes). - spi: dln2: Fix reference leak to master (git-fixes). - spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260). - spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260). - spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes). - spi: omap-100k: Fix reference leak to master (git-fixes). - spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes). - spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260). - spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260). - spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260). - spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260). - spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260). - spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260). - spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260). - spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260). - spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes). - spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Fix code alignment (bsc#1167260). - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260). - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260). - spi: spi-fsl-dspi: Fix typos (bsc#1167260). - spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260). - spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260). - spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260). - spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260). - spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260). - spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260). - spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260). - spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260). - spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260). - spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260). - spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260). - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260). - spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260). - spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260). - spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260). - spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260). - spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260). - spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260). - spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260). - spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260). - spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260). - spi: spi-fsl-dspi: fix native data copy (bsc#1167260). - spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260 - spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260). - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260). - spi: spi-ti-qspi: Free DMA resources (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - staging: bcm2835-audio: Replace unsafe strcpy() with strscpy() (git-fixes). - staging: comedi: addi_apci_1032: Fix endian problem for COS sample (git-fixes). - staging: comedi: addi_apci_1500: Fix endian problem for command sample (git-fixes). - staging: comedi: adv_pci1710: Fix endian problem for AI command data (git-fixes). - staging: comedi: cb_pcidas64: fix request_irq() warn (git-fixes). - staging: comedi: cb_pcidas: fix request_irq() warn (git-fixes). - staging: comedi: das6402: Fix endian problem for AI command data (git-fixes). - staging: comedi: das800: Fix endian problem for AI command data (git-fixes). - staging: comedi: dmm32at: Fix endian problem for AI command data (git-fixes). - staging: comedi: me4000: Fix endian problem for AI command data (git-fixes). - staging: comedi: pcl711: Fix endian problem for AI command data (git-fixes). - staging: comedi: pcl818: Fix endian problem for AI command data (git-fixes). - staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes). - staging: fwserial: Fix error handling in fwserial_create (git-fixes). - staging: fwserial: fix TIOCGSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes). - staging: fwserial: fix TIOCSSERIAL permission check (git-fixes). - staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes). - staging: ks7010: prevent buffer overflow in ks_wlan_set_scan() (git-fixes). - staging: most: sound: add sanity check for function argument (git-fixes). - staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data() (git-fixes). - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() (git-fixes). - staging: rtl8192e: Change state information from u16 to u8 (git-fixes). - staging: rtl8192e: Fix incorrect source in memcpy() (git-fixes). - staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan (git-fixes). - staging: rtl8192u: Fix potential infinite loop (git-fixes). - staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan() (git-fixes). - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd (git-fixes). - staging: rtl8712: unterminated string leads to read overflow (git-fixes). - stop_machine: mark helpers __always_inline (git-fixes). - supported.conf: - supported.conf: add bsc1185010 dependency - supported.conf: mark usb_otg_fsm as supported (bsc#1185010) - tcp: fix to update snd_wl1 in bulk receiver fast path (&lt;cover.1620748346.git.mkubecek@suse.cz>). - tee: optee: remove need_resched() before cond_resched() (git-fixes). - tee: optee: replace might_sleep with cond_resched (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - thermal/drivers/cpufreq_cooling: Update cpufreq_state only if state has changed (git-fixes). - thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes). - thermal: thermal_of: Fix error return code of thermal_of_populate_bind_params() (git-fixes). - thunderbolt: Fix a leak in tb_retimer_add() (git-fixes). - thunderbolt: Fix a leak in tb_retimer_add() (git-fixes). - thunderbolt: Fix off by one in tb_port_find_retimer() (git-fixes). - thunderbolt: Fix off by one in tb_port_find_retimer() (git-fixes). - thunderbolt: Initialize HopID IDAs in tb_switch_alloc() (git-fixes). - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes). - tools/resolve_btfids: Fix build error with older host toolchains (bsc#1177028). - tpm: acpi: Check eventlog signature before using it (git-fixes). - tracing: Map all PIDs to command lines (git-fixes). - tty: amiserial: fix TIOCSSERIAL permission check (git-fixes). - tty: fix memory leak in vc_deallocate (git-fixes). - tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes). - tty: moxa: fix TIOCSSERIAL permission check (git-fixes). - tty: serial: lpuart: fix lpuart32_write usage (git-fixes). - tty: serial: ucc_uart: replace qe_io{read,write}* wrappers by generic io{read,write}* (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes). - uio_hv_generic: Fix a memory leak in error handling paths (git-fixes). - uio_hv_generic: Fix another memory leak in error handling paths (git-fixes). - uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes). - usb-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - usb: Remove dev_err() usage after platform_get_irq() (git-fixes). - usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes). - usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes). - usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - usb: dwc2: Fix gadget DMA unmap direction (git-fixes). - usb: dwc2: Fix hibernation between host and device modes (git-fixes). - usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes). - usb: dwc2: Fix session request interrupt handler (git-fixes). - usb: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - usb: dwc3: Switch to use device_property_count_u32() (git-fixes). - usb: dwc3: Update soft-reset wait polling rate (git-fixes). - usb: dwc3: gadget: Enable suspend events (git-fixes). - usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes). - usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes). - usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: omap: improve extcon initialization (git-fixes). - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes). - usb: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - usb: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - usb: fotg210-hcd: Fix an error message (git-fixes). - usb: gadget/function/f_fs string table fix for multiple languages (git-fixes). - usb: gadget: Fix double free of device descriptor pointers (git-fixes). - usb: gadget: aspeed: fix dma map failure (git-fixes). - usb: gadget: configfs: Fix KASAN use-after-free (git-fixes). - usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes). - usb: gadget: f_uac1: stop playback on function disable (git-fixes). - usb: gadget: f_uac1: validate input parameters (git-fixes). - usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - usb: gadget: f_uac2: validate input parameters (git-fixes). - usb: gadget: pch_udc: Check for DMA mapping error (git-fixes). - usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes). - usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes). - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes). - usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes). - usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes). - usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes). - usb: gadget: uvc: add bInterval checking for HS mode (git-fixes). - usb: musb: Fix suspend with devices connected for a64 (git-fixes). - usb: musb: fix PM reference leak in musb_irq_work() (git-fixes). - usb: pci-quirks: disable D3cold on xhci suspend for s2idle on AMD Renoire (bsc#1185840). - usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). - usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). - usb: sl811-hcd: improve misleading indentation (git-fixes). - usb: typec: Remove vdo[3] part of tps6598x_rx_identity_reg struct (git-fixes). - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes). - usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes). - usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes). - usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes). - usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes). - usb: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - usb: xhci-mtk: improve bandwidth scheduling with TT (git-fixes). - usb: xhci-mtk: remove or operator for setting schedule parameters (git-fixes). - usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - usb: xhci: Fix port minor revision (git-fixes). - usb: xhci: Increase timeout for HC halt (git-fixes). - usb: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - usbip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - usbip: fix stub_dev to check for stream socket (git-fixes). - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - usbip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - usbip: fix vhci_hcd to check for stream socket (git-fixes). - usbip: fix vudc to check for stream socket (git-fixes). - usbip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - usbip: tools: fix build error for multiple definition (git-fixes). - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - veth: Store queue_mapping independently of XDP prog presence (git-fixes). - vfio-pci/zdev: fix possible segmentation fault issue (git-fixes). - vfio/iommu_type1: Populate full dirty when detach non-pinned group (bsc#1183326). - vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer (git-fixes). - vfio/mdev: Make to_mdev_device() into a static inline (git-fixes). - vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes). - vfio/pci: Move VGA and VF initialization to functions (git-fixes). - vfio/pci: Re-order vfio_pci_probe() (git-fixes). - vgacon: Record video mode changes with VT_RESIZEX (git-fixes). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Add ratelimit on error message (bsc#1185725). - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - virt_wifi: Return micros for BSS TSF values (git-fixes). - virtiofs: fix memory leak in virtio_fs_probe() (bsc#1185558). - vrf: fix a comment about loopback device (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - vxlan: do not modify the shared tunnel info when PMTU triggers an ICMP reply (bsc#1176447). - vxlan: move debug check after netdev unregister (git-fixes). - watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982). - watchdog/softlockup: report the overall time of softlockups (bsc#1185982). - watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982). - watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982). - whitespace cleanup - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911). - workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893). - workqueue: more destroy_workqueue() fixes (bsc#1185911). - x86,swiotlb: Adjust SWIOTLB bounce buffer size for SEV guests (bsc#1186219). - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489). - x86/platform/uv: Set section block size for hubless architectures (bsc#1152489). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489). - x86/sev-es: Invalidate the GHCB after completing VMGEXIT (bsc#1178134). - x86/sev-es: Move sev_es_put_ghcb() in prep for follow on patch (bsc#1178134). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). - xfrm: Provide private skb extensions for segmented and hw offloaded ESP packets (bsc#1176447). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). - xhci: check control context is valid before dereferencing it (git-fixes). - xhci: fix potential array out of bounds with several interrupters (git-fixes). - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). Important SUSE bug 1043990 SUSE bug 1047233 SUSE bug 1055117 SUSE bug 1065729 SUSE bug 1087082 SUSE bug 1113295 SUSE bug 1133021 SUSE bug 1152457 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1156256 SUSE bug 1156395 SUSE bug 1159280 SUSE bug 1160634 SUSE bug 1164648 SUSE bug 1167260 SUSE bug 1167574 SUSE bug 1167773 SUSE bug 1168777 SUSE bug 1168838 SUSE bug 1169709 SUSE bug 1171295 SUSE bug 1173485 SUSE bug 1174416 SUSE bug 1174426 SUSE bug 1175995 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1177028 SUSE bug 1177326 SUSE bug 1177411 SUSE bug 1177437 SUSE bug 1177666 SUSE bug 1178089 SUSE bug 1178134 SUSE bug 1178163 SUSE bug 1178181 SUSE bug 1178330 SUSE bug 1178378 SUSE bug 1178418 SUSE bug 1178612 SUSE bug 1179243 SUSE bug 1179454 SUSE bug 1179458 SUSE bug 1179519 SUSE bug 1179825 SUSE bug 1179827 SUSE bug 1179851 SUSE bug 1180100 SUSE bug 1180197 SUSE bug 1180814 SUSE bug 1180846 SUSE bug 1180980 SUSE bug 1181104 SUSE bug 1181161 SUSE bug 1181383 SUSE bug 1181507 SUSE bug 1181674 SUSE bug 1181862 SUSE bug 1182077 SUSE bug 1182257 SUSE bug 1182377 SUSE bug 1182378 SUSE bug 1182552 SUSE bug 1182574 SUSE bug 1182591 SUSE bug 1182613 SUSE bug 1182712 SUSE bug 1182713 SUSE bug 1182715 SUSE bug 1182716 SUSE bug 1182717 SUSE bug 1182999 SUSE bug 1183022 SUSE bug 1183048 SUSE bug 1183069 SUSE bug 1183077 SUSE bug 1183095 SUSE bug 1183120 SUSE bug 1183203 SUSE bug 1183249 SUSE bug 1183252 SUSE bug 1183277 SUSE bug 1183278 SUSE bug 1183279 SUSE bug 1183280 SUSE bug 1183281 SUSE bug 1183282 SUSE bug 1183283 SUSE bug 1183284 SUSE bug 1183285 SUSE bug 1183286 SUSE bug 1183287 SUSE bug 1183288 SUSE bug 1183289 SUSE bug 1183310 SUSE bug 1183311 SUSE bug 1183312 SUSE bug 1183313 SUSE bug 1183314 SUSE bug 1183315 SUSE bug 1183316 SUSE bug 1183317 SUSE bug 1183318 SUSE bug 1183319 SUSE bug 1183320 SUSE bug 1183321 SUSE bug 1183322 SUSE bug 1183323 SUSE bug 1183324 SUSE bug 1183325 SUSE bug 1183326 SUSE bug 1183346 SUSE bug 1183366 SUSE bug 1183369 SUSE bug 1183386 SUSE bug 1183405 SUSE bug 1183412 SUSE bug 1183427 SUSE bug 1183428 SUSE bug 1183445 SUSE bug 1183447 SUSE bug 1183491 SUSE bug 1183501 SUSE bug 1183509 SUSE bug 1183530 SUSE bug 1183534 SUSE bug 1183540 SUSE bug 1183593 SUSE bug 1183596 SUSE bug 1183598 SUSE bug 1183637 SUSE bug 1183646 SUSE bug 1183658 SUSE bug 1183662 SUSE bug 1183686 SUSE bug 1183692 SUSE bug 1183696 SUSE bug 1183750 SUSE bug 1183757 SUSE bug 1183775 SUSE bug 1183815 SUSE bug 1183843 SUSE bug 1183859 SUSE bug 1183868 SUSE bug 1183871 SUSE bug 1183873 SUSE bug 1183932 SUSE bug 1183947 SUSE bug 1183976 SUSE bug 1184074 SUSE bug 1184081 SUSE bug 1184082 SUSE bug 1184120 SUSE bug 1184167 SUSE bug 1184168 SUSE bug 1184170 SUSE bug 1184171 SUSE bug 1184176 SUSE bug 1184192 SUSE bug 1184193 SUSE bug 1184194 SUSE bug 1184196 SUSE bug 1184197 SUSE bug 1184198 SUSE bug 1184199 SUSE bug 1184208 SUSE bug 1184209 SUSE bug 1184211 SUSE bug 1184217 SUSE bug 1184218 SUSE bug 1184219 SUSE bug 1184220 SUSE bug 1184224 SUSE bug 1184259 SUSE bug 1184264 SUSE bug 1184386 SUSE bug 1184388 SUSE bug 1184391 SUSE bug 1184393 SUSE bug 1184436 SUSE bug 1184485 SUSE bug 1184509 SUSE bug 1184511 SUSE bug 1184512 SUSE bug 1184514 SUSE bug 1184583 SUSE bug 1184585 SUSE bug 1184611 SUSE bug 1184615 SUSE bug 1184650 SUSE bug 1184710 SUSE bug 1184724 SUSE bug 1184728 SUSE bug 1184730 SUSE bug 1184731 SUSE bug 1184736 SUSE bug 1184737 SUSE bug 1184738 SUSE bug 1184740 SUSE bug 1184741 SUSE bug 1184742 SUSE bug 1184760 SUSE bug 1184769 SUSE bug 1184811 SUSE bug 1184855 SUSE bug 1184893 SUSE bug 1184934 SUSE bug 1184942 SUSE bug 1184943 SUSE bug 1184952 SUSE bug 1184953 SUSE bug 1184955 SUSE bug 1184957 SUSE bug 1184969 SUSE bug 1184984 SUSE bug 1185010 SUSE bug 1185041 SUSE bug 1185110 SUSE bug 1185113 SUSE bug 1185233 SUSE bug 1185269 SUSE bug 1185365 SUSE bug 1185428 SUSE bug 1185454 SUSE bug 1185472 SUSE bug 1185491 SUSE bug 1185495 SUSE bug 1185497 SUSE bug 1185549 SUSE bug 1185550 SUSE bug 1185558 SUSE bug 1185573 SUSE bug 1185581 SUSE bug 1185586 SUSE bug 1185587 SUSE bug 1185589 SUSE bug 1185606 SUSE bug 1185640 SUSE bug 1185641 SUSE bug 1185642 SUSE bug 1185645 SUSE bug 1185670 SUSE bug 1185677 SUSE bug 1185680 SUSE bug 1185703 SUSE bug 1185725 SUSE bug 1185736 SUSE bug 1185758 SUSE bug 1185796 SUSE bug 1185840 SUSE bug 1185857 SUSE bug 1185859 SUSE bug 1185860 SUSE bug 1185861 SUSE bug 1185862 SUSE bug 1185863 SUSE bug 1185898 SUSE bug 1185899 SUSE bug 1185911 SUSE bug 1185938 SUSE bug 1185950 SUSE bug 1185954 SUSE bug 1185980 SUSE bug 1185982 SUSE bug 1185987 SUSE bug 1185988 SUSE bug 1186009 SUSE bug 1186060 SUSE bug 1186061 SUSE bug 1186062 SUSE bug 1186111 SUSE bug 1186118 SUSE bug 1186219 SUSE bug 1186285 SUSE bug 1186320 SUSE bug 1186349 SUSE bug 1186352 SUSE bug 1186353 SUSE bug 1186354 SUSE bug 1186355 SUSE bug 1186356 SUSE bug 1186357 SUSE bug 1186390 SUSE bug 1186401 SUSE bug 1186408 SUSE bug 1186416 SUSE bug 1186439 SUSE bug 1186441 SUSE bug 1186451 SUSE bug 1186460 SUSE bug 1186467 SUSE bug 1186479 SUSE bug 1186484 SUSE bug 1186498 SUSE bug 1186501 SUSE bug 1186512 SUSE bug 1186573 SUSE bug 1186681 CVE-2019-18814 CVE-2019-19769 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20268 CVE-2021-23134 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28952 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 CVE-2021-3489 CVE-2021-3490 CVE-2021-3491 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861) - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) - CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). - CVE-2021-28952: Fixed a buffer overflow in the soundwire device driver, triggered when an unexpected port ID number is encountered. (bnc#1184197). - CVE-2021-20268: Fixed an out-of-bounds access flaw in the implementation of the eBPF code verifier. This flaw allowed a local user to crash the system or possibly escalate their privileges. (bnc#1183077) - CVE-2020-27673: Fixed a vulnerability with xen, where guest OS users could cause a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2021-3489: Fixed an issue where the eBPF RINGBUF bpf_ringbuf_reserve did not check that the allocated size was smaller than the ringbuf size (bnc#1185640). - CVE-2021-3490: Fixed an issue where the eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) did not update the 32-bit bounds (bnc#1185641 bnc#1185796 ). - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). The following non-security bugs were fixed: - ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes). - ACPI / idle: override c-state latency when not in conformance with s0ix (bsc#1185840). - ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes). - ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes). - ACPI: PM: Add ACPI ID of Alder Lake Fan (git-fixes). - ACPI: PM: s2idle: Add AMD support to handle _DSM (bsc#1185840). - ACPI: PM: s2idle: Add missing LPS0 functions for AMD (bsc#1185840). - ACPI: PM: s2idle: Drop unused local variables and related code (bsc#1185840). - ACPI: PM: s2idle: Move x86-specific code to the x86 directory (bsc#1185840). - ACPI: custom_method: fix a possible memory leak (git-fixes). - ACPI: custom_method: fix potential use-after-free issue (git-fixes). - ACPI: processor: Fix CPU0 wakeup in acpi_idle_play_dead() (git-fixes). - ACPI: processor: Fix build when CONFIG_ACPI_PROCESSOR=m (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ALSA: Convert strlcpy to strscpy when return value is unused (git-fixes). - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes). - ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes). - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes). - ALSA: dice: fix null pointer dereference when node is disconnected (git-fixes). - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes). - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: firewire-lib: fix amdtp_packet tracepoints event for packet_index field (git-fixes). - ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes). - ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes). - ALSA: hda/ca0132: Add Sound BlasterX AE-5 Plus support (git-fixes). - ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes). - ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes). - ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes). - ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes). - ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes). - ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes). - ALSA: hda/conexant: Add quirk for mute LED control on HP ZBook G5 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ZBook G5 model (git-fixes). - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (bsc#1182377). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/hdmi: fix race in handling acomp ELD notification at resume (git-fixes). - ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes). - ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes). - ALSA: hda/realtek: Add fixup for HP OMEN laptop (git-fixes). - ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Ideapad S740 (git-fixes). - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: Chain in pop reduction fixup for ThinkStation P340 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845 G8 (git-fixes). - ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA (git-fixes). - ALSA: hda/realtek: Fix speaker amp on HP Envy AiO 32 (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes). - ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes). - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes). - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 15 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 17 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 640 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 840 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 850 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 855 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G7 (git-fixes). - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes). - ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes). - ALSA: hda/realtek: the bass speaker can't output sound on Yoga 9i (git-fixes). - ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (bsc#1182377). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: Flush pending unsolicited events before suspend (bsc#1182377). - ALSA: hda: Re-add dropped snd_poewr_change_state() calls (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes). - ALSA: hda: ignore invalid NHLT table (git-fixes). - ALSA: hdsp: do not disable if not enabled (git-fixes). - ALSA: hdspm: do not disable if not enabled (git-fixes). - ALSA: intel8x0: Do not update period unless prepared (git-fixes). - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes). - ALSA: rme9652: do not disable if not enabled (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ALSA: usb-audio: Add DJM-450 to the quirks table (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add DJM750 to Pioneer mixer quirk (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - ALSA: usb-audio: Add Pioneer DJM-850 to quirks-table (git-fixes). - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 (git-fixes). - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes). - ALSA: usb-audio: Add implicit feeback support for the BOSS GT-1 (git-fixes). - ALSA: usb-audio: Add support for Pioneer DJM-750 (git-fixes). - ALSA: usb-audio: Add support for many Roland devices' implicit feedback quirks (git-fixes). - ALSA: usb-audio: Apply implicit feedback mode for BOSS devices (git-fixes). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Carve out connector value checking into a helper (git-fixes). - ALSA: usb-audio: Check connector value on resume (git-fixes). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes). - ALSA: usb-audio: Convert remaining strlcpy() to strscpy() (git-fixes). - ALSA: usb-audio: Convert the last strlcpy() usage (git-fixes). - ALSA: usb-audio: DJM-750: ensure format is set (git-fixes). - ALSA: usb-audio: Declare Pioneer DJM-850 mixer controls (git-fixes). - ALSA: usb-audio: Drop implicit fb quirk entries dubbed for capture (git-fixes). - ALSA: usb-audio: Explicitly set up the clock selector (git-fixes). - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounce access in MIDI EP parser (git-fixes). - ALSA: usb-audio: Fix unintentional sign extension issue (git-fixes). - ALSA: usb-audio: Generic application of implicit fb to Roland/BOSS devices (git-fixes). - ALSA: usb-audio: Re-apply implicit feedback mode to Pioneer devices (git-fixes). - ALSA: usb-audio: Remove redundant assignment to len (git-fixes). - ALSA: usb-audio: Skip probe of UA-101 devices (git-fixes). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes). - ALSA: usb-audio: add mixer quirks for Pioneer DJM-900NXS2 (git-fixes). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: fix Pioneer DJM-850 control label info (git-fixes). - ALSA: usb-audio: fix control-request direction (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: generate midi streaming substream names from jack names (git-fixes). - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes). - ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes). - ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes). - ALSA: usb-audio: use usb headers rather than define structs locally (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: Intel: boards: sof-wm8804: add check for PLL setting (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: Intel: sof_sdw: add quirk for HP Spectre x360 convertible (git-fixes). - ASoC: Intel: sof_sdw: add quirk for new ADL-P Rvp (git-fixes). - ASoC: Intel: sof_sdw: reorganize quirks by generation (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes). - ASoC: SOF: Intel: unregister DMIC device on probe error (git-fixes). - ASoC: SOF: intel: fix wrong poll bits in dsp power down (git-fixes). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Fix s/show/slow/ typo (git-fixes). - ASoC: ak5558: correct reset polarity (git-fixes). - ASoC: codecs: wcd934x: add a sanity check in set channel map (git-fixes). - ASoC: cs35l33: fix an error code in probe() (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: cs42l42: Regmap must use_single_read/write (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: max98373: Changed amp shutdown register as volatile (git-fixes). - ASoC: qcom: lpass-cpu: Fix lpass dai ids parse (git-fixes). - ASoC: qcom: sdm845: Fix array out of bounds access (git-fixes). - ASoC: qcom: sdm845: Fix array out of range on rx slim channels (git-fixes). - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes). - ASoC: rsnd: check all BUSIF status when error (git-fixes). - ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes). - ASoC: rt1015: fix i2c communication error (git-fixes). - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes). - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5659: Update MCLK rate in set_sysclk() (git-fixes). - ASoC: rt5670: Add a quirk for the Dell Venue 10 Pro 5055 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt711: add snd_soc_component remove callback (git-fixes). - ASoC: samsung: snow: remove useless test (git-fixes). - ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes). - ASoC: soc-core kABI workaround (git-fixes). - ASoC: soc-core: Prevent warning if no DMI table is present (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ASoC: wm8960: Remove bitclk relax condition in wm8960_configure_sysclk (git-fixes). - Bluetooth: Fix incorrect status handling in LE PHY UPDATE event (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes). - Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes). - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes). - Bluetooth: avoid deadlock between hci_dev->lock and socket lock (git-fixes). - Bluetooth: btqca: Add valid le states quirk (git-fixes). - Bluetooth: btusb: Enable quirk boolean flag for Mediatek Chip (git-fixes). - Bluetooth: check for zapped sk before connecting (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes). - Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes). - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725). - Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes). - EDAC/amd64: Check for memory before fully initializing an instance (bsc#1183815). - EDAC/amd64: Get rid of the ECC disabled long message (bsc#1183815). - EDAC/amd64: Use cached data when checking for ECC (bsc#1183815). - Goodix Fingerprint device is not a modem (git-fixes). - HID: alps: fix error return code in alps_input_configured() (git-fixes). - HID: google: add don USB id (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HID: plantronics: Workaround for double volume key presses (git-fixes). - HID: wacom: Assign boolean values to a bool variable (git-fixes). - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - IB/hfi1: Fix probe time panic when AIP is enabled with a buggy BIOS (jsc#SLE-13208). - IB/hfi1: Rework AIP and VNIC dummy netdev usage (jsc#SLE-13208). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes). - Input: i8042 - fix Pegatron C15B ID entry (git-fixes). - Input: nspire-keypad - enable interrupts only when opened (git-fixes). - Input: s6sy761 - fix coordinate read bit shift (git-fixes). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes). - KEYS: trusted: Fix TPM reservation for seal/unseal (git-fixes). - KEYS: trusted: Fix memory leak on object td (git-fixes). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: s390: fix guarded storage control register handling (bsc#1133021). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183323). - KVM: x86: Expose XSAVEERPTR to the guest (jsc#SLE-13573). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183324). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - NFC: nci: fix memory leak in nci_allocate_device (git-fixes). - PCI/AER: Add RCEC AER error injection support (bsc#1174426). - PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426). - PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426). - PCI/AER: Specify the type of Port that was reset (bsc#1174426). - PCI/AER: Use 'aer' variable for capability offset (bsc#1174426). - PCI/AER: Write AER Capability only when we control it (bsc#1174426). - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426). - PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426). - PCI/ERR: Avoid negated conditional for clarity (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (jsc#SLE-13736 jsc#SLE-14845). - PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426). - PCI/ERR: Clear AER status only when we control AER (bsc#1174426). - PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426). - PCI/ERR: Clear status of the reporting device (bsc#1174426). - PCI/ERR: Recover from RCEC AER errors (bsc#1174426). - PCI/ERR: Recover from RCiEP AER errors (bsc#1174426). - PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426). - PCI/ERR: Retain status from error notification (bsc#1174426). - PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426). - PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426). - PCI/ERR: Use 'bridge' for clarity in pcie_do_recovery() (bsc#1174426). - PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426). - PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes). - PCI/RCEC: Fix RCiEP device to RCEC association (jsc#SLE-13736 jsc#SLE-14845 git-fixes). - PCI/portdrv: Report reset for frozen channel (bsc#1174426). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Allow VPD access for QLogic ISP2722 (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes). - PCI: Release OF node in pci_scan_device()'s error path (git-fixes). - PCI: designware-ep: Fix the Header Type check (git-fixes). - PCI: dwc: Move iATU detection earlier (git-fixes). - PCI: endpoint: Fix missing destroy_workqueue() (git-fixes). - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes). - PCI: keystone: Let AM65 use the pci_ops defined in pcie-designware-host.c (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes). - PCI: tegra: Move 'dbi' accesses to post common DWC initialization (git-fixes). - PCI: thunder: Fix compile testing (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/cm: Fix IRQ restore in ib_send_cm_sidr_rep (jsc#SLE-15176). - RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/hns: Delete redundant abnormal interrupt status (git-fixes). - RDMA/hns: Delete redundant condition judgment related to eq (git-fixes). - RDMA/mlx5: Fix drop packet rule in egress table (jsc#SLE-15175). - RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215). - RDMA/rtrs-clt: Close rtrs client conn before destroying rtrs clt session files (jsc#SLE-15176). - RDMA/rtrs-clt: destroy sysfs after removing session from active list (jsc#SLE-15176). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes). - Re-enable yenta socket driver for x86_64 (bsc#1186349) - SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428). - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes). - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes). - USB: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - USB: CDC-ACM: fix poison/unpoison imbalance (git-fixes). - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: fix TIOCGSERIAL implementation (git-fixes). - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: f81232: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: f81534: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: fix return value for unsupported ioctls (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: opticon: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: pl2303: add support for PL2303HXN (bsc#1186320). - USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320). - USB: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes). - USB: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - USB: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - amdgpu: avoid incorrect %hu format string (git-fixes). - apparmor: Fix aa_label refcnt leak in policy_update (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes). - ata: libahci_platform: fix IRQ check (git-fixes). - ath10k: Fix a use after free in ath10k_htc_send_bundle (git-fixes). - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes). - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes). - blk-mq: plug request for shared sbitmap (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - blk-mq: set default elevator as deadline in case of hctx shared tagset (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - blkcg: fix memleak for iolatency (git-fixes). - block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838). - block: fix get_max_io_size() (git-fixes). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - block: rsxx: select CONFIG_CRC32 (git-fixes). - bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Enforce that struct_ops programs be GPL-only (bsc#1177028). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf: Fix an unitialized value in bpf_iter (bsc#1177028). - bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518). - bpf: Fix masking negation logic upon negative dst register (bsc#1155518). - bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds (bsc#1177028). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf: Refcount task stack in bpf_get_task_stack (bsc#1177028). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET (bsc#1177028). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - bsg: free the request before return error code (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - bus: fsl-mc: add the dpdbg device type (bsc#1185670). - bus: fsl-mc: list more commands as accepted through the ioctl (bsc#1185670). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - bus: qcom: Put child node before return (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - cdc-wdm: untangle a circular dependency between callback and softint (git-fixes). - ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes). - cfg80211: scan: drop entry from hidden_list on overflow (git-fixes). - ch_ktls: Fix kernel panic (jsc#SLE-15131). - ch_ktls: do not send snd_una update to TCB in middle (jsc#SLE-15131). - ch_ktls: fix device connection close (jsc#SLE-15131). - ch_ktls: fix enum-conversion warning (jsc#SLE-15129). - ch_ktls: tcb close causes tls connection failure (jsc#SLE-15131). - cifs: New optype for session operations (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check pointer before freeing (bsc#1183534). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes). - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes). - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes). - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes). - clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - clk: uniphier: Fix potential infinite loop (git-fixes). - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - coresight: etm4x: Fix issues on trcseqevr access (git-fixes). - coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes). - coresight: remove broken __exit annotations (git-fixes). - coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes). - cpufreq: Kconfig: fix documentation links (git-fixes). - cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes). - cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes). - cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes). - cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758). - cpuidle/pseries: Fixup CEDE0 latency only for POWER10 onwards (bsc#1185550 ltc#192610). - crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes). - crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes). - crypto: chelsio - Read rxchannel-id from firmware (git-fixes). - crypto: mips/poly1305 - enable for all MIPS processors (git-fixes). - crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes). - crypto: qat - Fix a double free in adf_create_ring (git-fixes). - crypto: qat - do not release uninitialized resources (git-fixes). - crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes). - crypto: qat - fix unmap invalid dma address (git-fixes). - crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes). - crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes). - crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - cxgb4: Fix unintentional sign extension issues (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes). - dm era: Fix bitset memory leaks (git-fixes). - dm era: Recover committed writeset after crash (git-fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes). - dm era: Update in-core bitset after committing the metadata (git-fixes). - dm era: Use correct value size in equality function of writeset tree (git-fixes). - dm era: Verify the data block size hasn't changed (git-fixes). - dm era: only resize metadata in preresume (git-fixes). - dm integrity: fix error reporting in bitmap mode after creation (git-fixes). - dm ioctl: fix error return code in target_message (git-fixes). - dm mpath: fix racey management of PG initialization (git-fixes). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - dm raid: fix discard limits for raid1 (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (bsc#1185581). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git-fixes). - dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - dmaengine: Fix a double free in dma_async_device_register (git-fixes). - dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes). - dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes). - dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback (git-fixes). - dmaengine: idxd: Fix potential null dereference on pointer status (git-fixes). - dmaengine: idxd: cleanup pci interrupt vector allocation management (git-fixes). - dmaengine: idxd: clear MSIX permission entry on shutdown (git-fixes). - dmaengine: idxd: fix cdev setup and free device lifetime issues (git-fixes). - dmaengine: idxd: fix delta_rec and crc size field for completion record (git-fixes). - dmaengine: idxd: fix dma device lifetime (git-fixes). - dmaengine: idxd: fix opcap sysfs attribute output (git-fixes). - dmaengine: idxd: fix wq cleanup of WQCFG registers (git-fixes). - dmaengine: idxd: fix wq size store permission state (git-fixes). - dmaengine: idxd: removal of pcim managed mmio mapping (git-fixes). - docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes). - docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes). - dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes). - dpaa_eth: Use random MAC address when none is given (bsc#1184811). - dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - dpaa_eth: update the buffer layout for non-A050385 erratum scenarios (git-fixes). - drivers: hv: Fix whitespace errors (bsc#1185725). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amd/display/dc/dce/dce_aux: Remove duplicate line causing 'field overwritten' issue (git-fixes). - drm/amd/display: Check for DSC support instead of ASIC revision (git-fixes). - drm/amd/display: Correct algorithm for reversed gamma (git-fixes). - drm/amd/display: DCHUB underflow counter increasing in some scenarios (git-fixes). - drm/amd/display: Do not optimize bandwidth before disabling planes (git-fixes). - drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes). - drm/amd/display: Fix UBSAN: shift-out-of-bounds warning (git-fixes). - drm/amd/display: Fix debugfs link_settings entry (git-fixes). - drm/amd/display: Fix nested FPU context in dcn21_validate_bandwidth() (git-fixes). - drm/amd/display: Fix off by one in hdmi_14_process_transaction() (git-fixes). - drm/amd/display: Fix two cursor duplication when using overlay (git-fixes). - drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amd/display: Initialize attribute for hdcp_srm sysfs file (git-fixes). - drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes). - drm/amd/display: Revert dram_clock_change_latency for DCN2.1 (git-fixes). - drm/amd/display: Try YCbCr420 color when YCbCr444 fails (git-fixes). - drm/amd/display: add handling for hdcp2 rx id list validation (git-fixes). - drm/amd/display: changing sr exit latency (git-fixes). - drm/amd/display: fix dml prefetch validation (git-fixes). - drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes). - drm/amd/display: turn DPMS off on connector unplug (git-fixes). - drm/amd/pm: fix workload mismatch on vega10 (git-fixes). - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes). - drm/amdgpu/display/dm: add missing parameter documentation (git-fixes). - drm/amdgpu/display: buffer INTERRUPT_LOW_IRQ_CONTEXT interrupt work (git-fixes). - drm/amdgpu/display: remove redundant continue statement (git-fixes). - drm/amdgpu/display: restore AUX_DPHY_TX_CONTROL for DCN2.x (git-fixes). - drm/amdgpu/display: use GFP_ATOMIC in dcn21_validate_bandwidth_fp() (git-fixes). - drm/amdgpu/swsmu: add interrupt work function (git-fixes). - drm/amdgpu/swsmu: add interrupt work handler for smu11 parts (git-fixes). - drm/amdgpu: Add additional Sienna Cichlid PCI ID (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: Add mem sync flag for IB allocated by SA (git-fixes). - drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE > AMDGPU_PAGE_SIZE (git-fixes). - drm/amdgpu: Fix some unload driver issues (git-fixes). - drm/amdgpu: Init GFX10_ADDR_CONFIG for VCN v3 in DPG mode (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes). - drm/amdgpu: fb BO should be ttm_bo_type_device (git-fixes). - drm/amdgpu: fix NULL pointer dereference (git-fixes). - drm/amdgpu: fix concurrent VM flushes on Vega/Navi v2 (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes). - drm/amdgpu: remove unused variable from struct amdgpu_bo (git-fixes). - drm/amdgpu: update gc golden setting for Navi12 (git-fixes). - drm/amdgpu: update sdma golden setting for Navi12 (git-fixes). - drm/amdkfd: Fix UBSAN shift-out-of-bounds warning (git-fixes). - drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes - drm/amdkfd: dqm fence memory corruption (git-fixes). - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix invalid usage of AST_MAX_HWC_WIDTH in cursor atomic_check (git-fixes). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/compat: Clear bounce structures (git-fixes). - drm/dp_mst: Revise broadcast msg lct & lcr (git-fixes). - drm/dp_mst: Set CLEAR_PAYLOAD_ID_TABLE as broadcast (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915/display: fix compiler warning about array overrun (git-fixes). - drm/i915/gt: Clear CACHE_MODE prior to clearing residuals (git-fixes). - drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 (git-fixes). - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes). - drm/i915/gvt: Set SNOOP for PAT3 on BXT/APL to workaround GPU BB hang (git-fixes). - drm/i915/overlay: Fix active retire callback alignment (git-fixes). - drm/i915/selftests: Fix some error codes (git-fixes). - drm/i915: Avoid div-by-zero on gen2 (git-fixes). - drm/i915: Fix ICL MG PHY vswing handling (git-fixes). - drm/i915: Fix crash in auto_retire (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/i915: Hold onto an explicit ref to i915_vma_work.pinned (git-fixes). - drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (git-fixes). - drm/i915: Wedge the GPU if command parser setup fails (git-fixes). - drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes). - drm/ingenic: Fix non-OSD mode (git-fixes). - drm/ingenic: Register devm action to cleanup encoders (git-fixes). - drm/komeda: Fix bit check to import to value of proper type (git-fixes). - drm/lima: fix reference leak in lima_pm_busy (git-fixes). - drm/mcde/panel: Inverse misunderstood flag (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) Backporting notes: * replaced mtk_ddp_write() with writel() - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) Backporting notes: * taken for 9b73bde39cf2 ('drm/msm: Fix use-after-free in msm_gem with carveout') * context changes - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes). - drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes). - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) Backporting notes: * context changes - drm/msm: Fix a5xx/a6xx timestamps (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) Backporting notes: * context changes - drm/msm: Fix suspend/resume on i.MX5 (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) Backporting notes: * context changes - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/nouveau/kms/nv50-: Get rid of bogus nouveau_conn_mode_valid() (git-fixes). - drm/omap: fix misleading indentation in pixinc() (git-fixes). - drm/panfrost: Clear MMU irqs before handling the fault (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) Backporting notes: * context changes - drm/panfrost: Do not try to map pages that are already mapped (git-fixes). - drm/panfrost: Fix job timeout handling (bsc#1152472) Backporting notes: * context changes - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/probe-helper: Check epoch counter in output_poll_execute() (git-fixes). - drm/qxl: do not run release if qxl failed to init (git-fixes). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes). - drm/radeon: Avoid power table parsing memory leaks (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (git-fixes). - drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes). - drm/radeon: fix AGP dependency (git-fixes). - drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes). - drm/shmem-helper: Check for purged buffers in fault handler (git-fixes). - drm/shmem-helper: Do not remove the offset in vm_area_struct pgoff (git-fixes). - drm/shmem-helpers: vunmap: Do not put pages for dma-buf (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) Backporting notes: * context changes - drm/tegra: Fix reference leak when pm_runtime_get_sync() fails (git-fixes). - drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes). - drm/tegra: dc: Restore coupling of display controllers (git-fixes). - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/tilcdc: send vblank event when disabling crtc (git-fixes). - drm/vc4: crtc: Reduce PV fifo threshold on hvs4 (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) Backporting notes: * context changes * change vc4_hdmi to vc4->hdmi * removed references to encoder->hdmi_monitor - drm/vkms: fix misuse of WARN_ON (git-fixes). - drm: Added orientation quirk for OneGX1 Pro (git-fixes). - drm: meson_drv add shutdown function (git-fixes). - drm: rcar-du: Fix PM reference leak in rcar_cmm_enable() (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) Backporting notes: * context changes - drm: rcar-du: Fix leak of CMM platform device reference (git-fixes). - drm: xlnx: zynqmp: fix a memset in zynqmp_dp_train() (git-fixes). - e1000e: Fix duplicate include guard (git-fixes). - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes). - e1000e: add rtnl_lock() to e1000_reset_task (git-fixes). - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes). - enetc: Workaround for MDIO register access issue (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes). - ethtool: fix incorrect datatype in set_eee ops (bsc#1176447). - ethtool: fix missing NLM_F_MULTI flag when dumping (bsc#1176447). - ethtool: pause: make sure we init driver stats (jsc#SLE-15075). - exec: Move would_dump into flush_old_exec (git-fixes). - ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - ext4: fix potential htree index checksum corruption (bsc#1184728). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes). - extcon: arizona: Fix various races on driver unbind (git-fixes). - fbdev: zero-fill colormap in fbcmap.c (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes). - firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes). - firmware: qcom_scm: Fix kernel-doc function names to match (git-fixes). - firmware: qcom_scm: Make __qcom_scm_is_call_available() return bool (git-fixes). - firmware: qcom_scm: Reduce locking section for __get_convention() (git-fixes). - firmware: qcom_scm: Workaround lack of 'is available' call on SC7180 (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851). - fotg210-udc: Complete OUT requests on short packets (git-fixes). - fotg210-udc: Do not DMA more than the buffer can take (git-fixes). - fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes). - fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes). - fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes). - fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes). - fs/epoll: restore waking from ep_done_scan() (bsc#1183868). - fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811). - fsl/fman: tolerate missing MAC address in device tree (bsc#1184811). - fsl/fman: use 32-bit unsigned integer (git-fixes). - ftrace/x86: Tell objtool to ignore nondeterministic ftrace stack layout (bsc#1177028). - ftrace: Fix modify_ftrace_direct (bsc#1177028). - ftrace: Handle commands when closing set_ftrace_filter file (git-fixes). - fuse: fix bad inode (bsc#1184211). - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: fix write deadlock (bsc#1185573). - fuse: verify write return (git-fixes). - futex: Change utime parameter to be 'const ... *' (git-fixes). - futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648). - futex: Get rid of the val2 conditional dance (git-fixes). - futex: Make syscall entry points less convoluted (git-fixes). - gcc-plugins: drop support for GCC &lt;= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - geneve: do not modify the shared tunnel info when PMTU triggers an ICMP reply (bsc#1176447). - geneve: do not modify the shared tunnel info when PMTU triggers an ICMP reply (git-fixes). - genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes) - genirq: Disable interrupts for force threaded handlers (git-fixes) - genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Handle error code at MAC address change (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - gpio: omap: Save and restore sysconfig (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: sysfs: Obey valid_mask (git-fixes). - gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - gpiolib: Do not free if pin ranges are not defined (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes). - gpu/xen: Fix a use after free in xen_drm_drv_init (git-fixes). - hrtimer: Update softirq_expires_next correctly after (git-fixes) - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - hwmon: (occ) Fix poll rate limiting (git-fixes). - i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes). - i2c: bail out early when RDWR parameters are wrong (git-fixes). - i2c: cadence: add IRQ check (git-fixes). - i2c: emev2: add IRQ check (git-fixes). - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: jz4780: add IRQ check (git-fixes). - i2c: mlxbf: add IRQ check (git-fixes). - i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: sh7760: fix IRQ error path (git-fixes). - i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: tegra: Add missing pm_runtime_put() (bsc#1184386). - i2c: tegra: Check errors for both positive and negative values (bsc#1184386). - i2c: tegra: Clean up and improve comments (bsc#1184386). - i2c: tegra: Clean up printk messages (bsc#1184386). - i2c: tegra: Clean up probe function (bsc#1184386). - i2c: tegra: Clean up variable names (bsc#1184386). - i2c: tegra: Clean up variable types (bsc#1184386). - i2c: tegra: Clean up whitespaces, newlines and indentation (bsc#1184386). - i2c: tegra: Create i2c_writesl_vi() to use with VI I2C for filling TX FIFO (bsc#1184386). - i2c: tegra: Factor out error recovery from tegra_i2c_xfer_msg() (bsc#1184386). - i2c: tegra: Factor out hardware initialization into separate function (bsc#1184386). - i2c: tegra: Factor out packet header setup from tegra_i2c_xfer_msg() (bsc#1184386). - i2c: tegra: Factor out register polling into separate function (bsc#1184386). - i2c: tegra: Handle potential error of tegra_i2c_flush_fifos() (bsc#1184386). - i2c: tegra: Improve driver module description (bsc#1184386). - i2c: tegra: Improve formatting of variables (bsc#1184386). - i2c: tegra: Initialize div-clk rate unconditionally (bsc#1184386). - i2c: tegra: Make tegra_i2c_flush_fifos() usable in atomic transfer (bsc#1184386). - i2c: tegra: Mask interrupt in tegra_i2c_issue_bus_clear() (bsc#1184386). - i2c: tegra: Move out all device-tree parsing into tegra_i2c_parse_dt() (bsc#1184386). - i2c: tegra: Remove 'dma' variable from tegra_i2c_xfer_msg() (bsc#1184386). - i2c: tegra: Remove error message used for devm_request_irq() failure (bsc#1184386). - i2c: tegra: Remove i2c_dev.clk_divisor_non_hs_mode member (bsc#1184386). - i2c: tegra: Remove likely/unlikely from the code (bsc#1184386). - i2c: tegra: Remove outdated barrier() (bsc#1184386). - i2c: tegra: Remove redundant check in tegra_i2c_issue_bus_clear() (bsc#1184386). - i2c: tegra: Rename wait/poll functions (bsc#1184386). - i2c: tegra: Reorder location of functions in the code (bsc#1184386). - i2c: tegra: Runtime PM always available on Tegra (bsc#1184386). - i2c: tegra: Use clk-bulk helpers (bsc#1184386). - i2c: tegra: Use devm_platform_get_and_ioremap_resource() (bsc#1184386). - i2c: tegra: Use platform_get_irq() (bsc#1184386). - i2c: tegra: Use reset_control_reset() (bsc#1184386). - i2c: tegra: Use threaded interrupt (bsc#1184386). - i2c: tegra: Wait for config load atomically while in ISR (bsc#1184386). - i40e: Add zero-initialization of AQ command structures (git-fixes). - i40e: Added Asym_Pause to supported link modes (git-fixes). - i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes). - i40e: Fix add TC filter for IPv6 (git-fixes). - i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes). - i40e: Fix display statistics for veb_tc (git-fixes). - i40e: Fix endianness conversions (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix kernel oops when i40e driver removes VF's (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - i40e: Fix sparse error: uninitialized symbol 'ring' (jsc#SLE-13701). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse warning: missing error code 'err' (git-fixes). - i40e: Fix use-after-free in i40e_client_subtask() (git-fixes). - i40e: fix broken XDP support (git-fixes). - i40e: fix the panic when running bpf in xdpdrv mode (git-fixes). - i40e: fix the restart auto-negotiation after FEC modified (git-fixes). - i915/perf: Start hrtimer only if sampling the OA buffer (git-fixes). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Cleanup fltr list in case of allocation issues (git-fixes). - ice: Continue probe on link/PHY errors (jsc#SLE-12878). - ice: Fix for dereference of NULL pointer (git-fixes). - ice: Increase control queue timeout (git-fixes). - ice: Use port number instead of PF ID for WoL (jsc#SLE-12878). - ice: fix memory allocation call (jsc#SLE-12878). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: fix memory leak of aRFS after resuming from suspend (jsc#SLE-12878). - ice: prevent ice_open and ice_stop during reset (git-fixes). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - ics932s401: fix broken handling of errors when word reading fails (git-fixes). - igb: Fix duplicate include guard (git-fixes). - igb: XDP extack message on error (jsc#SLE-13536). - igb: XDP xmit back fix error code (jsc#SLE-13536). - igb: avoid premature Rx buffer reuse (jsc#SLE-13536). - igb: avoid transmit queue timeout in xdp path (jsc#SLE-13536). - igb: check timestamp validity (git-fixes). - igb: skb add metasize for xdp (jsc#SLE-13536). - igb: take VLAN double header into account (jsc#SLE-13536). - igb: use xdp_do_flush (jsc#SLE-13536). - igc: Fix Pause Frame Advertising (git-fixes). - igc: Fix Supported Pause Frame Link Setting (git-fixes). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: gyro: mpu3050: Fix reported temperature value (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes). - iio: tsl2583: Fix division by a zero lux_val (git-fixes). - iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - intel_th: Consistency and off-by-one fix (git-fixes). - intel_th: pci: Add Alder Lake-M support (git-fixes). - intel_th: pci: Add Rocket Lake CPU support (git-fixes). - interconnect: core: fix error return code of icc_link_destroy() (git-fixes). - iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183310). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183312). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183313). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183315). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183316). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183317). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183318). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183319). - iommu/vt-d: Fix status code for Allocate/Free PASID command (bsc#1183320). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183321). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183322). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - iommu: Check dev->iommu in dev_iommu_priv_get() before dereferencing it (bsc#1183311). - iommu: Switch gather->end to the inclusive end (bsc#1183314). - ionic: linearize tso skb with too many frags (bsc#1167773). - ionic: linearize tso skb with too many frags (bsc#1167773). - iopoll: introduce read_poll_timeout macro (git-fixes). - ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988). - ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855). - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1184264). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1184264). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233). - irqchip: Add support for Layerscape external interrupt lines (bsc#1185233). - isofs: release buffer head before return (bsc#1182613). - iwlwifi: add support for Qu with AX201 device (git-fixes). - iwlwifi: pcie: make cfg vs. trans_cfg more robust (git-fixes). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes). - ixgbe: fix unbalanced device enable/disable in suspend/resume (jsc#SLE-13706). - jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740). - kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426). - kABI: cover up change in struct kvm_arch (bsc#1184969). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_&lt;basetarget>.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale. - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - kvm: svm: Update svm_xsaves_supported (jsc#SLE-13573). - kvm: x86: Enumerate support for CLZERO instruction (jsc#SLE-13573). - leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - libbpf: Add explicit padding to bpf_xdp_set_link_opts (bsc#1177028). - libbpf: Add explicit padding to btf_dump_emit_type_decl_opts (bsc#1177028). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Fix bail out from 'ringbuf_process_ring()' on error (bsc#1177028). - libbpf: Fix error path in bpf_object__elf_init() (bsc#1177028). - libbpf: Fix signed overflow in ringbuf_process_ring (bsc#1177028). - libbpf: Initialize the bpf_seq_printf parameters array field by field (bsc#1177028). - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - lpfc: Decouple port_template and vport_template (bsc#185032). - mISDN: fix crash in fritzpci (git-fixes). - mac80211: Allow HE operation to be longer than expected (git-fixes). - mac80211: bail out if cipher schemes are invalid (git-fixes). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes). - mac80211: clear the beacon's CRC after channel switch (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes). - md-cluster: fix use-after-free issue when removing rdev (bsc#1184082). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - md: do not flush workqueue unconditionally in md_open (bsc#1184081). - md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081). - md: md_open returns -EBUSY when entering racing area (bsc#1184081). - md: split mddev_find (bsc#1184081). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes). - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes). - media: em28xx: fix memory leak (git-fixes). - media: gspca/sq905.c: fix uninitialized variable (git-fixes). - media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes). - media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes). - media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes). - media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes). - media: ite-cir: check for receive overflow (git-fixes). - media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes). - media: mantis: remove orphan mantis_core.c (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes). - media: omap4iss: return error code when omap4iss_get() failed (git-fixes). - media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes). - media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: saa7134: use sg_dma_len when building pgtable (git-fixes). - media: saa7146: use sg_dma_len when building pgtable (git-fixes). - media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes). - media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes). - media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes). - media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - memory: mtk-smi: Fix PM usage counter unbalance in mtk_smi ops (bsc#1183325). - memory: pl353: fix mask of ECC page_size config register (git-fixes). - mfd: arizona: Fix rumtime PM imbalance on error (git-fixes). - mfd: intel_pmt: Fix nuisance messages and handling of disabled capabilities (git-fixes). - mfd: lpc_sch: Partially revert 'Add support for Intel Quark X1000' (git-fixes). - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes). - mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606). - mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes). - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes). - mmc: core: Do a power cycle when the CMD11 fails (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (bsc#1186009) - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (bsc#1186009) - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes). - mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes). - mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes). - mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes). - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes). - mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes). - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mt7601u: fix always true expression (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - mt76: mt7615: fix entering driver-own state on mt7663 (git-fixes). - mt76: mt7615: support loading EEPROM for MT7613BE (git-fixes). - mt76: mt76x0: disable GTK offloading (git-fixes). - mt76: mt7915: fix aggr len debugfs node (git-fixes). - mt76: mt7915: fix txpower init for TSSI off chips (git-fixes). - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes). - mtd: rawnand: atmel: Update ecc_stats.corrected counter (git-fixes). - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes). - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes). - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes). - mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes). - mtd: require write permissions for locking and badblock ioctls (git-fixes). - mtd: spi-nor: Rename 'n25q512a' to 'mt25qu512a (n25q512a)' (bsc#1167260). - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260). - mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - nbd: fix a block_device refcount leak in nbd_release (git-fixes). - net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx4_en: update moderation when config reset (git-fixes). - net/mlx5: Add back multicast stats for uplink representor (jsc#SLE-15172). - net/mlx5: Delete extra dump stack that gives nothing (git-fixes). - net/mlx5: Do not request more than supported EQs (git-fixes). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net/mlx5: Fix bit-wise and with zero (jsc#SLE-15172). - net/mlx5: Fix health error state handling (bsc#1186467). - net/mlx5e: Allow to match on MPLS parameters only for MPLS over UDP (jsc#SLE-15172). - net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes). - net/mlx5e: Fix ethtool indication of connector type (git-fixes). - net/mlx5e: Fix setting of RS FEC mode (jsc#SLE-15172). - net/mlx5e: Offload tuple rewrite for non-CT flows (jsc#SLE-15172). - net/mlx5e: RX, Mind the MPWQE gaps when calculating offsets (jsc#SLE-15172). - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464). - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes). - net/sched: act_ct: fix wild memory access when clearing fragments (bsc#1176447). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: atlantic: fix out of range usage of active_vlans array (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: cls_api: Fix uninitialised struct field bo->unlocked_driver_cb (bsc#1176447). - net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enetc: allow hardware timestamping on TX queues with tc-etf enabled (git-fixes). - net: enetc: do not disable VLAN filtering in IFF_PROMISC mode (git-fixes). - net: enetc: fix link error again (git-fixes). - net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes). - net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes). - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hns3: Fix for geneve tx checksum bug (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes). - net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes). - net: hns3: clear VF down state bit before request link status (git-fixes). - net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes). - net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes). - net: hns3: fix bug when calculating the TCAM table info (git-fixes). - net: hns3: fix for vxlan gpe tx checksum bug (git-fixes). - net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes). - net: hns3: fix query vlan mask value error for flow director (git-fixes). - net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes). - net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes). - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes). - net: ll_temac: Fix race condition causing TX hang (git-fixes). - net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - net: phy: marvell: fix m88e1011_set_downshift (git-fixes). - net: phy: marvell: fix m88e1111_set_downshift (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes). - net: thunderx: Fix unintentional sign extension issue (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - net: wan/lmc: unregister device when no matching device is found (git-fixes). - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes). - netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - netfilter: conntrack: Make global sysctls readonly in non-init netns (bsc#1176447). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - netfilter: flowtable: Make sure GC works periodically in idle system (bsc#1176447). - netfilter: flowtable: fix NAT IPv6 offload mangling (bsc#1176447). - netfilter: nftables: allow to update flowtable flags (bsc#1176447). - netfilter: nftables: report EOPNOTSUPP on unsupported flowtable flags (bsc#1176447). - netsec: restore phy power state after controller reset (bsc#1183757). - nfc: pn533: prevent potential memory corruption (git-fixes). - nfp: devlink: initialize the devlink port attribute 'lanes' (bsc#1176447). - nfp: flower: add ipv6 bit to pre_tunnel control message (bsc#1176447). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nfp: flower: ignore duplicate merge hints from FW (git-fixes). - node: fix device cleanups in error handling code (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - nvme-core: add cancel tagset helpers (bsc#1183976). - nvme-fabrics: decode host pathing error for connect (bsc#1179827). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme-fc: check sgl supported by target (bsc#1179827). - nvme-fc: clear q_live at beginning of association teardown (bsc#1186479). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1180197). - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259). - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1180197). - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259). - nvme-fc: short-circuit reconnect retries (bsc#1179827). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259). - nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#1182999). - nvme-tcp: Fix possible race of io_work and direct send (git-fixes). - nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes). - nvme-tcp: add clean action for failed reconnection (bsc#1183976). - nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes). - nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes). - nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - nvme-tcp: use cancel tagset helper for tear down (bsc#1183976). - nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378). - nvme: add 'kato' sysfs attribute (bsc#1179825). - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1180197). - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme: call nvme_identify_ns as the first thing in nvme_alloc_ns_block (bsc#1180197). - nvme: clean up the check for too large logic block sizes (bsc#1180197). - nvme: define constants for identification values (git-fixes). - nvme: do not intialize hwmon for discovery controllers (bsc#1184259). - nvme: do not intialize hwmon for discovery controllers (git-fixes). - nvme: explicitly update mpath disk capacity on revalidation (git-fixes). - nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378). - nvme: factor out a nvme_configure_metadata helper (bsc#1180197). - nvme: fix controller instance leak (git-fixes). - nvme: fix initialization of the zone bitmaps (bsc#1180197). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme: freeze the queue over ->lba_shift updates (bsc#1180197). - nvme: lift the check for an unallocated namespace into nvme_identify_ns (bsc#1180197). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: move nvme_validate_ns (bsc#1180197). - nvme: opencode revalidate_disk in nvme_validate_ns (bsc#1180197). - nvme: query namespace identifiers before adding the namespace (bsc#1180197). - nvme: refactor nvme_validate_ns (bsc#1180197). - nvme: remove nvme_identify_ns_list (bsc#1180197). - nvme: remove nvme_update_formats (bsc#1180197). - nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378). - nvme: remove the 0 lba_shift check in nvme_update_ns_info (bsc#1180197). - nvme: remove the disk argument to nvme_update_zone_info (bsc#1180197). - nvme: rename __nvme_revalidate_disk (bsc#1180197). - nvme: rename _nvme_revalidate_disk (bsc#1180197). - nvme: rename nvme_validate_ns to nvme_validate_or_alloc_ns (bsc#1180197). - nvme: retrigger ANA log update if group descriptor isn't found (git-fixes) - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvme: revalidate zone bitmaps in nvme_update_ns_info (bsc#1180197). - nvme: sanitize KATO setting (bsc#1179825). - nvme: set the queue limits in nvme_update_ns_info (bsc#1180197). - nvme: simplify error logic in nvme_validate_ns() (bsc#1180197). - nvme: simplify error logic in nvme_validate_ns() (bsc#1184259). - nvme: update the known admin effects (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - nvmet: fix a memory leak (git-fixes). - nvmet: seset ns->file when open fails (bsc#1183873). - nvmet: use new ana_log_size instead the old one (bsc#1184259). - ocfs2: fix a use after free on error (bsc#1184738). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - pata_arasan_cf: fix IRQ check (git-fixes). - pata_ipx4xx_cf: fix IRQ check (git-fixes). - perf/amd/uncore: Fix sysfs type mismatch (bsc#1178134). - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes). - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes). - partitions/ibm: fix non-DASD devices (bsc#1185857 LTC#192526). - pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes). - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes). - pinctrl: ingenic: Improve unreachable code generation (git-fixes). - pinctrl: lewisburg: Update number of pins in community (git-fixes). - pinctrl: qcom: spmi-gpio: fix warning about irq chip reusage (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_pmc_core: Do not use global pmcdev in quirks (git-fixes). - platform/x86: intel_pmt_crashlog: Fix incorrect macros (git-fixes). - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes). - posix-timers: Preserve return value in clock_adjtime32() (git-fixes) - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - power: supply: Use IRQF_ONESHOT (git-fixes). - power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes). - power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s/exception: Clean up a missed SRR specifier (jsc#SLE-9246 git-fixes). - powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes). - powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/kexec_file: Use current CPU info while setting up FDT (bsc#1184615 ltc#189835). - powerpc/kuap: Restore AMR after replaying soft interrupts (bsc#1156395). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969). - powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/perf: Fix sampled instruction type for larx/stcx (jsc#SLE-13513). - powerpc/perf: Fix the threshold event selection for memory events in power10 (jsc#SLE-13513). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - powerpc/pseries: Do not trace hcall tracing wrapper (bsc#1185110 ltc#192091). - powerpc/pseries: Fix hcall tracing recursion in pv queued spinlocks (bsc#1185110 ltc#192091). - powerpc/pseries: use notrace hcall variant for H_CEDE idle (bsc#1185110 ltc#192091). - powerpc/pseries: warn if recursing into the hcall tracing code (bsc#1185110 ltc#192091). - powerpc/smp: Reintroduce cpu_core_mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - powerpc/time: Enable sched clock for irqtime (bsc#1156395). - powerpc/uaccess: Avoid might_fault() when user access is enabled (bsc#1156395). - powerpc/uaccess: Perform barrier_nospec() in KUAP allowance helpers (bsc#1156395). - powerpc/uaccess: Simplify unsafe_put_user() implementation (bsc#1156395). - powerpc/xive: Drop check on irq_data in xive_core_debug_show() (bsc#1177437 ltc#188522 jsc#SLE-13294 git-fixes). - powerpc/xmon: Fix build failure for 8xx (jsc#SLE-12936 git-fixes). - powerpc: Fix inverted SET_FULL_REGS bitop (jsc#SLE-9246 git-fixes). - powerpc: Fix missing declaration ofable_kernel_vsx() (git-fixes). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - r8169: do not advertise pause in jumbo mode (git-fixes). - r8169: fix DMA being used after buffer free if WoL is enabled (git-fixes). - r8169: tweak max read request size for newer chips also in jumbo mtu mode (git-fixes). - regmap: set debugfs_name to NULL after it is freed (git-fixes). - regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes). - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - reintroduce cqhci_suspend for kABI (git-fixes). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsi: Use resume_noirq for SDIO (git-fixes). - rsxx: remove extraneous 'const' qualifier (git-fixes). - rtc: ds1307: Fix wday settings for rx8130 (git-fixes). - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454). - rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454). - rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454). - rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454). - rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454). - rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454). - rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454). - rtc: pcf2127: add alarm support (bsc#1185233). - rtc: pcf2127: add pca2129 device id (bsc#1185233). - rtc: pcf2127: add tamper detection support (bsc#1185233). - rtc: pcf2127: add watchdog feature support (bsc#1185233). - rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233). - rtc: pcf2127: cleanup register and bit defines (bsc#1185233). - rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233). - rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233). - rtc: pcf2127: fix alarm handling (bsc#1185233). - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233). - rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233). - rtc: pcf2127: handle timestamp interrupts (bsc#1185495). - rtc: pcf2127: let the core handle rtc range (bsc#1185233). - rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233). - rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233). - rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233). - rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233). - rtc: pcf2127: set regmap max_register (bsc#1185233). - rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233). - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes). - rtw88: Fix an error code in rtw_debugfs_set_rsvd_page() (git-fixes). - rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes). - rtw88: coex: 8821c: correct antenna switch function (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/entry: save the caller of psw_idle (bsc#1185677). - s390/ipl: support NVMe IPL kernel parameters (bsc#1185980 LTC#192679). - s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375). - s390/pci: fix leak of PCI device structure (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - s390/zcrypt: return EIO when msg retry limit reached (git-fixes). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - sata_mv: add IRQ checks (git-fixes). - sched/eas: Do not update misfit status if the task is pinned (git-fixes) - sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes) - sched/fair: Fix shift-out-of-bounds in load_balance() (git fixes (sched)). - sched/fair: Fix unfairness caused by missing load decay (git-fixes) - scripts/git_sort/git_sort.py: add bpf git repo - scsi: aacraid: Improve compat_ioctl handlers (bsc#1186352). - scsi: block: Fix a race in the runtime power management code (git-fixes). - scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851). - scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416). - scsi: core: add scsi_host_busy_iter() (bsc#1179851). - scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851). - scsi: fnic: Remove bogus ratelimit messages (bsc#1183249). - scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573). - scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451). - scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix 'Unexpected timeout' error in direct attach topology (bsc#1186451). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES (bsc#1185954). - scsi: pm80xx: Do not sleep in atomic context (bsc#1186353). - scsi: pm80xx: Fix chip initialization failure (bsc#1186354). - scsi: pm80xx: Fix potential infinite loop (bsc#1186354). - scsi: pm80xx: Increase timeout for pm80xx mpi_uninit_check() (bsc#1186355). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - scsi: target: tcmu: Fix use-after-free of se_cmd->priv (bsc#1186356). - scsi: target: tcmu: Fix warning: 'page' may be used uninitialized (bsc#1186357). - sctp: delay auto_asconf init until binding the first addr (&lt;cover.1620748346.git.mkubecek@suse.cz>). - security: keys: trusted: fix TPM2 authorizations (git-fixes). - selftests/bpf: Fix BPF_CORE_READ_BITFIELD() macro (bsc#1177028). - selftests/bpf: Fix the ASSERT_ERR_PTR macro (bsc#1177028). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Re-generate vmlinux.h and BPF skeletons if bpftool changed (bsc#1177028). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460). - selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460). - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460). - selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460). - selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460). - selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460). - selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460). - selftests: mlxsw: Remove a redundant if statement in tc_flower_scale test (bsc#1176774). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - serial: core: return early on unsupported ioctls (git-fixes). - serial: stm32: fix incorrect characters on console (git-fixes). - serial: stm32: fix tx_empty condition (git-fixes). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smc: disallow TCP_ULP in smc_setsockopt() (git-fixes). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - soc: aspeed: fix a ternary sign expansion bug (git-fixes). - soc: fsl: qe: replace qe_io{read,write}* wrappers by generic io{read,write}* (git-fixes). - soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes). - soc: qcom: mdt_loader: Validate that p_filesz &lt; p_memsz (git-fixes). - software node: Fix node registration (git-fixes). - soundwire: bus: Fix device found flag correctly (git-fixes). - soundwire: stream: fix memory leak in stream config error path (git-fixes). - spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260). - spi: ath79: always call chipselect function (git-fixes). - spi: ath79: remove spi-master setup and cleanup assignment (git-fixes). - spi: cadence: set cqspi to the driver_data field of struct device (git-fixes). - spi: dln2: Fix reference leak to master (git-fixes). - spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260). - spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260). - spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes). - spi: omap-100k: Fix reference leak to master (git-fixes). - spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes). - spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260). - spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260). - spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260). - spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260). - spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260). - spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260). - spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260). - spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260). - spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes). - spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Fix code alignment (bsc#1167260). - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260). - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260). - spi: spi-fsl-dspi: Fix typos (bsc#1167260). - spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260). - spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260). - spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260). - spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260). - spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260). - spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260). - spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260). - spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260). - spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260). - spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260). - spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260). - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260). - spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260). - spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260). - spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260). - spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260). - spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260). - spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260). - spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260). - spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260). - spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260). - spi: spi-fsl-dspi: fix native data copy (bsc#1167260). - spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260 - spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260). - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260). - spi: spi-ti-qspi: Free DMA resources (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - staging: bcm2835-audio: Replace unsafe strcpy() with strscpy() (git-fixes). - staging: comedi: addi_apci_1032: Fix endian problem for COS sample (git-fixes). - staging: comedi: addi_apci_1500: Fix endian problem for command sample (git-fixes). - staging: comedi: adv_pci1710: Fix endian problem for AI command data (git-fixes). - staging: comedi: cb_pcidas64: fix request_irq() warn (git-fixes). - staging: comedi: cb_pcidas: fix request_irq() warn (git-fixes). - staging: comedi: das6402: Fix endian problem for AI command data (git-fixes). - staging: comedi: das800: Fix endian problem for AI command data (git-fixes). - staging: comedi: dmm32at: Fix endian problem for AI command data (git-fixes). - staging: comedi: me4000: Fix endian problem for AI command data (git-fixes). - staging: comedi: pcl711: Fix endian problem for AI command data (git-fixes). - staging: comedi: pcl818: Fix endian problem for AI command data (git-fixes). - staging: fwserial: Fix error handling in fwserial_create (git-fixes). - staging: fwserial: fix TIOCGSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes). - staging: fwserial: fix TIOCSSERIAL permission check (git-fixes). - staging: ks7010: prevent buffer overflow in ks_wlan_set_scan() (git-fixes). - staging: most: sound: add sanity check for function argument (git-fixes). - staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data() (git-fixes). - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() (git-fixes). - staging: rtl8192e: Change state information from u16 to u8 (git-fixes). - staging: rtl8192e: Fix incorrect source in memcpy() (git-fixes). - staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan (git-fixes). - staging: rtl8192u: Fix potential infinite loop (git-fixes). - staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan() (git-fixes). - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd (git-fixes). - staging: rtl8712: unterminated string leads to read overflow (git-fixes). - stop_machine: mark helpers __always_inline (git-fixes). - supported.conf: - supported.conf: add bsc1185010 dependency - supported.conf: mark usb_otg_fsm as supported (bsc#1185010) - tcp: fix to update snd_wl1 in bulk receiver fast path (&lt;cover.1620748346.git.mkubecek@suse.cz>). - tee: optee: remove need_resched() before cond_resched() (git-fixes). - tee: optee: replace might_sleep with cond_resched (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - thermal/drivers/cpufreq_cooling: Update cpufreq_state only if state has changed (git-fixes). - thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes). - thermal: thermal_of: Fix error return code of thermal_of_populate_bind_params() (git-fixes). - thunderbolt: Fix a leak in tb_retimer_add() (git-fixes). - thunderbolt: Fix a leak in tb_retimer_add() (git-fixes). - thunderbolt: Fix off by one in tb_port_find_retimer() (git-fixes). - thunderbolt: Fix off by one in tb_port_find_retimer() (git-fixes). - thunderbolt: Initialize HopID IDAs in tb_switch_alloc() (git-fixes). - tools/resolve_btfids: Fix build error with older host toolchains (bsc#1177028). - tpm: acpi: Check eventlog signature before using it (git-fixes). - tracing: Map all PIDs to command lines (git-fixes). - tty: amiserial: fix TIOCSSERIAL permission check (git-fixes). - tty: fix memory leak in vc_deallocate (git-fixes). - tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes). - tty: moxa: fix TIOCSSERIAL permission check (git-fixes). - tty: serial: lpuart: fix lpuart32_write usage (git-fixes). - tty: serial: ucc_uart: replace qe_io{read,write}* wrappers by generic io{read,write}* (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes). - uio_hv_generic: Fix a memory leak in error handling paths (git-fixes). - uio_hv_generic: Fix another memory leak in error handling paths (git-fixes). - uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes). - usb-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - usb: Remove dev_err() usage after platform_get_irq() (git-fixes). - usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes). - usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes). - usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - usb: dwc2: Fix gadget DMA unmap direction (git-fixes). - usb: dwc2: Fix hibernation between host and device modes (git-fixes). - usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes). - usb: dwc2: Fix session request interrupt handler (git-fixes). - usb: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - usb: dwc3: Switch to use device_property_count_u32() (git-fixes). - usb: dwc3: Update soft-reset wait polling rate (git-fixes). - usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes). - usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes). - usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: omap: improve extcon initialization (git-fixes). - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes). - usb: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - usb: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - usb: fotg210-hcd: Fix an error message (git-fixes). - usb: gadget/function/f_fs string table fix for multiple languages (git-fixes). - usb: gadget: Fix double free of device descriptor pointers (git-fixes). - usb: gadget: aspeed: fix dma map failure (git-fixes). - usb: gadget: configfs: Fix KASAN use-after-free (git-fixes). - usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes). - usb: gadget: f_uac1: stop playback on function disable (git-fixes). - usb: gadget: f_uac1: validate input parameters (git-fixes). - usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - usb: gadget: f_uac2: validate input parameters (git-fixes). - usb: gadget: pch_udc: Check for DMA mapping error (git-fixes). - usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes). - usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes). - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes). - usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes). - usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes). - usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - usb: gadget: uvc: add bInterval checking for HS mode (git-fixes). - usb: musb: Fix suspend with devices connected for a64 (git-fixes). - usb: musb: fix PM reference leak in musb_irq_work() (git-fixes). - usb: pci-quirks: disable D3cold on xhci suspend for s2idle on AMD Renoire (bsc#1185840). - usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). - usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). - usb: sl811-hcd: improve misleading indentation (git-fixes). - usb: typec: Remove vdo[3] part of tps6598x_rx_identity_reg struct (git-fixes). - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes). - usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes). - usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes). - usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes). - usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes). - usb: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - usb: xhci-mtk: improve bandwidth scheduling with TT (git-fixes). - usb: xhci-mtk: remove or operator for setting schedule parameters (git-fixes). - usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - usb: xhci: Fix port minor revision (git-fixes). - usb: xhci: Increase timeout for HC halt (git-fixes). - usb: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - usbip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - usbip: fix stub_dev to check for stream socket (git-fixes). - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - usbip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - usbip: fix vhci_hcd to check for stream socket (git-fixes). - usbip: fix vudc to check for stream socket (git-fixes). - usbip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - usbip: tools: fix build error for multiple definition (git-fixes). - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - veth: Store queue_mapping independently of XDP prog presence (git-fixes). - vfio-pci/zdev: fix possible segmentation fault issue (git-fixes). - vfio/iommu_type1: Populate full dirty when detach non-pinned group (bsc#1183326). - vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer (git-fixes). - vfio/mdev: Make to_mdev_device() into a static inline (git-fixes). - vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes). - vfio/pci: Move VGA and VF initialization to functions (git-fixes). - vfio/pci: Re-order vfio_pci_probe() (git-fixes). - vgacon: Record video mode changes with VT_RESIZEX (git-fixes). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Add ratelimit on error message (bsc#1185725). - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - virt_wifi: Return micros for BSS TSF values (git-fixes). - virtiofs: fix memory leak in virtio_fs_probe() (bsc#1185558). - vrf: fix a comment about loopback device (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - vxlan: do not modify the shared tunnel info when PMTU triggers an ICMP reply (bsc#1176447). - vxlan: move debug check after netdev unregister (git-fixes). - watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982). - watchdog/softlockup: report the overall time of softlockups (bsc#1185982). - watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982). - watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982). - whitespace cleanup - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911). - workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893). - workqueue: more destroy_workqueue() fixes (bsc#1185911). - x86,swiotlb: Adjust SWIOTLB bounce buffer size for SEV guests (bsc#1186219). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489). - x86/platform/uv: Set section block size for hubless architectures (bsc#1152489). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489). - x86/sev-es: Invalidate the GHCB after completing VMGEXIT (bsc#1178134). - x86/sev-es: Move sev_es_put_ghcb() in prep for follow on patch (bsc#1178134). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). - xfrm: Provide private skb extensions for segmented and hw offloaded ESP packets (bsc#1176447). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). - xhci: check control context is valid before dereferencing it (git-fixes). - xhci: fix potential array out of bounds with several interrupters (git-fixes). - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). Important SUSE bug 1055117 SUSE bug 1065729 SUSE bug 1087082 SUSE bug 1113295 SUSE bug 1133021 SUSE bug 1152457 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1156395 SUSE bug 1160634 SUSE bug 1164648 SUSE bug 1167260 SUSE bug 1167574 SUSE bug 1167773 SUSE bug 1168777 SUSE bug 1168838 SUSE bug 1169709 SUSE bug 1171295 SUSE bug 1173485 SUSE bug 1174416 SUSE bug 1174426 SUSE bug 1175995 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1177028 SUSE bug 1177326 SUSE bug 1177666 SUSE bug 1178089 SUSE bug 1178134 SUSE bug 1178163 SUSE bug 1178330 SUSE bug 1178378 SUSE bug 1178418 SUSE bug 1179243 SUSE bug 1179519 SUSE bug 1179825 SUSE bug 1179827 SUSE bug 1179851 SUSE bug 1180197 SUSE bug 1180814 SUSE bug 1180846 SUSE bug 1181104 SUSE bug 1181383 SUSE bug 1181507 SUSE bug 1181674 SUSE bug 1181862 SUSE bug 1182077 SUSE bug 1182257 SUSE bug 1182377 SUSE bug 1182552 SUSE bug 1182574 SUSE bug 1182613 SUSE bug 1182712 SUSE bug 1182715 SUSE bug 1182717 SUSE bug 1182999 SUSE bug 1183022 SUSE bug 1183069 SUSE bug 1183252 SUSE bug 1183277 SUSE bug 1183278 SUSE bug 1183279 SUSE bug 1183280 SUSE bug 1183281 SUSE bug 1183282 SUSE bug 1183283 SUSE bug 1183284 SUSE bug 1183285 SUSE bug 1183286 SUSE bug 1183287 SUSE bug 1183288 SUSE bug 1183289 SUSE bug 1183310 SUSE bug 1183311 SUSE bug 1183312 SUSE bug 1183313 SUSE bug 1183314 SUSE bug 1183315 SUSE bug 1183316 SUSE bug 1183317 SUSE bug 1183318 SUSE bug 1183319 SUSE bug 1183320 SUSE bug 1183321 SUSE bug 1183322 SUSE bug 1183323 SUSE bug 1183324 SUSE bug 1183326 SUSE bug 1183346 SUSE bug 1183366 SUSE bug 1183369 SUSE bug 1183386 SUSE bug 1183405 SUSE bug 1183412 SUSE bug 1183427 SUSE bug 1183428 SUSE bug 1183445 SUSE bug 1183447 SUSE bug 1183491 SUSE bug 1183501 SUSE bug 1183509 SUSE bug 1183530 SUSE bug 1183534 SUSE bug 1183540 SUSE bug 1183593 SUSE bug 1183596 SUSE bug 1183598 SUSE bug 1183637 SUSE bug 1183646 SUSE bug 1183658 SUSE bug 1183662 SUSE bug 1183686 SUSE bug 1183692 SUSE bug 1183750 SUSE bug 1183757 SUSE bug 1183775 SUSE bug 1183815 SUSE bug 1183868 SUSE bug 1183871 SUSE bug 1183873 SUSE bug 1183947 SUSE bug 1183976 SUSE bug 1184074 SUSE bug 1184081 SUSE bug 1184082 SUSE bug 1184120 SUSE bug 1184167 SUSE bug 1184168 SUSE bug 1184170 SUSE bug 1184171 SUSE bug 1184192 SUSE bug 1184193 SUSE bug 1184194 SUSE bug 1184196 SUSE bug 1184197 SUSE bug 1184198 SUSE bug 1184199 SUSE bug 1184208 SUSE bug 1184209 SUSE bug 1184211 SUSE bug 1184217 SUSE bug 1184218 SUSE bug 1184219 SUSE bug 1184220 SUSE bug 1184224 SUSE bug 1184264 SUSE bug 1184386 SUSE bug 1184388 SUSE bug 1184391 SUSE bug 1184393 SUSE bug 1184436 SUSE bug 1184485 SUSE bug 1184514 SUSE bug 1184585 SUSE bug 1184611 SUSE bug 1184615 SUSE bug 1184650 SUSE bug 1184710 SUSE bug 1184724 SUSE bug 1184728 SUSE bug 1184730 SUSE bug 1184731 SUSE bug 1184736 SUSE bug 1184737 SUSE bug 1184738 SUSE bug 1184740 SUSE bug 1184741 SUSE bug 1184742 SUSE bug 1184769 SUSE bug 1184811 SUSE bug 1184855 SUSE bug 1184934 SUSE bug 1184942 SUSE bug 1184943 SUSE bug 1184955 SUSE bug 1184969 SUSE bug 1184984 SUSE bug 1185010 SUSE bug 1185113 SUSE bug 1185233 SUSE bug 1185269 SUSE bug 1185428 SUSE bug 1185491 SUSE bug 1185495 SUSE bug 1185549 SUSE bug 1185550 SUSE bug 1185558 SUSE bug 1185573 SUSE bug 1185581 SUSE bug 1185586 SUSE bug 1185587 SUSE bug 1185606 SUSE bug 1185640 SUSE bug 1185641 SUSE bug 1185642 SUSE bug 1185645 SUSE bug 1185670 SUSE bug 1185680 SUSE bug 1185703 SUSE bug 1185725 SUSE bug 1185736 SUSE bug 1185758 SUSE bug 1185796 SUSE bug 1185840 SUSE bug 1185857 SUSE bug 1185898 SUSE bug 1185899 SUSE bug 1185911 SUSE bug 1185938 SUSE bug 1185950 SUSE bug 1185980 SUSE bug 1185988 SUSE bug 1186009 SUSE bug 1186061 SUSE bug 1186111 SUSE bug 1186118 SUSE bug 1186219 SUSE bug 1186285 SUSE bug 1186320 SUSE bug 1186349 SUSE bug 1186352 SUSE bug 1186353 SUSE bug 1186354 SUSE bug 1186355 SUSE bug 1186356 SUSE bug 1186357 SUSE bug 1186401 SUSE bug 1186408 SUSE bug 1186439 SUSE bug 1186441 SUSE bug 1186479 SUSE bug 1186484 SUSE bug 1186498 SUSE bug 1186501 SUSE bug 1186512 SUSE bug 1186681 CVE-2019-18814 CVE-2019-19769 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20268 CVE-2021-23134 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28952 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 CVE-2021-3489 CVE-2021-3490 CVE-2021-3491 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-openjdk (Moderate) openSUSE Leap 15.3 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u292 (icedtea 3.19.0). - CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055). Moderate SUSE bug 1185055 CVE-2021-2163 cpe:/o:opensuse:leap:15.3 Security update for postgresql12 (Moderate) openSUSE Leap 15.3 This update for postgresql12 fixes the following issues: Upgrade to version 12.7: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (bsc#1185926). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118). - Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945). Moderate SUSE bug 1179945 SUSE bug 1183118 SUSE bug 1183168 SUSE bug 1185924 SUSE bug 1185925 SUSE bug 1185926 CVE-2021-32027 CVE-2021-32028 CVE-2021-32029 cpe:/o:opensuse:leap:15.3 Security update for xstream (Important) openSUSE Leap 15.3 This update for xstream fixes the following issues: Upgrade to 1.4.17 - CVE-2021-29505: Fixed potential code execution when unmarshalling with XStream instances using an uninitialized security framework (bsc#1186651) Important SUSE bug 1186651 CVE-2021-29505 cpe:/o:opensuse:leap:15.3 Security update for tpm2.0-tools (Moderate) openSUSE Leap 15.3 This update for tpm2.0-tools fixes the following issues: - CVE-2021-3565: Fixed issue when no encrypted session with the TPM is used (bsc#1186490). Moderate SUSE bug 1186490 CVE-2021-3565 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.11 (bsc#1186696) Security issues fixed: - CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message - CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11 General improvements: - OpenPGP could not be disabled for an account if a key was previously configured - Recipients were unable to decrypt some messages when the sender had changed the message encryption from OpenPGP to S/MIME - Contacts moved between CardDAV address books were not synced to the new server - CardDAV compatibility fixes for Google Contacts - Folder pane had no clear indication of focus on macOS Important SUSE bug 1186696 CVE-2021-29964 CVE-2021-29967 cpe:/o:opensuse:leap:15.3 Security update for jetty-minimal (Important) openSUSE Leap 15.3 This update for jetty-minimal fixes the following issues: Update to version 9.4.42.v20210604 - Fix: bsc#1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory - Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when client send data length > 17408 - Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs - Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory from deployment scan Important SUSE bug 1184366 SUSE bug 1184367 SUSE bug 1184368 SUSE bug 1187117 CVE-2021-28163 CVE-2021-28164 CVE-2021-28165 CVE-2021-28169 cpe:/o:opensuse:leap:15.3 Security update for python-rsa (Important) openSUSE Leap 15.3 This update for python-rsa fixes the following issues: - CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext (bsc#1172389) Important SUSE bug 1172389 CVE-2020-13757 cpe:/o:opensuse:leap:15.3 Security update for xterm (Important) openSUSE Leap 15.3 This update for xterm fixes the following issues: - CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091) Important SUSE bug 1182091 CVE-2021-27135 cpe:/o:opensuse:leap:15.3 Security update for python-urllib3 (Important) openSUSE Leap 15.3 This update for python-urllib3 fixes the following issues: - CVE-2021-33503: Fixed a denial of service when the URL contained many @ characters in the authority component (bsc#1187045) Important SUSE bug 1187045 CVE-2021-33503 cpe:/o:opensuse:leap:15.3 Security update for salt (Critical) openSUSE Leap 15.3 This update for salt fixes the following issues: Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#SLE-18028) - Check if dpkgnotify is executable (bsc#1186674) - Drop support for Python2. Obsoletes `python2-salt` package (jsc#SLE-18028) - virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devices passthrough support - Set distro requirement to oldest supported version in requirements/base.txt - Bring missing part of async batch implementation back (CVE-2021-25315, bsc#1182382) - Always require `python3-distro` (bsc#1182293) - Remove deprecated warning that breaks minion execution when 'server_id_use_crc' opts is missing - Fix pkg states when DEB package has 'all' arch - Do not force beacons configuration to be a list. - Remove msgpack < 1.0.0 from base requirements (bsc#1176293) - msgpack support for version >= 1.0.0 (bsc#1171257) - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module (bsc#1185281, CVE-2021-31607) - transactional_update: detect recursion in the executor - Add subpackage salt-transactional-update (jsc#SLE-18033) - Improvements on 'ansiblegate' module (bsc#1185092): * New methods: ansible.targets / ansible.discover_playbooks - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Regression fix of salt-ssh on processing targets - Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281) - Add notify beacon for Debian/Ubuntu systems - Fix zmq bug that causes salt-call to freeze (bsc#1181368) Critical SUSE bug 1171257 SUSE bug 1176293 SUSE bug 1179831 SUSE bug 1181368 SUSE bug 1182281 SUSE bug 1182293 SUSE bug 1182382 SUSE bug 1185092 SUSE bug 1185281 SUSE bug 1186674 CVE-2018-15750 CVE-2018-15751 CVE-2020-11651 CVE-2020-11652 CVE-2020-25592 CVE-2021-25315 CVE-2021-31607 cpe:/o:opensuse:leap:15.3 Security update for ovmf (Important) openSUSE Leap 15.3 This update for ovmf fixes the following issues: - Fixed a possible buffer overflow in IScsiDxe (bsc#1186151) Important SUSE bug 1186151 cpe:/o:opensuse:leap:15.3 Security update for dovecot23 (Important) openSUSE Leap 15.3 This update for dovecot23 fixes the following issues: - CVE-2021-29157: Local attacker can login as any user and access their emails (bsc#1187418) - CVE-2021-33515: Attacker can potentially steal user credentials and mails (bsc#1187419) Important SUSE bug 1187418 SUSE bug 1187419 CVE-2021-29157 CVE-2021-33515 cpe:/o:opensuse:leap:15.3 Security update for wireshark (Important) openSUSE Leap 15.3 This update for wireshark, libvirt, sbc and libqt5-qtmultimedia fixes the following issues: Update wireshark to version 3.4.5 - New and updated support and bug fixes for multiple protocols - Asynchronous DNS resolution is always enabled - Protobuf fields can be dissected as Wireshark (header) fields - UI improvements Including security fixes for: - CVE-2021-22191: Wireshark could open unsafe URLs (bsc#1183353). - CVE-2021-22207: MS-WSP dissector excessive memory consumption (bsc#1185128) - CVE-2020-26422: QUIC dissector crash (bsc#1180232) - CVE-2020-26418: Kafka dissector memory leak (bsc#1179930) - CVE-2020-26419: Multiple dissector memory leaks (bsc#1179931) - CVE-2020-26420: RTPS dissector memory leak (bsc#1179932) - CVE-2020-26421: USB HID dissector crash (bsc#1179933) - CVE-2021-22173: Fix USB HID dissector memory leak (bsc#1181598) - CVE-2021-22174: Fix USB HID dissector crash (bsc#1181599) libqt5-qtmultimedia and sbc are necessary dependencies. libvirt is needed to rebuild wireshark-plugin-libvirt. Important SUSE bug 1179930 SUSE bug 1179931 SUSE bug 1179932 SUSE bug 1179933 SUSE bug 1180102 SUSE bug 1180232 SUSE bug 1181598 SUSE bug 1181599 SUSE bug 1183353 SUSE bug 1184110 SUSE bug 1185128 CVE-2020-26418 CVE-2020-26419 CVE-2020-26420 CVE-2020-26421 CVE-2020-26422 CVE-2021-22173 CVE-2021-22174 CVE-2021-22191 CVE-2021-22207 cpe:/o:opensuse:leap:15.3 Security update for apache2 (Important) openSUSE Leap 15.3 This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest - fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser - fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session Important SUSE bug 1186922 SUSE bug 1186923 SUSE bug 1186924 SUSE bug 1187017 SUSE bug 1187040 SUSE bug 1187174 CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 CVE-2021-31618 cpe:/o:opensuse:leap:15.3 Security update for cryptctl (Important) openSUSE Leap 15.3 This update for cryptctl fixes the following issues: Update to version 2.4: - CVE-2019-18906: Client side password hashing was equivalent to clear text password storage (bsc#1186226) - First step to use plain text password instead of hashed password. - Move repository into the SUSE github organization - in RPC server, if client comes from localhost, remember its ipv4 localhost address instead of ipv6 address - tell a record to clear expired pending commands upon saving a command result; introduce pending commands RPC test case - avoid hard coding 127.0.0.1 in host ID of alive message test; let system administrator mount and unmount disks by issuing these two commands on key server. Important SUSE bug 1186226 CVE-2019-18906 cpe:/o:opensuse:leap:15.3 Security update for libnettle (Important) openSUSE Leap 15.3 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). Important SUSE bug 1187060 CVE-2021-3580 cpe:/o:opensuse:leap:15.3 Security update for freeradius-server (Moderate) openSUSE Leap 15.3 This update for freeradius-server fixes the following issues: - Fixed plaintext password entries in logfiles (bsc#1184016). Moderate SUSE bug 1184016 cpe:/o:opensuse:leap:15.3 Security update for gupnp (Important) openSUSE Leap 15.3 This update for gupnp fixes the following issues: - CVE-2021-33516: Fixed a DNS rebinding, which could trick the browser into triggering actions against local UPnP services (bsc#1186590). Important SUSE bug 1186590 CVE-2021-33516 cpe:/o:opensuse:leap:15.3 Security update for libgcrypt (Important) openSUSE Leap 15.3 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). Important SUSE bug 1187212 CVE-2021-33560 cpe:/o:opensuse:leap:15.3 Security update for openexr (Important) openSUSE Leap 15.3 This update for openexr fixes the following issues: - Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function - Fixed CVE-2021-3598 [bsc#1187310]: Heap buffer overflow in Imf_3_1:CharPtrIO:readChars Important SUSE bug 1187310 SUSE bug 1187395 CVE-2021-3598 CVE-2021-3605 cpe:/o:opensuse:leap:15.3 Security update for bouncycastle (Moderate) openSUSE Leap 15.3 This update for bouncycastle fixes the following issues: - CVE-2020-15522: Fixed a timing issue within the EC math library (bsc#1186328). Moderate SUSE bug 1186328 CVE-2020-15522 cpe:/o:opensuse:leap:15.3 Security update for arpwatch (Important) openSUSE Leap 15.3 This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). Important SUSE bug 1186240 CVE-2021-25321 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. (bnc#1179610 bnc#1186463) - CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463). - CVE-2020-36385: Fixed a use-after-free in drivers/infiniband/core/ucma.c which could be triggered if the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called (bnc#1187050). - CVE-2020-36386: Fixed a slab out-of-bounds read in hci_extended_inquiry_result_evt (bnc#1187038). The following non-security bugs were fixed: - ACPICA: Clean up context mutex during object deletion (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume to -26 dB (git-fixes). - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes). - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP EliteBook x360 1040 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Elite Dragonfly G2 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 840 Aero G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power G8 (git-fixes). - ALSA: hda/realtek: headphone and mic do not work on an Acer laptop (git-fixes). - ALSA: hda: update the power_state during the direct-complete (git-fixes). - ALSA: seq: Fix race of snd_seq_timer_open() (git-fixes). - ALSA: timer: Fix master timer notification (git-fixes). - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes). - arm64: avoid -Woverride-init warning (git-fixes). - arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes). - arm64: kdump: update ppos when reading elfcorehdr (git-fixes). - arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes). - arm64: link with -z norelro for LLD or aarch64-elf (git-fixes). - arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes). - arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes). - arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes). - arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes). - ARM64: vdso32: Install vdso32 from vdso_install (git-fixes). - arm64: vdso32: make vdso32 install conditional (git-fixes). - arm: mm: use __pfn_to_section() to get mem_section (git-fixes). - ASoC: amd: fix for pcm_read() error (git-fixes). - ASoC: cs43130: handle errors in cs43130_probe() properly (git-fixes). - ASoC: Intel: soc-acpi: remove TGL RVP mixed SoundWire/TDM config (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1187357, bsc#1185570, bsc#1184631). - bcache: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1187357). - bcache: do not pass BIOSET_NEED_BVECS for the 'bio_set' embedded in 'cache_set' (bsc#1187357). - bcache: fix a regression of code compiling failure in debug.c (bsc#1187357). - bcache: inherit the optimal I/O size (bsc#1187357). - bcache: reduce redundant code in bch_cached_dev_run() (bsc#1187357). - bcache: remove bcache device self-defined readahead (bsc#1187357, bsc#1185570, bsc#1184631). - bcache: remove PTR_CACHE (bsc#1187357). - bcache: Use 64-bit arithmetic instead of 32-bit (bsc#1187357). - bcache: use NULL instead of using plain integer as pointer (bsc#1187357). - blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes). - blk-settings: align max_sectors on 'logical_block_size' boundary (bsc#1185195). - block/genhd: use atomic_t for disk_event->block (bsc#1185497). - block: return the correct bvec when checking for gaps (bsc#1187143). - block: return the correct bvec when checking for gaps (bsc#1187144). - Bluetooth: fix the erroneous flush_work() order (git-fixes). - brcmfmac: Add clm_blob firmware files to modinfo (bsc#1186677). - brcmfmac: properly check for bus register errors (git-fixes). - btrfs: open device without device_list_mutex (bsc#1176771). - bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act (git-fixes). - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes). - cdrom: gdrom: initialize global variable at init time (git-fixes). - ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - char: hpet: add checks after calling ioremap (git-fixes). - chelsio/chtls: unlock on error in chtls_pt_recvmsg() (jsc#SLE-15129). - cxgb4: avoid accessing registers when clearing filters (git-fixes). - cxgb4: avoid link re-train during TC-MQPRIO configuration (jsc#SLE-8389). - cxgb4/ch_ktls: Clear resources when pf4 device is removed (jsc#SLE-15129). - cxgb4: fix regression with HASH tc prio value update (jsc#SLE-15131). - devlink: Correct VIRTUAL port to not have phys_port attributes (jsc#SLE-15172). - dmaengine: idxd: add missing dsa driver unregister (git-fixes). - dmaengine: idxd: Use cpu_feature_enabled() (git-fixes). - dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes). - drm/amd/amdgpu: fix a potential deadlock in gpu reset (git-fixes). - drm/amd/amdgpu: fix refcount leak (git-fixes). - drm/amd/display: Disconnect non-DP with no EDID (git-fixes). - drm/amdgpu: Do not query CE and UE errors (git-fixes). - drm/amdgpu: Fix a use-after-free (git-fixes). - drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu: make sure we unpin the UVD BO (git-fixes). - drm/amdgpu: stop touching sched.ready in the backend (git-fixes). - drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error (git-fixes). - drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() (git-fixes). - drm/mcde: Fix off by 10^3 in calculation (git-fixes). - drm/meson: fix shutdown crash when component not probed (git-fixes). - drm/msm/a6xx: fix incorrectly set uavflagprd_inv field for A650 (git-fixes). - drm/msm/a6xx: update/fix CP_PROTECT initialization (git-fixes). - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes). - efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes). - efi/libstub: prevent read overflow in find_file_option() (git-fixes). - Enable CONFIG_PCI_PF_STUB for Nvidia Ampere vGPU support (jsc#SLE-17882 jsc#ECO-3691) - fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes). - gpio: cadence: Add missing MODULE_DEVICE_TABLE (git-fixes). - gpio: wcd934x: Fix shift-out-of-bounds error (git-fixes). - gve: Add NULL pointer checks when freeing irqs (git-fixes). - gve: Correct SKB queue index validation (git-fixes). - gve: Update mgmt_msix_idx if num_ntfy changes (git-fixes). - gve: Upgrade memory barrier in poll routine (git-fixes). - HID: i2c-hid: fix format string mismatch (git-fixes). - HID: i2c-hid: Skip ELAN power-on command after reset (git-fixes). - HID: magicmouse: fix NULL-deref on disconnect (git-fixes). - HID: multitouch: require Finger field to mark Win8 reports as MT (git-fixes). - HID: pidff: fix error return code in hid_pidff_init() (git-fixes). - hwmon: (dell-smm-hwmon) Fix index values (git-fixes). - i2c: i801: Do not generate an interrupt on bus reset (git-fixes). - i2c: imx: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops (git-fixes). - i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes). - i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes). - ice: Allow all LLDP packets from PF to Tx (jsc#SLE-7926). - ice: Fix allowing VF to request more/less queues via virtchnl (jsc#SLE-12878). - ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared (git-fixes). - ice: handle the VF VSI rebuild failure (jsc#SLE-12878). - iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes). - iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes). - iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes). - iio: gyro: fxas21002c: balance runtime power in error path (git-fixes). - iommu/amd: Keep track of amd_iommu_irq_remap state (https://bugzilla.kernel.org/show_bug.cgi?id=212133). - iommu: Fix a boundary issue to avoid performance drop (bsc#1187344). - iommu/virtio: Add missing MODULE_DEVICE_TABLE (bsc#1187345). - iommu/vt-d: Remove WO permissions on second-level paging entries (bsc#1187346). - iommu/vt-d: Report right snoop capability when using FL for IOVA (bsc#1187347). - iommu/vt-d: Use user privilege for RID2PASID translation (bsc#1187348). - isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info (git-fixes). - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (git-fixes). - ixgbe: fix large MTU request from VF (git-fixes). - kABI workaround for rtw88 (git-fixes). - kABI workaround for struct lis3lv02d change (git-fixes). - lib: crc64: fix kernel-doc warning (bsc#1187357). - libertas: register sysfs groups properly (git-fixes). - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal (git-fixes). - md: bcache: avoid -Wempty-body warnings (bsc#1187357). - md: bcache: Trivial typo fixes in the file journal.c (bsc#1187357). - md: Fix missing unused status line of /proc/mdstat (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - mei: request autosuspend after sending rx flow control (git-fixes). - misc/uss720: fix memory leak in uss720_probe (git-fixes). - mmc: sdhci: Clear unused bounce buffer at DMA mmap error path (bsc#1187039). - net: bnx2: Fix error return code in bnx2_init_board() (git-fixes). - netfilter: nf_tables: missing error reporting for not selected expressions (bsc#1176447). - netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version (bsc#1176447). - net: fix iteration for sctp transport seq_files (git-fixes). - net: hns3: fix incorrect resp_msg issue (jsc#SLE-14777). - net: hns3: Limiting the scope of vector_ring_chain variable (git-fixes). - net: hns3: put off calling register_netdev() until client initialize complete (bsc#1154353). - net/mlx4: Fix EEPROM dump support (git-fixes). - net/mlx5: DR, Create multi-destination flow table with level less than 64 (jsc#SLE-8464). - net/mlx5e: Fix error path of updating netdev queues (jsc#SLE-15172). - net/mlx5e: Fix incompatible casting (jsc#SLE-15172). - net/mlx5e: Fix multipath lag activation (git-fixes). - net/mlx5e: Fix null deref accessing lag dev (jsc#SLE-15172). - net/mlx5e: Fix nullptr in add_vlan_push_action() (git-fixes). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (jsc#SLE-15172). - net/mlx5: Set reformat action when needed for termination rules (jsc#SLE-15172). - net/mlx5: Set term table as an unmanaged flow table (jsc#SLE-15172). - net/sched: act_ct: Offload connections with commit action (jsc#SLE-15172). - net/sched: fq_pie: fix OOB access in the traffic path (jsc#SLE-15172). - net/sched: fq_pie: re-factor fix for fq_pie endless loop (jsc#SLE-15172). - net: usb: fix memory leak in smsc75xx_bind (git-fixes). - net: zero-initialize tc skb extension on allocation (bsc#1176447). - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (git-fixes). - NFC: SUSE specific brutal fix for runtime PM (bsc#1185589). - NFS: Deal correctly with attribute generation counter overflow (git-fixes). - NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce() (git-fixes). - NFS: Do not discard pNFS layout segments that are marked for return (git-fixes). - NFS: Do not gratuitously clear the inode cache when lookup failed (git-fixes). - NFS: Do not revalidate the directory permissions on a lookup failure (git-fixes). - nfsd: register pernet ops last, unregister first (git-fixes). - NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes). - NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes). - NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes). - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (git-fixes). - NFSv42: Copy offload should update the file size when appropriate (git-fixes). - NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes). - NFSv4.2: fix return value of _nfs4_get_security_label() (git-fixes). - NFSv4: Do not discard segments marked for return in _pnfs_return_layout() (git-fixes). - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (git-fixes). - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (git-fixes). - nvme: add new line after variable declatation (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: document nvme controller states (git-fixes). - nvme: do not check nvme_req flags for new req (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes). - nvme: mark nvme_setup_passsthru() inline (bsc#1184259, bsc#1178612, bsc#1186155). - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259, bsc#1186155). - nvme-pci: align io queue count with allocted nvme_queue in (git-fixes). - nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes). - nvme-pci: dma read memory barrier for completions (git-fixes). - nvme-pci: fix 'slimmer CQ head update' (git-fixes). - nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes). - nvme-pci: remove last_sq_tail (git-fixes). - nvme-pci: Remove tag from process cq (git-fixes). - nvme-pci: Remove two-pass completions (git-fixes). - nvme-pci: remove volatile cqes (git-fixes). - nvme-pci: Simplify nvme_poll_irqdisable (git-fixes). - nvme-pci: slimmer CQ head update (git-fixes). - nvme-pci: use simple suspend when a HMB is enabled (git-fixes). - nvme: reduce checks for zero command effects (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: rename nvme_init_identify() (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: split init identify into helper (bsc#1184259, bsc#1178612, bsc#1186155). - nvmet: use new ana_log_size instead the old one (bsc#1178612, bsc#1184259, bsc#1186155). - nvme: use NVME_CTRL_CMIC_ANA macro (bsc#1184259, bsc#1178612, bsc#1186155). - nxp-i2c: restore includes for kABI (bsc#1185589). - nxp-nci: add NXP1002 id (bsc#1185589). - PCI/LINK: Remove bandwidth notification (bsc#1183712). - pid: take a reference when initializing `cad_pid` (bsc#1152489). - platform/x86: hp_accel: Avoid invoking _INI to speed up resume (git-fixes). - platform/x86: hp-wireless: add AMD's hardware id to the supported list (git-fixes). - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet (git-fixes). - PM: sleep: Add pm_debug_messages kernel command line option (bsc#1186752). - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes). - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes). - powerpc/32: Fix boot failure with CONFIG_STACKPROTECTOR (jsc#SLE-13847 git-fixes). - powerpc/kprobes: Fix validation of prefixed instructions across page boundary (jsc#SLE-13847 git-fixes). - regulator: core: resolve supply for boot-on/always-on regulators (git-fixes). - regulator: max77620: Use device_set_of_node_from_dev() (git-fixes). - rtw88: 8822c: add LC calibration for RTL8822C (git-fixes). - scsi: aacraid: Fix an oops in error handling (bsc#1187072). - scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186950). - scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186951). - scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#1186952). - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#1186953). - scsi: be2iscsi: Revert 'Fix a theoretical leak in beiscsi_create_eqs()' (bsc#1187067). - scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186954). - scsi: bnx2fc: Fix Kconfig warning & CNIC build errors (bsc#1186955). - scsi: bnx2i: Requires MMU (bsc#1186956). - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186957). - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() (bsc#1186958). - scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186959). - scsi: cxgb4i: Fix TLS dependency (bsc#1186960). - scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc#1186961). - scsi: fnic: Fix error return code in fnic_probe() (bsc#1186962). - scsi: hisi_sas: Fix IRQ checks (bsc#1186963). - scsi: hisi_sas: Remove preemptible() (bsc#1186964). - scsi: jazz_esp: Add IRQ check (bsc#1186965). - scsi: libfc: Fix enum-conversion warning (bsc#1186966). - scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186967). - scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1187068). - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#1186968). - scsi: lpfc: Fix ancient double free (bsc#1186969). - scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes). - scsi: megaraid_sas: Check user-provided offsets (bsc#1186970). - scsi: megaraid_sas: Clear affinity hint (bsc#1186971). - scsi: megaraid_sas: Do not call disable_irq from process IRQ poll (bsc#1186972). - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186973). - scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro (bsc#1186974). - scsi: mesh: Fix panic after host or bus reset (bsc#1186976). - scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (bsc#1186977). - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#1186978). - scsi: mpt3sas: Fix ioctl timeout (bsc#1186979). - scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1186980). - scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186981). - scsi: powertec: Fix different dev_id between request_irq() and free_irq() (bsc#1186982). - scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186983). - scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#1186984). - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#1186985). - scsi: qla2xxx: Prevent PRLI in target mode (git-fixes). - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' (bsc#1186986). - scsi: qla4xxx: Remove in_interrupt() (bsc#1186987). - scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#1186988). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). - scsi: sd: Fix Opal support (bsc#1186989). - scsi: smartpqi: Add additional logging for LUN resets (bsc#1186472). - scsi: smartpqi: Add host level stream detection enable (bsc#1186472). - scsi: smartpqi: Add new PCI IDs (bsc#1186472). - scsi: smartpqi: Add phy ID support for the physical drives (bsc#1186472). - scsi: smartpqi: Add stream detection (bsc#1186472). - scsi: smartpqi: Add support for BMIC sense feature cmd and feature bits (bsc#1186472). - scsi: smartpqi: Add support for long firmware version (bsc#1186472). - scsi: smartpqi: Add support for new product ids (bsc#1186472). - scsi: smartpqi: Add support for RAID1 writes (bsc#1186472). - scsi: smartpqi: Add support for RAID5 and RAID6 writes (bsc#1186472). - scsi: smartpqi: Add support for wwid (bsc#1186472). - scsi: smartpqi: Align code with oob driver (bsc#1186472). - scsi: smartpqi: Convert snprintf() to scnprintf() (bsc#1186472). - scsi: smartpqi: Correct request leakage during reset operations (bsc#1186472). - scsi: smartpqi: Correct system hangs when resuming from hibernation (bsc#1186472). - scsi: smartpqi: Disable WRITE SAME for HBA NVMe disks (bsc#1186472). - scsi: smartpqi: Fix blocks_per_row static checker issue (bsc#1186472). - scsi: smartpqi: Fix device pointer variable reference static checker issue (bsc#1186472). - scsi: smartpqi: Fix driver synchronization issues (bsc#1186472). - scsi: smartpqi: Refactor aio submission code (bsc#1186472). - scsi: smartpqi: Refactor scatterlist code (bsc#1186472). - scsi: smartpqi: Remove timeouts from internal cmds (bsc#1186472). - scsi: smartpqi: Remove unused functions (bsc#1186472). - scsi: smartpqi: Synchronize device resets with mutex (bsc#1186472). - scsi: smartpqi: Update device scan operations (bsc#1186472). - scsi: smartpqi: Update enclosure identifier in sysfs (bsc#1186472). - scsi: smartpqi: Update event handler (bsc#1186472). - scsi: smartpqi: Update OFA management (bsc#1186472). - scsi: smartpqi: Update RAID bypass handling (bsc#1186472). - scsi: smartpqi: Update SAS initiator_port_protocols and target_port_protocols (bsc#1186472). - scsi: smartpqi: Update soft reset management for OFA (bsc#1186472). - scsi: smartpqi: Update suspend/resume and shutdown (bsc#1186472). - scsi: smartpqi: Update version to 2.1.8-045 (bsc#1186472). - scsi: smartpqi: Use host-wide tag space (bsc#1186472). - scsi: sni_53c710: Add IRQ check (bsc#1186990). - scsi: sun3x_esp: Add IRQ check (bsc#1186991). - scsi: ufs: Add quirk to disallow reset of interrupt aggregation (bsc#1186992). - scsi: ufs: Add quirk to enable host controller without hce (bsc#1186993). - scsi: ufs: Add quirk to fix abnormal ocs fatal error (bsc#1186994). - scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr (bsc#1186995). - scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1186996). - scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#1186997). - scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186998). - scsi: ufshcd: use an enum for quirks (bsc#1186999). - scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk (bsc#1187000). - scsi: ufs: Make ufshcd_print_trs() consider UFSHCD_QUIRK_PRDT_BYTE_GRAN (bsc#1187069). - scsi: ufs: Properly release resources if a task is aborted successfully (bsc#1187001). - scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1187002). - scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187003). - serial: 8250_pci: handle FL_NOIRQ board flag (git-fixes). - serial: core: fix suspicious security_locked_down() call (git-fixes). - serial: max310x: unregister uart driver in case of failure and abort (git-fixes). - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (git-fixes). - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes). - serial: tegra: Fix a mask operation that is always true (git-fixes). - staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes). - staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes). - staging: rtl8723bs: Fix uninitialized variables (git-fixes). - sunrpc: fix refcount leak for rpc auth modules (git-fixes). - SUNRPC: More fixes for backlog congestion (bsc#1185428). - SUNRPC: Move fault injection call sites (git-fixes). - SUNRPC: Set memalloc_nofs_save() for sync tasks (git-fixes). - svcrdma: disable timeouts on rdma backchannel (git-fixes). - thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID (git-fixes). - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes). - thunderbolt: usb4: Fix NVM read buffer bounds and offset issue (git-fixes). - tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes). - ttyprintk: Add TTY hangup callback (git-fixes). - UCSI fixup of array of PDOs (git-fixes). - usb: chipidea: imx: Fix Battery Charger 1.2 CDP detection (git-fixes). - usb: core: reduce power-on-good delay time of root hub (git-fixes). - usb: dwc3: gadget: Enable suspend events (git-fixes). - usb: fix various gadgets null ptr deref on 10gbps cabling (git-fixes). - USB: f_ncm: ncm_bitrate (speed) is unsigned (git-fixes). - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes). - usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes). - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes). - USB: serial: cp210x: fix alternate function for CP2102N QFN20 (git-fixes). - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes). - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (git-fixes). - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes). - USB: serial: quatech2: fix control-request directions (git-fixes). - USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes). - USB: trancevibrator: fix control-request direction (git-fixes). - usb: typec: intel_pmc_mux: Put fwnode in error case during ->probe() (git-fixes). - usb: typec: mux: Fix copy-paste mistake in typec_mux_match (git-fixes). - usb: typec: mux: Fix matching with typec_altmode_desc (git-fixes). - usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header (git-fixes). - usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (git-fixes). - usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 (git-fixes). - usb: typec: wcove: Use LE to CPU conversion when accessing msg->header (git-fixes). - USB: usbfs: Do not WARN about excessively large memory allocations (git-fixes). - vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes). - vfio/pci: zap_vma_ptes() needs MMU (git-fixes). - vfio/platform: fix module_put call in error flow (git-fixes). - vmlinux.lds.h: Avoid orphan section with !SMP (git-fixes). - vsock/vmci: log once the failed queue pair allocation (git-fixes). - wireguard: allowedips: initialize list head in selftest (git-fixes). - wireguard: do not use -O3 (git-fixes). - wireguard: peer: allocate in kmem_cache (git-fixes). - wireguard: peer: put frequently used members above cache lines (git-fixes). - wireguard: queueing: get rid of per-peer ring buffers (git-fixes). - wireguard: selftests: make sure rp_filter is disabled on vethc (git-fixes). - wireguard: selftests: remove old conntrack kconfig value (git-fixes). - wireguard: use synchronize_net rather than synchronize_rcu (git-fixes). - x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (bsc#1152489). - x86/boot/64: Explicitly map boot_params and command line (jsc#SLE-14337). - x86/boot/compressed/64: Add 32-bit boot #VC handler (jsc#SLE-14337). - x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Cleanup exception handling before booting kernel (jsc#SLE-14337). - x86/boot/compressed/64: Introduce sev_status (jsc#SLE-14337). - x86/boot/compressed/64: Reload CS in startup_32 (jsc#SLE-14337). - x86/boot/compressed/64: Sanity-check CPUID results in the early #VC handler (jsc#SLE-14337). - x86/boot/compressed/64: Setup IDT in startup_32 boot path (jsc#SLE-14337). - x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove update_pasid() (bsc#1178134). - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489). - x86/fault: Do not send SIGSEGV twice on SEGV_PKUERR (bsc#1152489). - x86: fix seq_file iteration for pat.c (git-fixes). - x86/fpu: Prevent state corruption in __fpu__restore_sig() (bsc#1178134). - x86/head/64: Check SEV encryption before switching to kernel page-table (jsc#SLE-14337). - x86/head/64: Disable stack protection for head$(BITS).o (jsc#SLE-14337). - x86/ioremap: Map efi_mem_reserve() memory as encrypted for SEV (bsc#1186885). - x86/sev: Check SME/SEV support in CPUID first (jsc#SLE-14337). - x86/sev: Do not require Hypervisor CPUID bit for SEV guests (jsc#SLE-14337). - x86/sev-es: Do not return NULL from sev_es_get_ghcb() (bsc#1187349). - x86/sev-es: Do not support MMIO to/from encrypted memory (jsc#SLE-14337). - x86/sev-es: Forward page-faults which happen during emulation (bsc#1187350). - x86/sev-es: Replace open-coded hlt-loops with sev_es_terminate() (jsc#SLE-14337). - x86/sev-es: Use __put_user()/__get_user() for data accesses (bsc#1187351). - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). - xprtrdma: Avoid Receive Queue wrapping (git-fixes). - xprtrdma: rpcrdma_mr_pop() already does list_del_init() (git-fixes). Important SUSE bug 1087082 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1174978 SUSE bug 1176447 SUSE bug 1176771 SUSE bug 1177666 SUSE bug 1178134 SUSE bug 1178378 SUSE bug 1178612 SUSE bug 1179610 SUSE bug 1182999 SUSE bug 1183712 SUSE bug 1184259 SUSE bug 1184436 SUSE bug 1184631 SUSE bug 1185195 SUSE bug 1185428 SUSE bug 1185497 SUSE bug 1185570 SUSE bug 1185589 SUSE bug 1185675 SUSE bug 1185701 SUSE bug 1186155 SUSE bug 1186286 SUSE bug 1186460 SUSE bug 1186463 SUSE bug 1186472 SUSE bug 1186501 SUSE bug 1186672 SUSE bug 1186677 SUSE bug 1186681 SUSE bug 1186752 SUSE bug 1186885 SUSE bug 1186928 SUSE bug 1186949 SUSE bug 1186950 SUSE bug 1186951 SUSE bug 1186952 SUSE bug 1186953 SUSE bug 1186954 SUSE bug 1186955 SUSE bug 1186956 SUSE bug 1186957 SUSE bug 1186958 SUSE bug 1186959 SUSE bug 1186960 SUSE bug 1186961 SUSE bug 1186962 SUSE bug 1186963 SUSE bug 1186964 SUSE bug 1186965 SUSE bug 1186966 SUSE bug 1186967 SUSE bug 1186968 SUSE bug 1186969 SUSE bug 1186970 SUSE bug 1186971 SUSE bug 1186972 SUSE bug 1186973 SUSE bug 1186974 SUSE bug 1186976 SUSE bug 1186977 SUSE bug 1186978 SUSE bug 1186979 SUSE bug 1186980 SUSE bug 1186981 SUSE bug 1186982 SUSE bug 1186983 SUSE bug 1186984 SUSE bug 1186985 SUSE bug 1186986 SUSE bug 1186987 SUSE bug 1186988 SUSE bug 1186989 SUSE bug 1186990 SUSE bug 1186991 SUSE bug 1186992 SUSE bug 1186993 SUSE bug 1186994 SUSE bug 1186995 SUSE bug 1186996 SUSE bug 1186997 SUSE bug 1186998 SUSE bug 1186999 SUSE bug 1187000 SUSE bug 1187001 SUSE bug 1187002 SUSE bug 1187003 SUSE bug 1187038 SUSE bug 1187039 SUSE bug 1187050 SUSE bug 1187052 SUSE bug 1187067 SUSE bug 1187068 SUSE bug 1187069 SUSE bug 1187072 SUSE bug 1187143 SUSE bug 1187144 SUSE bug 1187167 SUSE bug 1187334 SUSE bug 1187344 SUSE bug 1187345 SUSE bug 1187346 SUSE bug 1187347 SUSE bug 1187348 SUSE bug 1187349 SUSE bug 1187350 SUSE bug 1187351 SUSE bug 1187357 SUSE bug 1187711 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 cpe:/o:opensuse:leap:15.3 Security update for go1.16 (Important) openSUSE Leap 15.3 This update for go1.16 fixes the following issues: Update to 1.16.5. Includes these security fixes - CVE-2021-33195: net: Lookup functions may return invalid host names (bsc#1187443). - CVE-2021-33196: archive/zip: malformed archive may cause panic or memory exhaustion (bsc#1186622). - CVE-2021-33197: net/http/httputil: ReverseProxy forwards Connection headers if first one is empty (bsc#1187444) - CVE-2021-33198: math/big: (*Rat).SetString with '1.770p02041010010011001001' crashes with 'makeslice: len out of range' (bsc#1187445). Important SUSE bug 1182345 SUSE bug 1186622 SUSE bug 1187443 SUSE bug 1187444 SUSE bug 1187445 CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198 cpe:/o:opensuse:leap:15.3 Security update for lua53 (Moderate) openSUSE Leap 15.3 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. Moderate SUSE bug 1175448 SUSE bug 1175449 CVE-2020-24370 CVE-2020-24371 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. (bnc#1179610 bnc#1186463) - CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463). - CVE-2020-36385: Fixed a use-after-free in drivers/infiniband/core/ucma.c which could be triggered if the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called (bnc#1187050). - CVE-2020-36386: Fixed a slab out-of-bounds read in hci_extended_inquiry_result_evt (bnc#1187038). The following non-security bugs were fixed: - ACPICA: Clean up context mutex during object deletion (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume to -26 dB (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Elite Dragonfly G2 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP EliteBook x360 1040 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 840 Aero G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power G8 (git-fixes). - ALSA: hda/realtek: headphone and mic do not work on an Acer laptop (git-fixes). - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes). - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes). - ALSA: hda: update the power_state during the direct-complete (git-fixes). - ALSA: seq: Fix race of snd_seq_timer_open() (git-fixes). - ALSA: timer: Fix master timer notification (git-fixes). - ASoC: Intel: soc-acpi: remove TGL RVP mixed SoundWire/TDM config (git-fixes). - ASoC: amd: fix for pcm_read() error (git-fixes). - ASoC: cs43130: handle errors in cs43130_probe() properly (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Enable CONFIG_PCI_PF_STUB for Nvidia Ampere vGPU support (jsc#SLE-17882 jsc#ECO-3691) - HID: i2c-hid: Skip ELAN power-on command after reset (git-fixes). - HID: i2c-hid: fix format string mismatch (git-fixes). - HID: magicmouse: fix NULL-deref on disconnect (git-fixes). - HID: multitouch: require Finger field to mark Win8 reports as MT (git-fixes). - HID: pidff: fix error return code in hid_pidff_init() (git-fixes). - NFC: SUSE specific brutal fix for runtime PM (bsc#1185589). - NFS: Deal correctly with attribute generation counter overflow (git-fixes). - NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce() (git-fixes). - NFS: Do not discard pNFS layout segments that are marked for return (git-fixes). - NFS: Do not gratuitously clear the inode cache when lookup failed (git-fixes). - NFS: Do not revalidate the directory permissions on a lookup failure (git-fixes). - NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes). - NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes). - NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes). - NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes). - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (git-fixes). - NFSv4.2: fix return value of _nfs4_get_security_label() (git-fixes). - NFSv42: Copy offload should update the file size when appropriate (git-fixes). - NFSv4: Do not discard segments marked for return in _pnfs_return_layout() (git-fixes). - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (git-fixes). - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (git-fixes). - PCI/LINK: Remove bandwidth notification (bsc#1183712). - PM: sleep: Add pm_debug_messages kernel command line option (bsc#1186752). - SUNRPC: Move fault injection call sites (git-fixes). - SUNRPC: Set memalloc_nofs_save() for sync tasks (git-fixes). - UCSI fixup of array of PDOs (git-fixes). - USB: f_ncm: ncm_bitrate (speed) is unsigned (git-fixes). - USB: serial: cp210x: fix alternate function for CP2102N QFN20 (git-fixes). - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes). - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (git-fixes). - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes). - USB: serial: quatech2: fix control-request directions (git-fixes). - USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes). - USB: usbfs: Do not WARN about excessively large memory allocations (git-fixes). - ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (git-fixes). - bcache: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1187357). - bcache: Use 64-bit arithmetic instead of 32-bit (bsc#1187357). - bcache: avoid oversized read request in cache missing code path (bsc#1187357, bsc#1185570, bsc#1184631). - bcache: do not pass BIOSET_NEED_BVECS for the 'bio_set' embedded in 'cache_set' (bsc#1187357). - bcache: fix a regression of code compiling failure in debug.c (bsc#1187357). - bcache: inherit the optimal I/O size (bsc#1187357). - bcache: reduce redundant code in bch_cached_dev_run() (bsc#1187357). - bcache: remove PTR_CACHE (bsc#1187357). - bcache: remove bcache device self-defined readahead (bsc#1187357, bsc#1185570, bsc#1184631). - bcache: use NULL instead of using plain integer as pointer (bsc#1187357). - blk-settings: align max_sectors on 'logical_block_size' boundary (bsc#1185195). - block: return the correct bvec when checking for gaps (bsc#1187143). - block: return the correct bvec when checking for gaps (bsc#1187144). - brcmfmac: Add clm_blob firmware files to modinfo (bsc#1186677). - brcmfmac: properly check for bus register errors (git-fixes). - btrfs: open device without device_list_mutex (bsc#1176771). - bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act (git-fixes). - char: hpet: add checks after calling ioremap (git-fixes). - chelsio/chtls: unlock on error in chtls_pt_recvmsg() (jsc#SLE-15129). - cxgb4/ch_ktls: Clear resources when pf4 device is removed (jsc#SLE-15129). - cxgb4: avoid accessing registers when clearing filters (git-fixes). - cxgb4: avoid link re-train during TC-MQPRIO configuration (jsc#SLE-8389). - cxgb4: fix regression with HASH tc prio value update (jsc#SLE-15131). - devlink: Correct VIRTUAL port to not have phys_port attributes (jsc#SLE-15172). - dmaengine: idxd: Use cpu_feature_enabled() (git-fixes). - dmaengine: idxd: add missing dsa driver unregister (git-fixes). - dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes). - drm/amd/amdgpu: fix a potential deadlock in gpu reset (git-fixes). - drm/amd/amdgpu: fix refcount leak (git-fixes). - drm/amd/display: Disconnect non-DP with no EDID (git-fixes). - drm/amd/display: Disconnect non-DP with no EDID (git-fixes). - drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu: Do not query CE and UE errors (git-fixes). - drm/amdgpu: Fix a use-after-free (git-fixes). - drm/amdgpu: make sure we unpin the UVD BO (git-fixes). - drm/amdgpu: stop touching sched.ready in the backend (git-fixes). - drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error (git-fixes). - drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() (git-fixes). - drm/mcde: Fix off by 10^3 in calculation (git-fixes). - drm/msm/a6xx: fix incorrectly set uavflagprd_inv field for A650 (git-fixes). - drm/msm/a6xx: update/fix CP_PROTECT initialization (git-fixes). - efi/libstub: prevent read overflow in find_file_option() (git-fixes). - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes). - efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes). - fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes). - gpio: cadence: Add missing MODULE_DEVICE_TABLE (git-fixes). - gpio: wcd934x: Fix shift-out-of-bounds error (git-fixes). - gve: Add NULL pointer checks when freeing irqs (git-fixes). - gve: Correct SKB queue index validation (git-fixes). - gve: Update mgmt_msix_idx if num_ntfy changes (git-fixes). - gve: Upgrade memory barrier in poll routine (git-fixes). - hwmon: (dell-smm-hwmon) Fix index values (git-fixes). - i2c: imx: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops (git-fixes). - ice: Allow all LLDP packets from PF to Tx (jsc#SLE-7926). - ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared (git-fixes). - ice: Fix allowing VF to request more/less queues via virtchnl (jsc#SLE-12878). - ice: handle the VF VSI rebuild failure (jsc#SLE-12878). - iommu/amd: Keep track of amd_iommu_irq_remap state (https://bugzilla.kernel.org/show_bug.cgi?id=212133). - iommu/virtio: Add missing MODULE_DEVICE_TABLE (bsc#1187345). - iommu/vt-d: Remove WO permissions on second-level paging entries (bsc#1187346). - iommu/vt-d: Report right snoop capability when using FL for IOVA (bsc#1187347). - iommu/vt-d: Use user privilege for RID2PASID translation (bsc#1187348). - iommu: Fix a boundary issue to avoid performance drop (bsc#1187344). - isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info (git-fixes). - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (git-fixes). - ixgbe: fix large MTU request from VF (git-fixes). - kABI workaround for rtw88 (git-fixes). - kABI workaround for struct lis3lv02d change (git-fixes). - lib: crc64: fix kernel-doc warning (bsc#1187357). - libertas: register sysfs groups properly (git-fixes). - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal (git-fixes). - md: Fix missing unused status line of /proc/mdstat (git-fixes). - md: bcache: Trivial typo fixes in the file journal.c (bsc#1187357). - md: bcache: avoid -Wempty-body warnings (bsc#1187357). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - mei: request autosuspend after sending rx flow control (git-fixes). - mmc: sdhci: Clear unused bounce buffer at DMA mmap error path (bsc#1187039). - net/mlx4: Fix EEPROM dump support (git-fixes). - net/mlx5: DR, Create multi-destination flow table with level less than 64 (jsc#SLE-8464). - net/mlx5: Set reformat action when needed for termination rules (jsc#SLE-15172). - net/mlx5: Set term table as an unmanaged flow table (jsc#SLE-15172). - net/mlx5e: Fix error path of updating netdev queues (jsc#SLE-15172). - net/mlx5e: Fix incompatible casting (jsc#SLE-15172). - net/mlx5e: Fix multipath lag activation (git-fixes). - net/mlx5e: Fix null deref accessing lag dev (jsc#SLE-15172). - net/mlx5e: Fix nullptr in add_vlan_push_action() (git-fixes). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (jsc#SLE-15172). - net/sched: act_ct: Offload connections with commit action (jsc#SLE-15172). - net/sched: fq_pie: fix OOB access in the traffic path (jsc#SLE-15172). - net/sched: fq_pie: re-factor fix for fq_pie endless loop (jsc#SLE-15172). - net: bnx2: Fix error return code in bnx2_init_board() (git-fixes). - net: fix iteration for sctp transport seq_files (git-fixes). - net: hns3: Limiting the scope of vector_ring_chain variable (git-fixes). - net: hns3: fix incorrect resp_msg issue (jsc#SLE-14777). - net: hns3: put off calling register_netdev() until client initialize complete (bsc#1154353). - net: zero-initialize tc skb extension on allocation (bsc#1176447). - netfilter: nf_tables: missing error reporting for not selected expressions (bsc#1176447). - netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version (bsc#1176447). - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (git-fixes). - nfsd: register pernet ops last, unregister first (git-fixes). - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259, bsc#1186155). - nvme: add new line after variable declatation (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: do not check nvme_req flags for new req (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: mark nvme_setup_passsthru() inline (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: reduce checks for zero command effects (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: rename nvme_init_identify() (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: split init identify into helper (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: use NVME_CTRL_CMIC_ANA macro (bsc#1184259, bsc#1178612, bsc#1186155). - nvmet: use new ana_log_size instead the old one (bsc#1178612, bsc#1184259, bsc#1186155). - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes). - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes). - pid: take a reference when initializing `cad_pid` (bsc#1152489). - platform/x86: hp-wireless: add AMD's hardware id to the supported list (git-fixes). - platform/x86: hp_accel: Avoid invoking _INI to speed up resume (git-fixes). - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet (git-fixes). - powerpc/32: Fix boot failure with CONFIG_STACKPROTECTOR (jsc#SLE-13847 git-fixes). - powerpc/kprobes: Fix validation of prefixed instructions across page boundary (jsc#SLE-13847 git-fixes). - regulator: core: resolve supply for boot-on/always-on regulators (git-fixes). - regulator: max77620: Use device_set_of_node_from_dev() (git-fixes). - rtw88: 8822c: add LC calibration for RTL8822C (git-fixes). - scsi: aacraid: Fix an oops in error handling (bsc#1187072). - scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186950). - scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186951). - scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#1186952). - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#1186953). - scsi: be2iscsi: Revert 'Fix a theoretical leak in beiscsi_create_eqs()' (bsc#1187067). - scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186954). - scsi: bnx2fc: Fix Kconfig warning & CNIC build errors (bsc#1186955). - scsi: bnx2i: Requires MMU (bsc#1186956). - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186957). - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() (bsc#1186958). - scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186959). - scsi: cxgb4i: Fix TLS dependency (bsc#1186960). - scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc#1186961). - scsi: fnic: Fix error return code in fnic_probe() (bsc#1186962). - scsi: hisi_sas: Fix IRQ checks (bsc#1186963). - scsi: hisi_sas: Remove preemptible() (bsc#1186964). - scsi: jazz_esp: Add IRQ check (bsc#1186965). - scsi: libfc: Fix enum-conversion warning (bsc#1186966). - scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186967). - scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1187068). - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#1186968). - scsi: lpfc: Fix ancient double free (bsc#1186969). - scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes). - scsi: megaraid_sas: Check user-provided offsets (bsc#1186970). - scsi: megaraid_sas: Clear affinity hint (bsc#1186971). - scsi: megaraid_sas: Do not call disable_irq from process IRQ poll (bsc#1186972). - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186973). - scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro (bsc#1186974). - scsi: mesh: Fix panic after host or bus reset (bsc#1186976). - scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (bsc#1186977). - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#1186978). - scsi: mpt3sas: Fix ioctl timeout (bsc#1186979). - scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1186980). - scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186981). - scsi: powertec: Fix different dev_id between request_irq() and free_irq() (bsc#1186982). - scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186983). - scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#1186984). - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#1186985). - scsi: qla2xxx: Prevent PRLI in target mode (git-fixes). - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' (bsc#1186986). - scsi: qla4xxx: Remove in_interrupt() (bsc#1186987). - scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#1186988). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). - scsi: sd: Fix Opal support (bsc#1186989). - scsi: smartpqi: Add additional logging for LUN resets (bsc#1186472). - scsi: smartpqi: Add host level stream detection enable (bsc#1186472). - scsi: smartpqi: Add new PCI IDs (bsc#1186472). - scsi: smartpqi: Add phy ID support for the physical drives (bsc#1186472). - scsi: smartpqi: Add stream detection (bsc#1186472). - scsi: smartpqi: Add support for BMIC sense feature cmd and feature bits (bsc#1186472). - scsi: smartpqi: Add support for RAID1 writes (bsc#1186472). - scsi: smartpqi: Add support for RAID5 and RAID6 writes (bsc#1186472). - scsi: smartpqi: Add support for long firmware version (bsc#1186472). - scsi: smartpqi: Add support for new product ids (bsc#1186472). - scsi: smartpqi: Add support for wwid (bsc#1186472). - scsi: smartpqi: Align code with oob driver (bsc#1186472). - scsi: smartpqi: Convert snprintf() to scnprintf() (bsc#1186472). - scsi: smartpqi: Correct request leakage during reset operations (bsc#1186472). - scsi: smartpqi: Correct system hangs when resuming from hibernation (bsc#1186472). - scsi: smartpqi: Disable WRITE SAME for HBA NVMe disks (bsc#1186472). - scsi: smartpqi: Fix blocks_per_row static checker issue (bsc#1186472). - scsi: smartpqi: Fix device pointer variable reference static checker issue (bsc#1186472). - scsi: smartpqi: Fix driver synchronization issues (bsc#1186472). - scsi: smartpqi: Refactor aio submission code (bsc#1186472). - scsi: smartpqi: Refactor scatterlist code (bsc#1186472). - scsi: smartpqi: Remove timeouts from internal cmds (bsc#1186472). - scsi: smartpqi: Remove unused functions (bsc#1186472). - scsi: smartpqi: Synchronize device resets with mutex (bsc#1186472). - scsi: smartpqi: Update OFA management (bsc#1186472). - scsi: smartpqi: Update RAID bypass handling (bsc#1186472). - scsi: smartpqi: Update SAS initiator_port_protocols and target_port_protocols (bsc#1186472). - scsi: smartpqi: Update device scan operations (bsc#1186472). - scsi: smartpqi: Update enclosure identifier in sysfs (bsc#1186472). - scsi: smartpqi: Update event handler (bsc#1186472). - scsi: smartpqi: Update soft reset management for OFA (bsc#1186472). - scsi: smartpqi: Update suspend/resume and shutdown (bsc#1186472). - scsi: smartpqi: Update version to 2.1.8-045 (bsc#1186472). - scsi: smartpqi: Use host-wide tag space (bsc#1186472). - scsi: sni_53c710: Add IRQ check (bsc#1186990). - scsi: sun3x_esp: Add IRQ check (bsc#1186991). - scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1187002). - scsi: ufs: Add quirk to disallow reset of interrupt aggregation (bsc#1186992). - scsi: ufs: Add quirk to enable host controller without hce (bsc#1186993). - scsi: ufs: Add quirk to fix abnormal ocs fatal error (bsc#1186994). - scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr (bsc#1186995). - scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#1186997). - scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186998). - scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk (bsc#1187000). - scsi: ufs: Make ufshcd_print_trs() consider UFSHCD_QUIRK_PRDT_BYTE_GRAN (bsc#1187069). - scsi: ufs: Properly release resources if a task is aborted successfully (bsc#1187001). - scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1186996). - scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187003). - scsi: ufshcd: use an enum for quirks (bsc#1186999). - serial: 8250_pci: handle FL_NOIRQ board flag (git-fixes). - serial: max310x: unregister uart driver in case of failure and abort (git-fixes). - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (git-fixes). - staging: rtl8723bs: Fix uninitialized variables (git-fixes). - sunrpc: fix refcount leak for rpc auth modules (git-fixes). - svcrdma: disable timeouts on rdma backchannel (git-fixes). - thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID (git-fixes). - thunderbolt: usb4: Fix NVM read buffer bounds and offset issue (git-fixes). - tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes). - ttyprintk: Add TTY hangup callback (git-fixes). - usb: chipidea: imx: Fix Battery Charger 1.2 CDP detection (git-fixes). - usb: core: reduce power-on-good delay time of root hub (git-fixes). - usb: fix various gadgets null ptr deref on 10gbps cabling (git-fixes). - usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes). - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes). - usb: typec: intel_pmc_mux: Put fwnode in error case during ->probe() (git-fixes). - usb: typec: mux: Fix copy-paste mistake in typec_mux_match (git-fixes). - usb: typec: mux: Fix matching with typec_altmode_desc (git-fixes). - usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header (git-fixes). - usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (git-fixes). - usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 (git-fixes). - usb: typec: wcove: Use LE to CPU conversion when accessing msg->header (git-fixes). - vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes). - vfio/pci: zap_vma_ptes() needs MMU (git-fixes). - vfio/platform: fix module_put call in error flow (git-fixes). - vmlinux.lds.h: Avoid orphan section with !SMP (git-fixes). - vsock/vmci: log once the failed queue pair allocation (git-fixes). - wireguard: allowedips: initialize list head in selftest (git-fixes). - wireguard: do not use -O3 (git-fixes). - wireguard: peer: allocate in kmem_cache (git-fixes). - wireguard: peer: put frequently used members above cache lines (git-fixes). - wireguard: queueing: get rid of per-peer ring buffers (git-fixes). - wireguard: selftests: make sure rp_filter is disabled on vethc (git-fixes). - wireguard: selftests: remove old conntrack kconfig value (git-fixes). - wireguard: use synchronize_net rather than synchronize_rcu (git-fixes). - x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (bsc#1152489). - x86/boot/64: Explicitly map boot_params and command line (jsc#SLE-14337). - x86/boot/compressed/64: Add 32-bit boot #VC handler (jsc#SLE-14337). - x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Cleanup exception handling before booting kernel (jsc#SLE-14337). - x86/boot/compressed/64: Introduce sev_status (jsc#SLE-14337). - x86/boot/compressed/64: Reload CS in startup_32 (jsc#SLE-14337). - x86/boot/compressed/64: Sanity-check CPUID results in the early #VC handler (jsc#SLE-14337). - x86/boot/compressed/64: Setup IDT in startup_32 boot path (jsc#SLE-14337). - x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove update_pasid() (bsc#1178134). - x86/fault: Do not send SIGSEGV twice on SEGV_PKUERR (bsc#1152489). - x86/fpu: Prevent state corruption in __fpu__restore_sig() (bsc#1178134). - x86/head/64: Check SEV encryption before switching to kernel page-table (jsc#SLE-14337). - x86/head/64: Disable stack protection for head$(BITS).o (jsc#SLE-14337). - x86/ioremap: Map efi_mem_reserve() memory as encrypted for SEV (bsc#1186885). - x86/sev-es: Do not return NULL from sev_es_get_ghcb() (bsc#1187349). - x86/sev-es: Do not support MMIO to/from encrypted memory (jsc#SLE-14337). - x86/sev-es: Forward page-faults which happen during emulation (bsc#1187350). - x86/sev-es: Replace open-coded hlt-loops with sev_es_terminate() (jsc#SLE-14337). - x86/sev-es: Use __put_user()/__get_user() for data accesses (bsc#1187351). - x86/sev: Check SME/SEV support in CPUID first (jsc#SLE-14337). - x86/sev: Do not require Hypervisor CPUID bit for SEV guests (jsc#SLE-14337). - x86: fix seq_file iteration for pat.c (git-fixes). - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). - xprtrdma: Avoid Receive Queue wrapping (git-fixes). - xprtrdma: rpcrdma_mr_pop() already does list_del_init() (git-fixes). Important SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1174978 SUSE bug 1176447 SUSE bug 1176771 SUSE bug 1178134 SUSE bug 1178612 SUSE bug 1179610 SUSE bug 1183712 SUSE bug 1184259 SUSE bug 1184436 SUSE bug 1184631 SUSE bug 1185195 SUSE bug 1185570 SUSE bug 1185589 SUSE bug 1185675 SUSE bug 1185701 SUSE bug 1186155 SUSE bug 1186286 SUSE bug 1186463 SUSE bug 1186472 SUSE bug 1186672 SUSE bug 1186677 SUSE bug 1186752 SUSE bug 1186885 SUSE bug 1186928 SUSE bug 1186949 SUSE bug 1186950 SUSE bug 1186951 SUSE bug 1186952 SUSE bug 1186953 SUSE bug 1186954 SUSE bug 1186955 SUSE bug 1186956 SUSE bug 1186957 SUSE bug 1186958 SUSE bug 1186959 SUSE bug 1186960 SUSE bug 1186961 SUSE bug 1186962 SUSE bug 1186963 SUSE bug 1186964 SUSE bug 1186965 SUSE bug 1186966 SUSE bug 1186967 SUSE bug 1186968 SUSE bug 1186969 SUSE bug 1186970 SUSE bug 1186971 SUSE bug 1186972 SUSE bug 1186973 SUSE bug 1186974 SUSE bug 1186976 SUSE bug 1186977 SUSE bug 1186978 SUSE bug 1186979 SUSE bug 1186980 SUSE bug 1186981 SUSE bug 1186982 SUSE bug 1186983 SUSE bug 1186984 SUSE bug 1186985 SUSE bug 1186986 SUSE bug 1186987 SUSE bug 1186988 SUSE bug 1186989 SUSE bug 1186990 SUSE bug 1186991 SUSE bug 1186992 SUSE bug 1186993 SUSE bug 1186994 SUSE bug 1186995 SUSE bug 1186996 SUSE bug 1186997 SUSE bug 1186998 SUSE bug 1186999 SUSE bug 1187000 SUSE bug 1187001 SUSE bug 1187002 SUSE bug 1187003 SUSE bug 1187038 SUSE bug 1187039 SUSE bug 1187050 SUSE bug 1187052 SUSE bug 1187067 SUSE bug 1187068 SUSE bug 1187069 SUSE bug 1187072 SUSE bug 1187143 SUSE bug 1187144 SUSE bug 1187167 SUSE bug 1187334 SUSE bug 1187344 SUSE bug 1187345 SUSE bug 1187346 SUSE bug 1187347 SUSE bug 1187348 SUSE bug 1187349 SUSE bug 1187350 SUSE bug 1187351 SUSE bug 1187357 SUSE bug 1187711 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 cpe:/o:opensuse:leap:15.3 Security update for qemu (Moderate) openSUSE Leap 15.3 This update for qemu fixes the following issues: - CVE-2021-3546: Fixed out-of-bounds write in virgl_cmd_get_capset (bsc#1185981). - CVE-2021-3544: Fixed memory leaks found in the virtio vhost-user GPU device (bsc#1186010). - CVE-2021-3545: Fixed information disclosure due to uninitialized memory read (bsc#1185990). Moderate SUSE bug 1185981 SUSE bug 1185990 SUSE bug 1186010 CVE-2021-3544 CVE-2021-3545 CVE-2021-3546 cpe:/o:opensuse:leap:15.3 Security update for go1.15 (Important) openSUSE Leap 15.3 This update for go1.15 fixes the following issues: Update to 1.15.13. Includes these security fixes - CVE-2021-33195: net: Lookup functions may return invalid host names (bsc#1187443). - CVE-2021-33196: archive/zip: malformed archive may cause panic or memory exhaustion (bsc#1186622). - CVE-2021-33197: net/http/httputil: ReverseProxy forwards Connection headers if first one is empty (bsc#1187444) - CVE-2021-33198: math/big: (*Rat).SetString with '1.770p02041010010011001001' crashes with 'makeslice: len out of range' (bsc#1187445). Important SUSE bug 1175132 SUSE bug 1186622 SUSE bug 1187443 SUSE bug 1187444 SUSE bug 1187445 CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198 cpe:/o:opensuse:leap:15.3 Security update for kubevirt (Moderate) openSUSE Leap 15.3 This update for kubevirt fixes the following issues: General: - Updated kubevirt to version 0.40.0 - Fixed an issue when calling `virsh-domcapabilities` - Fixed the the wrong registry path for containers. Security fixes: - CVE-2021-20286: A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service. Moderate CVE-2021-20286 cpe:/o:opensuse:leap:15.3 Security update for bluez (Moderate) openSUSE Leap 15.3 This update for bluez fixes the following issues: - CVE-2021-0129,CVE-2020-26558: Check bluetooth security flags (bsc#1186463). Moderate SUSE bug 1186463 CVE-2020-26558 CVE-2021-0129 cpe:/o:opensuse:leap:15.3 Security update for dbus-1 (Important) openSUSE Leap 15.3 This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105) Important SUSE bug 1187105 CVE-2020-35512 cpe:/o:opensuse:leap:15.3 Security update for jdom2 (Important) openSUSE Leap 15.3 This update for jdom2 fixes the following issues: - CVE-2021-33813: XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request (bsc#1187446) Important SUSE bug 1187446 CVE-2021-33813 cpe:/o:opensuse:leap:15.3 Security update for redis (Important) openSUSE Leap 15.3 This update for redis fixes the following issues: - Upgrade to 6.0.14 - CVE-2021-32625: An integer overflow bug could be exploited by using the STRALGO LCS command to cause remote remote code execution (bsc#1186722) - Fix crash in UNLINK on a stream key with deleted consumer groups - SINTERSTORE: Add missing keyspace del event when none of the sources exist Important SUSE bug 1186722 CVE-2021-32625 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) The following non-security bugs were fixed: - 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch: (bsc#1187263). - alx: Fix an error handling path in 'alx_probe()' (git-fixes). - asm-generic/hyperv: Add missing function prototypes per -W1 warnings (bsc#1186071). - ASoC: fsl-asoc-card: Set .owner attribute when registering card (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes). - ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire mode (git-fixes). - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes). - batman-adv: Avoid WARN_ON timing related checks (git-fixes). - be2net: Fix an error handling path in 'be_probe()' (git-fixes). - block: Discard page cache of zone reset target range (bsc#1187402). - Bluetooth: Add a new USB ID for RTL8822CE (git-fixes). - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes). - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274). - bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1177028). - bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028). - bpfilter: Specify the log level for the kmsg message (bsc#1155518). - can: mcba_usb: fix memory leak in mcba_usb (git-fixes). - ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927). - cfg80211: avoid double free of PMSR request (git-fixes). - cfg80211: make certificate generation more robust (git-fixes). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - clocksource/drivers/hyper-v: Handle sched_clock differences inline (bsc#1186071). - clocksource/drivers/hyper-v: Move handling of STIMER0 interrupts (bsc#1186071). - clocksource/drivers/hyper-v: Set clocksource rating based on Hyper-V feature (bsc#1186071). - cxgb4: fix endianness when flashing boot image (jsc#SLE-15131). - cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131). - cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131). - cxgb4: fix wrong shift (git-fixes). - cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131). - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411). - dax: Add an enum for specifying dax wakup mode (bsc#1187411). - dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212). - dax: Wake up all waiters after invalidating dax entry (bsc#1187411). - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes). - dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions (git-fixes). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes). - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes). - drivers: hv: Create a consistent pattern for checking Hyper-V hypercall status (bsc#1186071). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (bsc#1186071). - Drivers: hv: Redo Hyper-V synthetic MSR get/set functions (bsc#1186071). - Drivers: hv: vmbus: Check for pending channel interrupts before taking a CPU offline (bsc#1186071). - Drivers: hv: vmbus: Drivers: hv: vmbus: Introduce CHANNELMSG_MODIFYCHANNEL_RESPONSE (bsc#1186071). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1183682). - Drivers: hv: vmbus: Handle auto EOI quirk inline (bsc#1186071). - Drivers: hv: vmbus: Introduce and negotiate VMBus protocol version 5.3 (bsc#1186071). - Drivers: hv: vmbus: Move handling of VMbus interrupts (bsc#1186071). - Drivers: hv: vmbus: Move hyperv_report_panic_msg to arch neutral code (bsc#1186071). - Drivers: hv: vmbus: remove unused function (bsc#1186071). - Drivers: hv: vmbus: Remove unused linux/version.h header (bsc#1186071). - drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes). - drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes). - drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes). - drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes). - drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes). - drm/tegra: sor: Do not leak runtime PM reference (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes). - drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes). - drm: Fix use-after-free read in drm_getunique() (git-fixes). - drm: Lock pointer access in drm_master_release() (git-fixes). - dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). - ethtool: strset: fix message length calculation (bsc#1176447). - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408). - ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404). - ext4: fix error code in ext4_commit_super (bsc#1187407). - ext4: fix memory leak in ext4_fill_super (bsc#1187409). - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886). - fs: fix reporting supported extra file attributes for statx() (bsc#1187410). - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes). - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes). - fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356). - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes). - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes). - HID: hid-input: add mapping for emoji picker key (git-fixes). - HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes). - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes). - HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes). - hv: hyperv.h: a few mundane typo fixes (bsc#1186071). - hv_netvsc: Add a comment clarifying batching logic (bsc#1186071). - hv_netvsc: Add error handling while switching data path (bsc#1186071). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (bsc#1186071). - hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes). - i2c: mpc: Make use of i2c_recover_bus() (git-fixes). - ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926). - ice: parameterize functions responsible for Tx ring management (jsc#SLE-12878). - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes). - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile. - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes). - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867). - kthread_worker: split code for canceling the delayed work timer (bsc#1187867). - kyber: fix out of bounds access when preempted (bsc#1187403). - lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493). - media: mtk-mdp: Check return value of of_clk_get (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 (bsc#1176774). - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes). - module: limit enabling module.sig_enforce (git-fixes). - net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes). - net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172). - net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172). - net/mlx5: Fix PBMC register mapping (git-fixes). - net/mlx5: Fix placement of log_max_flow_counter (git-fixes). - net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes). - net/mlx5: Reset mkey index on creation (jsc#SLE-15172). - net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes). - net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes). - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes). - net/nfc/rawsock.c: fix a permission check bug (git-fixes). - net/sched: act_ct: handle DNAT tuple collision (bsc#1154353). - net/x25: Return the correct errno code (git-fixes). - net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171). - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes). - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes). - NFS: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes). - NFS: Fix use-after-free in nfs4_init_client() (git-fixes). - nvmem: rmem: fix undefined reference to memremap (git-fixes). - ocfs2: fix data corruption by fallocate (bsc#1187412). - PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes). - PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1186071). - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes). - PCI: Mark TI C667X to avoid bus reset (git-fixes). - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes). - perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1 (git-fixes). - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes). - radeon: use memcpy_to/fromio for UVD fw upload (git-fixes). - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes). - Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949) - Revert 'ecryptfs: replace BUG_ON with error handling code' (bsc#1187413). - Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041). - Revert 'PCI: PM: Do not read power state in pci_enable_device_flags()' (git-fixes). - Revert 'video: hgafb: fix potential NULL pointer dereference' (git-fixes). - Revert 'video: imsttfb: fix potential NULL pointer dereferences' (bsc#1152489) - s390/dasd: add missing discipline function (git-fixes). - s390/stack: fix possible register corruption with stack switch helper (bsc#1185677). - sched/debug: Fix cgroup_path[] serialization (git-fixes) - sched/fair: Keep load_avg and load_sum synced (git-fixes) - scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883). - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886). - scsi: storvsc: Enable scatterlist entry lengths > 4Kbytes (bsc#1186071). - scsi: storvsc: Parameterize number hardware queues (bsc#1186071). - scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795). - SCSI: ufs: fix ktime_t kabi change (bsc#1187795). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980). - spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes). - spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - tracing: Correct the length check which causes memory corruption (git-fixes). - tracing: Do no increment trace_clock_global() by one (git-fixes). - tracing: Do not stop recording cmdlines when tracing is off (git-fixes). - tracing: Do not stop recording comms if the trace file is being read (git-fixes). - tracing: Restructure trace_clock_global() to never block (git-fixes). - USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes). - USB: dwc3: core: fix kernel panic when do reboot (git-fixes). - USB: dwc3: core: fix kernel panic when do reboot (git-fixes). - USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes). - USB: dwc3: ep0: fix NULL pointer exception (git-fixes). - USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - USB: fix various gadget panics on 10gbps cabling (git-fixes). - USB: fix various gadget panics on 10gbps cabling (git-fixes). - USB: gadget: eem: fix wrong eem header operation (git-fixes). - USB: gadget: eem: fix wrong eem header operation (git-fixes). - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - video: hgafb: correctly handle card detect failure during probe (git-fixes). - video: hgafb: fix potential NULL pointer dereference (git-fixes). - vrf: fix maximum MTU (git-fixes). - x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134). - x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() (bsc#1178134). - x86/hyper-v: Move hv_message_type to architecture neutral module - x86/hyperv: Fix unused variable 'hi' warning in hv_apic_read (bsc#1186071). - x86/hyperv: Fix unused variable 'msr_val' warning in hv_qlock_wait (bsc#1186071). - x86/hyperv: Move hv_do_rep_hypercall to asm-generic (bsc#1186071). - x86/hyperv: remove unused linux/version.h header (bsc#1186071). - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489). - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489). - xen-blkback: fix compatibility bug with single page rings (git-fixes). - xen-pciback: reconfigure also from backend watch handler (git-fixes). - xen-pciback: redo VF placement in the virtual topology (git-fixes). - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). Important SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1164648 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1176919 SUSE bug 1177028 SUSE bug 1178134 SUSE bug 1182470 SUSE bug 1183682 SUSE bug 1184212 SUSE bug 1184685 SUSE bug 1185486 SUSE bug 1185675 SUSE bug 1185677 SUSE bug 1186071 SUSE bug 1186206 SUSE bug 1186666 SUSE bug 1186949 SUSE bug 1187171 SUSE bug 1187263 SUSE bug 1187356 SUSE bug 1187402 SUSE bug 1187403 SUSE bug 1187404 SUSE bug 1187407 SUSE bug 1187408 SUSE bug 1187409 SUSE bug 1187410 SUSE bug 1187411 SUSE bug 1187412 SUSE bug 1187413 SUSE bug 1187452 SUSE bug 1187554 SUSE bug 1187595 SUSE bug 1187601 SUSE bug 1187795 SUSE bug 1187867 SUSE bug 1187883 SUSE bug 1187886 SUSE bug 1187927 SUSE bug 1187972 SUSE bug 1187980 CVE-2021-0512 CVE-2021-0605 CVE-2021-33624 CVE-2021-34693 CVE-2021-3573 cpe:/o:opensuse:leap:15.3 Security update for sqlite3 (Important) openSUSE Leap 15.3 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) Important SUSE bug 1157818 SUSE bug 1158812 SUSE bug 1158958 SUSE bug 1158959 SUSE bug 1158960 SUSE bug 1159491 SUSE bug 1159715 SUSE bug 1159847 SUSE bug 1159850 SUSE bug 1160309 SUSE bug 1160438 SUSE bug 1160439 SUSE bug 1164719 SUSE bug 1172091 SUSE bug 1172115 SUSE bug 1172234 SUSE bug 1172236 SUSE bug 1172240 SUSE bug 1173641 SUSE bug 928700 SUSE bug 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-9327 cpe:/o:opensuse:leap:15.3 Security update for ffmpeg (Important) openSUSE Leap 15.3 This update for ffmpeg fixes the following issues: - CVE-2020-13904: Fixed use-after-free via a crafted EXTINF duration in an m3u8 file (bsc#1172640). - CVE-2020-21041: Fixed buffer overflow vulnerability via apng_do_inverse_blend in libavcodec/pngenc.c (bsc#1186406). - CVE-2019-17539: Fixed NULL pointer dereference in avcodec_open2 in libavcodec/utils.c (bsc# 1154065). - CVE-2020-22026: Fixed buffer overflow vulnerability in config_input() at libavfilter/af_tremolo.c (bsc#1186583). - CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586). - CVE-2020-22020: Fixed buffer overflow vulnerability in build_diff_map() in libavfilter/vf_fieldmatch.c (bsc#1186587). - CVE-2020-22015: Fixed buffer overflow vulnerability in mov_write_video_tag() due to the out of bounds in libavformat/movenc.c (bsc#1186596). - CVE-2020-22016: Fixed a heap-based Buffer Overflow vulnerability at libavcodec/get_bits.h when writing .mov files (bsc#1186598). - CVE-2020-22017: Fixed a heap-based Buffer Overflow vulnerability in ff_fill_rectangle() in libavfilter/drawutils.c (bsc#1186600). - CVE-2020-22022: Fixed a heap-based Buffer Overflow vulnerability in filter_frame at libavfilter/vf_fieldorder.c (bsc#1186603). - CVE-2020-22023: Fixed a heap-based Buffer Overflow vulnerability in filter_frame at libavfilter/vf_bitplanenoise.c (bsc#1186604) - CVE-2020-22025: Fixed a heap-based Buffer Overflow vulnerability in gaussian_blur at libavfilter/vf_edgedetect.c (bsc#1186605). - CVE-2020-22031: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_w3fdif.c in filter16_complex_low() (bsc#1186613). - CVE-2020-22032: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_edgedetect.c in gaussian_blur() (bsc#1186614). - CVE-2020-22034: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_floodfill.c (bsc#1186616). - CVE-2020-20451: Fixed denial of service issue due to resource management errors via fftools/cmdutils.c (bsc#1186658). - CVE-2020-20448: Fixed divide by zero issue via libavcodec/ratecontrol.c (bsc#1186660). - CVE-2020-22038: Fixed denial of service vulnerability due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c (bsc#1186757). - CVE-2020-22039: Fixed denial of service vulnerability due to a memory leak in the inavi_add_ientry function (bsc#1186758). - CVE-2020-22043: Fixed denial of service vulnerability due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c (bsc#1186762). - CVE-2020-22044: Fixed denial of service vulnerability due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c (bsc#1186763). - CVE-2020-22033,CVE-2020-22019: Fixed a heap-based Buffer Overflow Vulnerability at libavfilter/vf_vmafmotion.c in convolution_y_8bit() and in convolution_y_10bit() in libavfilter/vf_vmafmotion.c (bsc#1186615, bsc#1186597). Important SUSE bug 1172640 SUSE bug 1186406 SUSE bug 1186583 SUSE bug 1186586 SUSE bug 1186587 SUSE bug 1186596 SUSE bug 1186597 SUSE bug 1186598 SUSE bug 1186600 SUSE bug 1186603 SUSE bug 1186604 SUSE bug 1186605 SUSE bug 1186613 SUSE bug 1186614 SUSE bug 1186615 SUSE bug 1186616 SUSE bug 1186658 SUSE bug 1186660 SUSE bug 1186757 SUSE bug 1186758 SUSE bug 1186762 SUSE bug 1186763 CVE-2019-17539 CVE-2020-13904 CVE-2020-20448 CVE-2020-20451 CVE-2020-21041 CVE-2020-22015 CVE-2020-22016 CVE-2020-22017 CVE-2020-22019 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22031 CVE-2020-22032 CVE-2020-22033 CVE-2020-22034 CVE-2020-22038 CVE-2020-22039 CVE-2020-22043 CVE-2020-22044 cpe:/o:opensuse:leap:15.3 Security update for nodejs12 (Important) openSUSE Leap 15.3 This update for nodejs12 fixes the following issues: - update to 12.22.2: - CVE-2021-22918: Out of bounds read (bsc#1187973) - CVE-2021-23362: ssri Regular Expression Denial of Service and hosted-git-info (bsc#1187977) - CVE-2021-27290: Regular Expression Denial of Service (bsc#1187976) - CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (bsc#1183851) - CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (bsc#1183852) - CVE-2020-7774: npm - Update y18n to fix Prototype-Pollution (bsc#1184450) Important SUSE bug 1183851 SUSE bug 1183852 SUSE bug 1184450 SUSE bug 1187973 SUSE bug 1187976 SUSE bug 1187977 CVE-2020-7774 CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 CVE-2021-3449 CVE-2021-3450 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) The following non-security bugs were fixed: - 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch: (bsc#1187263). - alx: Fix an error handling path in 'alx_probe()' (git-fixes). - ASoC: fsl-asoc-card: Set .owner attribute when registering card (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes). - ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire mode (git-fixes). - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes). - batman-adv: Avoid WARN_ON timing related checks (git-fixes). - be2net: Fix an error handling path in 'be_probe()' (git-fixes). - block: Discard page cache of zone reset target range (bsc#1187402). - Bluetooth: Add a new USB ID for RTL8822CE (git-fixes). - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes). - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274). - bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1177028). - bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028). - bpfilter: Specify the log level for the kmsg message (bsc#1155518). - can: mcba_usb: fix memory leak in mcba_usb (git-fixes). - ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927). - cfg80211: avoid double free of PMSR request (git-fixes). - cfg80211: make certificate generation more robust (git-fixes). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - cxgb4: fix endianness when flashing boot image (jsc#SLE-15131). - cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131). - cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131). - cxgb4: fix wrong shift (git-fixes). - cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131). - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411). - dax: Add an enum for specifying dax wakup mode (bsc#1187411). - dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212). - dax: Wake up all waiters after invalidating dax entry (bsc#1187411). - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes). - dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions (git-fixes). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes). - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes). - drm: Fix use-after-free read in drm_getunique() (git-fixes). - drm: Lock pointer access in drm_master_release() (git-fixes). - drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes). - drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes). - drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes). - drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes). - drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes). - drm/tegra: sor: Do not leak runtime PM reference (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes). - drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes). - dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). - ethtool: strset: fix message length calculation (bsc#1176447). - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408). - ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404). - ext4: fix error code in ext4_commit_super (bsc#1187407). - ext4: fix memory leak in ext4_fill_super (bsc#1187409). - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886). - fs: fix reporting supported extra file attributes for statx() (bsc#1187410). - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes). - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes). - fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356). - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes). - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes). - HID: hid-input: add mapping for emoji picker key (git-fixes). - HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes). - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes). - HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes). - hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes). - i2c: mpc: Make use of i2c_recover_bus() (git-fixes). - ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926). - ice: parameterize functions responsible for Tx ring management (jsc#SLE-12878). - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes). - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile. - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes). - kthread_worker: split code for canceling the delayed work timer (bsc#1187867). - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867). - kyber: fix out of bounds access when preempted (bsc#1187403). - lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493). - media: mtk-mdp: Check return value of of_clk_get (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 (bsc#1176774). - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes). - module: limit enabling module.sig_enforce (git-fixes). - net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171). - net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes). - net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172). - net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172). - net/mlx5: Fix PBMC register mapping (git-fixes). - net/mlx5: Fix placement of log_max_flow_counter (git-fixes). - net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes). - net/mlx5: Reset mkey index on creation (jsc#SLE-15172). - net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes). - net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes). - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes). - net/nfc/rawsock.c: fix a permission check bug (git-fixes). - net/sched: act_ct: handle DNAT tuple collision (bsc#1154353). - net/x25: Return the correct errno code (git-fixes). - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes). - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes). - NFS: Fix use-after-free in nfs4_init_client() (git-fixes). - NFS: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes). - nvmem: rmem: fix undefined reference to memremap (git-fixes). - ocfs2: fix data corruption by fallocate (bsc#1187412). - PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes). - PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes). - PCI: Mark TI C667X to avoid bus reset (git-fixes). - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes). - perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1 (git-fixes). - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes). - radeon: use memcpy_to/fromio for UVD fw upload (git-fixes). - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes). - Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949) - Revert 'ecryptfs: replace BUG_ON with error handling code' (bsc#1187413). - Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041). - Revert 'PCI: PM: Do not read power state in pci_enable_device_flags()' (git-fixes). - Revert 'video: hgafb: fix potential NULL pointer dereference' (git-fixes). - Revert 'video: imsttfb: fix potential NULL pointer dereferences' (bsc#1152489) - s390/dasd: add missing discipline function (git-fixes). - s390/stack: fix possible register corruption with stack switch helper (bsc#1185677). - sched/debug: Fix cgroup_path[] serialization (git-fixes) - sched/fair: Keep load_avg and load_sum synced (git-fixes) - scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883). - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886). - scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795). - SCSI: ufs: fix ktime_t kabi change (bsc#1187795). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980). - spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes). - spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - tracing: Correct the length check which causes memory corruption (git-fixes). - tracing: Do no increment trace_clock_global() by one (git-fixes). - tracing: Do not stop recording cmdlines when tracing is off (git-fixes). - tracing: Do not stop recording comms if the trace file is being read (git-fixes). - tracing: Restructure trace_clock_global() to never block (git-fixes). - USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes). - USB: dwc3: core: fix kernel panic when do reboot (git-fixes). - USB: dwc3: core: fix kernel panic when do reboot (git-fixes). - USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes). - USB: dwc3: ep0: fix NULL pointer exception (git-fixes). - USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - USB: fix various gadget panics on 10gbps cabling (git-fixes). - USB: fix various gadget panics on 10gbps cabling (git-fixes). - USB: gadget: eem: fix wrong eem header operation (git-fixes). - USB: gadget: eem: fix wrong eem header operation (git-fixes). - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - video: hgafb: correctly handle card detect failure during probe (git-fixes). - video: hgafb: fix potential NULL pointer dereference (git-fixes). - vrf: fix maximum MTU (git-fixes). - x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134). - x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() (bsc#1178134). - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489). - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489). - xen-blkback: fix compatibility bug with single page rings (git-fixes). - xen-pciback: reconfigure also from backend watch handler (git-fixes). - xen-pciback: redo VF placement in the virtual topology (git-fixes). - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). Important SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1164648 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1176919 SUSE bug 1177028 SUSE bug 1178134 SUSE bug 1182470 SUSE bug 1184212 SUSE bug 1184685 SUSE bug 1185486 SUSE bug 1185675 SUSE bug 1185677 SUSE bug 1186206 SUSE bug 1186666 SUSE bug 1186949 SUSE bug 1187171 SUSE bug 1187263 SUSE bug 1187356 SUSE bug 1187402 SUSE bug 1187403 SUSE bug 1187404 SUSE bug 1187407 SUSE bug 1187408 SUSE bug 1187409 SUSE bug 1187410 SUSE bug 1187411 SUSE bug 1187412 SUSE bug 1187413 SUSE bug 1187452 SUSE bug 1187554 SUSE bug 1187595 SUSE bug 1187601 SUSE bug 1187795 SUSE bug 1187867 SUSE bug 1187883 SUSE bug 1187886 SUSE bug 1187927 SUSE bug 1187972 SUSE bug 1187980 CVE-2021-0512 CVE-2021-0605 CVE-2021-33624 CVE-2021-34693 CVE-2021-3573 cpe:/o:opensuse:leap:15.3 Security update for nodejs10 (Important) openSUSE Leap 15.3 This update for nodejs10 fixes the following issues: Update nodejs10 to 10.24.1. Including fixes for - CVE-2021-22918: libuv upgrade - Out of bounds read (bsc#1187973) - CVE-2021-27290: ssri Regular Expression Denial of Service (bsc#1187976) - CVE-2021-23362: hosted-git-info Regular Expression Denial of Service (bsc#1187977) - CVE-2020-7774: y18n Prototype Pollution (bsc#1184450) - CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (bsc#1183851) - CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (bsc#1183852) - reduce memory footprint of test-worker-stdio (bsc#1183155) Important SUSE bug 1183155 SUSE bug 1183851 SUSE bug 1183852 SUSE bug 1184450 SUSE bug 1187973 SUSE bug 1187976 SUSE bug 1187977 CVE-2020-7774 CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 CVE-2021-3449 CVE-2021-3450 cpe:/o:opensuse:leap:15.3 Security update for nodejs14 (Important) openSUSE Leap 15.3 This update for nodejs14 fixes the following issues: Update nodejs14 to 14.17.2. Including fixes for: - CVE-2021-22918: libuv upgrade - Out of bounds read (bsc#1187973) - CVE-2021-27290: ssri Regular Expression Denial of Service (bsc#1187976) - CVE-2021-23362: hosted-git-info Regular Expression Denial of Service (bsc#1187977) - CVE-2020-7774: y18n Prototype Pollution (bsc#1184450) Important SUSE bug 1184450 SUSE bug 1187973 SUSE bug 1187976 SUSE bug 1187977 CVE-2020-7774 CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 cpe:/o:opensuse:leap:15.3 Security update for go1.16 (Important) openSUSE Leap 15.3 This update for go1.16 fixes the following issues: go1.16.6 (released 2021-07-12, bsc#1182345) includes a security fix to the crypto/tls package, as well as bug fixes to the compiler, and the net and net/http packages. Security issue fixed: CVE-2021-34558: Fixed crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (bsc#1188229) go1.16 release: * bsc#1188229 go#47143 CVE-2021-34558 * go#47145 security: fix CVE-2021-34558 * go#46999 net: LookupMX behaviour broken * go#46981 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3 * go#46769 syscall: TestGroupCleanupUserNamespace test failure on Fedora * go#46657 runtime: deeply nested struct initialized with non-zero values * go#44984 net/http: server not setting Content-Length in certain cases Important SUSE bug 1182345 SUSE bug 1188229 CVE-2021-34558 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-29 (bsc#1188275) * CVE-2021-29970 (bmo#1709976): Use-after-free in accessibility features of a document * CVE-2021-30547 (bmo#1715766): Out of bounds write in ANGLE * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, bmo#1711576, bmo#1714391): Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 Important SUSE bug 1188275 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 cpe:/o:opensuse:leap:15.3 Security update for go1.15 (Moderate) openSUSE Leap 15.3 This update for go1.15 fixes the following issues: - go1.15.14 (released 2021-07-12) includes a security fix to the crypto/tls package, as well as bug fixes to the linker, and the net package. CVE-2021-34558 Refs bsc#1175132 go1.15 release tracking * bsc#1188229 go#47143 CVE-2021-34558 * go#47144 security: fix CVE-2021-34558 * go#47012 net: LookupMX behaviour broken * go#46994 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3 * go#46768 syscall: TestGroupCleanupUserNamespace test failure on Fedora * go#46684 x/build/cmd/release: linux-armv6l release tests aren't passing * go#46656 runtime: deeply nested struct initialized with non-zero values - Fix extraneous trailing percent character %endif% in spec file. Moderate SUSE bug 1175132 SUSE bug 1188229 CVE-2021-34558 cpe:/o:opensuse:leap:15.3 Security update for systemd (Moderate) openSUSE Leap 15.3 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) Moderate SUSE bug 1184994 SUSE bug 1188063 CVE-2021-33910 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c (bnc#1188116 ). - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges (bsc#1188062). The following non-security bugs were fixed: - ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980). - usb: dwc3: Fix debugfs creation flow (git-fixes). - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489). - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489). Important SUSE bug 1152489 SUSE bug 1182470 SUSE bug 1185486 SUSE bug 1187927 SUSE bug 1187972 SUSE bug 1187980 SUSE bug 1188062 SUSE bug 1188116 CVE-2021-22555 CVE-2021-33909 cpe:/o:opensuse:leap:15.3 Security update for systemd (Important) openSUSE Leap 15.3 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) Important SUSE bug 1188063 CVE-2021-33910 cpe:/o:opensuse:leap:15.3 Security update for containerd (Moderate) openSUSE Leap 15.3 This update for containerd fixes the following issues: - CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282) Moderate SUSE bug 1188282 CVE-2021-32760 cpe:/o:opensuse:leap:15.3 Security update for caribou (Important) openSUSE Leap 15.3 This update for caribou fixes the following issues: Security issue fixed: - CVE-2021-3567: Fixed a segfault when attempting to use shifted characters (bsc#1186617). Important SUSE bug 1186617 SUSE bug 1187112 CVE-2021-3567 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Security issues fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116). - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). The following non-security bugs were fixed: - usb: dwc3: Fix debugfs creation flow (git-fixes). Important SUSE bug 1188062 SUSE bug 1188116 CVE-2021-22555 CVE-2021-33909 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing. (bnc#1179610) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) - CVE-2021-0129: Fixed an improper access control in BlueZ that may have allowed an authenticated user to potentially enable information disclosure via adjacent access. (bnc#1186463) - CVE-2020-36386: Fixed an out-of-bounds read in hci_extended_inquiry_result_evt. (bsc#1187038) - CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets. (bsc#1185861 bsc#1185863) - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges. (bsc#1188062) - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215) - CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for local privilege escalation. (bsc#1187050) - CVE-2021-33200: Fix leakage of uninitialized bpf stack under speculation. (bsc#1186484) The following non-security bugs were fixed: - af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#1176081). - kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081). - net: Do not set transport offset to invalid value (bsc#1176081). - net: Introduce parse_protocol header_ops callback (bsc#1176081). - net/ethernet: Add parse_protocol header_ops support (bsc#1176081). - net/mlx5e: Remove the wrong assumption about transport offset (bsc#1176081). - net/mlx5e: Trust kernel regarding transport offset (bsc#1176081). - net/packet: Ask driver for protocol if not provided by user (bsc#1176081). - net/packet: Remove redundant skb->protocol set (bsc#1176081). - resource: Fix find_next_iomem_res() iteration issue (bsc#1181193). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). - SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428). - SUNRPC: More fixes for backlog congestion (bsc#1185428). - x86/crash: Add e820 reserved ranges to kdump kernel's e820 table (bsc#1181193). - x86/debug: Extend the lower bound of crash kernel low reservations (bsc#1153720). - x86/e820, ioport: Add a new I/O resource descriptor IORES_DESC_RESERVED (bsc#1181193). - x86/mm: Rework ioremap resource mapping determination (bsc#1181193). Important SUSE bug 1153720 SUSE bug 1174978 SUSE bug 1179610 SUSE bug 1181193 SUSE bug 1185428 SUSE bug 1185701 SUSE bug 1185861 SUSE bug 1186463 SUSE bug 1186484 SUSE bug 1187038 SUSE bug 1187050 SUSE bug 1187215 SUSE bug 1187452 SUSE bug 1187554 SUSE bug 1187595 SUSE bug 1187601 SUSE bug 1188062 SUSE bug 1188116 CVE-2020-24588 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555 CVE-2021-33200 CVE-2021-33624 CVE-2021-33909 CVE-2021-34693 CVE-2021-3609 cpe:/o:opensuse:leap:15.3 Security update for crmsh (Moderate) openSUSE Leap 15.3 This update for crmsh fixes the following issues: Update to version 4.3.1+20210624.67223df2: - Fix: ocfs2: Skip verifying UUID for ocfs2 device on top of raid or lvm on the join node (bsc#1187553) - Fix: history: use Path.mkdir instead of mkdir command(bsc#1179999, CVE-2020-35459) - Dev: crash_test: Add big warnings to have users' attention to potential failover(jsc#SLE-17979) - Dev: crash_test: rename preflight_check as crash_test(jsc#SLE-17979) - Fix: bootstrap: update sbd watchdog timeout when using diskless SBD with qdevice(bsc#1184465) - Dev: utils: allow configure link-local ipv6 address(bsc#1163460) - Fix: parse: shouldn't allow property setting with an empty value(bsc#1185423) - Fix: help: show help message from argparse(bsc#1175982) Moderate SUSE bug 1163460 SUSE bug 1175982 SUSE bug 1179999 SUSE bug 1184465 SUSE bug 1185423 SUSE bug 1187553 CVE-2020-35459 cpe:/o:opensuse:leap:15.3 Security update for curl (Moderate) openSUSE Leap 15.3 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) Moderate SUSE bug 1188217 SUSE bug 1188218 SUSE bug 1188219 SUSE bug 1188220 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 cpe:/o:opensuse:leap:15.3 Security update for qemu (Important) openSUSE Leap 15.3 This update for qemu fixes the following issues: - CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499) - CVE-2021-3607: Ensure correct input on ring init (bsc#1187539) - CVE-2021-3608: Fix the ring init error flow (bsc#1187538) - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529) Important SUSE bug 1187499 SUSE bug 1187529 SUSE bug 1187538 SUSE bug 1187539 CVE-2021-3582 CVE-2021-3607 CVE-2021-3608 CVE-2021-3611 cpe:/o:opensuse:leap:15.3 Security update for transfig (Moderate) openSUSE Leap 15.3 This update for transfig fixes the following issues: Update to version 3.2.8, including fixes for - CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef() (bsc#1186329). - CVE-2019-19797: out-of-bounds write in read_colordef in read.c (bsc#1159293). - CVE-2019-19555: stack-based buffer overflow because of an incorrect sscanf (bsc#1161698). - CVE-2019-19746: segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130). - CVE-2019-14275: stack-based buffer overflow in the calc_arrow function in bound.c (bsc#1143650). Moderate SUSE bug 1143650 SUSE bug 1159130 SUSE bug 1159293 SUSE bug 1161698 SUSE bug 1186329 CVE-2019-14275 CVE-2019-19555 CVE-2019-19746 CVE-2019-19797 CVE-2021-3561 cpe:/o:opensuse:leap:15.3 Security update for wireshark (Moderate) openSUSE Leap 15.3 This update for wireshark fixes the following issues: Update wireshark to 3.4.6. Including a fix for: - DVB-S2-BB dissector infinite loop (bsc#1186790). Moderate SUSE bug 1186790 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.12 * fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links * fixed: Folder Pane display theme fixes for macOS * fixed: Chat account settings did not always save as expected * fixed: RSS feed subscriptions sometimes lost * fixed: Calendar: A parsing error for alarm triggers of type 'DURATION' caused sync problems for some users * fixed: Various security fixes MFSA 2021-30 (bsc#1188275) * CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could be processed * CVE-2021-29970: Use-after-free in accessibility features of a document * CVE-2021-30547: Out of bounds write in ANGLE * CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12 Important SUSE bug 1188275 CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 cpe:/o:opensuse:leap:15.3 Security update for bluez (Moderate) openSUSE Leap 15.3 This update for bluez fixes the following issues: - CVE-2021-3588: Fixed a missing bounds checks inside cli_feat_read_cb() function in src/gatt-database.c (bsc#1187165) Moderate SUSE bug 1187165 CVE-2021-3588 cpe:/o:opensuse:leap:15.3 Security update for qemu (Important) openSUSE Leap 15.3 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366) - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364) - CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367) - CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365) - CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499) - CVE-2021-3607: Ensure correct input on ring init (bsc#1187539) - CVE-2021-3608: Fix the ring init error flow (bsc#1187538) - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529) Important SUSE bug 1187364 SUSE bug 1187365 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1187499 SUSE bug 1187529 SUSE bug 1187538 SUSE bug 1187539 CVE-2021-3582 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2021-3607 CVE-2021-3608 CVE-2021-3611 cpe:/o:opensuse:leap:15.3 Security update for git (Moderate) openSUSE Leap 15.3 This update for git fixes the following issues: Update from version 2.26.2 to version 2.31.1 (jsc#SLE-18152) Security fixes: - CVE-2021-21300: On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could run remote code during a clone. (bsc#1183026) Non security changes: - Add `sysusers` file to create `git-daemon` user. - Remove `perl-base` and `openssh-server` dependency on `git-core`and provide a `perl-Git` package. (jsc#SLE-17838) - `fsmonitor` bug fixes - Fix `git bisect` to take an annotated tag as a good/bad endpoint - Fix a corner case in `git mv` on case insensitive systems - Require only `openssh-clients` where possible (like Tumbleweed or SUSE Linux Enterprise >= 15 SP3). (bsc#1183580) - Drop `rsync` requirement, not necessary anymore. - Use of `pack-redundant` command is discouraged and will trigger a warning. The replacement is `repack -d`. - The `--format=%(trailers)` mechanism gets enhanced to make it easier to design output for machine consumption. - No longer give message to choose between rebase or merge upon pull if the history `fast-forwards`. - The configuration variable `core.abbrev` can be set to `no` to force no abbreviation regardless of the hash algorithm - `git rev-parse` can be explicitly told to give output as absolute or relative path with the `--path-format=(absolute|relative)` option. - Bash completion update to make it easier for end-users to add completion for their custom `git` subcommands. - `git maintenance` learned to drive scheduled maintenance on platforms whose native scheduling methods are not 'cron'. - After expiring a reflog and making a single commit, the reflog for the branch would record a single entry that knows both `@{0}` and `@{1}`, but we failed to answer 'what commit were we on?', i.e. `@{1}` - `git bundle` learns `--stdin` option to read its refs from the standard input. Also, it now does not lose refs when they point at the same object. - `git log` learned a new `--diff-merges=<how>` option. - `git ls-files` can and does show multiple entries when the index is unmerged, which is a source for confusion unless `-s/-u` option is in use. A new option `--deduplicate` has been introduced. - `git worktree list` now annotates worktrees as prunable, shows locked and prunable attributes in `--porcelain mode`, and gained a `--verbose` option. - `git clone` tries to locally check out the branch pointed at by HEAD of the remote repository after it is done, but the protocol did not convey the information necessary to do so when copying an empty repository. The protocol v2 learned how to do so. - There are other ways than `..` for a single token to denote a `commit range', namely `<rev>^!` and `<rev>^-<n>`, but `git range-diff` did not understand them. - The `git range-diff` command learned `--(left|right)-only` option to show only one side of the compared range. - `git mergetool` feeds three versions (base, local and remote) of a conflicted path unmodified. The command learned to optionally prepare these files with unconflicted parts already resolved. - The `.mailmap` is documented to be read only from the root level of a working tree, but a stray file in a bare repository also was read by accident, which has been corrected. - `git maintenance` tool learned a new `pack-refs` maintenance task. - Improved error message given when a configuration variable that is expected to have a boolean value. - Signed commits and tags now allow verification of objects, whose two object names (one in SHA-1, the other in SHA-256) are both signed. - `git rev-list` command learned `--disk-usage` option. - `git diff`, `git log` `--{skip,rotate}-to=<path>` allows the user to discard diff output for early paths or move them to the end of the output. - `git difftool` learned `--skip-to=<path>` option to restart an interrupted session from an arbitrary path. - `git grep` has been tweaked to be limited to the sparse checkout paths. - `git rebase --[no-]fork-point` gained a configuration variable `rebase.forkPoint` so that users do not have to keep specifying a non-default setting. - `git stash` did not work well in a sparsely checked out working tree. - Newline characters in the host and path part of `git://` URL are now forbidden. - `Userdiff` updates for PHP, Rust, CSS - Avoid administrator error leading to data loss with `git push --force-with-lease[=<ref>]` by introducing `--force-if-includes` - only pull `asciidoctor` for the default ruby version - The `--committer-date-is-author-date` option of `rebase` and `am` subcommands lost the e-mail address by mistake in 2.29 - The transport protocol v2 has become the default again - `git worktree` gained a `repair` subcommand, `git init --separate-git-dir` no longer corrupts administrative data related to linked worktrees - `git maintenance` introduced for repository maintenance tasks - `fetch.writeCommitGraph` is deemed to be still a bit too risky and is no longer part of the `feature.experimental` set. - The commands in the `diff` family honors the `diff.relative` configuration variable. - `git diff-files` has been taught to say paths that are marked as `intent-to-add` are new files, not modified from an empty blob. - `git gui` now allows opening work trees from the start-up dialog. - `git bugreport` reports what shell is in use. - Some repositories have commits that record wrong committer timezone; `git fast-import` has an option to pass these timestamps intact to allow recreating existing repositories as-is. - `git describe` will always use the `long` version when giving its output based misplaced tags - `git pull` issues a warning message until the `pull.rebase` configuration variable is explicitly given Moderate SUSE bug 1168930 SUSE bug 1183026 SUSE bug 1183580 CVE-2021-21300 cpe:/o:opensuse:leap:15.3 Security update for fastjar (Low) openSUSE Leap 15.3 This update for fastjar fixes the following issues: - CVE-2010-2322: Fixed a directory traversal vulnerabilities. (bsc#1188517) Low SUSE bug 1188517 CVE-2010-2322 cpe:/o:opensuse:leap:15.3 Security update for php7 (Moderate) openSUSE Leap 15.3 This update for php7 fixes the following issues: - CVE-2021-21705 [bsc#1188037]: SSRF bypass in FILTER_VALIDATE_URL Moderate SUSE bug 1188037 CVE-2021-21705 cpe:/o:opensuse:leap:15.3 Security update for qemu (Important) openSUSE Leap 15.3 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366) - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364) - CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367) - CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365) - CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499) - CVE-2021-3607: Ensure correct input on ring init (bsc#1187539) - CVE-2021-3608: Fix the ring init error flow (bsc#1187538) - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529) - CVE-2020-25085: Fix out-of-bounds access issue while doing multi block SDMA (bsc#1176681) Other issues fixed: - QEMU BIOS fails to read stage2 loader (on s390x)(bsc#1186290) - Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591) Important SUSE bug 1176681 SUSE bug 1185591 SUSE bug 1186290 SUSE bug 1187364 SUSE bug 1187365 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1187499 SUSE bug 1187529 SUSE bug 1187538 SUSE bug 1187539 CVE-2020-25085 CVE-2021-3582 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2021-3607 CVE-2021-3608 CVE-2021-3611 cpe:/o:opensuse:leap:15.3 Security update for webkit2gtk3 (Important) openSUSE Leap 15.3 This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.3: - CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-30663: An integer overflow was addressed with improved input validation. (bsc#1188697) - CVE-2021-30665: A memory corruption issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30689: A logic issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30720: A logic issue was addressed with improved restrictions. (bsc#1188697) - CVE-2021-30734: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30744: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (bsc#1188697) - CVE-2021-30749: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30758: A type confusion issue was addressed with improved state handling. (bsc#1188697) - CVE-2021-30795: A use after free issue was addressed with improved memory management. (bsc#1188697) - CVE-2021-30797: This issue was addressed with improved checks. (bsc#1188697) - CVE-2021-30799: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) Important SUSE bug 1188697 CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 cpe:/o:opensuse:leap:15.3 Security update for mariadb (Important) openSUSE Leap 15.3 This update for mariadb fixes the following issues: - Update to 10.2.39 (bsc#1182739) - CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870) - CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872) - CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770) Important SUSE bug 1182739 SUSE bug 1183770 SUSE bug 1185870 SUSE bug 1185872 CVE-2021-2154 CVE-2021-2166 CVE-2021-27928 cpe:/o:opensuse:leap:15.3 Security update for apache-commons-compress (Important) openSUSE Leap 15.3 This update for apache-commons-compress fixes the following issues: - Updated to 1.21 - CVE-2021-35515: Fixed an infinite loop when reading a specially crafted 7Z archive. (bsc#1188463) - CVE-2021-35516: Fixed an excessive memory allocation when reading a specially crafted 7Z archive. (bsc#1188464) - CVE-2021-35517: Fixed an excessive memory allocation when reading a specially crafted TAR archive. (bsc#1188465) - CVE-2021-36090: Fixed an excessive memory allocation when reading a specially crafted ZIP archive. (bsc#1188466) Important SUSE bug 1188463 SUSE bug 1188464 SUSE bug 1188465 SUSE bug 1188466 CVE-2021-35515 CVE-2021-35516 CVE-2021-35517 CVE-2021-36090 cpe:/o:opensuse:leap:15.3 Security update for spice-vdagent (Important) openSUSE Leap 15.3 This update for spice-vdagent fixes the following issues: - Update to version 0.21.0 - CVE-2020-25650: memory DoS via arbitrary entries in `active_xfers` hash table (bsc#1177780) - CVE-2020-25651: possible file transfer DoS and information leak via `active_xfers` hash map (bsc#1177781) - CVE-2020-25652: possibility to exhaust file descriptors in `vdagentd` (bsc#1177782) - CVE-2020-25653: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition (bsc#1177783) Important SUSE bug 1173749 SUSE bug 1177780 SUSE bug 1177781 SUSE bug 1177782 SUSE bug 1177783 CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 cpe:/o:opensuse:leap:15.3 Security update for mariadb (Important) openSUSE Leap 15.3 This update for mariadb fixes the following issues: - Update to 10.2.39 (bsc#1182739) - CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870) - CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872) - CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770) Important SUSE bug 1182739 SUSE bug 1183770 SUSE bug 1185870 SUSE bug 1185872 CVE-2021-2154 CVE-2021-2166 CVE-2021-27928 cpe:/o:opensuse:leap:15.3 Security update for mariadb (Important) openSUSE Leap 15.3 This update for mariadb fixes the following issues: - Update to 10.2.39 (bsc#1182739) - CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870) - CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872) - CVE-2021-2180: InnoDB unspecified vulnerability lead to complete DOS. (bsc#1185868) - CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770) Important SUSE bug 1182739 SUSE bug 1183770 SUSE bug 1185868 SUSE bug 1185870 SUSE bug 1185872 SUSE bug 1188300 CVE-2021-2154 CVE-2021-2166 CVE-2021-2180 CVE-2021-27928 cpe:/o:opensuse:leap:15.3 Security update for nodejs8 (Important) openSUSE Leap 15.3 This update for nodejs8 fixes the following issues: - update to npm 6.14.13 - CVE-2021-27290: Fixed ssri Regular Expression Denial of Service. (bsc#1187976) - CVE-2021-23362: Fixed hosted-git-info Regular Expression Denial of Service. (bsc#1187977) - CVE-2020-7774: fixes y18n Prototype Pollution. (bsc#1184450) Important SUSE bug 1184450 SUSE bug 1187976 SUSE bug 1187977 CVE-2020-7774 CVE-2021-23362 CVE-2021-27290 cpe:/o:opensuse:leap:15.3 Security update for djvulibre (Important) openSUSE Leap 15.3 This update for djvulibre fixes the following issues: - CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869) Important SUSE bug 1187869 CVE-2021-3630 cpe:/o:opensuse:leap:15.3 Security update for mysql-connector-java (Moderate) openSUSE Leap 15.3 This update for mysql-connector-java fixes the following issues: - CVE-2020-2875: Unauthenticated attacker with network access via multiple protocols can compromise MySQL Connectors. (bsc#1173600) - CVE-2020-2934: Fixed a vulnerability which could cause a partial denial of service of MySQL Connectors. (bsc#1173600) - CVE-2020-2933: Fixed a vulnerability which could allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. (bsc#1173600) Moderate SUSE bug 1173600 CVE-2020-2875 CVE-2020-2933 CVE-2020-2934 cpe:/o:opensuse:leap:15.3 Security update for php7 (Important) openSUSE Leap 15.3 This update for php7 fixes the following issues: - CVE-2021-21704: Fixed security issues in pdo_firebase module (bsc#1188035). - CVE-2021-21705: Fixed SSRF bypass in FILTER_VALIDATE_URL (bsc#1188037). Important SUSE bug 1188035 SUSE bug 1188037 CVE-2021-21704 CVE-2021-21705 cpe:/o:opensuse:leap:15.3 Security update for python-reportlab (Moderate) openSUSE Leap 15.3 This update for python-reportlab fixes the following issues: - CVE-2020-28463: Fixed Server-side Request Forgery via img tags (bsc#1182503). Moderate SUSE bug 1182503 CVE-2020-28463 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a potential local privilege escalation in the CAN BCM networking protocol (bsc#1187215). - CVE-2021-3612: Fixed an out-of-bounds memory write flaw in the joystick devices subsystem. This flaw allowed a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2021-35039: Fixed mishandling of signature verification. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, did not occur for a module.sig_enforce=1 command-line argument (bsc#1188080). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). - ACPI: DPTF: Fix reading of attributes (git-fixes). - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). - ACPI: PM / fan: Put fan device IDs into separate header file (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: resources: Add checks for ACPI IRQ override (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ACPICA: Fix memory leak caused by _CID repair function (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: firewire-motu: fix detection for S/PDIF source on optical interface in v2 protocol (git-fixes). - ALSA: firewire-motu: fix stream format for MOTU 8pre FireWire (git-fixes). - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). - ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). - ALSA: hda/realtek: Fix pop noise and 2 Front Mic issues on a machine (git-fixes). - ALSA: hda/realtek: Improve fixup for HP Spectre x360 15-df0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830 G8 Notebook PC (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook x360 830 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 450 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 630 G8 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hda: intel-dsp-cfg: add missing ElkhartLake PCI ID (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - ALSA: pcm - fix mmap capability check for the snd-dummy driver (git-fixes). - ALSA: pcm: Call substream ack() method upon compat mmap commit (git-fixes). - ALSA: pcm: Fix mmap capability check (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add missing proc text entry for BESPOKEN type (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: Fix OOB access at proc output (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). - ALSA: usx2y: Avoid camelCase (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: Intel: sof_sdw: add SOF_RT715_DAI_ID_FIX for AlderLake (git-fixes). - ASoC: Intel: sof_sdw: add mutual exclusion between PCH DMIC and RT715 (git-fixes). - ASoC: SOF: loader: Use snd_sof_dsp_block_read() instead sof_block_read() (git-fixes). - ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ASoC: fsl_spdif: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: fsl_spdif: Fix unexpected interrupt after suspend (git-fixes). - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: intel/boards: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: max98373-sdw: add missing memory allocation check (git-fixes). - ASoC: max98373-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). - ASoC: rk3328: fix missing clk_disable_unprepare() on error in rk3328_platform_probe() (git-fixes). - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). - ASoC: rt1308-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: rt5682-sdw: set regcache_cache_only false before reading RT5682_DEVICE_ID (git-fixes). - ASoC: rt5682-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5682: Disable irq on shutdown (git-fixes). - ASoC: rt5682: Fix a problem with error handling in the io init function of the soundwire (git-fixes). - ASoC: rt5682: fix getting the wrong device id when the suspend_stress_test (git-fixes). - ASoC: rt700-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt711-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt715-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: soc-pcm: fix the return value in dpcm_apply_symmetry() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - ASoC: wm_adsp: Correct wm_coeff_tlv_get handling (git-fixes). - Bluetooth: Fix alt settings for incoming SCO with transparent coding format (git-fixes). - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: L2CAP: Fix invalid access if ECRED Reconfigure fails (git-fixes). - Bluetooth: L2CAP: Fix invalid access on ECRED Connection response (git-fixes). - Bluetooth: Remove spurious error message (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btintel: Add infrastructure to read controller information (bsc#1188893). - Bluetooth: btintel: Check firmware version before download (bsc#1188893). - Bluetooth: btintel: Collect tlv based active firmware build info in FW mode (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version parsing (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version_tlv parsing (bsc#1188893). - Bluetooth: btintel: Fix endianness issue for TLV version information (bsc#1188893). - Bluetooth: btintel: Fix offset calculation boot address parameter (bsc#1188893). - Bluetooth: btintel: Functions to send firmware header / payload (bsc#1188893). - Bluetooth: btintel: Move operational checks after version check (bsc#1188893). - Bluetooth: btintel: Refactor firmware download function (bsc#1188893). - Bluetooth: btintel: Reorganized bootloader mode tlv checks in intel_version_tlv parsing (bsc#1188893). - Bluetooth: btintel: Replace zero-length array with flexible-array member (bsc#1188893). - Bluetooth: btintel: Skip reading firmware file version while in bootloader mode (bsc#1188893). - Bluetooth: btqca: Do not modify firmware contents in-place (git-fixes). - Bluetooth: btusb: Add *setup* function for new generation Intel controllers (bsc#1188893). - Bluetooth: btusb: Add support USB ALT 3 for WBS (git-fixes). - Bluetooth: btusb: Add support for GarfieldPeak controller (bsc#1188893). - Bluetooth: btusb: Consolidate code for waiting firmware download (bsc#1188893). - Bluetooth: btusb: Define a function to construct firmware filename (bsc#1188893). - Bluetooth: btusb: Enable MSFT extension for Intel controllers (bsc#1188893). - Bluetooth: btusb: Fix failing to init controllers with operation firmware (bsc#1188893). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: Helper function to download firmware to Intel adapters (bsc#1188893). - Bluetooth: btusb: Map Typhoon peak controller to BTUSB_INTEL_NEWGEN (bsc#1188893). - Bluetooth: btusb: Update boot parameter specific to SKU (bsc#1188893). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Bluetooth: btusb: print firmware file name on error loading firmware (bsc#1188893). - Bluetooth: hci_intel: drop strange le16_to_cpu() against u8 values (bsc#1188893). - Bluetooth: hci_intel: enable on new platform (bsc#1188893). - Bluetooth: hci_intel: switch to list_for_each_entry() (bsc#1188893). - Bluetooth: hci_qca: fix potential GPF (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - Bluetooth: mgmt: Fix the command returns garbage parameter value (git-fixes). - HID: do not use down_interruptible() when unbinding devices (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: SVM: document KVM_MEM_ENCRYPT_OP, let userspace detect if SEV is available (bsc#1188703). - KVM: nVMX: Consult only the 'basic' exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - RDMA/hns: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx4: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx5: Remove unused parameter udata (jsc#SLE-15176). - RDMA/rtrs-clt: Check if the queue_depth has changed during a reconnection (jsc#SLE-15176). - RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its stats (jsc#SLE-15176). - RDMA/rtrs-clt: Fix memory leak of not-freed sess->stats and stats->pcpu_stats (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak of unfreed rtrs_srv_stats object (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak when having multiple sessions (jsc#SLE-15176). - RDMA/rtrs-srv: Replace atomic_t with percpu_ref for ids_inflight (jsc#SLE-15176). - RDMA/rtrs-srv: Set minimal max_send_wr and max_recv_wr (jsc#SLE-15176). - RDMA/rtrs: Do not reset hb_missed_max after re-connection (jsc#SLE-15176). - RDMA/srp: Fix a recently introduced memory leak (jsc#SLE-15176). - Revert 'ACPI: resources: Add checks for ACPI IRQ override' (git-fixes). - Revert 'ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro' (git-fixes). - Revert 'Bluetooth: btintel: Fix endianness issue for TLV version information' (bsc#1188893). - Revert 'USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem' (git-fixes). - Revert 'be2net: disable bh with spin_lock in be_process_mcc' (git-fixes). - Revert 'drm/i915: Propagate errors on awaiting already signaled fences' (git-fixes). - Revert 'drm: add a locked version of drm_is_current_master' (git-fixes). - Revert 'ibmvnic: remove duplicate napi_schedule call in open function' (bsc#1065729). - Revert 'iwlwifi: remove wide_cmd_header field' (bsc#1187495). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - [xarray] iov_iter_fault_in_readable() should do nothing in xarray case (git-fixes). - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472). - ata: ahci_sunxi: Disable DIPM (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - ath10k: go to path err_unsupported when chip id is not supported (git-fixes). - ath10k: remove unused more_frags variable (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bonding: Add struct bond_ipesc to manage SA (bsc#1176447). - bonding: disallow setting nested bonding + ipsec offload (bsc#1176447). - bonding: fix build issue (git-fixes). - bonding: fix incorrect return value of bond_ipsec_offload_ok() (bsc#1176447). - bonding: fix null dereference in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_del_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_offload_ok() (bsc#1176447). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - brcmfmac: Fix a double-free in brcmf_sdio_bus_reset (git-fixes). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes). - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes). - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes). - clk: imx8mq: remove SYS PLL 1/2 clock gates (git-fixes). - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: renesas: rcar-gen3: Update Z clock rate formula in comments (git-fixes). - clk: si5341: Avoid divide errors due to bogus register contents (git-fixes). - clk: si5341: Update initialization magic (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clk: zynqmp: pll: Remove some dead code (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - clocksource: Retry clock read if long delays detected (git-fixes). - coresight: Propagate symlink failure (git-fixes). - coresight: core: Fix use of uninitialized pointer (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes). - crypto: ccp - Fix a resource leak in an error handling path (git-fixes). - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes). - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes). - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes). - crypto: qat - remove unused macro in FW loader (git-fixes). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: Revert unnecessary patches that fix unreal use-after-free bugs (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes). - dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes). - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes). - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes). - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes). - docs: admin-guide: update description for kernel.hotplug sysctl (git-fixes). - docs: virt/kvm: close inline string literal (bsc#1188703). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/dc: Fix a missing check bug in dm_dp_mst_detect() (git-fixes). - drm/amd/display: Avoid HDCP over-read and corruption (git-fixes). - drm/amd/display: Fix DCN 3.01 DSCCLK validation (git-fixes). - drm/amd/display: Fix build warnings (git-fixes). - drm/amd/display: Fix off-by-one error in DML (git-fixes). - drm/amd/display: Release MST resources on switch from MST to SST (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix HDCP reset sequence on reinitialize (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Do not query CE and UE errors (bsc#1152472) - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdgpu: enable sdma0 tmz for Raven/Renoir(V2) (git-fixes). - drm/amdgpu: remove unsafe optimization to drop preamble ib (git-fixes). - drm/amdgpu: update golden setting for sienna_cichlid (git-fixes). - drm/amdgpu: wait for moving fence after pinning (git-fixes). - drm/amdkfd: Fix circular lock in nocpsch path (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/amdkfd: fix circular locking on get_wave_state (git-fixes). - drm/amdkfd: use allowed domain for vmbo validation (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge/sii8620: fix dependency on extcon (git-fixes). - drm/bridge: Fix the stop condition of drm_bridge_chain_pre_enable() (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/bridge: nwl-dsi: Force a full modeset when crtc_state->active is changed to be true (git-fixes). - drm/dp_mst: Do not set proposed vcpi directly (git-fixes). - drm/gma500: Add the missed drm_gem_object_put() in psb_user_framebuffer_create() (git-fixes). - drm/i915/display: Do not zero past infoframes.vsc (git-fixes). - drm/i915/gvt: Clear d3_entered on elsp cmd submission (git-fixes). - drm/i915/selftests: use vma_lookup() in __igt_mmap() (git-fixes). - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes). - drm/msm/dpu: Fix sm8250_mdp register length (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/msm: Small msm_gem_purge() fix (bsc#1152489) - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/nouveau: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/nouveau: fix dma_address check for CPU/GPU sync (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - drm/panel: nt35510: Do not fail if DSI read fails (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/radeon: Call radeon_suspend_kms() in radeon_pci_shutdown() for Loongson64 (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64 result (git-fixes). - drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes). - drm/rockchip: dsi: remove extra component_del() call (git-fixes). - drm/rockchip: lvds: Fix an error handling path (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/scheduler: Fix hang when sched_entity released (git-fixes). - drm/stm: Fix bus_flags handling (bsc#1152472) - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: Fix clock source for VEC PixelValve on BCM2711 (git-fixes). - drm/vc4: crtc: Skip the TXP (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/vc4: hdmi: Fix PM reference leak in vc4_hdmi_encoder_pre_crtc_co() (git-fixes). - drm/vc4: hdmi: Fix error path of hpd-gpios (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) - drm/vc4: hdmi: Prevent clock unbalance (git-fixes). - drm/vc4: txp: Properly set the possible_crtcs mask (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/vmwgfx: Fix cpu updates of coherent multisample surfaces (git-fixes). - drm/vmwgfx: Mark a surface gpu-dirty after the SVGA3dCmdDXGenMips command (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) - drm: bridge: add missing word in Analogix help text (git-fixes). - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm: rockchip: add missing registers for RK3066 (git-fixes). - drm: rockchip: add missing registers for RK3188 (git-fixes). - drm: rockchip: set alpha_en to 0 if it is not used (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - efi/tpm: Differentiate missing and invalid final event log table (bsc#1188036). - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes). - extcon: intel-mrfld: Sync hardware and software state on init (git-fixes). - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - fbmem: Do not delete the mode that is still in use (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes). - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - fpga: machxo2-spi: Address warning about unused variable (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - fuse: check connected before queueing on fpq->io (bsc#1188267). - fuse: ignore PG_workingset after stealing (bsc#1188268). - fuse: reject internal errno (bsc#1188269). - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix an error handling path in 'gve_probe()' (git-fixes). - gve: Fix swapped vars when fetching max queues (git-fixes). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes). - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes). - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i2c: designware: Adjust bus_freq_hz when refuse high speed mode set (git-fixes). - i2c: dev: Add __user annotation (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - i40e: Fix missing rtnl locking when setting up pf switch (jsc#SLE-13701). - i40e: fix PTP on 5Gb links (jsc#SLE-13701). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis16400: do not return ints in irq handlers (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: do not free unallocated IRQ (git-fixes). - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: si1133: fix format string warnings (git-fixes). - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes). - integrity: use arch_ima_get_secureboot instead of checking EFI_SECURE_BOOT when loading MokListRT (bsc#1188366). - intel_th: Wait until port is in reset before programming it (git-fixes). - iwl-trans: move dev_cmd_offs, page_offs to a common trans header (bsc#1187495). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() (git-fixes). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() (git-fixes). - iwlwifi: acpi: evaluate dsm to disable 5.8GHz channels (bsc#1187495). - iwlwifi: acpi: in non acpi compilations remove iwl_sar_geo_init (bsc#1187495). - iwlwifi: acpi: prepare SAR profile selection code for multiple sizes (bsc#1187495). - iwlwifi: acpi: remove dummy definition of iwl_sar_set_profile() (bsc#1187495). - iwlwifi: acpi: rename geo structs to contain versioning (bsc#1187495). - iwlwifi: acpi: support ppag table command v2 (bsc#1187495). - iwlwifi: add a common struct for all iwl_tx_power_cmd versions (bsc#1187495). - iwlwifi: add trans op to set PNVM (bsc#1187495). - iwlwifi: align RX status flags with firmware (bsc#1187495). - iwlwifi: api: fix u32 -> __le32 (bsc#1187495). - iwlwifi: bump FW API to 57 for AX devices (bsc#1187495). - iwlwifi: bump FW API to 59 for AX devices (bsc#1187495). - iwlwifi: calib: Demote seemingly unintentional kerneldoc header (bsc#1187495). - iwlwifi: dbg: Do not touch the tlv data (bsc#1187495). - iwlwifi: dbg: add debug host notification (DHN) time point (bsc#1187495). - iwlwifi: dbg: add dumping special device memory (bsc#1187495). - iwlwifi: dbg: remove IWL_FW_INI_TIME_POINT_WDG_TIMEOUT (bsc#1187495). - iwlwifi: do not export acpi functions unnecessarily (bsc#1187495). - iwlwifi: dvm: Demote a couple of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: devices: Fix function documentation formatting issues (bsc#1187495). - iwlwifi: dvm: lib: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: rxon: Demote non-conformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: scan: Demote a few nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: sta: Demote a bunch of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: tx: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: enable twt by default (bsc#1187495). - iwlwifi: fix 11ax disabled bit in the regulatory capability flags (bsc#1187495). - iwlwifi: fix sar geo table initialization (bsc#1187495). - iwlwifi: fw: add default value for iwl_fw_lookup_cmd_ver (bsc#1187495). - iwlwifi: fw: move assert descriptor parser to common code (bsc#1187495). - iwlwifi: increase PNVM load timeout (bsc#1187495). - iwlwifi: iwl-drv: Provide descriptions debugfs dentries (bsc#1187495). - iwlwifi: iwl-trans: move tfd to trans layer (bsc#1187495). - iwlwifi: move PNVM implementation to common code (bsc#1187495). - iwlwifi: move all bus-independent TX functions to common code (bsc#1187495). - iwlwifi: move bc_pool to a common trans header (bsc#1187495). - iwlwifi: move bc_table_dword to a common trans header (bsc#1187495). - iwlwifi: msix: limit max RX queues for 9000 family (bsc#1187495). - iwlwifi: mvm: Add FTM initiator RTT smoothing logic (bsc#1187495). - iwlwifi: mvm: Do not install CMAC/GMAC key in AP mode (bsc#1187495). - iwlwifi: mvm: add PROTECTED_TWT firmware API (bsc#1187495). - iwlwifi: mvm: add a get lmac id function (bsc#1187495). - iwlwifi: mvm: add an option to add PASN station (bsc#1187495). - iwlwifi: mvm: add d3 prints (bsc#1187495). - iwlwifi: mvm: add support for new WOWLAN_TSC_RSC_PARAM version (bsc#1187495). - iwlwifi: mvm: add support for new version of WOWLAN_TKIP_SETTING_API_S (bsc#1187495). - iwlwifi: mvm: add support for range request command ver 11 (bsc#1187495). - iwlwifi: mvm: add support for responder dynamic config command version 3 (bsc#1187495). - iwlwifi: mvm: assign SAR table revision to the command later (bsc#1187495). - iwlwifi: mvm: avoid possible NULL pointer dereference (bsc#1187495). - iwlwifi: mvm: clear all scan UIDs (bsc#1187495). - iwlwifi: mvm: d3: parse wowlan status version 11 (bsc#1187495). - iwlwifi: mvm: d3: support GCMP ciphers (bsc#1187495). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: mvm: do not check if CSA event is running before removing (bsc#1187495). - iwlwifi: mvm: do not send a CSA command the firmware does not know (bsc#1187495). - iwlwifi: mvm: fix error print when session protection ends (git-fixes). - iwlwifi: mvm: fix suspicious rcu usage warnings (bsc#1187495). - iwlwifi: mvm: fix the type we use in the PPAG table validity checks (bsc#1187495). - iwlwifi: mvm: get number of stations from TLV (bsc#1187495). - iwlwifi: mvm: ignore the scan duration parameter (bsc#1187495). - iwlwifi: mvm: initiator: add option for adding a PASN responder (bsc#1187495). - iwlwifi: mvm: location: set the HLTK when PASN station is added (bsc#1187495). - iwlwifi: mvm: ops: Remove unused static struct 'iwl_mvm_debug_names' (bsc#1187495). - iwlwifi: mvm: prepare roc_done_wk to work sync (bsc#1187495). - iwlwifi: mvm: process ba-notifications also when sta rcu is invalid (bsc#1187495). - iwlwifi: mvm: re-enable TX after channel switch (bsc#1187495). - iwlwifi: mvm: read and parse SKU ID if available (bsc#1187495). - iwlwifi: mvm: remove memset of kek_kck command (bsc#1187495). - iwlwifi: mvm: remove redundant log in iwl_mvm_tvqm_enable_txq() (bsc#1187495). - iwlwifi: mvm: remove redundant support_umac_log field (bsc#1187495). - iwlwifi: mvm: responder: allow to set only the HLTK for an associated station (bsc#1187495). - iwlwifi: mvm: ring the doorbell and wait for PNVM load completion (bsc#1187495). - iwlwifi: mvm: rs-fw: handle VHT extended NSS capability (bsc#1187495). - iwlwifi: mvm: send stored PPAG command instead of local (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT feature if supported by firmware (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT in MAC data policy (bsc#1187495). - iwlwifi: mvm: set enabled in the PPAG command properly (bsc#1187495). - iwlwifi: mvm: stop claiming NL80211_EXT_FEATURE_SET_SCAN_DWELL (bsc#1187495). - iwlwifi: mvm: store PPAG enabled/disabled flag properly (bsc#1187495). - iwlwifi: mvm: support ADD_STA_CMD_API_S ver 12 (bsc#1187495). - iwlwifi: mvm: support more GTK rekeying algorithms (bsc#1187495). - iwlwifi: mvm: support new KEK KCK api (bsc#1187495). - iwlwifi: mvm: tx: Demote misuse of kernel-doc headers (bsc#1187495). - iwlwifi: mvm: use CHECKSUM_COMPLETE (bsc#1187495). - iwlwifi: mvm: utils: Fix some doc-rot (bsc#1187495). - iwlwifi: pcie: avoid potential PNVM leaks (bsc#1187495). - iwlwifi: pcie: do not disable interrupts for reg_lock (bsc#1187495). - iwlwifi: pcie: fix context info freeing (git-fixes). - iwlwifi: pcie: fix the xtal latency value for a few qu devices (bsc#1187495). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - iwlwifi: pcie: implement set_pnvm op (bsc#1187495). - iwlwifi: pcie: make iwl_pcie_txq_update_byte_cnt_tbl bus independent (bsc#1187495). - iwlwifi: pcie: properly set LTR workarounds on 22000 devices (bsc#1187495). - iwlwifi: phy-ctxt: add new API VER 3 for phy context cmd (bsc#1187495). - iwlwifi: pnvm: do not skip everything when not reloading (bsc#1187495). - iwlwifi: pnvm: do not try to load after failures (bsc#1187495). - iwlwifi: pnvm: increment the pointer before checking the TLV (bsc#1187495). - iwlwifi: pnvm: set the PNVM again if it was already loaded (bsc#1187495). - iwlwifi: provide gso_type to GSO packets (bsc#1187495). - iwlwifi: queue: bail out on invalid freeing (bsc#1187495). - iwlwifi: read and parse PNVM file (bsc#1187495). - iwlwifi: regulatory: regulatory capabilities api change (bsc#1187495). - iwlwifi: remove iwl_validate_sar_geo_profile() export (bsc#1187495). - iwlwifi: remove wide_cmd_header field (bsc#1187495). - iwlwifi: rs: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: rs: align to new TLC config command API (bsc#1187495). - iwlwifi: rs: set RTS protection for all non legacy rates (bsc#1187495). - iwlwifi: sta: defer ADDBA transmit in case reclaimed SN != next SN (bsc#1187495). - iwlwifi: stats: add new api fields for statistics cmd/ntfy (bsc#1187495). - iwlwifi: support REDUCE_TX_POWER_CMD version 6 (bsc#1187495). - iwlwifi: support version 3 of GEO_TX_POWER_LIMIT (bsc#1187495). - iwlwifi: support version 5 of the alive notification (bsc#1187495). - iwlwifi: thermal: support new temperature measurement API (bsc#1187495). - iwlwifi: update prph scratch structure to include PNVM data (bsc#1187495). - iwlwifi: use correct group for alive notification (bsc#1187495). - iwlwifi: wowlan: adapt to wowlan status API version 10 (bsc#1187495). - iwlwifi: yoyo: add support for internal buffer allocation in D3 (bsc#1187495). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - ixgbevf: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - kABI compatibility fix for max98373_priv struct (git-fixes). - kABI workaround for btintel symbol changes (bsc#1188893). - kABI workaround for intel_th_driver (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kABI: restore struct tcpc_config definition (git-fixes). - kabi/severities: ignore kABI of iwlwifi symbols (bsc#1187495) iwlwifi driver consists of several modules and all exported symbols are internal uses. Let's ignore kABI checks of those. - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042). - kernel-binary.spec: Fix up usrmerge for non-modular kernels. - kernel-binary.spec: Remove obsolete and wrong comment mkmakefile is repleced by echo on newer kernel - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes). - leds: class: The -ENOTSUPP should never be seen by user space (git-fixes). - leds: ktd2692: Fix an error handling path (git-fixes). - leds: lm3532: select regmap I2C API (git-fixes). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - mac80211: consider per-CPU statistics if present (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - mac80211: reset profile_periodicity/ema_ap (git-fixes). - mac80211_hwsim: add concurrent channels scanning support over virtio (git-fixes). - mac80211_hwsim: drop pending frames on stop (git-fixes). - math: Export mul_u64_u64_div_u64 (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: Fix Media Controller API config checks (git-fixes). - media: I2C: change 'RST' to 'RSET' to fix multiple build errors (git-fixes). - media: au0828: fix a NULL vs IS_ERR() check (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes). - media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes). - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes). - media: mtk-vcodec: fix PM runtime get logic (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: rc: i2c: Fix an error message (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes). - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes). - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: siano: fix device register error path (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes). - media: sti: fix obj-$(config) targets (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes). - memstick: rtsx_usb_ms: fix UAF (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mm, futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: fix fixed-rate tx status reporting (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: mt7915: fix IEEE80211_HE_PHY_CAP7_MAX_NC for station mode (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes). - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes). - mvpp2: suppress warning (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net/sched: act_ct: remove and free nf_table callbacks (jsc#SLE-15172). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: fec_ptp: fix issue caused by refactor the fec_devtype (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: ipw2x00,iwlegacy,iwlwifi: Remove in_interrupt() from debug macros (bsc#1187495). - net: iwlwifi: Remove in_interrupt() from tracing macro (bsc#1187495). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: netdevsim: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - net: phy: fix save wrong speed and duplex problem if autoneg is on (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: phy: realtek: add delay to fix RXC generation issue (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo (bsc#1176447). - nfc: nfcsim: fix use after free during module unload (git-fixes). - nvme-rdma: fix in-casule data send for chained sgls (git-fixes). - nvme-rdma: introduce nvme_rdma_sgl structure (git-fixes). - nvme-tcp: rerun io_work if req_list is not empty (git-fixes). - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious 'stale' traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - prctl: PR_{G,S}ET_IO_FLUSHER to support controlling memory reclaim (bsc#1188752). - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on 'acquired' and 'released' notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes). - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes). - replaced with upstream security mitigation cleanup - reset: a10sr: add missing of_match_table reference (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes). - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes). - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - rtw88: 8822c: fix lc calibration timing (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - scsi: ibmvfc: Fix command state accounting and stale response detection (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes). - serial: 8250_pci: Add support for new HPE serial device (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - serial: tegra-tcu: Reorder channel initialization (git-fixes). - serial_cs: Add Option International GSM-Ready 56K/ISDN modem (git-fixes). - serial_cs: remove wrong GLOBETROTTER.cis entry (git-fixes). - sfp: Fix error handing in sfp_probe() (git-fixes). - skbuff: Fix build with SKB extensions disabled (jsc#SLE-15172). - skbuff: Release nfct refcount on napi stolen or re-used skbs (jsc#SLE-15172). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - soc: fsl: qbman: Delete useless kfree code (bsc#1188176). - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176). - soundwire: stream: Fix test for DP prepare complete (git-fixes). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: fspi: dynamically alloc AHB memory (bsc#1188121). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121). - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121). - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121). - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121). - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - ssb: Fix error return code in ssb_bus_scan() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes). - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - thermal/drivers/int340x/processor_thermal: Fix tcc setting (git-fixes). - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes). - thunderbolt: Bond lanes only when dual_link_port != NULL in alloc_dev_default() (git-fixes). - timers: Fix get_next_timer_interrupt() with no timers pending (git-fixes) - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036). - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036). - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036). - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1188036). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - tracing/histograms: Fix parsing of 'sym-offset' modifier (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes). - tracing: Simplify & fix saved_tgids logic (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: Do not reset the core after setting turnaround time (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: dwc3: Fix debugfs creation flow (git-fixes). - usb: gadget: eem: fix echo command packet response issue (git-fixes). - usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usb: typec: fusb302: Always provide fwnode for the port (git-fixes). - usb: typec: fusb302: fix 'op-sink-microwatt' default that was in mW (git-fixes). - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes). - usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes). - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes). - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes). - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes). - usb: typec: tcpm: set correct data role for non-DRD (git-fixes). - usb: typec: tcpm: update power supply once partner accepts (git-fixes). - usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: typec: wcove: Fx wrong kernel doc format (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - vfio/pci: Handle concurrent vma faults (git-fixes). - vfs: Convert functionfs to use the new mount API (git -fixes). - video: fbdev: imxfb: Fix an error message (git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - visorbus: fix error return code in visorchipset_init() (git-fixes). - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: carl9170: fix LEDS build errors & warnings (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: Fix xfrm offload fallback fail case (bsc#1176447). - xfrm: delete xfrm4_output_finish xfrm6_output_finish declarations (bsc#1176447). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). - xhci: solve a double free problem while doing s4 (git-fixes). - xsk: Fix missing validation for skb and unaligned mode (jsc#SLE-13706). Important SUSE bug 1065729 SUSE bug 1085224 SUSE bug 1094840 SUSE bug 1113295 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1156395 SUSE bug 1170511 SUSE bug 1176447 SUSE bug 1176940 SUSE bug 1179243 SUSE bug 1180092 SUSE bug 1180814 SUSE bug 1183871 SUSE bug 1184114 SUSE bug 1184350 SUSE bug 1184631 SUSE bug 1184804 SUSE bug 1185308 SUSE bug 1185377 SUSE bug 1185791 SUSE bug 1186194 SUSE bug 1186206 SUSE bug 1186482 SUSE bug 1186483 SUSE bug 1187215 SUSE bug 1187476 SUSE bug 1187495 SUSE bug 1187585 SUSE bug 1188036 SUSE bug 1188080 SUSE bug 1188101 SUSE bug 1188121 SUSE bug 1188126 SUSE bug 1188176 SUSE bug 1188267 SUSE bug 1188268 SUSE bug 1188269 SUSE bug 1188323 SUSE bug 1188366 SUSE bug 1188405 SUSE bug 1188445 SUSE bug 1188504 SUSE bug 1188620 SUSE bug 1188683 SUSE bug 1188703 SUSE bug 1188720 SUSE bug 1188746 SUSE bug 1188747 SUSE bug 1188748 SUSE bug 1188752 SUSE bug 1188770 SUSE bug 1188771 SUSE bug 1188772 SUSE bug 1188773 SUSE bug 1188774 SUSE bug 1188777 SUSE bug 1188838 SUSE bug 1188876 SUSE bug 1188885 SUSE bug 1188893 SUSE bug 1188973 CVE-2021-21781 CVE-2021-22543 CVE-2021-35039 CVE-2021-3609 CVE-2021-3612 CVE-2021-3659 CVE-2021-37576 cpe:/o:opensuse:leap:15.3 Security update for grafana (Important) openSUSE Leap 15.3 This update for grafana fixes the following issues: - CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call (bsc#1183803) - Update to version 7.5.7: * Updated relref to 'Configuring exemplars' section (#34240) (#34243) * Added exemplar topic (#34147) (#34226) * Quota: Do not count folders towards dashboard quota (#32519) (#34025) * Instructions to separate emails with semicolons (#32499) (#34138) * Docs: Remove documentation of v8 generic OAuth feature (#34018) * Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned (#33957) (#33975) * [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935) * ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932) (#33936) * Stop hoisting @icons/material (#33922) * Chore: fix react-color version in yarn.lock (#33914) * 'Release: Updated versions in package to 7.5.6' (#33909) * Loki: fix label browser crashing when + typed (#33900) (#33901) * Document `hide_version` flag (#33670) (#33881) * Add isolation level db configuration parameter (#33830) (#33878) * Sanitize PromLink button (#33874) (#33876) * Removed content as per MarcusE's suggestion in https://github.com/grafana/grafana/issues/33822. (#33870) (#33872) * Docs feedback: /administration/provisioning.md (#33804) (#33842) * Docs: delete from high availability docs references to removed configurations related to session storage (#33827) (#33851) * Docs: Update _index.md (#33797) (#33799) * Docs: Update installation.md (#33656) (#33703) * GraphNG: uPlot 1.6.9 (#33598) (#33612) * dont consider invalid email address a failed email (#33671) (#33681) * InfluxDB: Improve measurement-autocomplete behavior in query editor (#33494) (#33625) * add template for dashboard url parameters (#33549) (#33588) * Add note to Snapshot API doc to specify that user has to provide the entire dashboard model (#33572) (#33586) * Update team.md (#33454) (#33536) * Removed duplicate file 'dashboard_folder_permissions.md (#33497) * Document customQueryParameters for prometheus datasource provisioning (#33440) (#33495) * ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473) (#33492) * Documentation: Update developer-guide.md (#33478) (#33490) * add closed parenthesis to fix a hyperlink (#33471) (#33481) - Update to version 7.5.5: * 'Release: Updated versions in package to 7.5.5' (#33469) * GraphNG: Fix exemplars window position (#33427) (#33462) * Remove field limitation from slack notification (#33113) (#33455) * Prometheus: Support POST in template variables (#33321) (#33441) * Instrumentation: Add success rate metrics for email notifications (#33359) (#33409) * Use either moment objects (for absolute times in the datepicker) or string (for relative time) (#33315) (#33406) * Docs: Removed type from find annotations example. (#33399) (#33403) * [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus (#33255) * Updated label for add panel. (#33285) (#33286) * Bug: Add git to Dockerfile.ubuntu (#33247) (#33248) * Docs: Sync latest master docs with 7.5.x (#33156) * Docs: Update getting-started-influxdb.md (#33234) (#33241) * Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239) * Minor Changes in Auditing.md (#31435) (#33238) * Docs: Add license check endpoint doc (#32987) (#33236) * Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second (#33153) (#33219) * Docs: InfluxDB doc improvements (#32815) (#33185) * [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031) * update cla (#33181) * Fix inefficient regular expression (#33155) (#33159) * Auth: Don't clear auth token cookie when lookup token fails (#32999) (#33136) * Elasticsearch: Add documentation for supported Elasticsearch query transformations (#33072) (#33128) * Update team.md (#33060) (#33084) * GE issue 1268 (#33049) (#33081) * Fixed some formatting issues for PRs from yesterday. (#33078) (#33079) * Explore: Load default data source in Explore when the provided source does not exist (#32992) (#33061) * Docs: Replace next with latest in aliases (#33054) (#33059) * Added missing link item. (#33052) (#33055) * Backport 33034 (#33038) * Docs: Backport 32916 to v7.5x (#33008) * ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973) (#32998) * Elasticsearch: Force re-rendering of each editor row type change (#32993) (#32996) * Docs: Sync release branch with latest docs (#32986) - Update to version 7.5.4: * 'Release: Updated versions in package to 7.5.4' (#32971) * fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967) * Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968) * fix sqlite3 tx retry condition operator precedence (#32897) (#32952) * AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947) * Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945) * GraphNG: uPlot 1.6.8 (#32859) (#32863) * Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844) * Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804) * [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758) * TablePanel: Makes sorting case-insensitive (#32435) (#32752) - Update to version 7.5.3: * 'Release: Updated versions in package to 7.5.3' (#32745) * FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741) * Loki: Remove empty annotations tags (#32359) (#32490) * SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739) * Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726) * Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714) * Variables: Confirms selection before opening new picker (#32586) (#32710) * CloudWarch: Fix service quotas link (#32686) (#32689) * Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598) * chore: bump execa to v2.1.0 (#32543) (#32592) * Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558) * Fix broken gtime tests (#32582) (#32587) * resolve conflicts (#32567) * gtime: Make ParseInterval deterministic (#32539) (#32560) * Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535) * TextboxVariable: Limits the length of the preview value (#32472) (#32530) * AdHocVariable: Adds default data source (#32470) (#32476) * Variables: Fixes Unsupported data format error for null values (#32480) (#32487) * Prometheus: align exemplars check to latest api change (#32513) (#32515) * 'Release: Updated versions in package to 7.5.2' (#32502) * SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488) * Set spanNulls to default (#32471) (#32486) * Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442) * API: Return 409 on datasource version conflict (#32425) (#32433) * API: Return 400 on invalid Annotation requests (#32429) (#32431) * Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424) * Table: Fixes so links work for image cells (#32370) (#32410) * Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394) * DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395) * API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397) * 'Release: Updated versions in package to 7.5.1' (#32362) * MSSQL: Upgrade go-mssqldb (#32347) (#32361) * GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348) * 'Release: Updated versions in package to 7.5.0' (#32308) * Loki: Fix text search in Label browser (#32293) (#32306) * Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299) * PieChartV2: Add migration from old piechart (#32259) (#32291) * LibraryPanels: Adds Type and Description to DB (#32258) (#32288) * LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284) * Library Panels: Add 'Discard' button to panel save modal (#31647) (#32281) * LibraryPanels: Changes to non readonly reducer (#32193) (#32200) * Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262) * SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102) * DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247) * Logs: If log message missing, use empty string (#32080) (#32243) * CloudWatch: Use latest version of aws sdk (#32217) (#32223) * Release: Updated versions in package to 7.5.0-beta.2 (#32158) * HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154) * GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151) * Fix loading timezone info on windows (#32029) (#32149) * SQLStore: Close session in withDbSession (#31775) (#32108) * Remove datalink template suggestions for accessing specific fields when there are multiple dataframes. (#32057) (#32148) * GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125) * MixedDataSource: Name is updated when data source variable changes (#32090) (#32144) * Backport 32005 to v7.5.x #32128 (#32130) * Loki: Label browser UI updates (#31737) (#32119) * ValueMappings: Fixes value 0 not being mapped (#31924) (#31929) * GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103) * LibraryPanels: Improves the Get All experience (#32028) (#32093) * Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032) * Exemplars: always query exemplars (#31673) (#32024) * [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055) * Chore: Collect elasticsearch version usage stats (#31787) (#32063) * Chore: Tidy up Go deps (#32053) * GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066) * Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060) * [v7.5.x] Auth: Allow soft token revocation (#32037) * Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036) * Make master green (#32011) (#32015) * Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982) * Variables: Fixes filtering in picker with null items (#31979) (#31995) * TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003) * Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987) * Loki: Fix type errors in language_provider (#31902) (#31945) * PanelInspect: Interpolates variables in CSV file name (#31936) (#31977) * Cloudwatch: use shared library for aws auth (#29550) (#31946) * Tooltip: partial perf improvement (#31774) (#31837) (#31957) * Backport 31913 to v7.5.x (#31955) * Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938) * Variables: Do not reset description on variable type change (#31933) (#31939) * [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894) * Elasticseach: Support histogram fields (#29079) (#31914) * Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896) * Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891) * Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801) * [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882) * Run go mod tidy to update go.mod and go.sum (#31859) * Grafana/ui: display all selected levels for Cascader (#31729) (#31862) * CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861) * Cloudwatch: ListMetrics API page limit (#31788) (#31851) * Remove invalid attribute (#31848) (#31850) * CloudWatch: Restrict auth provider and assume role usage according to… (#31845) * CloudWatch: Add support for EC2 IAM role (#31804) (#31841) * Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819) * Variables: Improves inspection performance and unknown filtering (#31811) (#31813) * Change piechart plugin state to beta (#31797) (#31798) * ReduceTransform: Include series with numeric string names (#31763) (#31794) * Annotations: Make the annotation clean up batch size configurable (#31487) (#31769) * Fix escaping in ANSI and dynamic button removal (#31731) (#31767) * DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718) * log skipped, performed and duration for migrations (#31722) (#31754) * Search: Make items more compact (#31734) (#31750) * loki_datasource: add documentation to label_format and line_format (#31710) (#31746) * Tempo: Convert tempo to backend data source2 (#31733) * Elasticsearch: Fix script fields in query editor (#31681) (#31727) * Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717) * Admin: Keeps expired api keys visible in table after delete (#31636) (#31675) * Tempo: set authentication header properly (#31699) (#31701) * Tempo: convert to backend data source (#31618) (#31695) * Update package.json (#31672) * Release: Bump version to 7.5.0-beta.1 (#31664) * Fix whatsNewUrl version to 7.5 (#31666) * Chore: add alias for what's new 7.5 (#31669) * Docs: Update doc for PostgreSQL authentication (#31434) * Docs: document report template variables (#31637) * AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633) * Color: Fixes issue where colors where reset to gray when switch panels (#31611) * Live: Use pure WebSocket transport (#31630) * Docs: Fix broken image link (#31661) * Docs: Add Whats new in 7.5 (#31659) * Docs: Fix links for 7.5 (#31658) * Update enterprise-configuration.md (#31656) * Explore/Logs: Escaping of incorrectly escaped log lines (#31352) * Tracing: Small improvements to trace types (#31646) * Update _index.md (#31645) * AlertingNG: code refactoring (#30787) * Remove pkill gpg-agent (#31169) * Remove format for plugin routes (#31633) * Library Panels: Change unsaved change detection logic (#31477) * CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624) * add new metrics and dimensions (#31595) * fix devenv dashboard content typo (#31583) * DashList: Sort starred and searched dashboard alphabetically (#31605) * Docs: Update whats-new-in-v7-4.md (#31612) * SSE: Add 'Classic Condition' on backend (#31511) * InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259) * Alerting: PagerDuty: adding current state to the payload (#29270) * devenv: Fix typo (#31589) * Loki: Label browser (#30351) * LibraryPanels: No save modal when user is on same dashboard (#31606) * Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603) * Update node-graph.md (#31571) * test: pass Cypress options objects into selector wrappers (#31567) * Loki: Add support for alerting (#31424) * Tracing: Specify type of the data frame that is expected for TraceView (#31465) * LibraryPanels: Adds version column (#31590) * PieChart: Add color changing options to pie chart (#31588) * Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558) * Bring back correct legend sizing afer PlotLegend refactor (#31582) * Alerting: Fix bug in Discord for when name for metric value is absent (#31257) * LibraryPanels: Deletes library panels during folder deletion (#31572) * chore: bump lodash to 4.17.21 (#31549) * Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus in explore (#31518) * TestData: Fixes never ending annotations scenario (#31573) * CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498) * propagate plugin unavailable message to UI (#31560) * ConfirmButton: updates story from knobs to controls (#31476) * Loki: Refactor line limit to use grafana/ui component (#31509) * LibraryPanels: Adds folder checks and permissions (#31473) * Add guide on custom option editors (#31254) * PieChart: Update text color and minor changes (#31546) * Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036) * Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210) * PieChart: Improve piechart legend and options (#31446) * Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538) * Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539) * Add multiselect options ui (#31501) * Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516) * Variables: Fixes error with: cannot read property length of undefined (#31458) * Explore: Show ANSI colored logs in logs context (#31510) * LogsPanel: Show all received logs (#31505) * AddPanel: Design polish (#31484) * TimeSeriesPanel: Remove unnecessary margin from legend (#31467) * influxdb: flux: handle is-hidden (#31324) * Graph: Fix tooltip not showing when close to the edge of viewport (#31493) * FolderPicker: Remove useNewForms from FolderPicker (#31485) * Add reportVariables feature toggle (#31469) * Grafana datasource: support multiple targets (#31495) * Update license-restrictions.md (#31488) * Docs: Derived fields links in logs detail view (#31482) * Docs: Add new data source links to Enterprise page (#31480) * Convert annotations to dataframes (#31400) * ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475) * GrafanaUI: Fixes typescript error for missing css prop (#31479) * Login: handle custom token creation error messages (#31283) * Library Panels: Don't list current panel in available panels list (#31472) * DashboardSettings: Migrate Link Settings to React (#31150) * Frontend changes for library panels feature (#30653) * Alerting notifier SensuGo: improvements in default message (#31428) * AppPlugins: Options to disable showing config page in nav (#31354) * add aws config (#31464) * Heatmap: Fix missing/wrong value in heatmap legend (#31430) * Chore: Fixes small typos (#31461) * Graphite/SSE: update graphite to work with server side expressions (#31455) * update the lastest version to 7.4.3 (#31457) * ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454) * AWS: Add aws plugin configuration (#31312) * Revert ''Release: Updated versions in package to 7.4.3' (#31444)' (#31452) * Remove UserSyncInfo.tsx (#31450) * Elasticsearch: Add word highlighting to search results (#30293) * Chore: Fix eslint react hook warnings in grafana-ui (#31092) * CloudWatch: Make it possible to specify custom api endpoint (#31402) * Chore: fixed incorrect naming for disable settings (#31448) * TraceViewer: Fix show log marker in spanbar (#30742) * LibraryPanels: Adds permissions to getAllHandler (#31416) * NamedColorsPalette: updates story from knobs to controls (#31443) * 'Release: Updated versions in package to 7.4.3' (#31444) * ColorPicker: updates story from knobs to controls (#31429) * Streaming: Fixes an issue with time series panel and streaming data source when scrolling back from being out of view (#31431) * ClipboardButton: updates story from knobs to controls (#31422) * we should never log unhashed tokens (#31432) * CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407) * Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322) * Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353) * CloudWatch: Added AWS Ground Station metrics and dimensions (#31362) * TraceViewer: Fix trace to logs icon to show in right pane (#31414) * add hg team as migrations code owners (#31420) * Remove tidy-check script (#31423) * InfluxDB: handle columns named 'table' (#30985) * Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401) * Devenv: Add gdev-influxdb2 data source (#31250) * Update grabpl from 0.5.38 to 0.5.42 version (#31419) * Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421) * remove squadcast details from docs (#31413) * Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297) * Logging: add frontend logging helpers to @grafana/runtime package (#30482) * CallToActionCard: updates story from knobs to controls (#31393) * Add eu-south-1 cloudwatch region, closes #31197 (#31198) * Chore: Upgrade eslint packages (#31408) * Cascader: updates story from knobs to controls (#31399) * addressed issues 28763 and 30314. (#31404) * Added section Query a time series database by id (#31337) * Prometheus: Change default httpMethod for new instances to POST (#31292) * Data source list: Use Card component (#31326) * Chore: Remove gotest.tools dependency (#31391) * Revert 'StoryBook: Introduces Grafana Controls (#31351)' (#31388) * Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387) * AdHocVariables: Fixes crash when values are stored as numbers (#31382) * Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379) * Chore: Fix strict errors, down to 416 (#31365) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378) * StoryBook: Introduces Grafana Controls (#31351) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313) * Theming: Support for runtime theme switching and hooks for custom themes (#31301) * Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282) * Zipkin: Show success on test data source (#30829) * Update grot template (needs more info) (#31350) * DatasourceSrv: Fix instance retrieval when datasource variable value set to 'default' (#31347) * TimeSeriesPanel: Fixes overlapping time axis ticks (#31332) * Grafana/UI: Add basic legend to the PieChart (#31278) * SAML: single logout only enabled in enterprise (#31325) * QueryEditor: handle query.hide changes in angular based query-editors (#31336) * DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334) * LibraryPanels: Syncs panel title with name (#31311) * Chore: Upgrade golangci-lint (#31330) * Add info to docs about concurrent session limits (#31333) * Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316) * BarGuage: updates story from knobs to controls (#31223) * Docs: Clarifies how to add Key/Value pairs (#31303) * Usagestats: Exclude folders from total dashboard count (#31320) * ButtonCascader: updates story from knobs to controls (#31288) * test: allow check for Table as well as Graph for Explore e2e flow (#31290) * Grafana-UI: Update tooltip type (#31310) * fix 7.4.2 release note (#31299) * Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285) * Chore: reduce strict errors for variables (#31241) * update latest release version (#31296) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291) * Correct name of Discord notifier tests (#31277) * Docs: Clarifies custom date formats for variables (#31271) * BigValue: updates story from knobs to controls (#31240) * Docs: Annotations update (#31194) * Introduce functions for interacting with library panels API (#30993) * Search: display sort metadata (#31167) * Folders: Editors should be able to edit name and delete folders (#31242) * Make Datetime local (No date if today) working (#31274) * UsageStats: Purpose named variables (#31264) * Snapshots: Disallow anonymous user to create snapshots (#31263) * only update usagestats every 30min (#31131) * Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701) * Grafana-UI: Add id to Select to make it easier to test (#31230) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) * UI/Card: Fix handling of 'onClick' callback (#31225) * Loki: Add line limit for annotations (#31183) * Remove deprecated and breaking loki config field (#31227) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) * LibraryPanels: Disconnect before connect during dashboard save (#31235) * Disable Change Password for OAuth users (#27886) * TagsInput: Design update and component refactor (#31163) * Variables: Adds back default option for data source variable (#31208) * IPv6: Support host address configured with enclosing square brackets (#31226) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179) * GraphNG: refactor core to class component (#30941) * Remove last synchronisation field from LDAP debug view (#30984) * Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975) * Graph: Make axes unit option work even when field option unit is set (#31205) * AlertingNG: Test definition (#30886) * Docs: Update Influx config options (#31146) * WIP: Skip this call when we skip migrations (#31216) * use 0.1.0 (#31215) * DataSourceSrv: Filter out non queryable data sources by default (#31144) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193) * Chore: report eslint no-explicit-any errors to metrics (#31182) * Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211) * Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773) * Alerting: Fix modal text for deleting obsolete notifier (#31171) * Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204) * Variables: Fixes missing empty elements from regex filters (#31156) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) * Fixed the typo. (#31189) * Docs: Rewrite preferences docs (#31154) * Explore/Refactor: Simplify URL handling (#29173) * DashboardLinks: Fixes links always cause full page reload (#31178) * Replace PR with Commit truncated hash when build fails (#31177) * Alert: update story to use controls (#31145) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) * Update prometheus.md (#31173) * Variables: Extend option pickers to accept custom onChange callback (#30913) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) * Add author name and pr number in drone pipeline notifications (#31124) * Prometheus: Add documentation for ad-hoc filters (#31122) * DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135) * Alerting: Fix so that sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down (#31079) * Chore: Update latest.json (#31139) * Docs: add 7.4.1 relese notes link (#31137) * PieChart: Progress on new core pie chart (#28020) * ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133) * Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121) * MuxWriter: Handle error for already closed file (#31119) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) * Search: add sort information in dashboard results (#30609) * area/grafana/e2e: ginstall should pull version specified (#31056) * Exemplars: Change CTA style (#30880) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) * Docs: request security (#30937) * update configurePanel for 7.4.0 changes (#31093) * Elasticsearch: fix log row context erroring out (#31088) * Prometheus: Fix issues with ad-hoc filters (#30931) * LogsPanel: Add deduplication option for logs (#31019) * Drone: Make sure CDN upload is ok before pushing docker images (#31075) * PluginManager: Remove some global state (#31081) * test: update addDashboard flow for v7.4.0 changes (#31059) * Transformations: Fixed typo in FilterByValue transformer description. (#31078) * Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074) * Usage stats: Adds source/distributor setting (#31039) * CDN: Add CDN upload step to enterprise and release pipelines (#31058) * Chore: Replace native select with grafana ui select (#31030) * Docs: Update json-model.md (#31066) * Docs: Update whats-new-in-v7-4.md (#31069) * Added hyperlinks to Graphite documentation (#31064) * DashboardSettings: Update to new form styles (#31022) * CDN: Fixing drone CI config (#31052) * convert path to posix by default (#31045) * DashboardLinks: Fixes crash when link has no title (#31008) * Alerting: Fixes so notification channels are properly deleted (#31040) * Explore: Remove emotion error when displaying logs (#31026) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) * CDN: Adds uppload to CDN step to drone CI (#30879) * Improved glossary (#31004) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) * Drone: Fix deployment image (#31027) * ColorPicker: migrated styles from sass to emotion (#30909) * Dashboard: Migrate general settings to react (#30914) * Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018) * Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966) * Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017) * Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013) * Graph: Fixes so graph is shown for non numeric time values (#30972) * CloudMonitoring: Prevent resource type variable function from crashing (#30901) * Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971) * Build: Releases e2e and e2e-selectors too (#31006) * TextPanel: Fixes so panel title is updated when variables change (#30884) * Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000) * instrumentation: make the first database histogram bucket smaller (#30995) * Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt… (#30988) * StatPanel: Fixes issue formatting date values using unit option (#30979) * Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973) * Units: Fixes formatting of duration units (#30982) * Elasticsearch: Show Size setting for raw_data metric (#30980) * Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935) * make sure service and slo display name is passed to segment comp (#30900) * assign changes in cloud datasources to the new cloud datasources team (#30645) * Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927) * Theme: Use higher order theme color variables rather then is light/dark logic (#30939) * Docs: Add alias for what's new in 7.4 (#30945) * e2e: extends selector factory to plugins (#30932) * Chore: Upgrade docker build image (#30820) * Docs: updated developer guide (#29978) * Alerts: Update Alert storybook to show more states (#30908) * Variables: Adds queryparam formatting option (#30858) * Chore: pad unknown values with undefined (#30808) * Transformers: add search to transform selection (#30854) * Exemplars: change api to reflect latest changes (#30910) * docs: use selinux relabelling on docker containers (#27685) * Docs: Fix bad image path for alert notification template (#30911) * Make value mappings correctly interpret numeric-like strings (#30893) * Chore: Update latest.json (#30905) * Docs: Update whats-new-in-v7-4.md (#30882) * Dashboard: Ignore changes to dashboard when the user session expires (#30897) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902) * test: add support for timeout to be passed in for addDatasource (#30736) * increase page size and make sure the cache supports query params (#30892) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) * OAuth: custom username docs (#28400) * Panels: Remove value mapping of values that have been formatted #26763 (#30868) * Alerting: Fixes alert panel header icon not showing (#30840) * AlertingNG: Edit Alert Definition (#30676) * Logging: sourcemap support for frontend stacktraces (#30590) * Added 'Restart Grafana' topic. (#30844) * Docs: Org, Team, and User Admin (#30756) * bump grabpl version to 0.5.36 (#30874) * Plugins: Requests validator (#30445) * Docs: Update whats-new-in-v7-4.md (#30876) * Docs: Add server view folder (#30849) * Fixed image name and path (#30871) * Grafana-ui: fixes closing modals with escape key (#30745) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) * TestData: Fixes issue with for ever loading state when all queries are hidden (#30861) * Chart/Tooltip: refactored style declaration (#30824) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853) * Grafana-ui: fixes no data message in Table component (#30821) * grafana/ui: Update pagination component for large number of pages (#30151) * Alerting: Customise OK notification priorities for Pushover notifier (#30169) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) * Chore: Remove panelTime.html, closes #30097 (#30842) * Docs: Time series panel, bar alignment docs (#30780) * Chore: add more docs annotations (#30847) * Transforms: allow boolean in field calculations (#30802) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825) * Update prometheus.md with image link fix (#30833) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) * Update license-expiration.md (#30839) * Explore rewrite (#30804) * Prometheus: Set type of labels to string (#30831) * GrafanaUI: Add a way to persistently close InfoBox (#30716) * Fix typo in transformer registry (#30712) * Elasticsearch: Display errors with text responses (#30122) * CDN: Fixes cdn path when Grafana is under sub path (#30822) * TraceViewer: Fix lazy loading (#30700) * FormField: migrated sass styling to emotion (#30392) * AlertingNG: change API permissions (#30781) * Variables: Clears drop down state when leaving dashboard (#30810) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) * Add missing callback dependency (#30797) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) * Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343) * Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) * Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778) * Add width for Variable Editors (#30791) * Chore: Remove warning when calling resource (#30752) * Auth: Use SigV4 lib from grafana-aws-sdk (#30713) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) * GraphNG: add bar alignment option (#30499) * Expressions: Measure total transformation requests and elapsed time (#30514) * Menu: Mark menu components as internal (#30740) * TableInputCSV: migrated styles from sass to emotion (#30554) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) * Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772) * CDN: Adds support for serving assets over a CDN (#30691) * PanelEdit: Trigger refresh when changing data source (#30744) * Chore: remove __debug_bin (#30725) * BarChart: add alpha bar chart panel (#30323) * Docs: Time series panel (#30690) * Backend Plugins: Convert test data source to use SDK contracts (#29916) * Docs: Update whats-new-in-v7-4.md (#30747) * Add link to Elasticsearch docs. (#30748) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) * TagsInput: Make placeholder configurable (#30718) * Docs: Add config settings for fonts in reporting (#30421) * Add menu.yaml to .gitignore (#30743) * bump cypress to 6.3.0 (#30644) * Datasource: Use json-iterator configuration compatible with standard library (#30732) * AlertingNG: Update UX to use new PageToolbar component (#30680) * Docs: Add usage insights export feature (#30376) * skip symlinks to directories when generating plugin manifest (#30721) * PluginCiE2E: Upgrade base images (#30696) * Variables: Fixes so text format will show All instead of custom all (#30730) * PanelLibrary: better handling of deleted panels (#30709) * Added section 'Curated dashboards for Google Cloud Monitoring' for 7.4 What's New (#30724) * Added 'curated dashboards' information and broke down, rearranged topics. (#30659) * Transform: improve the 'outer join' performance/behavior (#30407) * Add alt text to plugin logos (#30710) * Deleted menu.yaml file (#30717) * Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000) * Added entry for web server. (#30715) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) * Use connected GraphNG in Explore (#30707) * Fix documentation for streaming data sources (#30704) * PanelLibrary: changes casing of responses and adds meta property (#30668) * Influx: Show all datapoints for dynamically windowed flux query (#30688) * Trace: trace to logs design update (#30637) * DeployImage: Switch base images to Debian (#30684) * Chore: remove CSP debug logging line (#30689) * Docs: 7.4 documentation for expressions (#30524) * PanelEdit: Get rid of last remaining usage of navbar-button (#30682) * Grafana-UI: Fix setting default value for MultiSelect (#30671) * CustomScrollbar: migrated styles from sass to emotion (#30506) * DashboardSettings & PanelEdit: Use new PageToolbar (#30675) * Explore: Fix jumpy live tailing (#30650) * ci(npm-publish): add missing github package token to env vars (#30665) * PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588) * AlertingNG: pause/unpause definitions via the API (#30627) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666) * Variables: Fixes display value when using capture groups in regex (#30636) * Docs: Update _index.md (#30655) * Docs: Auditing updates (#30433) * Docs: add hidden_users configuration field (#30435) * Docs: Define TLS/SSL terminology (#30533) * Docs: Fix expressions enabled description (#30589) * Docs: Update ES screenshots (#30598) * Licensing Docs: Adding license restrictions docs (#30216) * Update documentation-style-guide.md (#30611) * Docs: Update queries.md (#30616) * chore(grafana-ui): bump storybook to 6.1.15 (#30642) * DashboardSettings: fixes vertical scrolling (#30640) * Usage Stats: Remove unused method for getting user stats (#30074) * Grafana/UI: Unit picker should not set a category as unit (#30638) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) * AlertingNG: List saved Alert definitions in Alert Rule list (#30603) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) * Grafana/UI: Add disable prop to Segment (#30539) * Variables: Fixes so queries work for numbers values too (#30602) * Admin: Fixes so form values are filled in from backend (#30544) * Docs: Add new override info and add whats new 7.4 links (#30615) * TestData: Improve what's new in v7.4 (#30612) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502) * NodeGraph: Add docs (#30504) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) * TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570) * Update styling.md guide (#30594) * TestData: Adding what's new in v7.4 to the devenv dashboards (#30568) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583) * Chore(deps): Bump github.com/prometheus/client_golang (#30585) * Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587) * Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584) * Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572) * RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474) * Add documentation for Exemplars (#30317) * OldGraph: Fix height issue in Firefox (#30565) * XY Chart: fix editor error with empty frame (no fields) (#30573) * ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510) * XY Chart: share legend config with timeseries (#30559) * configuration.md: Document Content Security Policy options (#30413) * DataFrame: cache frame/field index in field state (#30529) * List + before -; rm old Git ref; reformat. (#30543) * Expressions: Add option to disable feature (#30541) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519) * Postgres: Convert tests to stdlib (#30536) * Storybook: Migrate card story to use controls (#30535) * AlertingNG: Enable UI to Save Alert Definitions (#30394) * Postgres: Be consistent about TLS/SSL terminology (#30532) * Loki: Append refId to logs uid (#30418) * Postgres: Fix indentation (#30531) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) * updates for e2e docker image (#30465) * GraphNG: uPlot 1.6.2 (#30521) * Docs: Update whats-new-in-v7-4.md (#30520) * Prettier: ignore build and devenv dirs (#30501) * Chore: Upgrade grabpl version (#30486) * Explore: Update styling of buttons (#30493) * Cloud Monitoring: Fix legend naming with display name override (#30440) * GraphNG: Disable Plot logging by default (#30390) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) * Docs: include Makefile option for local assets (#30455) * Footer: Fixes layout issue in footer (#30443) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) * Docs: fix typo in what's new doc (#30489) * Chore: adds wait to e2e test (#30488) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) * Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480) * Chore: fix spelling mistake (#30473) * Chore: Restrict internal imports from other packages (#30453) * Docs: What's new fixes and improvements (#30469) * Timeseries: only migrage point size when configured (#30461) * Alerting: Hides threshold handle for percentual thresholds (#30431) * Graph: Fixes so only users with correct permissions can add annotations (#30419) * Chore: update latest version to 7.4.0-beta1 (#30452) * Docs: Add whats new 7.4 links (#30463) * Update whats-new-in-v7-4.md (#30460) * docs: 7.4 what's new (Add expressions note) (#30446) * Chore: Upgrade build pipeline tool (#30456) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) * Expressions: Fix button icon (#30444) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449) * Docs: Fix img link for alert notification template (#30436) * grafana/ui: Fix internal import from grafana/data (#30439) * prevent field config from being overwritten (#30437) * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389) * Dashboard: Remove template variables option from ShareModal (#30395) * Added doc content for variables inspector code change by Hugo (#30408) * Docs: update license expiration behavior for reporting (#30420) * Chore: use old version format in package.json (#30430) * Chore: upgrade NPM security vulnerabilities (#30397) * 'Release: Updated versions in package to 7.5.0-pre.0' (#30428) * contribute: Add backend and configuration guidelines for PRs (#30426) * Chore: Update what's new URL (#30424) - Update to version 7.4.5 - CVE-2021-28146, CVE-2021-28147: Fix API permissions issues related to team-sync. (Enterprise) (bsc#1183811, bsc#1183809) - CVE-2021-28148: Usage insights requires signed in users. (Enterprise) (bsc#1183813) - CVE-2021-27962: Do not allow editors to incorrectly bypass permissions on the default data source. (Enterprise) (bsc#1184371) Important SUSE bug 1183803 SUSE bug 1183809 SUSE bug 1183811 SUSE bug 1183813 SUSE bug 1184371 CVE-2021-27358 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 cpe:/o:opensuse:leap:15.3 Security update for golang-github-prometheus-prometheus (Moderate) openSUSE Leap 15.3 This update for golang-github-prometheus-prometheus fixes the following issues: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SLE15, SLE15 SP1, SLE15 SP2 - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) + Features: * Promtool: Retroactive rule evaluation functionality. #7675 * Configuration: Environment variable expansion for external labels. Behind --enable-feature=expand-external-labels flag. #8649 * TSDB: Add a flag(--storage.tsdb.max-block-chunk-segment-size) to control the max chunks file size of the blocks for small Prometheus instances. * UI: Add a dark theme. #8604 * AWS Lightsail Discovery: Add AWS Lightsail Discovery. #8693 * Docker Discovery: Add Docker Service Discovery. #8629 * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. #8761 * Remote Write: Send exemplars via remote write. Experimental and disabled by default. #8296 + Enhancements: * Digital Ocean Discovery: Add __meta_digitalocean_vpc label. #8642 * Scaleway Discovery: Read Scaleway secret from a file. #8643 * Scrape: Add configurable limits for label size and count. #8777 * UI: Add 16w and 26w time range steps. #8656 * Templating: Enable parsing strings in humanize functions. #8682 + Bugfixes: * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659 * TSDB: Do not panic when writing very large records to the WAL. #8790 * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723 * Scaleway Discovery: Fix nil pointer dereference. #8737 * Consul Discovery: Restart no longer required after config update with no targets. #8766 - Add tarball with vendor modules and web assets - Uyuni: Read formula data from exporters map - Uyuni: Add support for TLS targets - Upgrade to upstream version 2.26.0 + Changes * Alerting: Using Alertmanager v2 API by default. #8626 * Prometheus/Promtool: Binaries are now printing help and usage to stdout instead of stderr. #8542 + Features * Remote: Add support for AWS SigV4 auth method for remote_write. #8509 * PromQL: Allow negative offsets. Behind --enable-feature=promql-negative-offset flag. #8487 * UI: Add advanced auto-completion, syntax highlighting and linting to graph page query input. #8634 + Enhancements * PromQL: Add last_over_time, sgn, clamp functions. #8457 * Scrape: Add support for specifying type of Authorization header credentials with Bearer by default. #8512 * Scrape: Add follow_redirects option to scrape configuration. #8546 * Remote: Allow retries on HTTP 429 response code for remote_write. #8237 #8477 * Remote: Allow configuring custom headers for remote_read. #8516 * UI: Hitting Enter now triggers new query. #8581 * UI: Better handling of long rule and names on the /rules and /targets pages. #8608 #8609 * UI: Add collapse/expand all button on the /targets page. #8486 - Upgrade to upstream version 2.25.0 + Features * Include a new `--enable-feature=` flag that enables experimental features. + Enhancements * Add optional name property to testgroup for better test failure output. #8440 * Add warnings into React Panel on the Graph page. #8427 * TSDB: Increase the number of buckets for the compaction duration metric. #8342 * Remote: Allow passing along custom remote_write HTTP headers. #8416 * Mixins: Scope grafana configuration. #8332 * Kubernetes SD: Add endpoint labels metadata. #8273 * UI: Expose total number of label pairs in head in TSDB stats page. #8343 * TSDB: Reload blocks every minute, to detect new blocks and enforce retention more often. #8343 + Bug fixes * API: Fix global URL when external address has no port. #8359 * Deprecate unused flag --alertmanager.timeout. #8407 - Upgrade to upstream version 2.24.1 + Enhancements * Cache basic authentication results to significantly improve performance of HTTP endpoints. - Upgrade to upstream version 2.24.0 + Features * Add TLS and basic authentication to HTTP endpoints. #8316 * promtool: Add check web-config subcommand to check web config files. #8319 * promtool: Add tsdb create-blocks-from openmetrics subcommand to backfill metrics data from an OpenMetrics file. + Enhancements * HTTP API: Fast-fail queries with only empty matchers. #8288 * HTTP API: Support matchers for labels API. #8301 * promtool: Improve checking of URLs passed on the command line. #7956 * SD: Expose IPv6 as a label in EC2 SD. #7086 * SD: Reuse EC2 client, reducing frequency of requesting credentials. #8311 * TSDB: Add logging when compaction takes more than the block time range. #8151 * TSDB: Avoid unnecessary GC runs after compaction. #8276 - Upgrade to upstream version 2.23.0 + Changes * UI: Make the React UI default. #8142 * Remote write: The following metrics were removed/renamed in remote write. #6815 > prometheus_remote_storage_succeeded_samples_total was removed and prometheus_remote_storage_samples_total was introduced for all the samples attempted to send. > prometheus_remote_storage_sent_bytes_total was removed and replaced with prometheus_remote_storage_samples_bytes_total and prometheus_remote_storage_metadata_bytes_total. > prometheus_remote_storage_failed_samples_total -> prometheus_remote_storage_samples_failed_total . > prometheus_remote_storage_retried_samples_total -> prometheus_remote_storage_samples_retried_total. > prometheus_remote_storage_dropped_samples_total -> prometheus_remote_storage_samples_dropped_total. > prometheus_remote_storage_pending_samples -> prometheus_remote_storage_samples_pending. * Remote: Do not collect non-initialized timestamp metrics. #8060 + Enhancements * Remote write: Added a metric prometheus_remote_storage_max_samples_per_send for remote write. #8102 * TSDB: Make the snapshot directory name always the same length. #8138 * TSDB: Create a checkpoint only once at the end of all head compactions. #8067 * TSDB: Avoid Series API from hitting the chunks. #8050 * TSDB: Cache label name and last value when adding series during compactions making compactions faster. #8192 * PromQL: Improved performance of Hash method making queries a bit faster. #8025 * promtool: tsdb list now prints block sizes. #7993 * promtool: Calculate mint and maxt per test avoiding unnecessary calculations. #8096 * SD: Add filtering of services to Docker Swarm SD. #8074 - Uyuni: `hostname` label is now set to FQDN instead of IP - Update to upstream version 2.22.1 - Update packaging * Remove systemd and shadow hard requirements * use systemd-sysusers to configure the user in a dedicated 'system-user-prometheus' subpackage * add 'prometheus' package alias + Add support for Prometheus exporters proxy - Remove prometheus.firewall.xml source file - Remove firewalld files. They are installed in the main firewalld package. Moderate SUSE bug 1186242 CVE-2021-29622 cpe:/o:opensuse:leap:15.3 Security update for SUSE Manager Client Tools (Moderate) openSUSE Leap 15.3 This update fixes the following issues: ansible: - The support level for ansible is l2, not l3 dracut-saltboot: - Force installation of libexpat.so.1 (bsc#1188846) - Use kernel parameters from PXE formula also for local boot golang-github-prometheus-prometheus: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE Linux Enterprise 15, 15 SP1, 15 SP2 - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659 * TSDB: Do not panic when writing very large records to the WAL. #8790 * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723 * Scaleway Discovery: Fix nil pointer dereference. #8737 * Consul Discovery: Restart no longer required after config update with no targets. #8766 + Features: * Promtool: Retroactive rule evaluation functionality. * Configuration: Environment variable expansion for external labels. Behind '--enable-feature=expand-external-labels' flag. * Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for small Prometheus instances. * UI: Add a dark theme. * AWS Lightsail Discovery: Add AWS Lightsail Discovery. * Docker Discovery: Add Docker Service Discovery. * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. * Remote Write: Send exemplars via remote write. Experimental and disabled by default. + Enhancements: * Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label. * Scaleway Discovery: Read Scaleway secret from a file. * Scrape: Add configurable limits for label size and count. * UI: Add 16w and 26w time range steps. * Templating: Enable parsing strings in humanize functions. - Update package with changes from `server:monitoring` (bsc#1175478) Left out removal of 'firewalld' related configuration files as SUSE Linux Enterprise 15-SP1's `firewalld` package does not contain 'prometheus' configuration yet. mgr-cfg: - No visible impact for the user mgr-custom-info: - No visible impact for the user mgr-osad: - No visible impact for the user mgr-push: - No visible impact for the user mgr-virtualization: - No visible impact for the user rhnlib: - No visible impact for the user spacecmd: - Make spacecmd aware of retracted patches/packages - Enhance help for installation types when creating distributions (bsc#1186581) - Parse empty argument when nothing in between the separator spacewalk-client-tools: - Update translation strings spacewalk-koan: - Fix for spacewalk-koan tests after switching to the new Docker images spacewalk-oscap: - No visible impact for the user suseRegisterInfo: - No visible impact for the user uyuni-common-libs: - Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650) - Maintainer field in debian packages are only recommended (bsc#1186508) Moderate SUSE bug 1175478 SUSE bug 1186242 SUSE bug 1186508 SUSE bug 1186581 SUSE bug 1186650 SUSE bug 1188846 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-29622 cpe:/o:opensuse:leap:15.3 Security update for rpm (Important) openSUSE Leap 15.3 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. Important SUSE bug 1179416 SUSE bug 1181805 SUSE bug 1183543 SUSE bug 1183545 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 cpe:/o:opensuse:leap:15.3 Security update for libdnf (Moderate) openSUSE Leap 15.3 This update for libdnf fixes the following issues: - Fixed crash when loading DVD repositories Update to 0.62.0 + Change order of TransactionItemReason (rh#1921063) + Add two new comperators for security filters (rh#1918475) + Apply security filters for candidates with lower priority + Fix: Goal - translation of messages in global maps + Enhance description of modular solvables + Improve performance for module query + Change mechanism of modular errata applicability (rh#1804234) + dnf_transaction_commit(): Remove second call to rpmtsSetVSFlags + Fix a couple of memory leaks + Fix: Setting of librepo handle in newHandle function + Remove failsafe data when module is not enabled (rh#1847035) + Expose librepo's checksum functions via SWIG + Fix: Mising check of 'hy_split_nevra()' return code + Do not allow 1 as installonly_limit value (rh#1926261) + Fix check whether the subkey can be used for signing + Hardening: add signature check with rpmcliVerifySignatures (CVE-2021-3445, CVE-2021-3421, CVE-2021-20271, rh#1932079, rh#1932089, rh#1932090, bsc#1183779) + Add a config option sslverifystatus, defaults to false (rh#1814383) + [context] Add API for distro-sync - Fix dependency for repo-config-zypp subpackage to work with SLE Update to 0.60.0 + Fix repo.fresh() implementation + Fix: Fully set ssl in newHandle function + [conf] Add options for working with certificates used with proxy + Apply proxy certificate options + lock: Switch return-if-fail to assert to quiet gcc -fanalyzer + build-sys: Clean up message about Python bindings + Modify module NSVCA parsing - context definition (rh#1926771) + [context] Fix: dnf_package_is_installonly (rh#1928056) + Fix problematic language + Add getApplicablePackages to advisory and isApplicable to advisorymodule + Keep isAdvisoryApplicable to preserve API + Run ModulePackageContainerTest tests in tmpdir, merge interdependent + [context] Support config file option 'proxy_auth_method', defaults 'any' + Properly handle multiple collections in updateinfo.xml (rh#1804234) + Support main config file option 'installonlypkgs' + Support main config file option 'protected_packages' - Add repo-config-zypp subpackage to allow easily using Zypper repository configuration - Backport support for using certificates for repository authorization - Backport another fix for adding controls to installonlypkgs - Add patch to move directory for dnf state data to /usr/lib/sysimage - Backport fixes to add controls for installonlypkgs and protected_packages Update to version 0.58.0 + Option: Add reset() method + Add OptionBinds::getOption() method + [context] Add dnf_repo_conf_from_gkeyfile() and dnf_repo_conf_reset() + [context] Add support for options: minrate, throttle, bandwidth, timeout + [context] Remove g_key_file_get_string() from dnf_repo_set_keyfile_data() + Allow loading ext metadata even if only cache (solv) is present + Add ASAN_OPTIONS for test_libdnf_main + [context,API] Functions for accessing main/global configuration options + [context,API] Function for adding setopt + Add getter for modular obsoletes from ModuleMetadata + Add ModulePackage.getStaticContext() and getRequires() + Add compatible layer for MdDocuments v2 + Fix modular queries with the new solver + Improve formatting of error string for modules + Change mechanism of module conflicts + Fix load/update FailSafe Update to version 0.55.2 + Improve performance of query installed() and available() + Swdb: Add a method to get the current transaction + [modules] Add special handling for src artifacts (rh#1809314) + Better msgs if 'basecachedir' or 'proxy_password' isn't set (rh#1888946) + Add new options module_stream_switch + Support allow_vendor_change setting in dnf context API Update to version 0.55.0 + Add vendor to dnf API (rh#1876561) + Add formatting function for solver error + Add error types in ModulePackageContainer + Implement module enable for context part + Improve string formatting for translation + Remove redundant printf and change logging info to notice (rh#1827424) + Add allow_vendor_change option (rh#1788371) (rh#1788371) Update to version 0.54.2 + history: Fix dnf history rollback when a package was removed (rh#1683134) + Add support for HY_GT, HY_LT in query nevra_strict + Fix parsing empty lines in config files + Accept '==' as an operator in reldeps (rh#1847946) + Add log file level main config option (rh#1802074) + Add protect_running_kernel configuration option (rh#1698145) + Context part of libdnf cannot assume zchunk is on (rh#1851841, rh#1779104) + Fix memory leak of resultingModuleIndex and handle g_object refs + Redirect librepo logs to libdnf logs with different source + Add hy_goal_lock + Enum/String conversions for Transaction Store/Replay + utils: Add a method to decode URLs + Unify hawkey.log line format with the rest of the logs Update to version 0.48.0 + Add prereq_ignoreinst & regular_requires properties for pkg (rh#1543449) + Reset active modules when no module enabled or default (rh#1767351) + Add comment option to transaction (rh#1773679) + Failing to get module defauls is a recoverable error + Baseurl is not exclusive with mirrorlist/metalink (rh#1775184) + Add new function to reset all modules in C API (dnf_context_reset_all_modules) + [context] Fix to preserve additionalMetadata content (rh#1808677) + Fix filtering of DepSolvables with source rpms (rh#1812596) + Add setter for running kernel protection setting + Handle situation when an unprivileged user cannot create history database (rh#1634385) + Add query filter: latest by priority + Add DNF_NO_PROTECTED flag to allow empty list of protected packages + Remove 'dim' option from terminal colors to make them more readable (rh#1807774, rh#1814563) + [context] Error when main config file can't be opened (rh#1794864) + [context] Add function function dnf_context_is_set_config_file_path + swdb: Catch only SQLite3 exceptions and simplify the messages + MergedTransaction list multiple comments (rh#1773679) + Modify CMake to pull *.po files from weblate + Optimize DependencyContainer creation from an existing queue + fix a memory leak in dnf_package_get_requires() + Fix memory leaks on g_build_filename() + Fix memory leak in dnf_context_setup() + Add `hy_goal_favor` and `hy_goal_disfavor` + Define a cleanup function for `DnfPackageSet` + dnf-repo: fix dnf_repo_get_public_keys double-free + Do not cache RPMDB + Use single-quotes around string literals used in SQL statements + SQLite3: Do not close the database if it wasn't opened (rh#1761976) + Don't create a new history DB connection for in-memory DB + transaction/Swdb: Use a single logger variable in constructor + utils: Add a safe version of pathExists() + swdb: Handle the case when pathExists() fails on e.g. permission + Repo: prepend 'file://' if a local path is used as baseurl + Move urlEncode() to utils + utils: Add 'exclude' argument to urlEncode() + Encode package URL for downloading through librepo (rh#1817130) + Replace std::runtime_error with libdnf::RepoError + Fixes and error handling improvements of the File class + [context] Use ConfigRepo for gpgkey and baseurl (rh#1807864) + [context] support 'priority' option in .repo config file (rh#1797265) Moderate SUSE bug 1183779 CVE-2021-20271 CVE-2021-3421 CVE-2021-3445 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a potential local privilege escalation in the CAN BCM networking protocol (bsc#1187215). - CVE-2021-3612: Fixed an out-of-bounds memory write flaw in the joystick devices subsystem. This flaw allowed a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2021-35039: Fixed mishandling of signature verification. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, did not occur for a module.sig_enforce=1 command-line argument (bsc#1188080). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). - ACPI: DPTF: Fix reading of attributes (git-fixes). - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). - ACPI: PM / fan: Put fan device IDs into separate header file (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: resources: Add checks for ACPI IRQ override (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ACPICA: Fix memory leak caused by _CID repair function (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: firewire-motu: fix detection for S/PDIF source on optical interface in v2 protocol (git-fixes). - ALSA: firewire-motu: fix stream format for MOTU 8pre FireWire (git-fixes). - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). - ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). - ALSA: hda/realtek: Fix pop noise and 2 Front Mic issues on a machine (git-fixes). - ALSA: hda/realtek: Improve fixup for HP Spectre x360 15-df0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830 G8 Notebook PC (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook x360 830 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 450 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 630 G8 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hda: intel-dsp-cfg: add missing ElkhartLake PCI ID (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - ALSA: pcm - fix mmap capability check for the snd-dummy driver (git-fixes). - ALSA: pcm: Call substream ack() method upon compat mmap commit (git-fixes). - ALSA: pcm: Fix mmap capability check (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add missing proc text entry for BESPOKEN type (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: Fix OOB access at proc output (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). - ALSA: usx2y: Avoid camelCase (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: Intel: sof_sdw: add SOF_RT715_DAI_ID_FIX for AlderLake (git-fixes). - ASoC: Intel: sof_sdw: add mutual exclusion between PCH DMIC and RT715 (git-fixes). - ASoC: SOF: loader: Use snd_sof_dsp_block_read() instead sof_block_read() (git-fixes). - ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ASoC: fsl_spdif: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: fsl_spdif: Fix unexpected interrupt after suspend (git-fixes). - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: intel/boards: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: max98373-sdw: add missing memory allocation check (git-fixes). - ASoC: max98373-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). - ASoC: rk3328: fix missing clk_disable_unprepare() on error in rk3328_platform_probe() (git-fixes). - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). - ASoC: rt1308-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: rt5682-sdw: set regcache_cache_only false before reading RT5682_DEVICE_ID (git-fixes). - ASoC: rt5682-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5682: Disable irq on shutdown (git-fixes). - ASoC: rt5682: Fix a problem with error handling in the io init function of the soundwire (git-fixes). - ASoC: rt5682: fix getting the wrong device id when the suspend_stress_test (git-fixes). - ASoC: rt700-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt711-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt715-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: soc-pcm: fix the return value in dpcm_apply_symmetry() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - ASoC: wm_adsp: Correct wm_coeff_tlv_get handling (git-fixes). - Bluetooth: Fix alt settings for incoming SCO with transparent coding format (git-fixes). - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: L2CAP: Fix invalid access if ECRED Reconfigure fails (git-fixes). - Bluetooth: L2CAP: Fix invalid access on ECRED Connection response (git-fixes). - Bluetooth: Remove spurious error message (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btintel: Add infrastructure to read controller information (bsc#1188893). - Bluetooth: btintel: Check firmware version before download (bsc#1188893). - Bluetooth: btintel: Collect tlv based active firmware build info in FW mode (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version parsing (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version_tlv parsing (bsc#1188893). - Bluetooth: btintel: Fix endianness issue for TLV version information (bsc#1188893). - Bluetooth: btintel: Fix offset calculation boot address parameter (bsc#1188893). - Bluetooth: btintel: Functions to send firmware header / payload (bsc#1188893). - Bluetooth: btintel: Move operational checks after version check (bsc#1188893). - Bluetooth: btintel: Refactor firmware download function (bsc#1188893). - Bluetooth: btintel: Reorganized bootloader mode tlv checks in intel_version_tlv parsing (bsc#1188893). - Bluetooth: btintel: Replace zero-length array with flexible-array member (bsc#1188893). - Bluetooth: btintel: Skip reading firmware file version while in bootloader mode (bsc#1188893). - Bluetooth: btqca: Do not modify firmware contents in-place (git-fixes). - Bluetooth: btusb: Add *setup* function for new generation Intel controllers (bsc#1188893). - Bluetooth: btusb: Add support USB ALT 3 for WBS (git-fixes). - Bluetooth: btusb: Add support for GarfieldPeak controller (bsc#1188893). - Bluetooth: btusb: Consolidate code for waiting firmware download (bsc#1188893). - Bluetooth: btusb: Define a function to construct firmware filename (bsc#1188893). - Bluetooth: btusb: Enable MSFT extension for Intel controllers (bsc#1188893). - Bluetooth: btusb: Fix failing to init controllers with operation firmware (bsc#1188893). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: Helper function to download firmware to Intel adapters (bsc#1188893). - Bluetooth: btusb: Map Typhoon peak controller to BTUSB_INTEL_NEWGEN (bsc#1188893). - Bluetooth: btusb: Update boot parameter specific to SKU (bsc#1188893). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Bluetooth: btusb: print firmware file name on error loading firmware (bsc#1188893). - Bluetooth: hci_intel: drop strange le16_to_cpu() against u8 values (bsc#1188893). - Bluetooth: hci_intel: enable on new platform (bsc#1188893). - Bluetooth: hci_intel: switch to list_for_each_entry() (bsc#1188893). - Bluetooth: hci_qca: fix potential GPF (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - Bluetooth: mgmt: Fix the command returns garbage parameter value (git-fixes). - HID: do not use down_interruptible() when unbinding devices (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: SVM: document KVM_MEM_ENCRYPT_OP, let userspace detect if SEV is available (bsc#1188703). - KVM: nVMX: Consult only the 'basic' exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - RDMA/hns: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx4: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx5: Remove unused parameter udata (jsc#SLE-15176). - RDMA/rtrs-clt: Check if the queue_depth has changed during a reconnection (jsc#SLE-15176). - RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its stats (jsc#SLE-15176). - RDMA/rtrs-clt: Fix memory leak of not-freed sess->stats and stats->pcpu_stats (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak of unfreed rtrs_srv_stats object (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak when having multiple sessions (jsc#SLE-15176). - RDMA/rtrs-srv: Replace atomic_t with percpu_ref for ids_inflight (jsc#SLE-15176). - RDMA/rtrs-srv: Set minimal max_send_wr and max_recv_wr (jsc#SLE-15176). - RDMA/rtrs: Do not reset hb_missed_max after re-connection (jsc#SLE-15176). - RDMA/srp: Fix a recently introduced memory leak (jsc#SLE-15176). - Revert 'ACPI: resources: Add checks for ACPI IRQ override' (git-fixes). - Revert 'ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro' (git-fixes). - Revert 'Bluetooth: btintel: Fix endianness issue for TLV version information' (bsc#1188893). - Revert 'USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem' (git-fixes). - Revert 'be2net: disable bh with spin_lock in be_process_mcc' (git-fixes). - Revert 'drm/i915: Propagate errors on awaiting already signaled fences' (git-fixes). - Revert 'drm: add a locked version of drm_is_current_master' (git-fixes). - Revert 'ibmvnic: remove duplicate napi_schedule call in open function' (bsc#1065729). - Revert 'iwlwifi: remove wide_cmd_header field' (bsc#1187495). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472) - ata: ahci_sunxi: Disable DIPM (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - ath10k: go to path err_unsupported when chip id is not supported (git-fixes). - ath10k: remove unused more_frags variable (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bonding: Add struct bond_ipesc to manage SA (bsc#1176447). - bonding: disallow setting nested bonding + ipsec offload (bsc#1176447). - bonding: fix build issue (git-fixes). - bonding: fix incorrect return value of bond_ipsec_offload_ok() (bsc#1176447). - bonding: fix null dereference in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_del_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_offload_ok() (bsc#1176447). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - brcmfmac: Fix a double-free in brcmf_sdio_bus_reset (git-fixes). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes). - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes). - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes). - clk: imx8mq: remove SYS PLL 1/2 clock gates (git-fixes). - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: renesas: rcar-gen3: Update Z clock rate formula in comments (git-fixes). - clk: si5341: Avoid divide errors due to bogus register contents (git-fixes). - clk: si5341: Update initialization magic (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clk: zynqmp: pll: Remove some dead code (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - clocksource: Retry clock read if long delays detected (git-fixes). - coresight: Propagate symlink failure (git-fixes). - coresight: core: Fix use of uninitialized pointer (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes). - crypto: ccp - Fix a resource leak in an error handling path (git-fixes). - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes). - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes). - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes). - crypto: qat - remove unused macro in FW loader (git-fixes). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes). - dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes). - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes). - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes). - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes). - docs: admin-guide: update description for kernel.hotplug sysctl (git-fixes). - docs: virt/kvm: close inline string literal (bsc#1188703). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/dc: Fix a missing check bug in dm_dp_mst_detect() (git-fixes). - drm/amd/display: Avoid HDCP over-read and corruption (git-fixes). - drm/amd/display: Fix DCN 3.01 DSCCLK validation (git-fixes). - drm/amd/display: Fix build warnings (git-fixes). - drm/amd/display: Fix off-by-one error in DML (git-fixes). - drm/amd/display: Release MST resources on switch from MST to SST (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix HDCP reset sequence on reinitialize (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Do not query CE and UE errors (bsc#1152472) - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdgpu: enable sdma0 tmz for Raven/Renoir(V2) (git-fixes). - drm/amdgpu: remove unsafe optimization to drop preamble ib (git-fixes). - drm/amdgpu: update golden setting for sienna_cichlid (git-fixes). - drm/amdgpu: wait for moving fence after pinning (git-fixes). - drm/amdkfd: Fix circular lock in nocpsch path (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/amdkfd: fix circular locking on get_wave_state (git-fixes). - drm/amdkfd: use allowed domain for vmbo validation (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge/sii8620: fix dependency on extcon (git-fixes). - drm/bridge: Fix the stop condition of drm_bridge_chain_pre_enable() (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/bridge: nwl-dsi: Force a full modeset when crtc_state->active is changed to be true (git-fixes). - drm/dp_mst: Do not set proposed vcpi directly (git-fixes). - drm/gma500: Add the missed drm_gem_object_put() in psb_user_framebuffer_create() (git-fixes). - drm/i915/display: Do not zero past infoframes.vsc (git-fixes). - drm/i915/gvt: Clear d3_entered on elsp cmd submission (git-fixes). - drm/i915/selftests: use vma_lookup() in __igt_mmap() (git-fixes). - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes). - drm/msm/dpu: Fix sm8250_mdp register length (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/msm: Small msm_gem_purge() fix (bsc#1152489) - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/nouveau: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/nouveau: fix dma_address check for CPU/GPU sync (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - drm/panel: nt35510: Do not fail if DSI read fails (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/radeon: Call radeon_suspend_kms() in radeon_pci_shutdown() for Loongson64 (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64 result (git-fixes). - drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes). - drm/rockchip: dsi: remove extra component_del() call (git-fixes). - drm/rockchip: lvds: Fix an error handling path (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/scheduler: Fix hang when sched_entity released (git-fixes). - drm/stm: Fix bus_flags handling (bsc#1152472) - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: Fix clock source for VEC PixelValve on BCM2711 (git-fixes). - drm/vc4: crtc: Skip the TXP (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/vc4: hdmi: Fix PM reference leak in vc4_hdmi_encoder_pre_crtc_co() (git-fixes). - drm/vc4: hdmi: Fix error path of hpd-gpios (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) - drm/vc4: hdmi: Prevent clock unbalance (git-fixes). - drm/vc4: txp: Properly set the possible_crtcs mask (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/vmwgfx: Fix cpu updates of coherent multisample surfaces (git-fixes). - drm/vmwgfx: Mark a surface gpu-dirty after the SVGA3dCmdDXGenMips command (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) - drm: bridge: add missing word in Analogix help text (git-fixes). - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm: rockchip: add missing registers for RK3066 (git-fixes). - drm: rockchip: add missing registers for RK3188 (git-fixes). - drm: rockchip: set alpha_en to 0 if it is not used (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - efi/tpm: Differentiate missing and invalid final event log table (bsc#1188036). - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes). - extcon: intel-mrfld: Sync hardware and software state on init (git-fixes). - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - fbmem: Do not delete the mode that is still in use (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes). - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - fpga: machxo2-spi: Address warning about unused variable (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - fuse: check connected before queueing on fpq->io (bsc#1188267). - fuse: ignore PG_workingset after stealing (bsc#1188268). - fuse: reject internal errno (bsc#1188269). - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix an error handling path in 'gve_probe()' (git-fixes). - gve: Fix swapped vars when fetching max queues (git-fixes). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes). - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes). - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i2c: designware: Adjust bus_freq_hz when refuse high speed mode set (git-fixes). - i2c: dev: Add __user annotation (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - i40e: Fix missing rtnl locking when setting up pf switch (jsc#SLE-13701). - i40e: fix PTP on 5Gb links (jsc#SLE-13701). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis16400: do not return ints in irq handlers (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: do not free unallocated IRQ (git-fixes). - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: si1133: fix format string warnings (git-fixes). - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes). - integrity: use arch_ima_get_secureboot instead of checking EFI_SECURE_BOOT when loading MokListRT (bsc#1188366). - intel_th: Wait until port is in reset before programming it (git-fixes). - iwl-trans: move dev_cmd_offs, page_offs to a common trans header (bsc#1187495). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() (git-fixes). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() (git-fixes). - iwlwifi: acpi: evaluate dsm to disable 5.8GHz channels (bsc#1187495). - iwlwifi: acpi: in non acpi compilations remove iwl_sar_geo_init (bsc#1187495). - iwlwifi: acpi: prepare SAR profile selection code for multiple sizes (bsc#1187495). - iwlwifi: acpi: remove dummy definition of iwl_sar_set_profile() (bsc#1187495). - iwlwifi: acpi: rename geo structs to contain versioning (bsc#1187495). - iwlwifi: acpi: support ppag table command v2 (bsc#1187495). - iwlwifi: add a common struct for all iwl_tx_power_cmd versions (bsc#1187495). - iwlwifi: add trans op to set PNVM (bsc#1187495). - iwlwifi: align RX status flags with firmware (bsc#1187495). - iwlwifi: api: fix u32 -> __le32 (bsc#1187495). - iwlwifi: bump FW API to 57 for AX devices (bsc#1187495). - iwlwifi: bump FW API to 59 for AX devices (bsc#1187495). - iwlwifi: calib: Demote seemingly unintentional kerneldoc header (bsc#1187495). - iwlwifi: dbg: Do not touch the tlv data (bsc#1187495). - iwlwifi: dbg: add debug host notification (DHN) time point (bsc#1187495). - iwlwifi: dbg: add dumping special device memory (bsc#1187495). - iwlwifi: dbg: remove IWL_FW_INI_TIME_POINT_WDG_TIMEOUT (bsc#1187495). - iwlwifi: do not export acpi functions unnecessarily (bsc#1187495). - iwlwifi: dvm: Demote a couple of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: devices: Fix function documentation formatting issues (bsc#1187495). - iwlwifi: dvm: lib: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: rxon: Demote non-conformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: scan: Demote a few nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: sta: Demote a bunch of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: tx: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: enable twt by default (bsc#1187495). - iwlwifi: fix 11ax disabled bit in the regulatory capability flags (bsc#1187495). - iwlwifi: fix sar geo table initialization (bsc#1187495). - iwlwifi: fw: add default value for iwl_fw_lookup_cmd_ver (bsc#1187495). - iwlwifi: fw: move assert descriptor parser to common code (bsc#1187495). - iwlwifi: increase PNVM load timeout (bsc#1187495). - iwlwifi: iwl-drv: Provide descriptions debugfs dentries (bsc#1187495). - iwlwifi: iwl-trans: move tfd to trans layer (bsc#1187495). - iwlwifi: move PNVM implementation to common code (bsc#1187495). - iwlwifi: move all bus-independent TX functions to common code (bsc#1187495). - iwlwifi: move bc_pool to a common trans header (bsc#1187495). - iwlwifi: move bc_table_dword to a common trans header (bsc#1187495). - iwlwifi: msix: limit max RX queues for 9000 family (bsc#1187495). - iwlwifi: mvm: Add FTM initiator RTT smoothing logic (bsc#1187495). - iwlwifi: mvm: Do not install CMAC/GMAC key in AP mode (bsc#1187495). - iwlwifi: mvm: add PROTECTED_TWT firmware API (bsc#1187495). - iwlwifi: mvm: add a get lmac id function (bsc#1187495). - iwlwifi: mvm: add an option to add PASN station (bsc#1187495). - iwlwifi: mvm: add d3 prints (bsc#1187495). - iwlwifi: mvm: add support for new WOWLAN_TSC_RSC_PARAM version (bsc#1187495). - iwlwifi: mvm: add support for new version of WOWLAN_TKIP_SETTING_API_S (bsc#1187495). - iwlwifi: mvm: add support for range request command ver 11 (bsc#1187495). - iwlwifi: mvm: add support for responder dynamic config command version 3 (bsc#1187495). - iwlwifi: mvm: assign SAR table revision to the command later (bsc#1187495). - iwlwifi: mvm: avoid possible NULL pointer dereference (bsc#1187495). - iwlwifi: mvm: clear all scan UIDs (bsc#1187495). - iwlwifi: mvm: d3: parse wowlan status version 11 (bsc#1187495). - iwlwifi: mvm: d3: support GCMP ciphers (bsc#1187495). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: mvm: do not check if CSA event is running before removing (bsc#1187495). - iwlwifi: mvm: do not send a CSA command the firmware does not know (bsc#1187495). - iwlwifi: mvm: fix error print when session protection ends (git-fixes). - iwlwifi: mvm: fix suspicious rcu usage warnings (bsc#1187495). - iwlwifi: mvm: fix the type we use in the PPAG table validity checks (bsc#1187495). - iwlwifi: mvm: get number of stations from TLV (bsc#1187495). - iwlwifi: mvm: ignore the scan duration parameter (bsc#1187495). - iwlwifi: mvm: initiator: add option for adding a PASN responder (bsc#1187495). - iwlwifi: mvm: location: set the HLTK when PASN station is added (bsc#1187495). - iwlwifi: mvm: ops: Remove unused static struct 'iwl_mvm_debug_names' (bsc#1187495). - iwlwifi: mvm: prepare roc_done_wk to work sync (bsc#1187495). - iwlwifi: mvm: process ba-notifications also when sta rcu is invalid (bsc#1187495). - iwlwifi: mvm: re-enable TX after channel switch (bsc#1187495). - iwlwifi: mvm: read and parse SKU ID if available (bsc#1187495). - iwlwifi: mvm: remove memset of kek_kck command (bsc#1187495). - iwlwifi: mvm: remove redundant log in iwl_mvm_tvqm_enable_txq() (bsc#1187495). - iwlwifi: mvm: remove redundant support_umac_log field (bsc#1187495). - iwlwifi: mvm: responder: allow to set only the HLTK for an associated station (bsc#1187495). - iwlwifi: mvm: ring the doorbell and wait for PNVM load completion (bsc#1187495). - iwlwifi: mvm: rs-fw: handle VHT extended NSS capability (bsc#1187495). - iwlwifi: mvm: send stored PPAG command instead of local (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT feature if supported by firmware (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT in MAC data policy (bsc#1187495). - iwlwifi: mvm: set enabled in the PPAG command properly (bsc#1187495). - iwlwifi: mvm: stop claiming NL80211_EXT_FEATURE_SET_SCAN_DWELL (bsc#1187495). - iwlwifi: mvm: store PPAG enabled/disabled flag properly (bsc#1187495). - iwlwifi: mvm: support ADD_STA_CMD_API_S ver 12 (bsc#1187495). - iwlwifi: mvm: support more GTK rekeying algorithms (bsc#1187495). - iwlwifi: mvm: support new KEK KCK api (bsc#1187495). - iwlwifi: mvm: tx: Demote misuse of kernel-doc headers (bsc#1187495). - iwlwifi: mvm: use CHECKSUM_COMPLETE (bsc#1187495). - iwlwifi: mvm: utils: Fix some doc-rot (bsc#1187495). - iwlwifi: pcie: avoid potential PNVM leaks (bsc#1187495). - iwlwifi: pcie: do not disable interrupts for reg_lock (bsc#1187495). - iwlwifi: pcie: fix context info freeing (git-fixes). - iwlwifi: pcie: fix the xtal latency value for a few qu devices (bsc#1187495). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - iwlwifi: pcie: implement set_pnvm op (bsc#1187495). - iwlwifi: pcie: make iwl_pcie_txq_update_byte_cnt_tbl bus independent (bsc#1187495). - iwlwifi: pcie: properly set LTR workarounds on 22000 devices (bsc#1187495). - iwlwifi: phy-ctxt: add new API VER 3 for phy context cmd (bsc#1187495). - iwlwifi: pnvm: do not skip everything when not reloading (bsc#1187495). - iwlwifi: pnvm: do not try to load after failures (bsc#1187495). - iwlwifi: pnvm: increment the pointer before checking the TLV (bsc#1187495). - iwlwifi: pnvm: set the PNVM again if it was already loaded (bsc#1187495). - iwlwifi: provide gso_type to GSO packets (bsc#1187495). - iwlwifi: queue: bail out on invalid freeing (bsc#1187495). - iwlwifi: read and parse PNVM file (bsc#1187495). - iwlwifi: regulatory: regulatory capabilities api change (bsc#1187495). - iwlwifi: remove iwl_validate_sar_geo_profile() export (bsc#1187495). - iwlwifi: remove wide_cmd_header field (bsc#1187495). - iwlwifi: rs: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: rs: align to new TLC config command API (bsc#1187495). - iwlwifi: rs: set RTS protection for all non legacy rates (bsc#1187495). - iwlwifi: sta: defer ADDBA transmit in case reclaimed SN != next SN (bsc#1187495). - iwlwifi: stats: add new api fields for statistics cmd/ntfy (bsc#1187495). - iwlwifi: support REDUCE_TX_POWER_CMD version 6 (bsc#1187495). - iwlwifi: support version 3 of GEO_TX_POWER_LIMIT (bsc#1187495). - iwlwifi: support version 5 of the alive notification (bsc#1187495). - iwlwifi: thermal: support new temperature measurement API (bsc#1187495). - iwlwifi: update prph scratch structure to include PNVM data (bsc#1187495). - iwlwifi: use correct group for alive notification (bsc#1187495). - iwlwifi: wowlan: adapt to wowlan status API version 10 (bsc#1187495). - iwlwifi: yoyo: add support for internal buffer allocation in D3 (bsc#1187495). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - ixgbevf: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - kABI compatibility fix for max98373_priv struct (git-fixes). - kABI workaround for btintel symbol changes (bsc#1188893). - kABI workaround for intel_th_driver (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kABI: restore struct tcpc_config definition (git-fixes). - kabi/severities: ignore kABI of iwlwifi symbols (bsc#1187495) iwlwifi driver consists of several modules and all exported symbols are internal uses. Let's ignore kABI checks of those. - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042). - kernel-binary.spec: Fix up usrmerge for non-modular kernels. - kernel-binary.spec: Remove obsolete and wrong comment mkmakefile is repleced by echo on newer kernel - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes). - leds: class: The -ENOTSUPP should never be seen by user space (git-fixes). - leds: ktd2692: Fix an error handling path (git-fixes). - leds: lm3532: select regmap I2C API (git-fixes). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - mac80211: consider per-CPU statistics if present (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - mac80211: reset profile_periodicity/ema_ap (git-fixes). - mac80211_hwsim: add concurrent channels scanning support over virtio (git-fixes). - mac80211_hwsim: drop pending frames on stop (git-fixes). - math: Export mul_u64_u64_div_u64 (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: Fix Media Controller API config checks (git-fixes). - media: I2C: change 'RST' to 'RSET' to fix multiple build errors (git-fixes). - media: au0828: fix a NULL vs IS_ERR() check (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes). - media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes). - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes). - media: mtk-vcodec: fix PM runtime get logic (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: rc: i2c: Fix an error message (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes). - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes). - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: siano: fix device register error path (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes). - media: sti: fix obj-$(config) targets (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes). - memstick: rtsx_usb_ms: fix UAF (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mm, futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: fix fixed-rate tx status reporting (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: mt7915: fix IEEE80211_HE_PHY_CAP7_MAX_NC for station mode (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes). - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes). - mvpp2: suppress warning (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net/sched: act_ct: remove and free nf_table callbacks (jsc#SLE-15172). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: fec_ptp: fix issue caused by refactor the fec_devtype (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: ipw2x00,iwlegacy,iwlwifi: Remove in_interrupt() from debug macros (bsc#1187495). - net: iwlwifi: Remove in_interrupt() from tracing macro (bsc#1187495). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: netdevsim: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - net: phy: fix save wrong speed and duplex problem if autoneg is on (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: phy: realtek: add delay to fix RXC generation issue (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo (bsc#1176447). - nfc: nfcsim: fix use after free during module unload (git-fixes). - nvme-rdma: fix in-casule data send for chained sgls (git-fixes). - nvme-rdma: introduce nvme_rdma_sgl structure (git-fixes). - nvme-tcp: rerun io_work if req_list is not empty (git-fixes). - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious 'stale' traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - prctl: PR_{G,S}ET_IO_FLUSHER to support controlling memory reclaim (bsc#1188752). - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on 'acquired' and 'released' notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes). - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes). - replaced with upstream security mitigation cleanup - reset: a10sr: add missing of_match_table reference (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes). - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes). - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - rtw88: 8822c: fix lc calibration timing (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - scsi: ibmvfc: Fix command state accounting and stale response detection (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes). - serial: 8250_pci: Add support for new HPE serial device (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - serial: tegra-tcu: Reorder channel initialization (git-fixes). - serial_cs: Add Option International GSM-Ready 56K/ISDN modem (git-fixes). - serial_cs: remove wrong GLOBETROTTER.cis entry (git-fixes). - sfp: Fix error handing in sfp_probe() (git-fixes). - skbuff: Fix build with SKB extensions disabled (jsc#SLE-15172). - skbuff: Release nfct refcount on napi stolen or re-used skbs (jsc#SLE-15172). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - soc: fsl: qbman: Delete useless kfree code (bsc#1188176). - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176). - soundwire: stream: Fix test for DP prepare complete (git-fixes). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: fspi: dynamically alloc AHB memory (bsc#1188121). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121). - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121). - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121). - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121). - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - ssb: Fix error return code in ssb_bus_scan() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes). - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - thermal/drivers/int340x/processor_thermal: Fix tcc setting (git-fixes). - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes). - thunderbolt: Bond lanes only when dual_link_port != NULL in alloc_dev_default() (git-fixes). - timers: Fix get_next_timer_interrupt() with no timers pending (git-fixes) - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036). - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036). - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036). - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1188036). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - tracing/histograms: Fix parsing of 'sym-offset' modifier (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes). - tracing: Simplify & fix saved_tgids logic (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: Do not reset the core after setting turnaround time (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: dwc3: Fix debugfs creation flow (git-fixes). - usb: gadget: eem: fix echo command packet response issue (git-fixes). - usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usb: typec: fusb302: Always provide fwnode for the port (git-fixes). - usb: typec: fusb302: fix 'op-sink-microwatt' default that was in mW (git-fixes). - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes). - usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes). - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes). - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes). - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes). - usb: typec: tcpm: set correct data role for non-DRD (git-fixes). - usb: typec: tcpm: update power supply once partner accepts (git-fixes). - usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: typec: wcove: Fx wrong kernel doc format (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - vfio/pci: Handle concurrent vma faults (git-fixes). - vfs: Convert functionfs to use the new mount API (git -fixes). - video: fbdev: imxfb: Fix an error message (git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - visorbus: fix error return code in visorchipset_init() (git-fixes). - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: carl9170: fix LEDS build errors & warnings (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: Fix xfrm offload fallback fail case (bsc#1176447). - xfrm: delete xfrm4_output_finish xfrm6_output_finish declarations (bsc#1176447). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). - xhci: solve a double free problem while doing s4 (git-fixes). - xsk: Fix missing validation for skb and unaligned mode (jsc#SLE-13706). Important SUSE bug 1065729 SUSE bug 1085224 SUSE bug 1094840 SUSE bug 1113295 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1156395 SUSE bug 1170511 SUSE bug 1176447 SUSE bug 1176940 SUSE bug 1179243 SUSE bug 1180092 SUSE bug 1180814 SUSE bug 1183871 SUSE bug 1184114 SUSE bug 1184350 SUSE bug 1184631 SUSE bug 1184804 SUSE bug 1185308 SUSE bug 1185377 SUSE bug 1185791 SUSE bug 1186194 SUSE bug 1186206 SUSE bug 1186482 SUSE bug 1186483 SUSE bug 1187215 SUSE bug 1187476 SUSE bug 1187495 SUSE bug 1187585 SUSE bug 1188036 SUSE bug 1188080 SUSE bug 1188101 SUSE bug 1188121 SUSE bug 1188126 SUSE bug 1188176 SUSE bug 1188267 SUSE bug 1188268 SUSE bug 1188269 SUSE bug 1188323 SUSE bug 1188366 SUSE bug 1188405 SUSE bug 1188445 SUSE bug 1188504 SUSE bug 1188620 SUSE bug 1188683 SUSE bug 1188703 SUSE bug 1188720 SUSE bug 1188746 SUSE bug 1188747 SUSE bug 1188748 SUSE bug 1188752 SUSE bug 1188770 SUSE bug 1188771 SUSE bug 1188772 SUSE bug 1188773 SUSE bug 1188774 SUSE bug 1188777 SUSE bug 1188838 SUSE bug 1188876 SUSE bug 1188885 SUSE bug 1188893 SUSE bug 1188973 CVE-2021-21781 CVE-2021-22543 CVE-2021-35039 CVE-2021-3609 CVE-2021-3612 CVE-2021-3659 CVE-2021-37576 cpe:/o:opensuse:leap:15.3 Security update for c-ares (Important) openSUSE Leap 15.3 This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881) - If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash - Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response - Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing - Use unbuffered /dev/urandom for random data to prevent early startup performance issues Important SUSE bug 1188881 CVE-2021-3672 cpe:/o:opensuse:leap:15.3 Security update for libsndfile (Critical) openSUSE Leap 15.3 This update for libsndfile fixes the following issues: - CVE-2018-13139: Fixed a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (bsc#1100167) - CVE-2018-19432: Fixed a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. (bsc#1116993) - CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540) - CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. (bsc#1117954) Critical SUSE bug 1100167 SUSE bug 1116993 SUSE bug 1117954 SUSE bug 1188540 CVE-2018-13139 CVE-2018-19432 CVE-2018-19758 CVE-2021-3246 cpe:/o:opensuse:leap:15.3 Security update for haproxy (Important) openSUSE Leap 15.3 This update for haproxy fixes the following issues: - Fixes HAProxy vulnerabilities on H2 (bsc#1189366). Important SUSE bug 1189366 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891): - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 Important SUSE bug 1188891 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 cpe:/o:opensuse:leap:15.3 Security update for go1.15 (Moderate) openSUSE Leap 15.3 This update for go1.15 fixes the following issues: Update to go1.15.15: - go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162) - go#47347 cmd/go: 'go list -f '{{.Stale}}'' stack overflow with cyclic imports - go#47014 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied. - go#46927 cmd/compile: register conflict between external linker and duffzero on arm64 - go#46857 runtime: ppc64x binaries randomly segfault on linux 5.13rc6 Moderate SUSE bug 1175132 SUSE bug 1188906 SUSE bug 1189162 CVE-2021-36221 cpe:/o:opensuse:leap:15.3 Security update for go1.16 (Moderate) openSUSE Leap 15.3 This update for go1.16 fixes the following issues: Update to go1.16.7: - go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162) - go#47348 cmd/go: 'go list -f '{{.Stale}}'' stack overflow with cyclic imports - go#47332 time: Timer reset broken under heavy use since go1.16 timer optimizations added - go#47289 cmd/link: build error with cgo in Windows, redefinition of go.map.zero - go#47015 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied. - go#46928 cmd/compile: register conflict between external linker and duffzero on arm64 - go#46858 runtime: ppc64x binaries randomly segfault on linux 5.13rc6 - go#46551 cmd/go: unhelpful error message when running 'go install' on a replaced-but-not-required package Moderate SUSE bug 1182345 SUSE bug 1189162 CVE-2021-36221 cpe:/o:opensuse:leap:15.3 Security update for qemu (Moderate) openSUSE Leap 15.3 This update for qemu fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) Moderate SUSE bug 1180432 SUSE bug 1180433 SUSE bug 1180434 SUSE bug 1180435 SUSE bug 1182651 SUSE bug 1186012 SUSE bug 1189145 CVE-2020-35503 CVE-2020-35504 CVE-2020-35505 CVE-2020-35506 CVE-2021-20255 CVE-2021-3527 CVE-2021-3682 cpe:/o:opensuse:leap:15.3 Security update for fetchmail (Moderate) openSUSE Leap 15.3 This update for fetchmail fixes the following issues: - CVE-2021-36386: Fixed a missing variable initialization that can cause read from bad memory locations. (bsc#1188875) - Change PASSWORDLEN from 64 to 256 (bsc#1188034) Moderate SUSE bug 1188034 SUSE bug 1188875 CVE-2021-36386 cpe:/o:opensuse:leap:15.3 Security update for libass (Important) openSUSE Leap 15.3 This update for libass fixes the following issues: - CVE-2020-36430: Fixed heap-based buffer overflow in decode_chars (bsc#1188539). Important SUSE bug 1188539 CVE-2020-36430 cpe:/o:opensuse:leap:15.3 Security update for openexr (Important) openSUSE Leap 15.3 This update for openexr fixes the following issues: - CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor - CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator - CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress - CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot - CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer - CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode Important SUSE bug 1188457 SUSE bug 1188458 SUSE bug 1188459 SUSE bug 1188460 SUSE bug 1188461 SUSE bug 1188462 CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-3476 cpe:/o:opensuse:leap:15.3 Security update for aspell (Important) openSUSE Leap 15.3 This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). Important SUSE bug 1177523 SUSE bug 1188576 CVE-2019-25051 cpe:/o:opensuse:leap:15.3 Security update for php7 (Important) openSUSE Leap 15.3 This update for php7 fixes the following issues: - CVE-2021-21704: Fixed security issues in pdo_firebase module (bsc#1188035). Important SUSE bug 1188035 CVE-2021-21704 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 15.3 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u302 (icedtea 3.20.0) - CVE-2021-2341: Improve file transfers. (bsc#1188564) - CVE-2021-2369: Better jar file validation. (bsc#1188565) - CVE-2021-2388: Enhance compiler validation. (bsc#1188566) - CVE-2021-2161: Less ambiguous processing. (bsc#1185056) Important SUSE bug 1185056 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188566 CVE-2021-2161 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 cpe:/o:opensuse:leap:15.3 Security update for krb5 (Important) openSUSE Leap 15.3 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) Important SUSE bug 1188571 CVE-2021-36222 cpe:/o:opensuse:leap:15.3 Security update for 389-ds (Moderate) openSUSE Leap 15.3 This update for 389-ds fixes the following issues: - Update to 1.4.4.16 - CVE-2021-3652: Fixed crypt handling of locked accounts. (bsc#1188455) Moderate SUSE bug 1188151 SUSE bug 1188455 CVE-2021-3652 cpe:/o:opensuse:leap:15.3 Security update for libmspack (Moderate) openSUSE Leap 15.3 This update for libmspack fixes the following issues: - CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. (bsc#1103032) - CVE-2018-14682: There is an off-by-one error in the TOLOWER() macro for CHM decompression. (bsc#1103032) - CVE-2018-14679: There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service. (bsc#1103032) Moderate SUSE bug 1103032 CVE-2018-14679 CVE-2018-14681 CVE-2018-14682 cpe:/o:opensuse:leap:15.3 Security update for systemd (Moderate) openSUSE Leap 15.3 This update for systemd fixes the following issues: - Updated to version 246.15 - CVE-2021-33910: Fixed a denial of service issue in systemd. (bsc#1188063) - CVE-2020-13529: Fixed an issue that allows crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. (bsc#1185972) Moderate SUSE bug 1166028 SUSE bug 1171962 SUSE bug 1184994 SUSE bug 1185972 SUSE bug 1188063 CVE-2020-13529 CVE-2021-33910 cpe:/o:opensuse:leap:15.3 Security update for dbus-1 (Moderate) openSUSE Leap 15.3 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) Moderate SUSE bug 1172505 CVE-2020-12049 cpe:/o:opensuse:leap:15.3 Security update for libvirt (Moderate) openSUSE Leap 15.3 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2021-3631: fix SELinux label generation logic (bsc#1187871) - CVE-2021-3667: Unlock object on ACL fail in storagePoolLookupByTargetPath (bsc#1188843) Non-security issues fixed: - virtlockd: Don't report error if lockspace exists (bsc#1184253) - Don't forcibly remove '--listen' arg from /etc/sysconfig/libvirtd. Add '--timeout 120' if '--listen' is not specified. (bsc#1188232) Moderate SUSE bug 1184253 SUSE bug 1187871 SUSE bug 1188232 SUSE bug 1188843 CVE-2021-3631 CVE-2021-3667 cpe:/o:opensuse:leap:15.3 Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate) openSUSE Leap 15.3 This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-botocore - Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-urllib3 - Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package. # python-service_identity - Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0 # python-trustme - Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0 Security fixes: # python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120) Moderate SUSE bug 1102408 SUSE bug 1138715 SUSE bug 1138746 SUSE bug 1176389 SUSE bug 1177120 SUSE bug 1182421 SUSE bug 1182422 CVE-2020-26137 cpe:/o:opensuse:leap:15.3 Security update for openssl-1_0_0 (Important) openSUSE Leap 15.3 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189521 CVE-2021-3712 cpe:/o:opensuse:leap:15.3 Security update for openssl-1_1 (Important) openSUSE Leap 15.3 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189520 SUSE bug 1189521 CVE-2021-3711 CVE-2021-3712 cpe:/o:opensuse:leap:15.3 Security update for mariadb (Moderate) openSUSE Leap 15.3 This update for mariadb fixes the following issues: Update to version 10.2.40 [bsc#1189320]: - fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389 Moderate SUSE bug 1189320 CVE-2021-2372 CVE-2021-2389 cpe:/o:opensuse:leap:15.3 Security update for mariadb (Moderate) openSUSE Leap 15.3 This update for mariadb fixes the following issues: Update to version 10.2.40 (bsc#1189320): - fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389 In additon the follwing was changed: - Increase NOFILE limit on service configuration (bsc#1180014) The default 'NOFILE' setting on mariadb service configuration is to low and may cause instability on higher loads. Moderate SUSE bug 1180014 SUSE bug 1189320 CVE-2021-2372 CVE-2021-2389 cpe:/o:opensuse:leap:15.3 Security update for jetty-minimal (Moderate) openSUSE Leap 15.3 This update for jetty-minimal fixes the following issues: - Update to version 9.4.43.v20210629 - CVE-2021-34429: URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. (bsc#1188438) Moderate SUSE bug 1188438 CVE-2021-34429 cpe:/o:opensuse:leap:15.3 Security update for qemu (Moderate) openSUSE Leap 15.3 This update for qemu fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) Non-security issues fixed: - Use max host physical address if -cpu max is used (bsc#1188299) Moderate SUSE bug 1180432 SUSE bug 1180433 SUSE bug 1180434 SUSE bug 1180435 SUSE bug 1182651 SUSE bug 1186012 SUSE bug 1188299 SUSE bug 1189145 CVE-2020-35503 CVE-2020-35504 CVE-2020-35505 CVE-2020-35506 CVE-2021-20255 CVE-2021-3527 CVE-2021-3682 cpe:/o:opensuse:leap:15.3 Security update for spectre-meltdown-checker (Moderate) openSUSE Leap 15.3 This update for spectre-meltdown-checker fixes the following issues: spectre-meltdown-checker was updated to version 0.44 (bsc#1189477) - feat: add support for SRBDS related vulnerabilities - feat: add zstd kernel decompression (#370) - enh: arm: add experimental support for binary arm images - enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode - fix: fwdb: remove Intel extract tempdir on exit - fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278) - fix: fwdb: use the commit date as the intel fwdb version - fix: fwdb: update Intel's repository URL - fix: arm64: CVE-2017-5753: kernels 4.19+ use a different nospec macro - fix: on CPU parse info under FreeBSD - chore: github: add check run on pull requests - chore: fwdb: update to v165.20201021+i20200616 Moderate SUSE bug 1189477 CVE-2017-5753 cpe:/o:opensuse:leap:15.3 Security update for php7 (Important) openSUSE Leap 15.3 This update for php7 fixes the following issues: - CVE-2020-36193: Fixed Archive_Tar directory traversal due to inadequate checking of symbolic links (bsc#1189591). Important SUSE bug 1189591 CVE-2020-36193 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: Update to version 78.13 (MFSA 2021-35, bsc#1188891) - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Thunderbird 78.13 Important SUSE bug 1188891 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 cpe:/o:opensuse:leap:15.3 Security update for nodejs12 (Important) openSUSE Leap 15.3 This update for nodejs12 fixes the following issues: Update to 12.22.5: - CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (bsc#1189370, bsc#1188881) - CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368) - CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369) - CVE-2021-22930: http2: fixes use after free on close http2 on stream canceling (bsc#1188917) Important SUSE bug 1188881 SUSE bug 1188917 SUSE bug 1189368 SUSE bug 1189369 SUSE bug 1189370 CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-3672 cpe:/o:opensuse:leap:15.3 Security update for dovecot23 (Moderate) openSUSE Leap 15.3 This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 (jsc#SLE-19970): Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. (bsc#1187418) Local attacker can login as any user and access their emails - CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. (bsc#1187419) Attacker can potentially steal user credentials and mails * Disconnection log messages are now more standardized across services. They also always now start with 'Disconnected' prefix. * Dovecot now depends on libsystemd for systemd integration. * Removed support for Lua 5.2. Use version 5.1 or 5.3 instead. * config: Some settings are now marked as 'hidden'. It's discouraged to change these settings. They will no longer be visible in doveconf output, except if they have been changed or if doveconf -s parameter is used. See https://doc.dovecot.org/settings/advanced/ for details. * imap-compress: Compression level is now algorithm specific. See https://doc.dovecot.org/settings/plugin/compress-plugin/ * indexer-worker: Convert 'Indexed' info logs to an event named 'indexer_worker_indexing_finished'. See https://doc.dovecot.org/admin_manual/list_of_events/#indexer-worker-indexing-finished + Add TSLv1.3 support to min_protocols. + Allow configuring ssl_cipher_suites. (for TLSv1.3+) + acl: Add acl_ignore_namespace setting which allows to entirely ignore ACLs for the listed namespaces. + imap: Support official RFC8970 preview/snippet syntax. Old methods of retrieving preview information via IMAP commands ('SNIPPET and PREVIEW with explicit algorithm selection') have been deprecated. + imapc: Support INDEXPVT for imapc storage to enable private message flags for cluster wide shared mailboxes. + lib-storage: Add new events: mail_opened, mail_expunge_requested, mail_expunged, mail_cache_lookup_finished. See https://doc.dovecot.org/admin_manual/list_of_events/#mail + zlib, imap-compression, fs-compress: Support compression levels that the algorithm supports. Before, we would allow hardcoded value between 1 to 9 and would default to 6. Now we allow using per-algorithm value range and default to whatever default the algorithm specifies. - *-login: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice. This applies to all protocols that involve user login, which currently comprises of imap, pop3, submisision and managesieve. - *-login: Processes are supposed to disconnect the oldest non-logged in connection when process_limit was reached. This didn't actually happen with the default 'high-security mode' (with service_count=1) where each connection is handled by a separate process. - *-login: When login process reaches client/process limits, oldest client connections are disconnected. If one of these was still doing anvil lookup, this caused a crash. This could happen only if the login process limits were very low or if the server was overloaded. - Fixed building with link time optimizations (-flto). - auth: Userdb iteration with passwd driver does not always return all users with some nss drivers. - dsync: Shared INBOX not synced when 'mail_shared_explicit_inbox' was disabled. If a user has a shared mailbox which is another user's INBOX, dsync didn't include the mailbox in syncing unless explicit naming is enabled with 'mail_shared_explicit_inbox' set to 'yes'. - dsync: Shared namespaces were not synced with '-n' flag. - dsync: Syncing shared INBOX failed if mail_attribute_dict was not set. If a user has a shared mailbox that is another user's INBOX, dsync failed to export the mailbox if mail attributes are disabled. - fts-solr, fts-tika: Using both Solr FTS and Tika may have caused HTTP requests to assert-crash: Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL) - fts-tika: 5xx errors returned by Tika server as indexing failures. However, Tika can return 5xx for some attachments every time. So the 5xx error should be retried once, but treated as success if it happens on the retry as well. v2.3 regression. - fts-tika: v2.3.11 regression: Indexing messages with fts-tika may have resulted in Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input)) - imap: SETMETADATA could not be used to unset metadata values. Instead NIL was handled as a 'NIL' string. v2.3.14 regression. - imap: IMAP BINARY FETCH crashes at least on empty base64 body: Panic: file index-mail-binary.c: line 358 (blocks_count_lines): assertion failed: (block_count == 0 || block_idx+1 == block_count) - imap: If IMAP client using the NOTIFY command was disconnected while sending FETCH notifications to the client, imap could crash with Panic: Trying to close mailbox INBOX with open transactions. - imap: Using IMAP COMPRESS extension can cause IMAP connection to hang when IMAP commands are >8 kB long. - imapc: If remote server sent BYE but didn't immediately disconnect, it could cause infinite busy-loop. - lib-index: Corrupted cache record size in dovecot.index.cache file could have caused a crash (segfault) when accessing it. - lib-oauth2: JWT token time validation now works correctly with 32-bit systems. - lib-ssl-iostream: Checking hostnames against an SSL certificate was case-sensitive. - lib-storage: Corrupted mime.parts in dovecot.index.cache may have resulted in Panic: file imap-bodystructure.c: line 206 (part_write_body): assertion failed: (text == ((part->flags & MESSAGE_PART_FLAG_TEXT) != 0)) - lib-storage: Index rebuilding (e.g. via doveadm force-resync) didn't preserve the 'hdr-pop3-uidl' header. Because of this, the next pop3 session could have accessed all of the emails' metadata to read their POP3 UIDL (opening dbox files). - listescape: When using the listescape plugin and a shared namespace the plugin didn't work properly anymore resulting in errors like: 'Invalid mailbox name: Name must not have '/' character.' - lmtp: Connection crashes if connection gets disconnected due to multiple bad commands and the last bad command is BDAT. - lmtp: The Dovecot-specific LMTP parameter XRCPTFORWARD was blindly forwarded by LMTP proxy without checking that the backend has support. This caused a command parameter error from the backend if it was running an older Dovecot release. This could only occur in more complex setups where the message was proxied twice; when the proxy generated the XRCPTFORWARD parameter itself the problem did not occur, so this only happened when it was forwarded. - lmtp: The LMTP proxy crashes with a panic when the remote server replies with an error while the mail is still being forwarded through a DATA/BDAT command. - lmtp: Username may have been missing from lmtp log line prefixes when it was performing autoexpunging. - master: Dovecot would incorrectly fail with haproxy 2.0.14 service checks. - master: Systemd service: Dovecot announces readiness for accepting connections earlier than it should. The following environment variables are now imported automatically and can be omitted from import_environment setting: NOTIFY_SOCKET LISTEN_FDS LISTEN_PID. - master: service { process_min_avail } was launching processes too slowly when master was forking a lot of processes. - util: Make the health-check.sh example script POSIX shell compatible. * Added new aliases for some variables. Usage of the old ones is possible, but discouraged. (These were partially added already to v2.3.13.) See https://doc.dovecot.org/configuration_manual/config_file/config_variables/ for more information. * Optimize imap/pop3/submission/managesieve proxies to use less CPU at the cost of extra memory usage. * Remove autocreate, expire, snarf and mail-filter plugins. * Remove cydir storage driver. * Remove XZ/LZMA write support. Read support will be removed in future release. * doveadm -D: Add timestamps to debug output even when LOG_STDERR_TIMESTAMP environment variable is not set. Timestamp format is taken from log_timestamp setting. * If BROKENCHAR or listescape plugin is used, the escaped folder names may be slightly different from before in some situations. This is unlikely to cause issues, although caching clients may redownload the folders. * imapc: It now enables BROKENCHAR=~ by default to escape remote folder names if necessary. This also means that if there are any '~' characters in the remote folder names, they will be visible as '~7e'. * imapc: When using local index files folder names were escaped on filesystem a bit differently. This affects only if there are folder names that actually require escaping, which isn't so common. The old style folders will be automatically deleted from filesystem. * stats: Update exported metrics to be compliant with OpenMetrics standard. + doveadm: Add an optional '-p' parameter to metadata list command. If enabled, '/private', and '/shared' metadata prefixes will be prepended to the keys in the list output. + doveconf: Support environment variables in config files. See https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/#environment-variables for more details. + indexer-worker: Change indexer to disconnect from indexer-worker after each request. This allows service indexer-worker's service_count & idle_kill settings to work. These can be used to restart indexer-worker processes once in a while to reduce their memory usage. - auth: 'nodelay' with various authentication mechanisms such as apop and digest-md5 crashed AUTH process if authentication failed. - auth: Auth lua script generating an error triggered an assertion failure: Panic: file db-lua.c: line 630 (auth_lua_call_password_verify): assertion failed: (lua_gettop(script->L) == 0). - configure: Fix libunwind detection to work on other than x86_64 systems. - doveadm-server: Process could crash if logging was done outside command handling. For example http-client could have done debug logging afterwards, resulting in either segfault or Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL). - dsync: Folder name escaping with BROKENCHAR didn't work completely correctly. This especially caused problems with dsync-migrations using imapc where some of the remote folder names may not have been accessible. - dsync: doveadm sync + imapc doesn't always sync all mails when doing an incremental sync (-1), which could lead to mail loss when it's used for migration. This happens only when GUIDs aren't used (i.e. imapc without imapc_features=guid-forced). - fts-tika: When tika server returns error, some mails cause Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input)) - lib-imap: imapc parsing illegal BODYSTRUCTUREs with NILs could have resulted in crashes. This exposed that Dovecot was wrongly accepting atoms in 'nstring' handling. Changed the IMAP parsing to be more strict about this now. - lib-index: If dovecot.index.cache has corrupted message size, fetching BODY/BODYSTRUCTURE may cause assert-crash: Panic: file index-mail.c: line 1140 (index_mail_parse_body_finish): assertion failed: (mail->data.parts != NULL). - lib-index: Minor error handling and race condition fixes related to rotating dovecot.index.log. These didn't usually cause problems, unless the log files were rotated rapidly. - lib-lua: Lua scripts using coroutines or lua libraries using coroutines (e.g., cqueues) panicked. - Message PREVIEW handled whitespace wrong so first space would get eaten from between words. - FTS and message PREVIEW (snippet) parsed HTML &entities case-sensitively. - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for IMAP clients and also Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= MAC_MAX_CONTEXT_SIZE). - event filters: NOT keyword did not have the correct associativity. - Ignore ECONNRESET when closing socket. This avoids logging useless errors on systems like FreeBSD. - event filters: event filter syntax error may lead to Panic: file event-filter.c: line 137 (event_filter_parse): assertion failed: (state.output == NULL) - lib: timeval_cmp_margin() was broken on 32-bit systems. This could potentially have caused HTTP timeouts to be handled incorrectly. - log: instance_name wasn't used as syslog ident by the log process. - master: After a service reached process_limit and client_limit, it could have taken up to 1 second to realize that more client connections became available. During this time client connections could have been unnecessarily rejected and a warning logged: Warning: service(...): process_limit (...) reached, client connections are being dropped - stats: Crash would occur when generating openmetrics data for metrics using aggregating functions. - stats: Event filters comparing against empty strings crash the stats process. * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information. * Metric filter and global event filter variable syntax changed to a SQL-like format. See https://doc.dovecot.org/configuration_manual/event_filter/ * auth: Added new aliases for %{variables}. Usage of the old ones is possible, but discouraged. * auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth mechanism and related password schemes. * auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail. * auth: Removed postfix postmap socket + auth: Added new fields for auth server events. These fields are now also available for all auth events. See https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server for details. + imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated and imap_client_unhibernate_retried events. See https://doc.dovecot.org/admin_manual/list_of_events/ for details. + lib-index: Added new mail_index_recreated event. See https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated + lib-sql: Support TLS options for cassandra driver. This requires cpp-driver v2.15 (or later) to work reliably. + lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now added to existing mails if mail_attachment_detection_option=add-flags and it can be done inexpensively. + login proxy: Added login_proxy_max_reconnects setting (default 3) to control how many reconnections are attempted. + login proxy: imap/pop3/submission/managesieve proxying now supports reconnection retrying on more than just connect() failure. Any error except a non-temporary authentication failure will result in reconnect attempts. - auth: Lua passdb/userdb leaks stack elements per call, eventually causing the stack to become too deep and crashing the auth or auth-worker process. - auth: SASL authentication PLAIN mechanism could be used to trigger read buffer overflow. However, this doesn't seem to be exploitable in any way. - auth: v2.3.11 regression: GSSAPI authentication fails because dovecot disallows NUL bytes for it. - dict: Process used too much CPU when iterating keys, because each key used a separate write() syscall. - doveadm-server: Crash could occur if logging was done outside command handling. For example http-client could have done debug logging afterwards, resulting in either segfault or Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL). - doveadm-server: v2.3.11 regression: Trying to connect to doveadm server process via starttls assert-crashed if there were no ssl=yes listeners: Panic: file master-service-ssl.c: line 22 (master_service_ssl_init): assertion failed: (service->ssl_ctx_initialized). - fts-solr: HTTP requests may have assert-crashed: Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL) - imap: IMAP NOTIFY could crash with a segmentation fault due to a bad configuration that causes errors. Sending the error responses to the client can cause the segmentation fault. This can for example happen when several namespaces use the same mail storage location. - imap: IMAP NOTIFY used on a shared namespace that doesn't actually exist (e.g. public namespace for a nonexistent user) can crash with a panic: Panic: Leaked view for index /tmp/home/asdf/mdbox/dovecot.list.index: Opened in (null):0 - imap: IMAP session can crash with QRESYNC extension if many changes are done before asking for expunged mails since last sync. - imap: Process might hang indefinitely if client disconnects after sending some long-running commands pipelined, for example FETCH+LOGOUT. - lib-compress: Mitigate crashes when configuring a not compiled in compression. Errors with compression configuration now distinguish between not supported and unknown. - lib-compression: Using xz/lzma compression in v2.3.11 could have written truncated output in some situations. This would result in 'Broken pipe' read errors when trying to read it back. - lib-compression: zstd compression could have crashed in some situations: Panic: file ostream.c: line 287 (o_stream_sendv_int): assertion failed: (!stream->blocking) - lib-dict: dict client could have crashed in some rare situations when iterating keys. - lib-http: Fix several assert-crashes in HTTP client. - lib-index: v2.3.11 regression: When mails were expunged at the same time as lots of new content was being saved to the cache (e.g. cache file was lost and is being re-filled) a deadlock could occur with dovecot.index.cache / dovecot.index.log. - lib-index: v2.3.11 regression: dovecot.index.cache file was being purged (rewritten) too often when it had a field that hadn't been accessed for over 1 month, but less than 2 months. Every cache file change caused a purging in this situation. - lib-mail: MIME parts were not returned correctly by Dovecot MIME parser. Regression caused by fixing CVE-2020-12100. - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for both IMAP clients and Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-mail: v2.3.11 regression: Mail delivery / parsing crashed when the 10000th MIME part was message/rfc822 (or if parent was multipart/digest): Panic: file message-parser.c: line 167 (message_part_append): assertion failed: (ctx->total_parts_count <= ctx->max_total_mime_parts). - lib-oauth2: Dovecot incorrectly required oauth2 server introspection reply to contain username with invalid token. - lib-ssl-iostream, lib-dcrypt: Fix building with OpenSSL that has deprecated APIs disabled. - lib-storage: When mail's size is different from the cached one (in dovecot.index.cache or Maildir S=size in the filename), this is handled by logging 'Cached message size smaller/larger than expected' error. However, in some situations this also ended up crashing with: Panic: file istream.c: line 315 (i_stream_read_memarea): assertion failed: (old_size <= _stream->pos - _stream->skip). - lib-storage: v2.3 regression: Copying/moving mails was taking much more memory than before. This was mainly visible when copying/moving thousands of mails in a single transaction. - lib-storage: v2.3.11 regression: Searching messages assert-crashed (without FTS): Panic: file message-parser.c: line 174 (message_part_finish): assertion failed: (ctx->nested_parts_count > 0). - lib: Dovecot v2.3 moved signal handlers around in ioloops, causing more CPU usage than in v2.2. - lib: Fixed JSON parsing: '\' escape sequence may have wrongly resulted in error if it happened to be at read boundary. Any NUL characters and '\u0000' will now result in parsing error instead of silently truncating the data. - lmtp, submission: Server may hang if SSL client connection disconnects during the delivery. If this happened repeated, it could have ended up reaching process_limit and preventing any further lmtp/submission deliveries. - lmtp: Proxy does not always properly log TLS connection problems as errors; in some cases, only a debug message is logged if enabled. - lmtp: The LMTP service can hang when commands are pipelined. This can particularly occur when one command in the middle of the pipeline fails. One example of this occurs for proxied LMTP transactions in which the final DATA or BDAT command is pipelined after a failing RCPT command. - login-proxy: The login_source_ips setting has no effect, and therefore the proxy source IPs are not cycled through as they should be. - master: Process was using 100% CPU in some situations when a broken service was being throttled. - pop3-login: POP3 login would fail with 'Input buffer full' if the initial response for SASL was too long. - stats: Crash would occur when generating openmetrics data for metrics using aggregating functions. Update pigeonhole to version 0.5.15 * CVE-2020-28200: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time usage is summed in the Sieve script binary and execution is blocked when the sum exceeds the limit within that time. The block is lifted when the script is updated after the resource usage times out. (bsc#1187420) Attacker can DoS the mail delivery system (jsc#PM-2746) ECO: Dovecot 2.3.15 version upgrade * Disconnection log messages are now more standardized across services. They also always now start with 'Disconnected' prefix. * managesieve: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice. * duplicate: The test was handled badly in a multiscript (sieve_before, sieve_after) scenario in which an earlier script in the sequence with a duplicate test succeeded, while a later script caused a runtime failure. In that case, the message is recorded for duplicate tracking, while the message may not actually have been delivered in the end. * editheader: Sieve interpreter entered infinite loop at startup when the 'editheader' configuration listed an invalid header name. This problem can only be triggered by the administrator. * relational: The Sieve relational extension can cause a segfault at compile time. This is triggered by invalid script syntax. The segfault happens when this match type is the last argument of the test command. This situation is not possible in a valid script; positional arguments are normally present after that, which would prevent the segfault. * sieve: For some Sieve commands the provided mailbox name is not properly checked for UTF-8 validity, which can cause assert crashes at runtime when an invalid mailbox name is encountered. This can be caused by the user by writing a bad Sieve script involving the affected commands ('mailboxexists', 'specialuse_exists'). This can be triggered by the remote sender only when the user has written a Sieve script that passes message content to one of the affected commands. * sieve: Large sequences of 8-bit octets passed to certain Sieve commands that create or modify message headers that allow UTF-8 text (vacation, notify and addheader) can cause the delivery or IMAP process (when IMAPSieve is used) to enter a memory-consuming semi-infinite loop that ends when the process exceeds its memory limits. Logged in users can cause these hangs only for their own processes. Moderate SUSE bug 1187418 SUSE bug 1187419 SUSE bug 1187420 CVE-2020-28200 CVE-2021-29157 cpe:/o:opensuse:leap:15.3 Security update for gstreamer-plugins-good (Moderate) openSUSE Leap 15.3 This update for gstreamer-plugins-good fixes the following issues: - CVE-2021-3498: Matroskademux: initialize track context out parameter to NULL before parsing (bsc#1184735). - CVE-2021-3497: Matroskademux: Fix extraction of multichannel WavPack (bsc#1184739). Moderate SUSE bug 1184735 SUSE bug 1184739 CVE-2021-3497 CVE-2021-3498 cpe:/o:opensuse:leap:15.3 Security update for ffmpeg (Important) openSUSE Leap 15.3 This update for ffmpeg fixes the following issues: - CVE-2019-9721: Fix denial of service in the subtitle decoder in handle_open_brace from libavcodec/htmlsubtitles.c (bsc#1129714). - CVE-2020-22046: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c (bsc#1186849). - CVE-2020-22048: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c (bsc#1186859). - CVE-2020-22049: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c (bsc#1186861). - CVE-2020-22054: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c (bsc#1186863). - CVE-2020-21688: Fixed a heap-use-after-free in the av_freep function in libavutil/mem.c (bsc#1189348). - CVE-2020-21697: Fixed a heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c (bsc#1189350). - CVE-2021-38114: Fixed a not checked return value of the init_vlc function (bsc#1189142). Important SUSE bug 1129714 SUSE bug 1186849 SUSE bug 1186859 SUSE bug 1186861 SUSE bug 1186863 SUSE bug 1189142 SUSE bug 1189348 SUSE bug 1189350 CVE-2019-9721 CVE-2020-21688 CVE-2020-21697 CVE-2020-22046 CVE-2020-22048 CVE-2020-22049 CVE-2020-22054 CVE-2021-38114 cpe:/o:opensuse:leap:15.3 Security update for xen (Important) openSUSE Leap 15.3 This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release (bsc#1027519). Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381). Other issues fixed: - Fixed 'Panic on CPU 0: IO-APIC + timer doesn't work!' (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877) - Upstream bug fixes (bsc#1027519) - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189). - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Some long deprecated commands were finally removed in qemu6. Adjust libxl to use supported commands (bsc#1183243). - Update logrotate.conf, move global options into per-file sections to prevent globbering of global state (bsc#1187406). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). Important SUSE bug 1027519 SUSE bug 1176189 SUSE bug 1179246 SUSE bug 1183243 SUSE bug 1183877 SUSE bug 1185682 SUSE bug 1186428 SUSE bug 1186429 SUSE bug 1186433 SUSE bug 1186434 SUSE bug 1187406 SUSE bug 1188050 SUSE bug 1189373 SUSE bug 1189376 SUSE bug 1189378 SUSE bug 1189380 SUSE bug 1189381 SUSE bug 1189882 CVE-2021-0089 CVE-2021-28690 CVE-2021-28692 CVE-2021-28693 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 cpe:/o:opensuse:leap:15.3 Security update for libesmtp (Important) openSUSE Leap 15.3 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Important SUSE bug 1160462 SUSE bug 1189097 CVE-2019-19977 cpe:/o:opensuse:leap:15.3 Security update for mariadb (Moderate) openSUSE Leap 15.3 This update for mariadb fixes the following issues: Update to 10.5.12 [bsc#1189320]: - fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389 Moderate SUSE bug 1189320 CVE-2021-2372 CVE-2021-2389 cpe:/o:opensuse:leap:15.3 Security update for sssd (Important) openSUSE Leap 15.3 This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands (bsc#1189492). - Add LDAPS support for the AD provider (bsc#1183735). - Improve logs to record the reason why internal watchdog terminates a process (bsc#1187120). - Fix watchdog not terminating tasks (bsc#1187120). Important SUSE bug 1183735 SUSE bug 1187120 SUSE bug 1189492 CVE-2021-3621 cpe:/o:opensuse:leap:15.3 Security update for java-11-openjdk (Important) openSUSE Leap 15.3 This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.12+7 - CVE-2021-2369: Fixed JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2388: Fixed a flaw inside the Hotspot component performed range check elimination. (bsc#1188566) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) Important SUSE bug 1185476 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188566 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 cpe:/o:opensuse:leap:15.3 Security update for nodejs10 (Moderate) openSUSE Leap 15.3 This update for nodejs10 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881). - CVE-2021-22930: Fixed use after free on close http2 on stream canceling (bsc#1188917). - CVE-2021-22939: Fixed incomplete validation of rejectUnauthorized parameter (bsc#1189369). - CVE-2021-22931: Fixed improper handling of untypical characters in domain names (bsc#1189370). Moderate SUSE bug 1188881 SUSE bug 1188917 SUSE bug 1189369 SUSE bug 1189370 CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-3672 cpe:/o:opensuse:leap:15.3 Security update for apache2 (Important) openSUSE Leap 15.3 This update for apache2 fixes the following issues: - CVE-2021-33193: Fixed request splitting via HTTP/2 method injection and mod_proxy (bsc#1189387). Important SUSE bug 1189387 CVE-2021-33193 cpe:/o:opensuse:leap:15.3 Security update for xerces-c (Important) openSUSE Leap 15.3 This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs (bsc#1159552). Important SUSE bug 1159552 CVE-2018-1311 cpe:/o:opensuse:leap:15.3 Security update for openssl-1_1 (Low) openSUSE Leap 15.3 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:opensuse:leap:15.3 Security update for ntfs-3g_ntfsprogs (Important) openSUSE Leap 15.3 This update for ntfs-3g_ntfsprogs fixes the following issues: Update to version 2021.8.22 (bsc#1189720): * Fixed compile error when building with libfuse < 2.8.0 * Fixed obsolete macros in configure.ac * Signalled support of UTIME_OMIT to external libfuse2 * Fixed an improper macro usage in ntfscp.c * Updated the repository change in the README * Fixed vulnerability threats caused by maliciously tampered NTFS partitions * Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263. - Library soversion is now 89 * Changes in version 2017.3.23 * Delegated processing of special reparse points to external plugins * Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs * Enabled fallback to read-only mount when the volume is hibernated * Made a full check for whether an extended attribute is allowed * Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap) * Enabled encoding broken UTF-16 into broken UTF-8 * Autoconfigured selecting <sys/sysmacros.h> vs <sys/mkdev> * Allowed using the full library API on systems without extended attributes support * Fixed DISABLE_PLUGINS as the condition for not using plugins * Corrected validation of multi sector transfer protected records * Denied creating/removing files from $Extend * Returned the size of locale encoded target as the size of symlinks Important SUSE bug 1189720 CVE-2019-9755 CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263 cpe:/o:opensuse:leap:15.3 Security update for haproxy (Moderate) openSUSE Leap 15.3 This update for haproxy fixes the following issues: - CVE-2021-40346: Fixed request smuggling vulnerability in HTX (bsc#1189877). Moderate SUSE bug 1189877 CVE-2021-40346 cpe:/o:opensuse:leap:15.3 Security update for openssl-1_0_0 (Low) openSUSE Leap 15.3 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:opensuse:leap:15.3 Security update for libtpms (Important) openSUSE Leap 15.3 This update for libtpms fixes the following issues: - CVE-2021-3746: Fixed out-of-bounds access via specially crafted TPM 2 command packets (bsc#1189935). Important SUSE bug 1189935 CVE-2021-3746 cpe:/o:opensuse:leap:15.3 Security update for libaom (Important) openSUSE Leap 15.3 This update for libaom fixes the following issues: - CVE-2021-30475: Fixed buffer overflow in aom_dsp/noise_model.c (bsc#1189497). Important SUSE bug 1189497 CVE-2021-30475 cpe:/o:opensuse:leap:15.3 Security update for wireshark (Moderate) openSUSE Leap 15.3 This update for wireshark fixes the following issues: - Update to Wireshark 3.4.7 - CVE-2021-22235: Fixed DNP dissector crash (bsc#1188375). Moderate SUSE bug 1188375 CVE-2021-22235 cpe:/o:opensuse:leap:15.3 Security update for php7-pear (Important) openSUSE Leap 15.3 This update for php7-pear fixes the following issues: - CVE-2020-36193: Fixed Archive_Tar directory traversal due to inadequate checking of symbolic links (bsc#1189591). Important SUSE bug 1189591 CVE-2020-36193 cpe:/o:opensuse:leap:15.3 Security update for apache2-mod_auth_openidc (Moderate) openSUSE Leap 15.3 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis (bsc#1188638) - CVE-2021-32786: open redirect in logout functionality (bsc#1188639) - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption (bsc#1188849) - CVE-2021-32792: XSS when using OIDCPreservePost On (bsc#1188848) Moderate SUSE bug 1188638 SUSE bug 1188639 SUSE bug 1188848 SUSE bug 1188849 CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 CVE-2021-32792 cpe:/o:opensuse:leap:15.3 Security update for ghostscript (Critical) openSUSE Leap 15.3 This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381) Also a hardening fix was added: - Link as position independent executable (bsc#1184123) Critical SUSE bug 1184123 SUSE bug 1190381 CVE-2021-3781 cpe:/o:opensuse:leap:15.3 Security update for libcroco (Moderate) openSUSE Leap 15.3 This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685). Moderate SUSE bug 1171685 CVE-2020-12825 cpe:/o:opensuse:leap:15.3 Security update for xen (Moderate) openSUSE Leap 15.3 This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Upstream bug fixes (bsc#1027519) Moderate SUSE bug 1027519 SUSE bug 1189632 CVE-2021-28701 cpe:/o:opensuse:leap:15.3 Security update for grafana-piechart-panel (Moderate) openSUSE Leap 15.3 This update for grafana-piechart-panel fixes the following issues: - CVE-2020-13429: Fixed XSS via the Values Header option in the piechart-panel (bsc#1172125). Moderate SUSE bug 1172125 CVE-2020-13429 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ). - CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393). - CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes). - ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes). - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes). - ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes). - ALSA: hda/realtek - Add type for ALC287 (git-fixes). - ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: hda: Fix hang during shutdown due to link reset (git-fixes). - ALSA: hda: Release controller display power during shutdown/reboot (git-fixes). - ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes). - ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold again (git-fixes). - ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend (git-fixes). - ASoC: ti: j721e-evm: Check for not initialized parent_clk_id (git-fixes). - ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: uniphier: Fix reference to PCM buffer address (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Avoid double printing SUSE specific flags in mod->taint (bsc#1190413). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543) - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest (bsc#1187959). - KVM: nVMX: Handle split-lock #AC exceptions that happen in L2 (bsc#1187959). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: Emulate split-lock access as a write in emulator (bsc#1187959). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - RDMA/bnxt_re: Fix stats counters (bsc#1188231). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - bnxt_en: Validate vlan protocol ID on RX packets (jsc#SLE-15075). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189079). - btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481). - btrfs: add a trace point for reserve tickets (bsc#1135481). - btrfs: adjust the flush trace point to include the source (bsc#1135481). - btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: implement space clamping for preemptive flushing (bsc#1135481). - btrfs: improve preemptive background space flushing (bsc#1135481). - btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481). - btrfs: rename need_do_async_reclaim (bsc#1135481). - btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481). - btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481). - btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481). - btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481). - btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - device-dax: Fix default return code of range_parse() (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: idxd: fix setup sequence for MSIXPERM table (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes). - drm/amd/display: Fix comparison error in dcn21 DML (git-fixes). - drm/amd/display: Fix max vstartup calculation for modes with borders (git-fixes). - drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes). - drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes). - drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/amdgpu/display: fix DMUB firmware version info (git-fixes). - drm/amdgpu/display: only enable aux backlight control for OLED panels (git-fixes). - drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes). - drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir (git-fixes). - drm/dp_mst: Fix return code on sideband message failure (git-fixes). - drm/i915/dg1: gmbus pin mapping (bsc#1188700). - drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700). - drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700). - drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700). - drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700). - drm/i915: Add VBT AUX CH H and I (bsc#1188700). - drm/i915: Add VBT DVO ports H and I (bsc#1188700). - drm/i915: Add more AUX CHs to the enum (bsc#1188700). - drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#1188700). - drm/i915: Correct SFC_DONE register offset (git-fixes). - drm/i915: Introduce HPD_PORT_TC&lt;n> (bsc#1188700). - drm/i915: Move hpd_pin setup to encoder init (bsc#1188700). - drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700). - drm/i915: Only access SFC_DONE when media domain is not fused off (git-fixes). - drm/meson: fix colour distortion from HDR set during vendor u-boot (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (git-fixes). - drm/of: free the iterator object on failure (git-fixes). - drm/of: free the right object (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm/prime: fix comment on PRIME Helpers (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fixup 'rpm: support gz and zst compression methods' (bsc#1190358, bsc#1190428). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - ionic: add handling of larger descriptors (jsc#SLE-16649). - ionic: add new queue features to interface (jsc#SLE-16649). - ionic: aggregate Tx byte counting calls (jsc#SLE-16649). - ionic: block actions during fw reset (jsc#SLE-16649). - ionic: change mtu after queues are stopped (jsc#SLE-16649). - ionic: check for link after netdev registration (jsc#SLE-16649). - ionic: code cleanup details (jsc#SLE-16649). - ionic: fix sizeof usage (jsc#SLE-16649). - ionic: fix unchecked reference (jsc#SLE-16649). - ionic: fix up dim accounting for tx and rx (jsc#SLE-16649). - ionic: generic tx skb mapping (jsc#SLE-16649). - ionic: implement Rx page reuse (jsc#SLE-16649). - ionic: make all rx_mode work threadsafe (jsc#SLE-16649). - ionic: move rx_page_alloc and free (jsc#SLE-16649). - ionic: optimize fastpath struct usage (jsc#SLE-16649). - ionic: protect adminq from early destroy (jsc#SLE-16649). - ionic: rebuild debugfs on qcq swap (jsc#SLE-16649). - ionic: remove intr coalesce update from napi (jsc#SLE-16649). - ionic: remove some unnecessary oom messages (jsc#SLE-16649). - ionic: simplify TSO descriptor mapping (jsc#SLE-16649). - ionic: simplify rx skb alloc (jsc#SLE-16649). - ionic: simplify the intr_index use in txq_init (jsc#SLE-16649). - ionic: simplify tx clean (jsc#SLE-16649). - ionic: simplify use of completion types (jsc#SLE-16649). - ionic: start queues before announcing link up (jsc#SLE-16649). - ionic: stop watchdog when in broken state (jsc#SLE-16649). - ionic: useful names for booleans (jsc#SLE-16649). - iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - iwlwifi: skip first element in the WTAS ACPI table (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - lib: Add zstd support to decompress (bsc#1187483, jsc#SLE-18766). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - md: revert io stats accounting (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#1189301). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412) - net/mlx5: Properly convey driver version to firmware (git-fixes). - net/mlx5e: Add missing capability check for uplink follow (bsc#1188412) - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - net: usb: lan78xx: do not modify phy_device state concurrently (bsc#1188270) - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225). - pinctrl: tigerlake: Fix GPIO mapping for newer version of software (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - post.sh: detect /usr mountpoint too - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/cacheinfo: Improve diagnostics about malformed cache lists (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Lookup cache by dt node and thread-group id (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Remove the redundant get_shared_cpu_map() (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Use name@unit instead of full DT path in debug messages (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - powerpc/smp: Make some symbols static (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes 'allloc' -> 'alloc' (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts (git-fixes). - serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - usr: Add support for zstd compressed initramfs (bsc#1187483, jsc#SLE-18766). - virt_wifi: fix error on connect (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337). - x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337). - x86/sev: Use 'SEV: ' prefix for messages from sev.c (jsc#SLE-14337). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - x86/split_lock: Provide handle_guest_split_lock() (bsc#1187959). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). Important SUSE bug 1040364 SUSE bug 1127650 SUSE bug 1135481 SUSE bug 1152489 SUSE bug 1160010 SUSE bug 1168202 SUSE bug 1171420 SUSE bug 1174969 SUSE bug 1175052 SUSE bug 1175543 SUSE bug 1177399 SUSE bug 1180100 SUSE bug 1180141 SUSE bug 1180347 SUSE bug 1181006 SUSE bug 1181148 SUSE bug 1181972 SUSE bug 1184180 SUSE bug 1185902 SUSE bug 1186264 SUSE bug 1186731 SUSE bug 1187211 SUSE bug 1187455 SUSE bug 1187468 SUSE bug 1187483 SUSE bug 1187619 SUSE bug 1187959 SUSE bug 1188067 SUSE bug 1188172 SUSE bug 1188231 SUSE bug 1188270 SUSE bug 1188412 SUSE bug 1188418 SUSE bug 1188616 SUSE bug 1188700 SUSE bug 1188780 SUSE bug 1188781 SUSE bug 1188782 SUSE bug 1188783 SUSE bug 1188784 SUSE bug 1188786 SUSE bug 1188787 SUSE bug 1188788 SUSE bug 1188790 SUSE bug 1188878 SUSE bug 1188885 SUSE bug 1188924 SUSE bug 1188982 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189021 SUSE bug 1189057 SUSE bug 1189077 SUSE bug 1189153 SUSE bug 1189197 SUSE bug 1189209 SUSE bug 1189210 SUSE bug 1189212 SUSE bug 1189213 SUSE bug 1189214 SUSE bug 1189215 SUSE bug 1189216 SUSE bug 1189217 SUSE bug 1189218 SUSE bug 1189219 SUSE bug 1189220 SUSE bug 1189221 SUSE bug 1189222 SUSE bug 1189225 SUSE bug 1189229 SUSE bug 1189233 SUSE bug 1189262 SUSE bug 1189291 SUSE bug 1189292 SUSE bug 1189296 SUSE bug 1189298 SUSE bug 1189301 SUSE bug 1189305 SUSE bug 1189323 SUSE bug 1189384 SUSE bug 1189385 SUSE bug 1189392 SUSE bug 1189393 SUSE bug 1189399 SUSE bug 1189400 SUSE bug 1189427 SUSE bug 1189503 SUSE bug 1189504 SUSE bug 1189505 SUSE bug 1189506 SUSE bug 1189507 SUSE bug 1189562 SUSE bug 1189563 SUSE bug 1189564 SUSE bug 1189565 SUSE bug 1189566 SUSE bug 1189567 SUSE bug 1189568 SUSE bug 1189569 SUSE bug 1189573 SUSE bug 1189574 SUSE bug 1189575 SUSE bug 1189576 SUSE bug 1189577 SUSE bug 1189579 SUSE bug 1189581 SUSE bug 1189582 SUSE bug 1189583 SUSE bug 1189585 SUSE bug 1189586 SUSE bug 1189587 SUSE bug 1189696 SUSE bug 1189706 SUSE bug 1189760 SUSE bug 1189762 SUSE bug 1189832 SUSE bug 1189841 SUSE bug 1189870 SUSE bug 1189872 SUSE bug 1189883 SUSE bug 1190022 SUSE bug 1190025 SUSE bug 1190115 SUSE bug 1190117 SUSE bug 1190412 SUSE bug 1190413 SUSE bug 1190428 CVE-2020-12770 CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38166 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38206 CVE-2021-38207 CVE-2021-38209 cpe:/o:opensuse:leap:15.3 Security update for samba (Important) openSUSE Leap 15.3 This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - Spec file fixes around systemd and requires (bsc#1182830) - Fix dependency problem upgrading from libndr0 to libndr1 (bsc#1189875) - Fix dependency problem upgrading from libsmbldap0 to libsmbldap2 (bsc#1189875) Important SUSE bug 1182830 SUSE bug 1183572 SUSE bug 1183574 SUSE bug 1184677 SUSE bug 1189875 CVE-2020-27840 CVE-2021-20254 CVE-2021-20277 cpe:/o:opensuse:leap:15.3 Security update for ffmpeg (Important) openSUSE Leap 15.3 This update for ffmpeg fixes the following issues: - CVE-2021-38171: Fixed adts_decode_extradata in libavformat/adtsenc.c to check the init_get_bits return value (bsc#1189724). Important SUSE bug 1189724 CVE-2021-38171 cpe:/o:opensuse:leap:15.3 Security update for grilo (Important) openSUSE Leap 15.3 This update for grilo fixes the following issues: - CVE-2021-39365: Fixed missing TLS certificate verification (bsc#1189839). Important SUSE bug 1189839 CVE-2021-39365 cpe:/o:opensuse:leap:15.3 Security update for hivex (Moderate) openSUSE Leap 15.3 This update for hivex fixes the following issues: - CVE-2021-3622: Fixed stack overflow due to recursive call of _get_children() (bsc#1189060). Moderate SUSE bug 1189060 CVE-2021-3622 cpe:/o:opensuse:leap:15.3 Security update for linuxptp (Moderate) openSUSE Leap 15.3 This update for linuxptp fixes the following issues: - CVE-2021-3570: Fixed messageLength validation field of incoming messages (bsc#1187646). Moderate SUSE bug 1187646 CVE-2021-3570 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ). - CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393). - CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes). - ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes). - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes). - ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes). - ALSA: hda/realtek - Add type for ALC287 (git-fixes). - ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: hda: Fix hang during shutdown due to link reset (git-fixes). - ALSA: hda: Release controller display power during shutdown/reboot (git-fixes). - ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes). - ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold again (git-fixes). - ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend (git-fixes). - ASoC: ti: j721e-evm: Check for not initialized parent_clk_id (git-fixes). - ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: uniphier: Fix reference to PCM buffer address (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Avoid double printing SUSE specific flags in mod->taint (bsc#1190413). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Drop two intel_int0002_vgpio patches that cause Oops (bsc#1190412) - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest (bsc#1187959). - KVM: nVMX: Handle split-lock #AC exceptions that happen in L2 (bsc#1187959). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: Emulate split-lock access as a write in emulator (bsc#1187959). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - RDMA/bnxt_re: Fix stats counters (bsc#1188231). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - bnxt_en: Validate vlan protocol ID on RX packets (jsc#SLE-15075). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481). - btrfs: add a trace point for reserve tickets (bsc#1135481). - btrfs: adjust the flush trace point to include the source (bsc#1135481). - btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: implement space clamping for preemptive flushing (bsc#1135481). - btrfs: improve preemptive background space flushing (bsc#1135481). - btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481). - btrfs: rename need_do_async_reclaim (bsc#1135481). - btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481). - btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481). - btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481). - btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481). - btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - device-dax: Fix default return code of range_parse() (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: idxd: fix setup sequence for MSIXPERM table (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes). - drm/amd/display: Fix comparison error in dcn21 DML (git-fixes). - drm/amd/display: Fix max vstartup calculation for modes with borders (git-fixes). - drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes). - drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes). - drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/amdgpu/display: fix DMUB firmware version info (git-fixes). - drm/amdgpu/display: only enable aux backlight control for OLED panels (git-fixes). - drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes). - drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir (git-fixes). - drm/dp_mst: Fix return code on sideband message failure (git-fixes). - drm/i915/dg1: gmbus pin mapping (bsc#1188700). - drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700). - drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700). - drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700). - drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700). - drm/i915: Add VBT AUX CH H and I (bsc#1188700). - drm/i915: Add VBT DVO ports H and I (bsc#1188700). - drm/i915: Add more AUX CHs to the enum (bsc#1188700). - drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#1188700). - drm/i915: Correct SFC_DONE register offset (git-fixes). - drm/i915: Introduce HPD_PORT_TC&lt;n> (bsc#1188700). - drm/i915: Move hpd_pin setup to encoder init (bsc#1188700). - drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700). - drm/i915: Only access SFC_DONE when media domain is not fused off (git-fixes). - drm/meson: fix colour distortion from HDR set during vendor u-boot (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (git-fixes). - drm/of: free the iterator object on failure (git-fixes). - drm/of: free the right object (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm/prime: fix comment on PRIME Helpers (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fixup 'rpm: support gz and zst compression methods' (bsc#1190358, bsc#1190428). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - ionic: add handling of larger descriptors (jsc#SLE-16649). - ionic: add new queue features to interface (jsc#SLE-16649). - ionic: aggregate Tx byte counting calls (jsc#SLE-16649). - ionic: block actions during fw reset (jsc#SLE-16649). - ionic: change mtu after queues are stopped (jsc#SLE-16649). - ionic: check for link after netdev registration (jsc#SLE-16649). - ionic: code cleanup details (jsc#SLE-16649). - ionic: fix sizeof usage (jsc#SLE-16649). - ionic: fix unchecked reference (jsc#SLE-16649). - ionic: fix up dim accounting for tx and rx (jsc#SLE-16649). - ionic: generic tx skb mapping (jsc#SLE-16649). - ionic: implement Rx page reuse (jsc#SLE-16649). - ionic: make all rx_mode work threadsafe (jsc#SLE-16649). - ionic: move rx_page_alloc and free (jsc#SLE-16649). - ionic: optimize fastpath struct usage (jsc#SLE-16649). - ionic: protect adminq from early destroy (jsc#SLE-16649). - ionic: rebuild debugfs on qcq swap (jsc#SLE-16649). - ionic: remove intr coalesce update from napi (jsc#SLE-16649). - ionic: remove some unnecessary oom messages (jsc#SLE-16649). - ionic: simplify TSO descriptor mapping (jsc#SLE-16649). - ionic: simplify rx skb alloc (jsc#SLE-16649). - ionic: simplify the intr_index use in txq_init (jsc#SLE-16649). - ionic: simplify tx clean (jsc#SLE-16649). - ionic: simplify use of completion types (jsc#SLE-16649). - ionic: start queues before announcing link up (jsc#SLE-16649). - ionic: stop watchdog when in broken state (jsc#SLE-16649). - ionic: useful names for booleans (jsc#SLE-16649). - iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - iwlwifi: skip first element in the WTAS ACPI table (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - lib: Add zstd support to decompress (bsc#1187483, jsc#SLE-18766). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - md: revert io stats accounting (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#1189301). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412) - net/mlx5: Properly convey driver version to firmware (git-fixes). - net/mlx5e: Add missing capability check for uplink follow (bsc#1188412) - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - net: usb: lan78xx: do not modify phy_device state concurrently (bsc#1188270) - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225). - pinctrl: tigerlake: Fix GPIO mapping for newer version of software (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - post.sh: detect /usr mountpoint too - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/cacheinfo: Improve diagnostics about malformed cache lists (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Lookup cache by dt node and thread-group id (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Remove the redundant get_shared_cpu_map() (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Use name@unit instead of full DT path in debug messages (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). This changes a GPL symbol to general symbol which is kABI change but not kABI break. - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - powerpc/smp: Make some symbols static (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes 'allloc' -> 'alloc' (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts (git-fixes). - serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - usr: Add support for zstd compressed initramfs (bsc#1187483, jsc#SLE-18766). - virt_wifi: fix error on connect (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337). - x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337). - x86/sev: Use 'SEV: ' prefix for messages from sev.c (jsc#SLE-14337). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - x86/split_lock: Provide handle_guest_split_lock() (bsc#1187959). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). Important SUSE bug 1040364 SUSE bug 1127650 SUSE bug 1135481 SUSE bug 1152489 SUSE bug 1160010 SUSE bug 1168202 SUSE bug 1171420 SUSE bug 1174969 SUSE bug 1175052 SUSE bug 1175543 SUSE bug 1177399 SUSE bug 1180100 SUSE bug 1180141 SUSE bug 1180347 SUSE bug 1181006 SUSE bug 1181148 SUSE bug 1181972 SUSE bug 1184180 SUSE bug 1185902 SUSE bug 1186264 SUSE bug 1186731 SUSE bug 1187211 SUSE bug 1187455 SUSE bug 1187468 SUSE bug 1187483 SUSE bug 1187619 SUSE bug 1187959 SUSE bug 1188067 SUSE bug 1188172 SUSE bug 1188231 SUSE bug 1188270 SUSE bug 1188412 SUSE bug 1188418 SUSE bug 1188616 SUSE bug 1188700 SUSE bug 1188780 SUSE bug 1188781 SUSE bug 1188782 SUSE bug 1188783 SUSE bug 1188784 SUSE bug 1188786 SUSE bug 1188787 SUSE bug 1188788 SUSE bug 1188790 SUSE bug 1188878 SUSE bug 1188885 SUSE bug 1188924 SUSE bug 1188982 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189021 SUSE bug 1189057 SUSE bug 1189077 SUSE bug 1189153 SUSE bug 1189197 SUSE bug 1189209 SUSE bug 1189210 SUSE bug 1189212 SUSE bug 1189213 SUSE bug 1189214 SUSE bug 1189215 SUSE bug 1189216 SUSE bug 1189217 SUSE bug 1189218 SUSE bug 1189219 SUSE bug 1189220 SUSE bug 1189221 SUSE bug 1189222 SUSE bug 1189225 SUSE bug 1189229 SUSE bug 1189233 SUSE bug 1189262 SUSE bug 1189291 SUSE bug 1189292 SUSE bug 1189296 SUSE bug 1189298 SUSE bug 1189301 SUSE bug 1189305 SUSE bug 1189323 SUSE bug 1189384 SUSE bug 1189385 SUSE bug 1189392 SUSE bug 1189393 SUSE bug 1189399 SUSE bug 1189400 SUSE bug 1189427 SUSE bug 1189503 SUSE bug 1189504 SUSE bug 1189505 SUSE bug 1189506 SUSE bug 1189507 SUSE bug 1189562 SUSE bug 1189563 SUSE bug 1189564 SUSE bug 1189565 SUSE bug 1189566 SUSE bug 1189567 SUSE bug 1189568 SUSE bug 1189569 SUSE bug 1189573 SUSE bug 1189574 SUSE bug 1189575 SUSE bug 1189576 SUSE bug 1189577 SUSE bug 1189579 SUSE bug 1189581 SUSE bug 1189582 SUSE bug 1189583 SUSE bug 1189585 SUSE bug 1189586 SUSE bug 1189587 SUSE bug 1189706 SUSE bug 1189760 SUSE bug 1189762 SUSE bug 1189832 SUSE bug 1189841 SUSE bug 1189870 SUSE bug 1189872 SUSE bug 1189883 SUSE bug 1190022 SUSE bug 1190025 SUSE bug 1190115 SUSE bug 1190117 SUSE bug 1190412 SUSE bug 1190413 SUSE bug 1190428 CVE-2020-12770 CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38166 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38206 CVE-2021-38207 CVE-2021-38209 cpe:/o:opensuse:leap:15.3 Security update for nodejs14 (Important) openSUSE Leap 15.3 This update for nodejs14 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881). - CVE-2021-22931: Fixed improper handling of untypical characters in domain names (bsc#1189370). - CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368) - CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369) - CVE-2021-22930: Fixed use after free on close http2 on stream canceling (bsc#1188917). Important SUSE bug 1188881 SUSE bug 1188917 SUSE bug 1189368 SUSE bug 1189369 SUSE bug 1189370 CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-3672 cpe:/o:opensuse:leap:15.3 Security update for gd (Moderate) openSUSE Leap 15.3 This update for gd fixes the following issues: - CVE-2021-40812: Fixed out-of-bounds read caused by the lack of certain gdGetBuf and gdPutBuf return value checks (bsc#1190400). Moderate SUSE bug 1190400 CVE-2021-40812 cpe:/o:opensuse:leap:15.3 Security update for shibboleth-sp (Low) openSUSE Leap 15.3 This update for shibboleth-sp fixes the following issues: - Template generation allows external parameters to override placeholders (bsc#1184222) Low SUSE bug 1184222 cpe:/o:opensuse:leap:15.3 Security update for postgresql13 (Moderate) openSUSE Leap 15.3 This update for postgresql13 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748). - Fixed build with llvm12 on s390x (bsc#1185952). - Re-enabled icu for PostgreSQL 10 (bsc#1179945). - Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751). - llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952). Moderate SUSE bug 1179945 SUSE bug 1185952 SUSE bug 1187751 SUSE bug 1189748 CVE-2021-3677 cpe:/o:opensuse:leap:15.3 Security update for postgresql12 (Moderate) openSUSE Leap 15.3 This update for postgresql12 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748). - Fixed build with llvm12 on s390x (bsc#1185952). - Re-enabled icu for PostgreSQL 10 (bsc#1179945). - Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751). - llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952). Moderate SUSE bug 1179945 SUSE bug 1185952 SUSE bug 1187751 SUSE bug 1189748 CVE-2021-3677 cpe:/o:opensuse:leap:15.3 Security update for glibc (Moderate) openSUSE Leap 15.3 This update for glibc fixes the following issues: - CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489). - CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911). Moderate SUSE bug 1186489 SUSE bug 1187911 CVE-2021-33574 CVE-2021-35942 cpe:/o:opensuse:leap:15.3 Security update for go1.16 (Important) openSUSE Leap 15.3 This update for go1.16 fixes the following issues: - Update to go 1.16.8 - CVE-2021-39293: Fixed a buffer overflow issue in preallocation check that can cause OOM panic. (bas#) Important SUSE bug 1182345 SUSE bug 1190589 CVE-2021-39293 cpe:/o:opensuse:leap:15.3 Security update for ffmpeg (Moderate) openSUSE Leap 15.3 This update for ffmpeg fixes the following issues: - CVE-2020-22042: Fixed a denial of service vulnerability led by a memory leak in the link_filter_inouts function in libavfilter/graphparser.c. (bsc#1186761) Moderate SUSE bug 1186761 CVE-2020-22042 cpe:/o:opensuse:leap:15.3 Security update for nodejs8 (Important) openSUSE Leap 15.3 nodejs8 was updated to fix the following security issues: - CVE-2021-22930: http2: fixes use after free on close in stream canceling (bsc#1188917) Important SUSE bug 1188917 CVE-2021-22930 cpe:/o:opensuse:leap:15.3 Security update for curl (Moderate) openSUSE Leap 15.3 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Moderate SUSE bug 1190373 SUSE bug 1190374 CVE-2021-22946 CVE-2021-22947 cpe:/o:opensuse:leap:15.3 Security update for libcryptopp (Moderate) openSUSE Leap 15.3 This update for libcryptopp fixes the following issues: - CVE-2016-9939: Fixed potential DoS in Crypto++ (libcryptopp) ASN.1 parser (bsc#1015243). Moderate SUSE bug 1015243 CVE-2016-9939 cpe:/o:opensuse:leap:15.3 Security update for rabbitmq-server (Moderate) openSUSE Leap 15.3 This update for rabbitmq-server fixes the following issues: - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page (basic XSS) in management UI (bsc#1187818). - CVE-2021-32719: Fixed improper neutralization of script-related HTML tags in a web page (basic XSS) in federation management plugin (bsc#1187819). - CVE-2021-22116: Fixed improper input validation may lead to DoS (bsc#1186203). - Use /run instead of /var/run in tmpfiles.d configuration (bsc#1185075). Moderate SUSE bug 1185075 SUSE bug 1186203 SUSE bug 1187818 SUSE bug 1187819 CVE-2021-22116 CVE-2021-32718 CVE-2021-32719 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.2.0 ESR. Firefox Extended Support Release 91.2.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-45 (bsc#1191332) * CVE-2021-38496: Use-after-free in MessageTask * CVE-2021-38497: Validation message could have been overlaid on another origin * CVE-2021-38498: Use-after-free of nsLanguageAtomService object * CVE-2021-32810: Data race in crossbeam-deque https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw) * CVE-2021-38500 (bmo#1725854, bmo#1728321) Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176) Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 - Fixed crash in FIPS mode (bsc#1190710) * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox Extended Support Release 91.0.1 ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 SUSE bug 1190710 SUSE bug 1191332 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-32810 CVE-2021-38492 CVE-2021-38495 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986) The following non-security bugs were fixed: - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: Intel: Fix platform ID matching (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: rt5682: Implement remove callback (git-fixes). - ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes). - ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes). - bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649). - bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (git-fixes). - bpf: Fix ringbuf helper function compatibility (git-fixes). - bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1177028). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - devlink: Clear whole devlink_flash_notify struct (bsc#1176447). - dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm/ast: Fix missing conversions to managed API (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/i915: Allow the sysadmin to override security mitigations (git-fixes). - drm/i915/rkl: Remove require_force_probe protection (bsc#1189257). - drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes). - drm/mgag200: Select clock in PLL update functions (git-fixes). - drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes). - drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes). - drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - enetc: Fix uninitialized struct dim_sample field usage (git-fixes). - erofs: fix up erofs_lookup tracepoint (git-fixes). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - i40e: improve locking of mac_filter_hash (jsc#SLE-13701). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: do not abort devlink info if board identifier can't be found (jsc#SLE-12878). - ice: do not remove netdev->dev_addr from uc sync list (git-fixes). - ice: Prevent probing virtual functions (git-fixes). - igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ionic: drop useless check of PCI driver data validity (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (git-fixes). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - libata: fix ata_host_start() (git-fixes). - libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes). - libbpf: Fix the possible memory leak on error (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes). - misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes). - net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases (git-fixes). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nvme-multipath: revalidate paths during rescan (bsc#1187211). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - optee: Fix memory leak when failing to register shm pages (git-fixes). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing 'ranges' (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777). - RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently (jsc#SLE-15175). - RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175). - RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sch_cake: fix srchost/dsthost hashing mode (bsc#1176447). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#1174003 bsc#1190576). - selftests/bpf: Define string const as global for test_sysctl_prog.c (git-fixes). - selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (git-fixes). - selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change (git-fixes). - selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tools: bpf: Fix error in 'make -C tools/ bpf_install' (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - usb: serial: option: add device id for Foxconn T99W265 (git-fixes). - usb: serial: option: add Telit LN920 compositions (git-fixes). - usb: serial: option: remove duplicate USB device ID (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1190561). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). Important SUSE bug 1065729 SUSE bug 1148868 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1159886 SUSE bug 1167773 SUSE bug 1170774 SUSE bug 1171688 SUSE bug 1173746 SUSE bug 1174003 SUSE bug 1176447 SUSE bug 1176940 SUSE bug 1177028 SUSE bug 1178134 SUSE bug 1184439 SUSE bug 1184804 SUSE bug 1185302 SUSE bug 1185550 SUSE bug 1185677 SUSE bug 1185726 SUSE bug 1185762 SUSE bug 1187211 SUSE bug 1188067 SUSE bug 1188418 SUSE bug 1188651 SUSE bug 1188986 SUSE bug 1189257 SUSE bug 1189297 SUSE bug 1189841 SUSE bug 1189884 SUSE bug 1190023 SUSE bug 1190062 SUSE bug 1190115 SUSE bug 1190138 SUSE bug 1190159 SUSE bug 1190358 SUSE bug 1190406 SUSE bug 1190432 SUSE bug 1190467 SUSE bug 1190523 SUSE bug 1190534 SUSE bug 1190543 SUSE bug 1190544 SUSE bug 1190561 SUSE bug 1190576 SUSE bug 1190595 SUSE bug 1190596 SUSE bug 1190598 SUSE bug 1190620 SUSE bug 1190626 SUSE bug 1190679 SUSE bug 1190705 SUSE bug 1190717 SUSE bug 1190746 SUSE bug 1190758 SUSE bug 1190784 SUSE bug 1190785 SUSE bug 1191172 SUSE bug 1191193 SUSE bug 1191292 CVE-2020-3702 CVE-2021-3669 CVE-2021-3744 CVE-2021-3752 CVE-2021-3764 CVE-2021-40490 cpe:/o:opensuse:leap:15.3 Security update for systemd (Moderate) openSUSE Leap 15.3 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). Moderate SUSE bug 1134353 SUSE bug 1171962 SUSE bug 1184994 SUSE bug 1188018 SUSE bug 1188063 SUSE bug 1188291 SUSE bug 1188713 SUSE bug 1189480 SUSE bug 1190234 CVE-2021-33910 cpe:/o:opensuse:leap:15.3 Security update for libaom (Low) openSUSE Leap 15.3 This update for libaom fixes the following issues: - CVE-2021-30474: Fixed use-after-free in aom_dsp/grain_table.c (bsc#1186799). Low SUSE bug 1186799 CVE-2021-30474 cpe:/o:opensuse:leap:15.3 Security update for webkit2gtk3 (Important) openSUSE Leap 15.3 This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.4 - CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701) - CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697) Important SUSE bug 1188697 SUSE bug 1190701 CVE-2021-21806 CVE-2021-30858 cpe:/o:opensuse:leap:15.3 Security update for libqt5-qtsvg (Moderate) openSUSE Leap 15.3 This update for libqt5-qtsvg fixes the following issues: - CVE-2021-3481: Fixed an out of bounds read in function QRadialFetchSimd from crafted svg file. (bsc#1184783) Moderate SUSE bug 1184783 CVE-2021-3481 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986) - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). The following non-security bugs were fixed: - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: Intel: Fix platform ID matching (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: rt5682: Implement remove callback (git-fixes). - ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes). - ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes). - bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649). - bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (git-fixes). - bpf: Fix ringbuf helper function compatibility (git-fixes). - bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1177028). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - devlink: Clear whole devlink_flash_notify struct (bsc#1176447). - dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm/ast: Fix missing conversions to managed API (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/i915: Allow the sysadmin to override security mitigations (git-fixes). - drm/i915/rkl: Remove require_force_probe protection (bsc#1189257). - drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes). - drm/mgag200: Select clock in PLL update functions (git-fixes). - drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes). - drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes). - drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - enetc: Fix uninitialized struct dim_sample field usage (git-fixes). - erofs: fix up erofs_lookup tracepoint (git-fixes). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - i40e: improve locking of mac_filter_hash (jsc#SLE-13701). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: do not abort devlink info if board identifier can't be found (jsc#SLE-12878). - ice: do not remove netdev->dev_addr from uc sync list (git-fixes). - ice: Prevent probing virtual functions (git-fixes). - igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ionic: drop useless check of PCI driver data validity (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (git-fixes). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - libata: fix ata_host_start() (git-fixes). - libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes). - libbpf: Fix the possible memory leak on error (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes). - misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes). - net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases (git-fixes). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nvme-multipath: revalidate paths during rescan (bsc#1187211). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - optee: Fix memory leak when failing to register shm pages (git-fixes). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing 'ranges' (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777). - RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently (jsc#SLE-15175). - RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175). - RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sch_cake: fix srchost/dsthost hashing mode (bsc#1176447). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#1174003 bsc#1190576). - selftests/bpf: Define string const as global for test_sysctl_prog.c (git-fixes). - selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (git-fixes). - selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change (git-fixes). - selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tools: bpf: Fix error in 'make -C tools/ bpf_install' (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - usb: serial: option: add device id for Foxconn T99W265 (git-fixes). - usb: serial: option: add Telit LN920 compositions (git-fixes). - usb: serial: option: remove duplicate USB device ID (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1190561). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). Important SUSE bug 1065729 SUSE bug 1148868 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1159886 SUSE bug 1167773 SUSE bug 1170774 SUSE bug 1171688 SUSE bug 1173746 SUSE bug 1174003 SUSE bug 1176447 SUSE bug 1176940 SUSE bug 1177028 SUSE bug 1178134 SUSE bug 1184439 SUSE bug 1184804 SUSE bug 1185302 SUSE bug 1185550 SUSE bug 1185677 SUSE bug 1185726 SUSE bug 1185762 SUSE bug 1187211 SUSE bug 1188067 SUSE bug 1188418 SUSE bug 1188651 SUSE bug 1188986 SUSE bug 1189257 SUSE bug 1189297 SUSE bug 1189841 SUSE bug 1189884 SUSE bug 1190023 SUSE bug 1190062 SUSE bug 1190115 SUSE bug 1190138 SUSE bug 1190159 SUSE bug 1190358 SUSE bug 1190406 SUSE bug 1190432 SUSE bug 1190467 SUSE bug 1190523 SUSE bug 1190534 SUSE bug 1190543 SUSE bug 1190544 SUSE bug 1190561 SUSE bug 1190576 SUSE bug 1190595 SUSE bug 1190596 SUSE bug 1190598 SUSE bug 1190620 SUSE bug 1190626 SUSE bug 1190679 SUSE bug 1190705 SUSE bug 1190717 SUSE bug 1190746 SUSE bug 1190758 SUSE bug 1190784 SUSE bug 1190785 SUSE bug 1191172 SUSE bug 1191193 SUSE bug 1191292 CVE-2020-3702 CVE-2021-3669 CVE-2021-3744 CVE-2021-3752 CVE-2021-3759 CVE-2021-3764 CVE-2021-40490 cpe:/o:opensuse:leap:15.3 Security update for rpm (Important) openSUSE Leap 15.3 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) Important SUSE bug 1183659 SUSE bug 1185299 SUSE bug 1187670 SUSE bug 1188548 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986) The following non-security bugs were fixed: - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - erofs: fix up erofs_lookup tracepoint (git-fixes). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: Prevent probing virtual functions (git-fixes). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - libata: fix ata_host_start() (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - usb: serial: option: add device id for Foxconn T99W265 (git-fixes). - usb: serial: option: add Telit LN920 compositions (git-fixes). - usb: serial: option: remove duplicate USB device ID (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). Important SUSE bug 1065729 SUSE bug 1148868 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1159886 SUSE bug 1167773 SUSE bug 1170774 SUSE bug 1173746 SUSE bug 1176940 SUSE bug 1184439 SUSE bug 1184804 SUSE bug 1185302 SUSE bug 1185677 SUSE bug 1185726 SUSE bug 1185762 SUSE bug 1187167 SUSE bug 1188067 SUSE bug 1188651 SUSE bug 1188986 SUSE bug 1189297 SUSE bug 1189841 SUSE bug 1189884 SUSE bug 1190023 SUSE bug 1190062 SUSE bug 1190115 SUSE bug 1190159 SUSE bug 1190358 SUSE bug 1190406 SUSE bug 1190432 SUSE bug 1190467 SUSE bug 1190523 SUSE bug 1190534 SUSE bug 1190543 SUSE bug 1190576 SUSE bug 1190595 SUSE bug 1190596 SUSE bug 1190598 SUSE bug 1190620 SUSE bug 1190626 SUSE bug 1190679 SUSE bug 1190705 SUSE bug 1190717 SUSE bug 1190746 SUSE bug 1190758 SUSE bug 1190784 SUSE bug 1190785 SUSE bug 1191172 SUSE bug 1191193 SUSE bug 1191240 SUSE bug 1191292 CVE-2020-3702 CVE-2021-3669 CVE-2021-3744 CVE-2021-3752 CVE-2021-3764 CVE-2021-40490 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.2.0 ESR. Release 91.2.0 ESR: * Fixed: Various stability, functionality, and security fixes MFSA 2021-45 (bsc#1191332): * CVE-2021-38496: Use-after-free in MessageTask * CVE-2021-38497: Validation message could have been overlaid on another origin * CVE-2021-38498: Use-after-free of nsLanguageAtomService object * CVE-2021-32810: Fixed Data race in crossbeam-deque * CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 - Fixed crash in FIPS mode (bsc#1190710) Release 91.1.0 ESR: * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Release 91.0.1esr ESR: * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 SUSE bug 1190710 SUSE bug 1191332 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-32810 CVE-2021-38492 CVE-2021-38495 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 cpe:/o:opensuse:leap:15.3 Security update for krb5 (Moderate) openSUSE Leap 15.3 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). Moderate SUSE bug 1189929 CVE-2021-37750 cpe:/o:opensuse:leap:15.3 Security update for strongswan (Important) openSUSE Leap 15.3 This update for strongswan fixes the following issues: A feature was added: - Add auth_els plugin to support Marvell FC-SP encryption (jsc#SLE-20151) Security issues fixed: - CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435) - CVE-2021-41990: Fixed an integer Overflow in the gmp Plugin. (bsc#1191367) Important SUSE bug 1191367 SUSE bug 1191435 CVE-2021-41990 CVE-2021-41991 cpe:/o:opensuse:leap:15.3 Security update for flatpak (Important) openSUSE Leap 15.3 This update for flatpak fixes the following issues: - Update to version 1.10.5: - CVE-2021-41133: Fixed a bug that could lead to sandbox bypass via recent VFS-manipulating syscalls. (bsc#1191507) Important SUSE bug 1191507 CVE-2021-41133 cpe:/o:opensuse:leap:15.3 Security update for util-linux (Moderate) openSUSE Leap 15.3 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921) Moderate SUSE bug 1178236 SUSE bug 1188921 CVE-2021-37600 cpe:/o:opensuse:leap:15.3 Security update for xstream (Important) openSUSE Leap 15.3 This update for xstream fixes the following issues: - Upgrade to 1.4.18 - CVE-2021-39139: Fixed an issue that allowed an attacker to execute arbitrary code execution by manipulating the processed input stream with type information. (bsc#1189798) - CVE-2021-39140: Fixed an issue that allowed an attacker to execute a DoS attack by manipulating the processed input stream. (bsc#1189798) - CVE-2021-39141: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39144: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39145: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39146: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39147: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39148: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39149: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39150: Fixed an issue that allowed an attacker to access protected resources hosted within the intranet or in the host itself. (bsc#1189798) - CVE-2021-39151: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39152: Fixed an issue that allowed an attacker to access protected resources hosted within the intranet or in the host itself. (bsc#1189798) - CVE-2021-39153: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39154: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) Important SUSE bug 1189798 CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154 cpe:/o:opensuse:leap:15.3 Security update for squid (Moderate) openSUSE Leap 15.3 This update for squid fixes the following issues: Update to version 4.17: - CVE-2021-28116: Fixed a out-of-bounds read in the WCCP protocol (bsc#1189403). Moderate SUSE bug 1189403 CVE-2021-28116 cpe:/o:opensuse:leap:15.3 Security update for go1.16 (Moderate) openSUSE Leap 15.3 This update for go1.16 fixes the following issues: Update to go1.16.9 - CVE-2021-38297: misc/wasm, cmd/link: do not let command line args overwrite global data (bsc#1191468) Moderate SUSE bug 1182345 SUSE bug 1191468 CVE-2021-38297 cpe:/o:opensuse:leap:15.3 Security update for go1.17 (Moderate) openSUSE Leap 15.3 This update for go1.17 fixes the following issues: Update to go1.17.2 - CVE-2021-38297: misc/wasm, cmd/link: do not let command line args overwrite global data (bsc#1191468) Moderate SUSE bug 1190649 SUSE bug 1191468 CVE-2021-38297 cpe:/o:opensuse:leap:15.3 Security update for python (Moderate) openSUSE Leap 15.3 This update for python fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) Moderate SUSE bug 1189241 SUSE bug 1189287 CVE-2021-3733 CVE-2021-3737 cpe:/o:opensuse:leap:15.3 Security update for ncurses (Moderate) openSUSE Leap 15.3 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) Moderate SUSE bug 1190793 CVE-2021-39537 cpe:/o:opensuse:leap:15.3 Security update for fetchmail (Moderate) openSUSE Leap 15.3 This update for fetchmail fixes the following issues: - CVE-2021-39272: Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. (bsc#1190069) Moderate SUSE bug 1190069 CVE-2021-39272 cpe:/o:opensuse:leap:15.3 Security update for containerd, docker, runc (Important) openSUSE Leap 15.3 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.9-ce. (bsc#1191355) See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103 container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355 - CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282) - Install systemd service file as well (bsc#1190826) Update to runc v1.0.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.2 * Fixed a failure to set CPU quota period in some cases on cgroup v1. * Fixed the inability to start a container with the 'adding seccomp filter rule for syscall ...' error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped. * Made release builds reproducible from now on. * Fixed a rare debug log race in runc init, which can result in occasional harmful 'failed to decode ...' errors from runc run or exec. * Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working. Update to runc v1.0.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.1 * Fixed occasional runc exec/run failure ('interrupted system call') on an Azure volume. * Fixed 'unable to find groups ... token too long' error with /etc/group containing lines longer than 64K characters. * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes). * cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely. * cgroup/systemd/v2: don't freeze cgroup on Set. * cgroup/systemd/v1: avoid unnecessary freeze on Set. - fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704 Update to runc v1.0.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0 ! The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations). * cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers). * cgroupv2: correctly convert 'number of IOs' statistics in a cgroupv1-compatible way. * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures. * cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen. * cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94 * cgroups/systemd: fixed returning 'unit already exists' error from a systemd cgroup manager (regression in rc94) + cgroupv2: support SkipDevices with systemd driver + cgroup/systemd: return, not ignore, stop unit error from Destroy + Make 'runc --version' output sane even when built with go get or otherwise outside of our build scripts. + cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during runc update). + cgroup1: blkio: support BFQ weights. + cgroupv2: set per-device io weights if BFQ IO scheduler is available. Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95 This release of runc contains a fix for CVE-2021-30465, and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). (bsc#1185405) Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94 Breaking Changes: * cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. Regression Fixes: * seccomp: fix 32-bit compilation errors * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code * runc start: fix 'chdir to cwd: permission denied' for some setups Important SUSE bug 1102408 SUSE bug 1185405 SUSE bug 1187704 SUSE bug 1188282 SUSE bug 1190826 SUSE bug 1191015 SUSE bug 1191121 SUSE bug 1191334 SUSE bug 1191355 SUSE bug 1191434 CVE-2021-30465 CVE-2021-32760 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 cpe:/o:opensuse:leap:15.3 Security update for ffmpeg (Moderate) openSUSE Leap 15.3 This update for ffmpeg fixes the following issues: - CVE-2021-3566: Fixed information leak (bsc#1189166). - CVE-2021-38093: Fixed integer overflow vulnerability in filter_robert() (bsc#1190734) - CVE-2021-38092: Fixed integer overflow vulnerability in filter_prewitt() (bsc#1190733) - CVE-2021-38094: Fixed integer overflow vulnerability in filter_sobel() (bsc#1190735) - CVE-2020-22037: Fixed denial of service vulnerability caused by memory leak in avcodec_alloc_context3() (bsc#1186756) - CVE-2020-35965: Fixed out-of-bounds write in decode_frame() (bsc#1187852) - CVE-2020-20892: Fixed an issue with filter_frame() (bsc#1190719) - CVE-2020-20891: Fixed a buffer overflow vulnerability in config_input() (bsc#1190718) - CVE-2020-20895: Fixed a buffer overflow vulnerability in function filter_vertically_##name (bsc#1190722) - CVE-2020-20896: Fixed an issue with latm_write_packet() (bsc#1190723) - CVE-2020-20899: Fixed a buffer overflow vulnerability in config_props() (bsc#1190726) - CVE-2020-20902: Fixed an out-of-bounds read vulnerabilit long_term_filter() (bsc#1190729) Moderate SUSE bug 1186756 SUSE bug 1187852 SUSE bug 1189166 SUSE bug 1190718 SUSE bug 1190719 SUSE bug 1190722 SUSE bug 1190723 SUSE bug 1190726 SUSE bug 1190729 SUSE bug 1190733 SUSE bug 1190734 SUSE bug 1190735 CVE-2020-20891 CVE-2020-20892 CVE-2020-20895 CVE-2020-20896 CVE-2020-20899 CVE-2020-20902 CVE-2020-22037 CVE-2020-35965 CVE-2021-3566 CVE-2021-38092 CVE-2021-38093 CVE-2021-38094 cpe:/o:opensuse:leap:15.3 Security update for apache2 (Important) openSUSE Leap 15.3 This update for apache2 fixes the following issues: - CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703) - CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. (bsc#1190702) - CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666) - CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669) Important SUSE bug 1190666 SUSE bug 1190669 SUSE bug 1190702 SUSE bug 1190703 CVE-2021-34798 CVE-2021-36160 CVE-2021-39275 CVE-2021-40438 cpe:/o:opensuse:leap:15.3 Security update for wireguard-tools (Moderate) openSUSE Leap 15.3 This update for wireguard-tools fixes the following issues: - Removed world-readable permissions from /etc/wireguard (bsc#1191224) Moderate SUSE bug 1191224 cpe:/o:opensuse:leap:15.3 Security update for pcre (Moderate) openSUSE Leap 15.3 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) Moderate SUSE bug 1172973 SUSE bug 1172974 CVE-2019-20838 CVE-2020-14155 cpe:/o:opensuse:leap:15.3 Security update for dnsmasq (Moderate) openSUSE Leap 15.3 This update for dnsmasq fixes the following issues: Update to version 2.86 - CVE-2021-3448: fixed outgoing port used when --server is used with an interface name. (bsc#1183709) - CVE-2020-14312: Set --local-service by default (bsc#1173646). - Open inotify socket only when used (bsc#1180914). Moderate SUSE bug 1173646 SUSE bug 1180914 SUSE bug 1183709 CVE-2020-14312 CVE-2021-3448 cpe:/o:opensuse:leap:15.3 Security update for busybox (Important) openSUSE Leap 15.3 This update for busybox fixes the following issues: - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522). - CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426). - CVE-2018-1000517: Fixed buffer overflow in the retrieve_file_data() (bsc#1099260). - CVE-2011-5325: Fixed a directory traversal related to 'tar' command (bsc#951562). - CVE-2018-1000500: Fixed missing SSL certificate validation related to the 'wget' command (bsc#1099263). Important SUSE bug 1099260 SUSE bug 1099263 SUSE bug 1121426 SUSE bug 1184522 SUSE bug 951562 CVE-2011-5325 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679 CVE-2021-28831 cpe:/o:opensuse:leap:15.3 Security update for salt (Moderate) openSUSE Leap 15.3 This update for salt fixes the following issues: - CVE-2021-21996: Exclude the full path of a download URL to prevent injection of malicious code. (bsc#1190265) Moderate SUSE bug 1190265 CVE-2021-21996 cpe:/o:opensuse:leap:15.3 Security update for transfig (Important) openSUSE Leap 15.3 This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021) - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c. - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c. - bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c. - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c. - bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c. - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c. - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c. - bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c Important SUSE bug 1189325 SUSE bug 1189343 SUSE bug 1189345 SUSE bug 1189346 SUSE bug 1190607 SUSE bug 1190611 SUSE bug 1190612 SUSE bug 1190615 SUSE bug 1190616 SUSE bug 1190617 SUSE bug 1190618 SUSE bug 1192019 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2020-21680 CVE-2020-21681 CVE-2020-21682 CVE-2020-21683 CVE-2021-32280 cpe:/o:opensuse:leap:15.3 Security update for webkit2gtk3 (Important) openSUSE Leap 15.3 This update for webkit2gtk3 fixes the following issues: - CVE-2021-42762: Updated seccomp rules with latest changes from flatpak (bsc#1191937). Important SUSE bug 1191937 CVE-2021-42762 cpe:/o:opensuse:leap:15.3 Security update for qemu (Important) openSUSE Leap 15.3 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702) - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938) Non-security issues fixed: - Add transfer length item in block limits page of scsi vpd (bsc#1190425) - Fix qemu crash while deleting xen-block (bsc#1189234) Important SUSE bug 1189234 SUSE bug 1189702 SUSE bug 1189938 SUSE bug 1190425 CVE-2021-3713 CVE-2021-3748 cpe:/o:opensuse:leap:15.3 Security update for qemu (Important) openSUSE Leap 15.3 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702) - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938) Non-security issues fixed: - Add transfer length item in block limits page of scsi vpd (bsc#1190425) - Fix qemu crash while deleting xen-block (bsc#1189234) Important SUSE bug 1189234 SUSE bug 1189702 SUSE bug 1189938 SUSE bug 1190425 CVE-2021-3713 CVE-2021-3748 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-openj9 (Important) openSUSE Leap 15.3 This update for java-1_8_0-openj9 fixes the following issues: Update to OpenJDK 8u312 build 07 with OpenJ9 0.29.0 virtual machine including Oracle July 2021 and October 2021 CPU changes - CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder on Windows (bsc#1185056). - CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055). - CVE-2021-2341: Fixed flaw inside the FtpClient (bsc#1188564). - CVE-2021-2369: Fixed JAR file handling problem containing multiple MANIFEST.MF files (bsc#1188565). - CVE-2021-2388: Fixed flaw inside the Hotspot component performed range check elimination (bsc#1188566). - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901). - CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910). - CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911). - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912). - CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913). - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909). - CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903). - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904). - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914). - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906). Important SUSE bug 1185055 SUSE bug 1185056 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188566 SUSE bug 1191901 SUSE bug 1191903 SUSE bug 1191904 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 CVE-2021-2161 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603 cpe:/o:opensuse:leap:15.3 Security update for binutils (Moderate) openSUSE Leap 15.3 This update for binutils fixes the following issues: Update to binutils 2.37: * The GNU Binutils sources now requires a C99 compiler and library to build. * Support for Realm Management Extension (RME) for AArch64 has been added. * A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations. * A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections. * A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options. * The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16. * A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else. * A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools. * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols. * Readelf and objdump can now display and use the contents of .debug_sup sections. * Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option. The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed. If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed. This is because in most cases the debug section will only be present in one of the files. If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files. * Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic. Update to binutils 2.36: New features in the Assembler: - General: * When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name. * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active. * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically. - X86/x86_64: * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions. * Support non-absolute segment values for lcall and ljmp. * Add {disp16} pseudo prefix to x86 assembler. * Configure with --enable-x86-used-note by default for Linux/x86. - ARM/AArch64: * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores. * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers. * Add support for Armv8-R and Armv8.7-A ISA extensions. * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7. * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64. * Add support for +flagm feature for -march in Armv8.4 AArch64. * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature. * Add support for +pauth (Pointer Authentication) feature for -march in AArch64. New features in the Linker: * Add --error-handling-script=<NAME> command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no. * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed. * Add -z unique-symbol to avoid duplicated local symbol names. * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics. * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact output. * The linker now omits the 'variable section' from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs. New features in other binary tools: * The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time. * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option. * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=<style>, --no-demangle, --recurse-limit and --no-recurse-limit options are also now availale. The following security fixes are addressed by the update: - CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452). - CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511). - CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620). - CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794). - CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898). - CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899). - CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900). - CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901). - CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902). - CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903) - CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451). - CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454). - CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461). Moderate SUSE bug 1179898 SUSE bug 1179899 SUSE bug 1179900 SUSE bug 1179901 SUSE bug 1179902 SUSE bug 1179903 SUSE bug 1180451 SUSE bug 1180454 SUSE bug 1180461 SUSE bug 1181452 SUSE bug 1182252 SUSE bug 1183511 SUSE bug 1184620 SUSE bug 1184794 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2021-20197 CVE-2021-20284 CVE-2021-3487 cpe:/o:opensuse:leap:15.3 Security update for libvirt (Moderate) openSUSE Leap 15.3 This update for libvirt fixes the following issues: - lxc: controller: Fix container launch on cgroup v1. (bsc#1183247) - supportconfig: Use systemctl command 'is-active' instead of 'is-enabled' when checking if libvirtd is active. - qemu: Do not report error in the logs when processing monitor IO. (bsc#1190917) - spec: Fix an issue when package update hangs (bsc#1177902, bsc#1190693) - spec: Don't add '--timeout' argument to '/etc/sysconfig/libvirtd' when running in traditional mode without socket activation. (bsc#1190695) - libxl: Improve reporting of 'die_id' in capabilities. (bsc#1190493) - libxl: Fix driver reload. (bsc#1190420) - qemu: Set label on virtual host network device when hotplugging. (bsc#1186398) - supportconfig: When checking for installed hypervisor drivers, use the libvirtr-daemon-driver-<hypervisor> package instead of libvirt-daemon-<hypervisor>. The latter are not required packages for a functioning hypervisor driver. Moderate SUSE bug 1177902 SUSE bug 1183247 SUSE bug 1186398 SUSE bug 1190420 SUSE bug 1190493 SUSE bug 1190693 SUSE bug 1190695 SUSE bug 1190917 cpe:/o:opensuse:leap:15.3 Security update for rubygem-activerecord-5_1 (Moderate) openSUSE Leap 15.3 This update for rubygem-activerecord-5_1 fixes the following issues: - CVE-2021-22880: Fixed possible DoS vector in PostgreSQL money type (bsc#1182169). Moderate SUSE bug 1182169 CVE-2021-22880 cpe:/o:opensuse:leap:15.3 Security update for tinyxml (Low) openSUSE Leap 15.3 This update for tinyxml fixes the following issues: - CVE-2021-42260: Fixed an infinite loop for inputs containing the sequence 0xEF0x00 (bsc#1191576) Low SUSE bug 1191576 CVE-2021-42260 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). The following non-security bugs were fixed: - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - gpio: pca953x: Improve bias setting (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: batman-adv: fix error handling (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme: add command id quirk for apple controllers (git-fixes). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). Important SUSE bug 1065729 SUSE bug 1085030 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1156395 SUSE bug 1172073 SUSE bug 1173604 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1176914 SUSE bug 1178134 SUSE bug 1180100 SUSE bug 1181147 SUSE bug 1184673 SUSE bug 1185762 SUSE bug 1186063 SUSE bug 1186109 SUSE bug 1187167 SUSE bug 1188563 SUSE bug 1189841 SUSE bug 1190006 SUSE bug 1190067 SUSE bug 1190349 SUSE bug 1190351 SUSE bug 1190479 SUSE bug 1190620 SUSE bug 1190642 SUSE bug 1190795 SUSE bug 1190801 SUSE bug 1190941 SUSE bug 1191229 SUSE bug 1191240 SUSE bug 1191241 SUSE bug 1191315 SUSE bug 1191317 SUSE bug 1191349 SUSE bug 1191384 SUSE bug 1191449 SUSE bug 1191450 SUSE bug 1191451 SUSE bug 1191452 SUSE bug 1191455 SUSE bug 1191456 SUSE bug 1191628 SUSE bug 1191645 SUSE bug 1191663 SUSE bug 1191731 SUSE bug 1191800 SUSE bug 1191867 SUSE bug 1191934 SUSE bug 1191958 SUSE bug 1192040 SUSE bug 1192041 SUSE bug 1192074 SUSE bug 1192107 SUSE bug 1192145 CVE-2021-33033 CVE-2021-34866 CVE-2021-3542 CVE-2021-3655 CVE-2021-3715 CVE-2021-3760 CVE-2021-3772 CVE-2021-3896 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVE-2021-42739 CVE-2021-43056 cpe:/o:opensuse:leap:15.3 Security update for binutils (Moderate) openSUSE Leap 15.3 This update for binutils fixes the following issues: - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO (bsc#1188941). - Fix empty man-pages from broken release tarball - Fixed a memory corruption with rpath option (bsc#1191473). - Fixed slow performance of stripping some binaries (bsc#1183909). Security issue fixed: - CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519) Moderate SUSE bug 1183909 SUSE bug 1184519 SUSE bug 1188941 SUSE bug 1191473 SUSE bug 1192267 CVE-2021-20294 cpe:/o:opensuse:leap:15.3 Security update for samba and ldb (Important) openSUSE Leap 15.3 This update for samba and ldb fixes the following issues: - CVE-2020-25718: Fixed that an RODC can issue (forge) administrator tickets to other servers (bsc#1192246). - CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215). - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given (bsc#1192247). - CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues) (bsc#1192283). - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214). - CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values (bsc#1192505). Samba was updated to 4.13.13 * rodc_rwdc test flaps;(bso#14868). * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642). * Python ldb.msg_diff() memory handling failure;(bso#14836). * 'in' operator on ldb.Message is case sensitive;(bso#14845). * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871). * Allow special chars like '@' in samAccountName when generating the salt;(bso#14874). * Fix transit path validation;(bso#12998). * Prepare to operate with MIT krb5 >= 1.20;(bso#14870). * rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645). * Python ldb.msg_diff() memory handling failure;(bso#14836). * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848). Samba was updated to 4.13.12: * Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806). * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Address flapping samba_tool_drs_showrepl test;(bso#14818). * Address flapping dsdb_schema_attributes test;(bso#14819). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Fix CTDB flag/status update race conditions(bso#14784). Samba was updated to 4.13.11: * smbd: panic on force-close share during offload write; (bso#14769). * Fix returned attributes on fake quota file handle and avoid hitting the VFS;(bso#14731). * smbd: 'deadtime' parameter doesn't work anymore;(bso#14783). * net conf list crashes when run as normal user;(bso#14787). * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607). * Start the SMB encryption as soon as possible;(bso#14793). * Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792). ldb was updated to 2.2.2: + CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246); (bso#14558) + CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848) Release ldb 2.2.2 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message;(bso#14845). + Fix memory handling in ldb.msg_diff Corrected python docstrings;(bso#14836) + Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). Important SUSE bug 1014440 SUSE bug 1192214 SUSE bug 1192215 SUSE bug 1192246 SUSE bug 1192247 SUSE bug 1192283 SUSE bug 1192284 SUSE bug 1192505 CVE-2016-2124 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722 CVE-2021-23192 CVE-2021-3738 cpe:/o:opensuse:leap:15.3 Security update for samba (Important) openSUSE Leap 15.3 This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214). Important SUSE bug 1014440 SUSE bug 1192214 SUSE bug 1192284 CVE-2016-2124 CVE-2020-25717 CVE-2021-23192 cpe:/o:opensuse:leap:15.3 Security update for samba (Important) openSUSE Leap 15.3 This update for samba fixes the following issues: - Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when 'allow trusted domains' is off; (bso#14899); Important SUSE bug 1192601 CVE-2020-25717 cpe:/o:opensuse:leap:15.3 Security update for drbd-utils (Low) openSUSE Leap 15.3 This update for drbd-utils fixes the following issues: - make all binaries position independent (basc#1185132). - Upgrade to 9.0.18 (bsc#1189363) * build: remove rpm related targets * drbdsetup,v84: fix minor compile warnings * systemd: resource specific activation * systemd: drbd-reactor promoter templates * doc: fix maximum ping timeout * doc: add man pages for the systemd templates * drbdadm,v9: fix dstate for diskless volumes * build/release: use lbvers.py * drbd-attr: don't leak fd to drbdsetup * doc: various fixes and additions * drbdsetup,events2,v9: add backing_device * build,Debian: rm dh-systemd dependency * drbdsetup,events2,v9: fix --poll regression * drbdmeta: fix bug with ALs with small final extents * build,Debian: rm mail recommends * drbdsetup,events2,v9: allow --poll without --now * drbdsetup,invalidate: allow bitmap based resync after verify * drbdadm,sh-ll-dev: change output to 'none' if diskless * drbdadm,v9: allow set-gi in single node clusters * drbsetup,events2,v9: diff(erential) output * drbsetup,events2,v9: add --full output * v9: allow resource rename, also in drbdmon * drbdadm,v9: allow c-max-rate to be disabled * New drbd-attr Pacemaker RA * events2: handle mixed initial state and multicast events * events2: fix regression to always print resync done - Prepare '/usr' merge. (bsc#1029961) Low SUSE bug 1029961 SUSE bug 1185132 SUSE bug 1189363 cpe:/o:opensuse:leap:15.3 Security update for java-11-openjdk (Important) openSUSE Leap 15.3 This update for java-11-openjdk fixes the following issues: Update to 11.0.13+8 (October 2021 CPU) - CVE-2021-35550, bsc#1191901: Update the default enabled cipher suites preference - CVE-2021-35565, bsc#1191909: com.sun.net.HttpsServer spins on TLS session close - CVE-2021-35556, bsc#1191910: Richer Text Editors - CVE-2021-35559, bsc#1191911: Enhanced style for RTF kit - CVE-2021-35561, bsc#1191912: Better hashing support - CVE-2021-35564, bsc#1191913: Improve Keystore integrity - CVE-2021-35567, bsc#1191903: More Constrained Delegation - CVE-2021-35578, bsc#1191904: Improve TLS client handshaking - CVE-2021-35586, bsc#1191914: Better BMP support - CVE-2021-35603, bsc#1191906: Better session identification - Improve Stream handling for SSL - Improve requests of certificates - Correct certificate requests - Enhance DTLS client handshake Important SUSE bug 1191901 SUSE bug 1191903 SUSE bug 1191904 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603 cpe:/o:opensuse:leap:15.3 Security update for tomcat (Moderate) openSUSE Leap 15.3 This update for tomcat fixes the following issues: - CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279). - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278). - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet (bsc#1190558). Moderate SUSE bug 1188278 SUSE bug 1188279 SUSE bug 1190558 CVE-2021-30640 CVE-2021-33037 CVE-2021-41079 cpe:/o:opensuse:leap:15.3 Security update for samba (Important) openSUSE Leap 15.3 This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). Important SUSE bug 1014440 SUSE bug 1192284 CVE-2016-2124 CVE-2020-25717 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The following security bugs were fixed: - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). The following non-security bugs were fixed: - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: hda: Use position buffer for SKL+ again (git-fixes). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: SOF: topology: do not power down primary core during topology removal (git-fixes). - ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu/display: add quirk handling for stutter mode (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - drm/msm: potential error pointer dereference in init() (git-fixes). - drm/msm: uninitialized variable in msm_gem_import() (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/ttm: stop calling tt_swapin in vm_access (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (bsc#1192288). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - firmware/psci: fix application of sizeof to pointer (git-fixes). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489). - gpio: pca953x: Improve bias setting (git-fixes). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - gve: fix gve_get_stats() (git-fixes). - gve: Properly handle errors in gve_assign_qpl (bsc#1176940). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940). - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - i40e: Fix ATR queue selection (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes). - iavf: fix double unlock of crit_lock (git-fixes). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: mvm: fix some kerneldoc issues (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kABI: Fix kABI after 36950f2da1ea (bsc#1191851). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021). - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021). - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - mlx5: count all link events (git-fixes). - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi (git-fixes). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes). - mt76: mt7915: fix possible infinite loop release semaphore (git-fixes). - mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353). - net: batman-adv: fix error handling (git-fixes). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). - net/mlx4_en: Resolve bad operstate value (git-fixes). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464). - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nfs: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself. (bsc#1191628 bsc#1192549). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - nvme: add command id quirk for apple controllers (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: set min_align_mask (bsc#1191851). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes). - PM: sleep: Do not let 'syscore' devices runtime-suspend during system transitions (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - rsi: fix control-message timeout (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - swiotlb: add a IO_TLB_SIZE define (bsc#1191851). - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851). - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851). - swiotlb: factor out an io_tlb_offset helper (bsc#1191851). - swiotlb: factor out a nr_slots helper (bsc#1191851). - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851). - swiotlb: respect min_align_mask (bsc#1191851). - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - Update patch reference for AMDGPU fix (bsc#1180749) - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio-gpu: fix possible memory allocation failure (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - x86/ioapic: Force affinity setup before startup (bsc#1152489). - x86/msi: Force affinity setup before startup (bsc#1152489). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: do not allow log writes if the data device is readonly (bsc#1192229). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). Important SUSE bug 1065729 SUSE bug 1085030 SUSE bug 1089118 SUSE bug 1094840 SUSE bug 1133021 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1157177 SUSE bug 1167773 SUSE bug 1172073 SUSE bug 1173604 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1176914 SUSE bug 1176940 SUSE bug 1178134 SUSE bug 1180100 SUSE bug 1180749 SUSE bug 1181147 SUSE bug 1184673 SUSE bug 1185762 SUSE bug 1186063 SUSE bug 1186109 SUSE bug 1187167 SUSE bug 1188563 SUSE bug 1188601 SUSE bug 1189841 SUSE bug 1190006 SUSE bug 1190067 SUSE bug 1190349 SUSE bug 1190351 SUSE bug 1190479 SUSE bug 1190620 SUSE bug 1190642 SUSE bug 1190795 SUSE bug 1190801 SUSE bug 1190941 SUSE bug 1191229 SUSE bug 1191240 SUSE bug 1191241 SUSE bug 1191315 SUSE bug 1191317 SUSE bug 1191349 SUSE bug 1191384 SUSE bug 1191449 SUSE bug 1191450 SUSE bug 1191451 SUSE bug 1191452 SUSE bug 1191455 SUSE bug 1191456 SUSE bug 1191628 SUSE bug 1191645 SUSE bug 1191663 SUSE bug 1191731 SUSE bug 1191800 SUSE bug 1191851 SUSE bug 1191867 SUSE bug 1191934 SUSE bug 1191958 SUSE bug 1191980 SUSE bug 1192040 SUSE bug 1192041 SUSE bug 1192074 SUSE bug 1192107 SUSE bug 1192145 SUSE bug 1192229 SUSE bug 1192267 SUSE bug 1192288 SUSE bug 1192549 CVE-2021-33033 CVE-2021-34866 CVE-2021-3542 CVE-2021-3655 CVE-2021-3715 CVE-2021-37159 CVE-2021-3760 CVE-2021-3772 CVE-2021-3896 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVE-2021-42739 CVE-2021-43056 CVE-2021-43389 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to Extended Support Release 91.3.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-49 (bsc#1192250) * CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504: Use-after-free in file picker dialog * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0008: Use-after-free in HTTP2 Session object * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 Important SUSE bug 1192250 CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510 cpe:/o:opensuse:leap:15.3 Security update for postgresql12 (Important) openSUSE Leap 15.3 This update for postgresql12 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:opensuse:leap:15.3 Security update for postgresql14 (Important) openSUSE Leap 15.3 This update for postgresql14 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - Let rpmlint ignore shlib-policy-name-error (boo#1191782). Important SUSE bug 1191782 SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:opensuse:leap:15.3 Security update for postgresql13 (Important) openSUSE Leap 15.3 This update for postgresql13 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 15.3 This update for java-1_8_0-openjdk fixes the following issues: Update to version OpenJDK 8u312 (October 2021 CPU): - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901). - CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910). - CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911). - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912). - CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913). - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909). - CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903). - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904). - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914). - CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905) - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906). Important SUSE bug 1191901 SUSE bug 1191903 SUSE bug 1191904 SUSE bug 1191905 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603 cpe:/o:opensuse:leap:15.3 Security update for redis (Important) openSUSE Leap 15.3 This update for redis fixes the following issues: - CVE-2021-32627: Fixed integer to heap buffer overflows with streams (bsc#1191305). - CVE-2021-32628: Fixed integer to heap buffer overflows handling ziplist-encoded data types (bsc#1191305). - CVE-2021-32687: Fixed integer to heap buffer overflow with intsets (bsc#1191302). - CVE-2021-32762: Fixed integer to heap buffer overflow issue in redis-cli and redis-sentinel (bsc#1191300). - CVE-2021-32626: Fixed heap buffer overflow caused by specially crafted Lua scripts (bsc#1191306). - CVE-2021-32672: Fixed random heap reading issue with Lua Debugger (bsc#1191304). - CVE-2021-32675: Fixed Denial Of Service when processing RESP request payloads with a large number of elements on many connections (bsc#1191303). - CVE-2021-41099: Fixed integer to heap buffer overflow handling certain string commands and network payloads (bsc#1191299). Important SUSE bug 1191299 SUSE bug 1191300 SUSE bug 1191302 SUSE bug 1191303 SUSE bug 1191304 SUSE bug 1191305 SUSE bug 1191306 CVE-2021-32626 CVE-2021-32627 CVE-2021-32628 CVE-2021-32672 CVE-2021-32675 CVE-2021-32687 CVE-2021-32762 CVE-2021-41099 cpe:/o:opensuse:leap:15.3 Security update for bind (Important) openSUSE Leap 15.3 This update for bind fixes the following issues: - CVE-2021-25219: Fixed lame cache that could have been abused to severely degrade resolver performance (bsc#1192146). Important SUSE bug 1192146 CVE-2021-25219 cpe:/o:opensuse:leap:15.3 Security update for netcdf (Important) openSUSE Leap 15.3 This update for netcdf fixes the following issues: - Fixed multiple vulnerabilities in ezXML: CVE-2019-20007, CVE-2019-20006, CVE-2019-20201, CVE-2019-20202, CVE-2019-20199, CVE-2019-20200, CVE-2019-20198, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485, CVE-2021-31229, CVE-2021-31347, CVE-2021-31348, CVE-2021-31598 (bsc#1191856) Note: * CVE-2021-26220 https://sourceforge.net/p/ezxml/bugs/23 not relevant for netcdf: code isn't used. * CVE-2019-20005 https://sourceforge.net/p/ezxml/bugs/14 Issue cannot be reproduced and no patch is available upstream. Important SUSE bug 1191856 CVE-2019-20005 CVE-2019-20006 CVE-2019-20007 CVE-2019-20198 CVE-2019-20199 CVE-2019-20200 CVE-2019-20201 CVE-2019-20202 CVE-2021-26220 CVE-2021-26221 CVE-2021-26222 CVE-2021-30485 CVE-2021-31229 CVE-2021-31347 CVE-2021-31348 CVE-2021-31598 cpe:/o:opensuse:leap:15.3 Security update for netcdf (Important) openSUSE Leap 15.3 This update for netcdf fixes the following issues: - Fixed multiple vulnerabilities in ezXML: CVE-2019-20007, CVE-2019-20006, CVE-2019-20201, CVE-2019-20202, CVE-2019-20199, CVE-2019-20200, CVE-2019-20198, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485, CVE-2021-31229, CVE-2021-31347, CVE-2021-31348, CVE-2021-31598 (bsc#1191856) Note: * CVE-2021-26220 https://sourceforge.net/p/ezxml/bugs/23 not relevant for netcdf: code isn't used. * CVE-2019-20005 https://sourceforge.net/p/ezxml/bugs/14 Issue cannot be reproduced and no patch is available upstream. Important SUSE bug 1191856 CVE-2019-20005 CVE-2019-20006 CVE-2019-20007 CVE-2019-20198 CVE-2019-20199 CVE-2019-20200 CVE-2019-20201 CVE-2019-20202 CVE-2021-26220 CVE-2021-26221 CVE-2021-26222 CVE-2021-30485 CVE-2021-31229 CVE-2021-31347 CVE-2021-31348 CVE-2021-31598 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes). - ALSA: hda: Free card instance properly at probe errors (git-fixes). - ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: hda: Use position buffer for SKL+ again (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375). - ALSA: usb-audio: Use int for dB map values (bsc#1192375). - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ASoC: SOF: topology: do not power down primary core during topology removal (git-fixes). - ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes). - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - blacklist.conf: 5c9d706f6133 ('bpf: Fix BPF_LSM kconfig symbol dependency') Not needed since 30897832d8b9 ('bpf: Allow local storage to be used from LSM programs') is not backported. - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22574) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Disallow unprivileged bpf by default (jsc#SLE-22574). - bpf: Fix BPF_JIT kconfig symbol dependency (git-fixes jsc#SLE-22574). - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf, kconfig: Add consolidated menu entry for bpf with core options (jsc#SLE-22574). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851). - drm/amdgpu/display: add quirk handling for stutter mode (git-fixes). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes). - drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - drm/msm: potential error pointer dereference in init() (git-fixes). - drm/msm: uninitialized variable in msm_gem_import() (git-fixes). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/ttm: stop calling tt_swapin in vm_access (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (bsc#1192288). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then. - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - firmware/psci: fix application of sizeof to pointer (git-fixes). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - fuse: fix page stealing (bsc#1192718). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - gpio/rockchip: add driver for rockchip gpio (bsc#1192217). - gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type (bsc#1192217). - gpio/rockchip: extended debounce support is only available on v2 (bsc#1192217). - gpio/rockchip: fetch deferred output settings on probe (bsc#1192217). - gpio/rockchip: fix get_direction value handling (bsc#1192217). - gpio/rockchip: support next version gpio controller (bsc#1192217). - gpio/rockchip: use struct rockchip_gpio_regs for gpio controller (bsc#1192217). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - gve: fix gve_get_stats() (git-fixes). - gve: Properly handle errors in gve_assign_qpl (bsc#1176940). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - i40e: Fix ATR queue selection (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes). - iavf: fix double unlock of crit_lock (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773). - iwlwifi: mvm: fix some kerneldoc issues (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kABI: Fix kABI after 36950f2da1ea (bsc#1191851). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021). - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021). - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - mlx5: count all link events (git-fixes). - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - Move upstreamed sound fix into sorted section - mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi (git-fixes). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes). - mt76: mt7915: fix possible infinite loop release semaphore (git-fixes). - mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes). - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353). - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). - net/mlx4_en: Resolve bad operstate value (git-fixes). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes). - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464). - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - net/smc: Correct smc link connection counter in case of smc client (git-fixes). - net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (git-fixes). - nvme-pci: set min_align_mask (bsc#1191851). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (bsc#1192217). - pinctrl/rockchip: add a queue for deferred pin output settings on probe (bsc#1192217). - pinctrl/rockchip: add pinctrl device to gpio bank struct (bsc#1192217). - pinctrl: rockchip: add rk3308 SoC support (bsc#1192217). - pinctrl: rockchip: add support for rk3568 (bsc#1192217). - pinctrl/rockchip: always enable clock for gpio controller (bsc#1192217). - pinctrl: rockchip: clear int status when driver probed (bsc#1192217). - pinctrl: rockchip: create irq mapping in gpio_to_irq (bsc#1192217). - pinctrl: rockchip: do coding style for mux route struct (bsc#1192217). - pinctrl/rockchip: drop the gpio related codes (bsc#1192217). - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1192217). - pinctrl: rockchip: make driver be tristate module (bsc#1192217). - pinctrl: rockchip: Replace HTTP links with HTTPS ones (bsc#1192217). - pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation fails (bsc#1192217). - pinctrl/rockchip: separate struct rockchip_pin_bank to a head file (bsc#1192217). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - PM: sleep: Do not let 'syscore' devices runtime-suspend during system transitions (git-fixes). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (git-fixes). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924) - README.BRANCH: Add Oscar Salvador as SLE15-SP3 maintainer - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510). - Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes). - Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes). - Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes). - Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - rsi: fix control-message timeout (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - s390/dasd: fix use after free in dasd path handling (git-fixes). - s390/pci: fix use after free of zpci_dev (git-fixes). - s390/pci: fix zpci_zdev_put() on reserve (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - s390/topology: clear thread/group maps for offline cpus (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - swiotlb: add a IO_TLB_SIZE define (bsc#1191851). - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851). - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851). - swiotlb: factor out an io_tlb_offset helper (bsc#1191851). - swiotlb: factor out a nr_slots helper (bsc#1191851). - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851). - swiotlb: respect min_align_mask (bsc#1191851). - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - Update patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch (bsc#1191628 bsc#1192549). dir_cookie is a pointer to the cookie in older kernels, not the cookie itself. - Update patch reference for AMDGPU fix (bsc#1180749) - usb: gadget: hid: fix error code in do_config() (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - virtio-gpu: fix possible memory allocation failure (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - x86/ioapic: Force affinity setup before startup (bsc#1152489). - x86/msi: Force affinity setup before startup (bsc#1152489). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen: Fix implicit type conversion (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xfs: do not allow log writes if the data device is readonly (bsc#1192229). Important SUSE bug 1094840 SUSE bug 1133021 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1157177 SUSE bug 1167773 SUSE bug 1169263 SUSE bug 1170269 SUSE bug 1176940 SUSE bug 1180749 SUSE bug 1184924 SUSE bug 1188601 SUSE bug 1190523 SUSE bug 1190795 SUSE bug 1191628 SUSE bug 1191790 SUSE bug 1191851 SUSE bug 1191958 SUSE bug 1191961 SUSE bug 1191980 SUSE bug 1192045 SUSE bug 1192217 SUSE bug 1192229 SUSE bug 1192267 SUSE bug 1192273 SUSE bug 1192288 SUSE bug 1192328 SUSE bug 1192375 SUSE bug 1192473 SUSE bug 1192549 SUSE bug 1192718 SUSE bug 1192740 SUSE bug 1192745 SUSE bug 1192750 SUSE bug 1192753 SUSE bug 1192758 SUSE bug 1192781 SUSE bug 1192802 SUSE bug 1192896 SUSE bug 1192906 SUSE bug 1192918 CVE-2021-0941 CVE-2021-20322 CVE-2021-31916 CVE-2021-34981 CVE-2021-37159 CVE-2021-43389 cpe:/o:opensuse:leap:15.3 Security update for netcdf (Important) openSUSE Leap 15.3 This update for netcdf fixes the following issues: - Fixed multiple vulnerabilities in ezXML: CVE-2019-20007, CVE-2019-20006, CVE-2019-20201, CVE-2019-20202, CVE-2019-20199, CVE-2019-20200, CVE-2019-20198, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485, CVE-2021-31229, CVE-2021-31347, CVE-2021-31348, CVE-2021-31598 (bsc#1191856) Note: * CVE-2021-26220 https://sourceforge.net/p/ezxml/bugs/23 not relevant for netcdf: code isn't used. * CVE-2019-20005 https://sourceforge.net/p/ezxml/bugs/14 Issue cannot be reproduced and no patch is available upstream. Important SUSE bug 1191856 CVE-2019-20005 CVE-2019-20006 CVE-2019-20007 CVE-2019-20198 CVE-2019-20199 CVE-2019-20200 CVE-2019-20201 CVE-2019-20202 CVE-2021-26220 CVE-2021-26221 CVE-2021-26222 CVE-2021-30485 CVE-2021-31229 CVE-2021-31347 CVE-2021-31348 CVE-2021-31598 cpe:/o:opensuse:leap:15.3 Security update for go1.17 (Moderate) openSUSE Leap 15.3 This update for go1.17 fixes the following issues: Security update go1.17.3 (released 2021-11-04) (bsc#1190649). - CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic (bsc#1192377). - CVE-2021-41772: Fixed panic on (*Reader).Open (bsc#1192378). Moderate SUSE bug 1190649 SUSE bug 1192377 SUSE bug 1192378 CVE-2021-41771 CVE-2021-41772 cpe:/o:opensuse:leap:15.3 Security update for go1.16 (Moderate) openSUSE Leap 15.3 This update for go1.16 fixes the following issues: Security update go1.16.10 (released 2021-11-04) (bsc#1182345). - CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic (bsc#1192377). - CVE-2021-41772: Fixed panic on (*Reader).Open (bsc#1192378). Moderate SUSE bug 1182345 SUSE bug 1192377 SUSE bug 1192378 CVE-2021-41771 CVE-2021-41772 cpe:/o:opensuse:leap:15.3 Security update for mariadb (Moderate) openSUSE Leap 15.3 This update for mariadb fixes the following issues: - Update to 10.5.13: - CVE-2021-35604: Fixed InnoDB vulnerability that allowed an high privileged attacker with network access via multiple protocols to compromise MySQL (bsc#1192497). Moderate SUSE bug 1192497 CVE-2021-35604 cpe:/o:opensuse:leap:15.3 Security update for ruby2.5 (Important) openSUSE Leap 15.3 This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). Important SUSE bug 1188160 SUSE bug 1188161 SUSE bug 1190375 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 cpe:/o:opensuse:leap:15.3 Security update for python-Pygments (Important) openSUSE Leap 15.3 This update for python-Pygments fixes the following issues: - CVE-2021-27291: Fixed ReDoS via crafted malicious input (bsc#1184812). Important SUSE bug 1184812 CVE-2021-27291 cpe:/o:opensuse:leap:15.3 Security update for python-Pygments (Important) openSUSE Leap 15.3 This update for python-Pygments fixes the following issues: - CVE-2021-27291: Fixed ReDoS via crafted malicious input (bsc#1184812). Important SUSE bug 1184812 CVE-2021-27291 cpe:/o:opensuse:leap:15.3 Security update for openexr (Moderate) openSUSE Leap 15.3 This update for openexr fixes the following issues: - CVE-2021-3941: Fixed divide-by-zero in Imf_3_1:RGBtoXYZ (bsc#1192556). - CVE-2021-3933: Fixed integer-overflow in Imf_3_1:bytesPerDeepLineTable (bsc#1192498). Moderate SUSE bug 1192498 SUSE bug 1192556 CVE-2021-3933 CVE-2021-3941 cpe:/o:opensuse:leap:15.3 Security update for poppler (Important) openSUSE Leap 15.3 This update for poppler fixes the following issues: - CVE-2017-18267: Fixed an infinite recursion that would allow remote attackers to cause a denial of service (bsc#1092945). - CVE-2018-13988: Added an improper implementation check which otherwise could allow buffer overflows, memory corruption, and denial of service (bsc#1102531). - CVE-2018-16646: Fixed an infinite recursion which could allow a denial-of-service attack via a specially crafted PDF file (bsc#1107597). - CVE-2018-18897: Fixed a memory leak (bsc#1114966). - CVE-2018-19058: Fixed a bug which could allow a denial-of-service attack via a specially crafted PDF file (bsc#1115187). - CVE-2018-19059: Fixed an out-of-bounds read access which could allow a denial-of-service attack (bsc#1115186). - CVE-2018-19060: Fixed a NULL pointer dereference which could allow a denial-of-service attack (bsc#1115185). - CVE-2018-19149: Fixed a NULL pointer dereference which could allow a denial-of-service attack (bsc#1115626). - CVE-2018-20481: Fixed a NULL pointer dereference while handling unallocated XRef entries which could allow a denial-of-service attack (bsc#1120495). - CVE-2018-20551: Fixed a reachable assertion which could allow a denial-of-service attack through specially crafted PDF files (bsc#1120496). - CVE-2018-20650: Fixed a reachable assertion which could allow denial-of-service through specially crafted PDF files (bsc#1120939). - CVE-2018-20662: Fixed a bug which could potentially crash the running process by SIGABRT resulting in a denial-of-service attack through a specially crafted PDF file (bsc#1120956). - CVE-2019-10871: Fixed a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc (bsc#1131696). - CVE-2019-10872: Fixed a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc (bsc#1131722). - CVE-2019-14494: Fixed a divide-by-zero error in the function SplashOutputDev::tilingPatternFill (bsc#1143950). - CVE-2019-7310: Fixed a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) that allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document (bsc#1124150). - CVE-2019-9200: Fixed a heap-based buffer underwrite which could allow denial-of-service attack through a specially crafted PDF file (bsc#1127329) - CVE-2019-9631: Fixed a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function (bsc#1129202). - CVE-2019-9903: Fixed excessive stack consumption in the Dict::find() method, which can be triggered by passing a crafted pdf file to the pdfunite binary (bsc#1130229). - CVE-2019-9959: Fixed integer overflow that made it possible to allocate a large memory chunk on the heap with a size controlled by an attacker (bsc#1142465). - CVE-2020-27778: Fixed buffer overflow vulnerability in pdftohtml (bsc#1179163). Important SUSE bug 1092945 SUSE bug 1102531 SUSE bug 1107597 SUSE bug 1114966 SUSE bug 1115185 SUSE bug 1115186 SUSE bug 1115187 SUSE bug 1115626 SUSE bug 1120495 SUSE bug 1120496 SUSE bug 1120939 SUSE bug 1120956 SUSE bug 1124150 SUSE bug 1127329 SUSE bug 1129202 SUSE bug 1130229 SUSE bug 1131696 SUSE bug 1131722 SUSE bug 1142465 SUSE bug 1143950 SUSE bug 1179163 CVE-2017-18267 CVE-2018-13988 CVE-2018-16646 CVE-2018-18897 CVE-2018-19058 CVE-2018-19059 CVE-2018-19060 CVE-2018-19149 CVE-2018-20481 CVE-2018-20551 CVE-2018-20650 CVE-2018-20662 CVE-2019-10871 CVE-2019-10872 CVE-2019-14494 CVE-2019-7310 CVE-2019-9200 CVE-2019-9631 CVE-2019-9903 CVE-2019-9959 CVE-2020-27778 cpe:/o:opensuse:leap:15.3 Security update for python-sqlparse (Moderate) openSUSE Leap 15.3 This update for python-sqlparse fixes the following issues: - CVE-2021-32839: Fixed ReDoS via regular expression in StripComments filter (bsc#1190741). Moderate SUSE bug 1190741 CVE-2021-32839 cpe:/o:opensuse:leap:15.3 Security update for speex (Moderate) openSUSE Leap 15.3 This update for speex fixes the following issues: - CVE-2020-23903: Fixed zero division error in read_samples (bsc#1192580). Moderate SUSE bug 1192580 CVE-2020-23903 cpe:/o:opensuse:leap:15.3 Security update for netcdf (Important) openSUSE Leap 15.3 This update for netcdf fixes the following issues: - Fixed multiple vulnerabilities in ezXML: CVE-2019-20007, CVE-2019-20006, CVE-2019-20201, CVE-2019-20202, CVE-2019-20199, CVE-2019-20200, CVE-2019-20198, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485, CVE-2021-31229, CVE-2021-31347, CVE-2021-31348, CVE-2021-31598 (bsc#1191856) Note: * CVE-2021-26220 https://sourceforge.net/p/ezxml/bugs/23 not relevant for netcdf: code isn't used. * CVE-2019-20005 https://sourceforge.net/p/ezxml/bugs/14 Issue cannot be reproduced and no patch is available upstream. Important SUSE bug 1191856 CVE-2019-20005 CVE-2019-20006 CVE-2019-20007 CVE-2019-20198 CVE-2019-20199 CVE-2019-20200 CVE-2019-20201 CVE-2019-20202 CVE-2021-26220 CVE-2021-26221 CVE-2021-26222 CVE-2021-30485 CVE-2021-31229 CVE-2021-31347 CVE-2021-31348 CVE-2021-31598 cpe:/o:opensuse:leap:15.3 Security update for webkit2gtk3 (Important) openSUSE Leap 15.3 This update for webkit2gtk3 fixes the following issues: - CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). - CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). Important SUSE bug 1192063 CVE-2021-30846 CVE-2021-30851 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563). - CVE-2021-33033: The Linux kernel has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value (bnc#1186109 bnc#1186390 bnc#1188876). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem in the Linux kernel has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bnc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2018-13405: The inode_init_owner function in fs/inode.c in the Linux kernel allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416 bnc#1129735). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-34556: An unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack (bnc#1188983). - CVE-2021-35477: An unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation did not necessarily occur before a store operation that has an attacker-controlled value (bnc#1188985). - CVE-2021-42252: An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes (bnc#1190479). - CVE-2021-41864: prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access (bnc#1191315). - CVE-2021-3759: Unaccounted ipc objects could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2020-3702: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic (bnc#1191193). - CVE-2021-3752: Fixed a use after free vulnerability in the bluetooth module. (bsc#1190023) - CVE-2021-40490: A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel (bnc#1190159 bnc#1192775) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2020-12770: An issue was discovered in the Linux kernel sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040 (bnc#1171420). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2019-3900: An infinite loop issue was found in the vhost_net kernel module, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario (bnc#1133374). - CVE-2019-3874: The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. (bnc#1129898). - CVE-2018-9517: In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bnc#1108488). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the 'int_ctl' field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7 (bnc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-3679: A lack of CPU resource in the tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#0 bnc#1177666 bnc#1181158). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1176724). - CVE-2021-37576: arch/powerpc/kvm/book3s_rtas.c on the powerpc platform allowed KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e (bnc#1188838 bnc#1190276). - CVE-2021-22543: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bnc#1186482 bnc#1190276). - CVE-2021-33909: fs/seq_file.c did not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05 (bnc#1188062 bnc#1188063). The following non-security bugs were fixed: - Add arch-dependent support markers in supported.conf (bsc#1186672) - Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1191888). - config: disable unprivileged BPF by default (jsc#SLE-22913) - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - hisax: fix spectre issues (bsc#1192802). - hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042). - kernel-binary.spec: Fix up usrmerge for non-modular kernels. - kernel-binary.spec.in: build-id check requires elfutils. - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile. - kernel-binary.spec: Only use mkmakefile when it exists Linux 5.13 no longer had a mkmakefile script - kernel-binary.spec: Remove obsolete and wrong comment mkmakefile is repleced by echo on newer kernel - kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale. - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - memcg: enable accounting for file lock caches (bsc#1190115). - mm/memory.c: do_fault: avoid usage of stale vm_area_struct (bsc#1136513). - mpt3sas: fix spectre issues (bsc#1192802). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - objtool: Do not fail on missing symbol table (bsc#1192379). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846). - ovl: filter of trusted xattr results in audit (bsc#1189846). - ovl: fix dentry leak in ovl_get_redirect (bsc#1189846). - ovl: initialize error in ovl_copy_xattr (bsc#1189846). - ovl: relax WARN_ON() on rename to self (bsc#1189846). - PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973). - Revert 'memcg: enable accounting for file lock caches (bsc#1190115).' This reverts commit 912b4421a3e9bb9f0ef1aadc64a436666259bd4d. It's effectively upstream commit 3754707bcc3e190e5dadc978d172b61e809cb3bd applied to kernel-source (to avoid proliferation of patches). Make a note in blacklist.conf too. - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - scripts/git_sort/git_sort.py: add bpf git repo - scripts/git_sort/git_sort.py: Update nvme repositories - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1191349). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349 bsc#1191457). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1191349 bsc#1191457). - scsi: target: avoid using lun_tg_pt_gp after unlock (bsc#1186078). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - target: core: Fix sense key for invalid XCOPY request (bsc#1186078). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - Use /usr/lib/modules as module dir when usermerge is active in the target distro. - UsrMerge the kernel (boo#1184804) - x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). Important SUSE bug 1100416 SUSE bug 1108488 SUSE bug 1129735 SUSE bug 1129898 SUSE bug 1133374 SUSE bug 1136513 SUSE bug 1171420 SUSE bug 1176724 SUSE bug 1177666 SUSE bug 1181158 SUSE bug 1184673 SUSE bug 1184804 SUSE bug 1185377 SUSE bug 1185726 SUSE bug 1185758 SUSE bug 1185973 SUSE bug 1186078 SUSE bug 1186109 SUSE bug 1186390 SUSE bug 1186482 SUSE bug 1186672 SUSE bug 1188062 SUSE bug 1188063 SUSE bug 1188172 SUSE bug 1188563 SUSE bug 1188601 SUSE bug 1188616 SUSE bug 1188838 SUSE bug 1188876 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189057 SUSE bug 1189262 SUSE bug 1189291 SUSE bug 1189399 SUSE bug 1189400 SUSE bug 1189706 SUSE bug 1189846 SUSE bug 1189884 SUSE bug 1190023 SUSE bug 1190025 SUSE bug 1190067 SUSE bug 1190115 SUSE bug 1190117 SUSE bug 1190159 SUSE bug 1190276 SUSE bug 1190349 SUSE bug 1190351 SUSE bug 1190479 SUSE bug 1190534 SUSE bug 1190601 SUSE bug 1190717 SUSE bug 1191193 SUSE bug 1191315 SUSE bug 1191317 SUSE bug 1191349 SUSE bug 1191457 SUSE bug 1191628 SUSE bug 1191790 SUSE bug 1191800 SUSE bug 1191888 SUSE bug 1191961 SUSE bug 1192045 SUSE bug 1192267 SUSE bug 1192379 SUSE bug 1192400 SUSE bug 1192775 SUSE bug 1192781 SUSE bug 1192802 CVE-2018-13405 CVE-2018-9517 CVE-2019-3874 CVE-2019-3900 CVE-2020-0429 CVE-2020-12770 CVE-2020-3702 CVE-2020-4788 CVE-2021-0941 CVE-2021-20322 CVE-2021-22543 CVE-2021-31916 CVE-2021-33033 CVE-2021-33909 CVE-2021-34556 CVE-2021-34981 CVE-2021-3542 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3656 CVE-2021-3659 CVE-2021-3679 CVE-2021-3715 CVE-2021-37159 CVE-2021-3732 CVE-2021-3744 CVE-2021-3752 CVE-2021-3753 CVE-2021-37576 CVE-2021-3759 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-40490 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVE-2021-42739 cpe:/o:opensuse:leap:15.3 Security update for aaa_base (Moderate) openSUSE Leap 15.3 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) Moderate SUSE bug 1162581 SUSE bug 1174504 SUSE bug 1191563 SUSE bug 1192248 cpe:/o:opensuse:leap:15.3 Security update for mozilla-nss (Important) openSUSE Leap 15.3 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). Important SUSE bug 1193170 CVE-2021-43527 cpe:/o:opensuse:leap:15.3 Security update for wireshark (Moderate) openSUSE Leap 15.3 This update for wireshark fixes the following issues: - Update to Wireshark 3.4.10: - CVE-2021-39920: IPPUSB dissector crash (bsc#1192830). - CVE-2021-39921: Modbus dissector crash (bsc#1192830). - CVE-2021-39922: C12.22 dissector crash (bsc#1192830). - CVE-2021-39924: Bluetooth DHT dissector large loop (bsc#1192830). - CVE-2021-39925: Bluetooth SDP dissector crash (bsc#1192830). - CVE-2021-39926: Bluetooth HCI_ISO dissector crash (bsc#1192830). - CVE-2021-39928: IEEE 802.11 dissector crash (bsc#1192830). - CVE-2021-39929: Bluetooth DHT dissector crash (bsc#1192830). Moderate SUSE bug 1192830 CVE-2021-39920 CVE-2021-39921 CVE-2021-39922 CVE-2021-39924 CVE-2021-39925 CVE-2021-39926 CVE-2021-39928 CVE-2021-39929 cpe:/o:opensuse:leap:15.3 Security update for nodejs12 (Important) openSUSE Leap 15.3 This update for nodejs12 fixes the following issues: - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers (bsc#1191601). - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602). - CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190057). - CVE-2021-37712: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190056). - CVE-2021-37713: Fixed arbitrary code execution and file creation and overwrite in nodejs-tar (bsc#1190055). - CVE-2021-39134: Fixed symling following vulnerability in nodejs-arborist (bsc#1190054). - CVE-2021-39135: Fixed symling following vulnerability in nodejs-arborist (bsc#1190053). Important SUSE bug 1190053 SUSE bug 1190054 SUSE bug 1190055 SUSE bug 1190056 SUSE bug 1190057 SUSE bug 1191601 SUSE bug 1191602 CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045 ). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes). - ALSA: hda: Free card instance properly at probe errors (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375). - ALSA: usb-audio: Use int for dB map values (bsc#1192375). - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22574) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Disallow unprivileged bpf by default (jsc#SLE-22574). - bpf: Fix BPF_JIT kconfig symbol dependency (git-fixes jsc#SLE-22574). - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf, kconfig: Add consolidated menu entry for bpf with core options (jsc#SLE-22574). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) Backport of mainline commit 8a03e56b253e ('bpf: Disallow unprivileged bpf by default') only changes kconfig default, used e.g. for 'make oldconfig' when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then. - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - Fix problem with missing installkernel on Tumbleweed. - fuse: fix page stealing (bsc#1192718). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - gpio/rockchip: add driver for rockchip gpio (bsc#1192217). - gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type (bsc#1192217). - gpio/rockchip: extended debounce support is only available on v2 (bsc#1192217). - gpio/rockchip: fetch deferred output settings on probe (bsc#1192217). - gpio/rockchip: fix get_direction value handling (bsc#1192217). - gpio/rockchip: support next version gpio controller (bsc#1192217). - gpio/rockchip: use struct rockchip_gpio_regs for gpio controller (bsc#1192217). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - Move upstreamed sound fix into sorted section - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - net/smc: Correct smc link connection counter in case of smc client (git-fixes). - net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (git-fixes). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (bsc#1192217). - pinctrl/rockchip: add a queue for deferred pin output settings on probe (bsc#1192217). - pinctrl/rockchip: add pinctrl device to gpio bank struct (bsc#1192217). - pinctrl: rockchip: add rk3308 SoC support (bsc#1192217). - pinctrl: rockchip: add support for rk3568 (bsc#1192217). - pinctrl/rockchip: always enable clock for gpio controller (bsc#1192217). - pinctrl: rockchip: clear int status when driver probed (bsc#1192217). - pinctrl: rockchip: create irq mapping in gpio_to_irq (bsc#1192217). - pinctrl: rockchip: do coding style for mux route struct (bsc#1192217). - pinctrl/rockchip: drop the gpio related codes (bsc#1192217). - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1192217). - pinctrl: rockchip: make driver be tristate module (bsc#1192217). - pinctrl: rockchip: Replace HTTP links with HTTPS ones (bsc#1192217). - pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation fails (bsc#1192217). - pinctrl/rockchip: separate struct rockchip_pin_bank to a head file (bsc#1192217). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: supply: rt5033-battery: Change voltage values to 5V (git-fixes). - printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924) - Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510). - Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes). - Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes). - Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes). - Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - s390/dasd: fix use after free in dasd path handling (git-fixes). - s390/pci: fix use after free of zpci_dev (git-fixes). - s390/pci: fix zpci_zdev_put() on reserve (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - s390/topology: clear thread/group maps for offline cpus (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - Update config files: pull BPF configs together - usb: gadget: hid: fix error code in do_config() (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen: Fix implicit type conversion (git-fixes). Important SUSE bug 1152489 SUSE bug 1169263 SUSE bug 1170269 SUSE bug 1184924 SUSE bug 1190523 SUSE bug 1190795 SUSE bug 1191790 SUSE bug 1191961 SUSE bug 1192045 SUSE bug 1192217 SUSE bug 1192273 SUSE bug 1192328 SUSE bug 1192375 SUSE bug 1192473 SUSE bug 1192718 SUSE bug 1192740 SUSE bug 1192745 SUSE bug 1192750 SUSE bug 1192753 SUSE bug 1192758 SUSE bug 1192781 SUSE bug 1192802 SUSE bug 1192896 SUSE bug 1192906 SUSE bug 1192918 CVE-2021-0941 CVE-2021-20322 CVE-2021-31916 CVE-2021-34981 cpe:/o:opensuse:leap:15.3 Security update for brotli (Moderate) openSUSE Leap 15.3 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). Moderate SUSE bug 1175825 CVE-2020-8927 cpe:/o:opensuse:leap:15.3 Recommended update for php7 (Moderate) openSUSE Leap 15.3 This update for php7 fixes the following issues: - CVE-2021-21703: Fixed local privilege escalation via PHP-FPM (bsc#1192050). - CVE-2021-21707: Fixed special character breaks path in xml parsing (bsc#1193041). - Added patch to prevent memory access violation in php7 when running test suite (bsc#1175508) Moderate SUSE bug 1175508 SUSE bug 1192050 SUSE bug 1193041 CVE-2021-21703 CVE-2021-21707 cpe:/o:opensuse:leap:15.3 Security update for glib-networking (Important) openSUSE Leap 15.3 This update for glib-networking fixes the following issues: Update to version 2.62.4: - CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460). Important SUSE bug 1172460 CVE-2020-13645 cpe:/o:opensuse:leap:15.3 Security update for python-Babel (Important) openSUSE Leap 15.3 This update for python-Babel fixes the following issues: - CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution (bsc#1185768). Important SUSE bug 1185768 CVE-2021-42771 cpe:/o:opensuse:leap:15.3 Security update for gmp (Moderate) openSUSE Leap 15.3 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). Moderate SUSE bug 1192717 CVE-2021-43618 cpe:/o:opensuse:leap:15.3 Security update for clamav (Moderate) openSUSE Leap 15.3 This update for clamav fixes the following issues: - Update to 0.103.4 (bsc#1192346). - Update to 0.103.3 (bsc#1188284). Moderate SUSE bug 1188284 SUSE bug 1192346 cpe:/o:opensuse:leap:15.3 Security update for openssh (Important) openSUSE Leap 15.3 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Important SUSE bug 1190975 CVE-2021-41617 cpe:/o:opensuse:leap:15.3 Security update for nodejs14 (Important) openSUSE Leap 15.3 This update for nodejs14 fixes the following issues: nodejs14 was updated to 14.18.1: * deps: update llhttp to 2.1.4 - HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959) - HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960) Changes in 14.18.0: * buffer: + introduce Blob + add base64url encoding option * child_process: + allow options.cwd receive a URL + add timeout to spawn and fork + allow promisified exec to be cancel + add 'overlapped' stdio flag * dns: add 'tries' option to Resolve options * fs: + allow empty string for temp directory prefix + allow no-params fsPromises fileHandle read + add support for async iterators to fsPromises.writeFile * http2: add support for sensitive headers * process: add 'worker' event * tls: allow reading data into a static buffer * worker: add setEnvironmentData/getEnvironmentData Changes in 14.17.6 * deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135) Important SUSE bug 1190053 SUSE bug 1190054 SUSE bug 1190055 SUSE bug 1190056 SUSE bug 1190057 SUSE bug 1191601 SUSE bug 1191602 CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 cpe:/o:opensuse:leap:15.3 Security update for xen (Moderate) openSUSE Leap 15.3 This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Update to Xen 4.14.3 bug fix release (bsc#1027519). Moderate SUSE bug 1027519 SUSE bug 1191363 SUSE bug 1192554 SUSE bug 1192557 SUSE bug 1192559 CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 (bsc#1193485): - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321) Important SUSE bug 1193321 SUSE bug 1193485 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 cpe:/o:opensuse:leap:15.3 Security update for ImageMagick (Moderate) openSUSE Leap 15.3 This update for ImageMagick fixes the following issues: - CVE-2021-20176: Fixed division by zero caused by processing crafted file (bsc#1181836). Moderate SUSE bug 1181836 CVE-2021-20176 cpe:/o:opensuse:leap:15.3 Security update for log4j (Important) openSUSE Leap 15.3 This update for log4j fixes the following issues: - CVE-2021-44228: Fix a remote code execution vulnerability that existed in the LDAP JNDI parser. [bsc#1193611, CVE-2021-44228] Important SUSE bug 1193611 CVE-2021-44228 cpe:/o:opensuse:leap:15.3 Security update for python-pip (Moderate) openSUSE Leap 15.3 This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819). Moderate SUSE bug 1186819 CVE-2021-3572 cpe:/o:opensuse:leap:15.3 Security update for python-pip (Moderate) openSUSE Leap 15.3 This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819). Moderate SUSE bug 1186819 CVE-2021-3572 cpe:/o:opensuse:leap:15.3 Security update for fetchmail (Moderate) openSUSE Leap 15.3 This update for fetchmail fixes the following issues: - CVE-2021-36386: Fixed DoS or information disclosure in some configurations (bsc#1188875). - CVE-2021-39272: Fixed STARTTLS session encryption bypassing (fetchmail-SA-2021-02) (bsc#1190069). - Update to 6.4.22 (bsc#1152964, jsc#SLE-18159, jsc#SLE-17903, jsc#SLE-18059) - Remove all python2 dependencies (bsc#1190896). - De-hardcode /usr/lib path for launch executable (bsc#1174075). - Added hardening to systemd service(s) (bsc#1181400). Moderate SUSE bug 1152964 SUSE bug 1174075 SUSE bug 1181400 SUSE bug 1188875 SUSE bug 1190069 SUSE bug 1190896 CVE-2021-36386 CVE-2021-39272 cpe:/o:opensuse:leap:15.3 Security update for postgresql10 (Important) openSUSE Leap 15.3 This update for postgresql10 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:opensuse:leap:15.3 Security update for icu.691 (Important) openSUSE Leap 15.3 This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. (jsc#SLE-17893) - Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder' - Update to release 69.1 - For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. - Binary prefixes in measurement units (KiB, MiB, etc.) - Time zone offsets from local time with new APIs. - Don't disable testsuite under 'qemu-linux-user' - Fixed an issue when ICU test on 'aarch64 fails. (bsc#1182645) - Drop 'SUSE_ASNEEDED' as the issue was in binutils. (bsc#1182252) - Fix 'pthread' dependency issue. (bsc#1182252) - Update to release 68.2 - Fix memory problem in 'FormattedStringBuilder' - Fix assertion when 'setKeywordValue w/' long value. - Fix UBSan breakage on 8bit of rbbi - fix int32_t overflow in listFormat - Fix memory handling in MemoryPool::operator=() - Fix memory leak in AliasReplacer - Add back icu.keyring. - Update to release 68.1 - PluralRules selection for ranges of numbers - Locale ID canonicalization now conforms to the CLDR spec including edge cases - DateIntervalFormat supports output options such as capitalization - Measurement units are normalized in skeleton string output - Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 - Unicode 13 (ICU-20893, same as in ICU 66) - Total of 5930 new characters - 4 new scripts - 55 new emoji characters, plus additional new sequences - New CJK extension, first characters in plane 3: U+30000..U+3134A - New language at Modern coverage: Nigerian Pidgin - New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese - Region containment: EU no longer includes GB - Unicode 13 root collation data and Chinese data for collation and transliteration - DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier - Various other improvements for ECMA-402 conformance - Number skeletons have a new 'concise' form that can be used in MessageFormat strings - Currency formatting options for formal and other currency display name variants - ListFormatter: new public API to select the style & type - ListFormatter now selects the proper “and”/“or” form for Spanish & Hebrew. - Locale ID canonicalization upgraded to implement the complete CLDR spec. - LocaleMatcher: New option to ignore one-way matches - acceptLanguage() reimplemented via LocaleMatcher - Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category - Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type - and added a few API overloads to reduce the need for reinterpret_cast. - Support for manipulating CLDR 37 unit identifiers in MeasureUnit. - Drop icu-versioning. (bsc#1159131) - Update to version 66.1 - Unicode 13 support - Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. - Fixed an issue when Qt apps can't handle non-ASCII filesystem path. ([bsc#1162882) - Remove '/usr/lib(64)/icu/current'. (bsc#1158955) Important SUSE bug 1158955 SUSE bug 1159131 SUSE bug 1161007 SUSE bug 1162882 SUSE bug 1167603 SUSE bug 1182252 SUSE bug 1182645 cpe:/o:opensuse:leap:15.3 Security update for xorg-x11-server (Important) openSUSE Leap 15.3 This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Important SUSE bug 1193030 CVE-2021-4008 cpe:/o:opensuse:leap:15.3 Security update for log4j (Important) openSUSE Leap 15.3 This update for log4j fixes the following issue: CVE-2021-44228: The previously published fix by upstream turned out to be incomplete. Therefore, upstream has recommended disabling JNDI support in log4j by default to be completely sure that this vulnerability cannot be exploited. This update implements that recommendation and disables JNDI support by default. [bsc#1193611, CVE-2021-44228] CVE-2021-45046: A Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack is also fixed by disabling JNDI support by default (bsc#1193743) Important SUSE bug 1193611 SUSE bug 1193743 CVE-2021-44228 CVE-2021-45046 cpe:/o:opensuse:leap:15.3 Security update for python3 (Moderate) openSUSE Leap 15.3 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). Moderate SUSE bug 1180125 SUSE bug 1183374 SUSE bug 1183858 SUSE bug 1185588 SUSE bug 1187668 SUSE bug 1189241 SUSE bug 1189287 CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 cpe:/o:opensuse:leap:15.3 Security update for log4j (Important) openSUSE Leap 15.3 This update for log4j fixes the following issue: - Previously published fixes for log4jshell turned out to be incomplete. Upstream has followed up on the original patch for CVE-2021-44228 with several additional changes (LOG4J2-3198, LOG4J2-3201, LOG4J2-3208, and LOG4J2-3211) that are included in this update. Since the totality of those patches is pretty much equivalent to an update to the latest version of log4j, we did update the package's tarball from version 2.13.0 to 2.16.0 instead of trying to apply those patches to the old version. This change brings in a new dependency on 'jakarta-servlet' and a version update of 'disruptor'. [bsc#1193743, CVE-2021-45046] Important SUSE bug 1193743 CVE-2021-44228 CVE-2021-45046 cpe:/o:opensuse:leap:15.3 Security update for logback (Important) openSUSE Leap 15.3 This update for logback fixes the following issues: Upgrade to version 1.2.8 + In response to log4Shell/CVE-2021-44228, all JNDI lookup code in logback has been disabled until further notice. This impacts ContextJNDISelector and insertFromJNDI element in configuration files. + Also in response to log4Shell/CVE-2021-44228, all database (JDBC) related code in the project has been removed with no replacement. + Note that the vulnerability mentioned in LOGBACK-1591 requires write access to logback's configuration file as a prerequisite. The log4Shell/CVE-2021-44228 and LOGBACK-1591 are of different severity levels. A successful RCE requires all of the following conditions to be met: - write access to logback.xml - use of versions lower then 1.2.8 - reloading of poisoned configuration data, which implies application restart or scan='true' set prior to attack Important SUSE bug 1193795 CVE-2021-44228 cpe:/o:opensuse:leap:15.3 Security update for log4j (Important) openSUSE Leap 15.3 This update for log4j fixes the following issue: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] Important SUSE bug 1193662 CVE-2021-4104 cpe:/o:opensuse:leap:15.3 Security update for log4j12 (Important) openSUSE Leap 15.3 This update for log4j12 fixes the following issues: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] Important SUSE bug 1193662 CVE-2021-4104 cpe:/o:opensuse:leap:15.3 Security update for log4j (Important) openSUSE Leap 15.3 This update for log4j fixes the following issues: - Update to 2.17.0 - CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation. (bsc#1193887, bsc#1193888) Important SUSE bug 1193887 SUSE bug 1193888 CVE-2021-45105 cpe:/o:opensuse:leap:15.3 Security update for xorg-x11-server (Important) openSUSE Leap 15.3 This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4010: The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190488) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Important SUSE bug 1190487 SUSE bug 1190488 SUSE bug 1190489 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: - Update to version 91.4 MFSA 2021-54 (bsc#1193485) - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - CVE-2021-43528: JavaScript unexpectedly enabled for the composition area - Update to version 91.3.2 - CVE-2021-40529: Fixed ElGamal implementation could allow plaintext recovery (bsc#1190244) - Update to version 91.3 MFSA 2021-50 (bsc#1192250) - CVE-2021-38503: Fixed iframe sandbox rules did not apply to XSLT stylesheets - CVE-2021-38504: Fixed use-after-free in file picker dialog - CVE-2021-38505: Fixed Windows 10 Cloud Clipboard may have recorded sensitive user data - CVE-2021-38506: Fixed Thunderbird could be coaxed into going into fullscreen mode without notification or warning - CVE-2021-38507: Fixed opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports - CVE-2021-38508: Fixed permission Prompt could be overlaid, resulting in user confusion and potential spoofing - CVE-2021-38509: Fixed Javascript alert box could have been spoofed onto an arbitrary domain - CVE-2021-38510: Fixed Download Protections were bypassed by .inetloc files on Mac OS - Fixed plain text reformatting regression (bsc#1182863) - Update to version 91.2 MFSA 2021-47 (bsc#1191332) - CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT - CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion - CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux - CVE-2021-32810: Data race in crossbeam-deque - CVE-2021-38493: Memory safety bugs fixed in Thunderbird 78.14 and Thunderbird 91.1 - CVE-2021-38496: Use-after-free in MessageTask - CVE-2021-38497: Validation message could have been overlaid on another origin - CVE-2021-38498: Use-after-free of nsLanguageAtomService object - CVE-2021-38500: Memory safety bugs fixed in Thunderbird 91.2 - CVE-2021-38501: Memory safety bugs fixed in Thunderbird 91.2 - CVE-2021-38502: Downgrade attack on SMTP STARTTLS connections - Update to version 91.1.0 MFSA 2021-41 (bsc#1190269) - CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer - CVE-2021-38495: Memory safety bugs fixed in Thunderbird 91.1 - Update to version 91.0.1 MFSA 2021-37 (bsc#1189547) - CVE-2021-29991: Header Splitting possible with HTTP/3 Responses Important SUSE bug 1182863 SUSE bug 1189547 SUSE bug 1190244 SUSE bug 1190269 SUSE bug 1191332 SUSE bug 1192250 SUSE bug 1193485 CVE-2021-29981 CVE-2021-29982 CVE-2021-29987 CVE-2021-29991 CVE-2021-32810 CVE-2021-38492 CVE-2021-38493 CVE-2021-38495 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510 CVE-2021-40529 CVE-2021-43528 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 cpe:/o:opensuse:leap:15.3 Security update for openssh (Important) openSUSE Leap 15.3 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). Important SUSE bug 1183137 CVE-2021-28041 cpe:/o:opensuse:leap:15.3 Security update for p11-kit (Important) openSUSE Leap 15.3 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). Important SUSE bug 1180064 SUSE bug 1187993 CVE-2020-29361 cpe:/o:opensuse:leap:15.3 Security update for go1.16 (Moderate) openSUSE Leap 15.3 This update for go1.16 fixes the following issues: Updated to upstream version 1.16.12 to include security fixes to the compiler, syscall, runtime, the net/http, net/http/httptest, and time packages (bsc#1182345) - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598). - CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597). Moderate SUSE bug 1182345 SUSE bug 1193597 SUSE bug 1193598 CVE-2021-44716 CVE-2021-44717 cpe:/o:opensuse:leap:15.3 Security update for libaom (Moderate) openSUSE Leap 15.3 This update for libaom fixes the following issues: - CVE-2020-36129: Fixed stack buffer overflow via the component src/aom_image.c (bsc#1193356). - CVE-2020-36131: Fixed stack buffer overflow via the component stats/rate_hist.c (bsc#1193365). - CVE-2020-36135: Fixed NULL pointer dereference via the component rate_hist.c (bsc#1193366). - CVE-2020-36130: Fixed NULL pointer dereference via the component av1/av1_dx_iface.c (bsc#1193369). Moderate SUSE bug 1193356 SUSE bug 1193365 SUSE bug 1193366 SUSE bug 1193369 CVE-2020-36129 CVE-2020-36130 CVE-2020-36131 CVE-2020-36135 cpe:/o:opensuse:leap:15.3 Security update for runc (Moderate) openSUSE Leap 15.3 This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). Moderate SUSE bug 1193436 CVE-2021-43784 cpe:/o:opensuse:leap:15.3 Security update for go1.17 (Moderate) openSUSE Leap 15.3 This update for go1.17 fixes the following issues: Updated to upstream version 1.17.5 to include fixes to the compiler, linker, syscall, runtime, the net/http, go/types, and time packages (bsc#1190649) - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598). - CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597). Moderate SUSE bug 1190649 SUSE bug 1193597 SUSE bug 1193598 CVE-2021-44716 CVE-2021-44717 cpe:/o:opensuse:leap:15.3 Security update for permissions (Moderate) openSUSE Leap 15.3 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) Moderate SUSE bug 1174504 cpe:/o:opensuse:leap:15.3 Security update for log4j (Moderate) openSUSE Leap 15.3 This update for log4j fixes the following issues: - CVE-2021-44832: Fixes a remote code execution via JDBC Appender (bsc#1194127) Moderate SUSE bug 1194127 CVE-2021-44832 cpe:/o:opensuse:leap:15.3 Security update for gegl (Important) openSUSE Leap 15.3 This update for gegl fixes the following issues: - CVE-2021-45463: fixed shell expansion via crafted pathname in the ImageMagick convert fallback (bsc#1194045). Important SUSE bug 1194045 CVE-2021-45463 cpe:/o:opensuse:leap:15.3 Security update for gegl (Important) openSUSE Leap 15.3 This update for gegl fixes the following issues: - CVE-2021-45463: fixed shell expansion via crafted pathname in the ImageMagick convert fallback (bsc#1194045). Important SUSE bug 1194045 CVE-2021-45463 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.3 This update for java-1_8_0-ibm fixes the following issues: Update Java 8.0 to Service Refresh 7 Fix Pack 5 (bsc#1197126). Including fixes for the following vulnerabilities: CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277, CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248, CVE-2022-21271. Non-securtiy fix: - Fixed a broken symlink for javaws (bsc#1195146). Important SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1195146 SUSE bug 1196500 SUSE bug 1197126 CVE-2022-21248 CVE-2022-21271 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 cpe:/o:opensuse:leap:15.3 Security update for openvpn (Important) openSUSE Leap 15.3 This update for openvpn fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341). Important SUSE bug 1197341 CVE-2022-0547 cpe:/o:opensuse:leap:15.3 Security update for apache2 (Important) openSUSE Leap 15.3 This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098). - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). Important SUSE bug 1197091 SUSE bug 1197095 SUSE bug 1197096 SUSE bug 1197098 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155) - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731). - CVE-2021-39657: Fixed an information leak in the Universal Flash Storage subsystem (bsc#1193864). The following non-security bugs were fixed: - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - EDAC/altera: Fix deferred probing (bsc#1178134). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - Hand over the maintainership to SLE15-SP3 maintainers - IB/hfi1: Correct guard on eager buffer deallocation (git-fixes). - IB/hfi1: Fix early init panic (git-fixes). - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes). - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - RDMA/bnxt_re: Scan the whole bitmap when checking if 'disabling RCFW with pending cmd-bit' (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147). - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes). - RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes). - RDMA/core: Do not infoleak GRH fields (git-fixes). - RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes). - RDMA/cxgb4: Set queue pair state when being queried (git-fixes). - RDMA/hns: Validate the pkey index (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176). - RDMA/rxe: Fix a typo in opcode name (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/uverbs: Check for null return of kmalloc_array (git-fixes). - RDMA/uverbs: Remove the unnecessary assignment (git-fixes). - Revert 'USB: serial: ch341: add new Product ID for CH341A' (git-fixes). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - USB: gadget: validate endpoint index for xilinx udc (git-fixes). - USB: gadget: validate interface OS descriptor requests (git-fixes). - USB: hub: Clean up use of port initialization schemes and retries (git-fixes). - USB: serial: option: add Telit LE910R1 compositions (git-fixes). - USB: serial: option: add support for DW5829e (git-fixes). - USB: zaurus: support another broken Zaurus (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - asix: fix uninit-value in asix_mdio_read() (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - blk-mq: do not free tags if the tag_set is used by other device in queue initialztion (bsc#1193787). - bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - cpufreq: schedutil: Use kobject release() method to free (git-fixes) - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278). - dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/edid: Always set RGB444 (git-fixes). - drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211). - drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211). - drm/i915: Nuke not needed members of dram_info (bsc#1195211). - drm/i915: Remove memory frequency calculation (bsc#1195211). - drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211). - efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix incorrect loading of i_blocks for large files (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gtp: remove useless rcu_read_lock() (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - iavf: Fix missing check for running netdev (git-fixes). - ice: initialize local variable 'tlv' (jsc#SLE-12878). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - mac80211: fix forwarded mesh frames AC & queue selection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mask out added spinlock in rndis_params (git-fixes). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5e: Fix modify header actions memory leak (git-fixes). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172). - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172). - net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes). - net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes). - net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: sfc: Replace in_interrupt() usage (git-fixes). - net: tipc: validate domain record count on input (bsc#1195254). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447). - netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). Update config files. - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278). - sched/core: Mitigate race (git-fixes) - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes). - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). - scsi: nsp_cs: Check of ioremap return value (git-fixes). - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). - scsi: smartpqi: Add PCI IDs (bsc#1196627). - scsi: ufs: Fix race conditions related to driver data (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - tracing: Fix return value of __setup handlers (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - usb: dwc2: use well defined macros for power_down (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: hub: Fix usb enumeration issue due to address0 race (git-fixes). - vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). Important SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1178134 SUSE bug 1179439 SUSE bug 1181147 SUSE bug 1191428 SUSE bug 1192273 SUSE bug 1193731 SUSE bug 1193787 SUSE bug 1193864 SUSE bug 1194463 SUSE bug 1194516 SUSE bug 1195211 SUSE bug 1195254 SUSE bug 1195403 SUSE bug 1195612 SUSE bug 1195897 SUSE bug 1195905 SUSE bug 1195939 SUSE bug 1195949 SUSE bug 1195987 SUSE bug 1196079 SUSE bug 1196095 SUSE bug 1196132 SUSE bug 1196155 SUSE bug 1196299 SUSE bug 1196301 SUSE bug 1196433 SUSE bug 1196468 SUSE bug 1196472 SUSE bug 1196627 SUSE bug 1196723 SUSE bug 1196779 SUSE bug 1196830 SUSE bug 1196836 SUSE bug 1196866 SUSE bug 1196868 CVE-2021-0920 CVE-2021-39657 CVE-2021-44879 CVE-2022-0487 CVE-2022-0617 CVE-2022-0644 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25636 CVE-2022-26490 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155) - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731). - CVE-2021-39657: Fixed an information leak in the Universal Flash Storage subsystem (bsc#1193864). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from heap memory via crafted frame lengths from a device (bsc#1196836). - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) The following non-security bugs were fixed: - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - EDAC/altera: Fix deferred probing (bsc#1178134). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1178134). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - Hand over the maintainership to SLE15-SP3 maintainers - IB/hfi1: Correct guard on eager buffer deallocation (git-fixes). - IB/hfi1: Fix early init panic (git-fixes). - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes). - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - NFC: port100: fix use-after-free in port100_send_complete (git-fixes). - RDMA/bnxt_re: Scan the whole bitmap when checking if 'disabling RCFW with pending cmd-bit' (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147). - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes). - RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes). - RDMA/core: Do not infoleak GRH fields (git-fixes). - RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes). - RDMA/cxgb4: Set queue pair state when being queried (git-fixes). - RDMA/hns: Validate the pkey index (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176). - RDMA/rxe: Fix a typo in opcode name (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/uverbs: Check for null return of kmalloc_array (git-fixes). - RDMA/uverbs: Remove the unnecessary assignment (git-fixes). - Revert 'USB: serial: ch341: add new Product ID for CH341A' (git-fixes). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - USB: gadget: validate endpoint index for xilinx udc (git-fixes). - USB: gadget: validate interface OS descriptor requests (git-fixes). - USB: hub: Clean up use of port initialization schemes and retries (git-fixes). - USB: serial: option: add Telit LE910R1 compositions (git-fixes). - USB: serial: option: add support for DW5829e (git-fixes). - USB: zaurus: support another broken Zaurus (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - asix: fix uninit-value in asix_mdio_read() (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - blk-mq: do not free tags if the tag_set is used by other device in queue initialztion (bsc#1193787). - bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - build initrd without systemd This reduces the size of the initrd by over 25%, which improves startup time of the virtual machine by 0.5-0.6s on very fast machines, more on slower ones. - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - constraints: Also adjust disk requirement for x86 and s390. - constraints: Increase disk space for aarch64 - cpufreq: schedutil: Use kobject release() method to free (git-fixes) - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278). - dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/edid: Always set RGB444 (git-fixes). - drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211). - drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211). - drm/i915: Nuke not needed members of dram_info (bsc#1195211). - drm/i915: Remove memory frequency calculation (bsc#1195211). - drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix incorrect loading of i_blocks for large files (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gtp: remove useless rcu_read_lock() (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - iavf: Fix missing check for running netdev (git-fixes). - ice: initialize local variable 'tlv' (jsc#SLE-12878). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr directory (bsc#1195051). - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ('kernel-binary: Do not include sourcedir in certificate path.') - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17 - kernel-binary: Do not include sourcedir in certificate path. The certs macro runs before build directory is set up so it creates the aggregate of supplied certificates in the source directory. Using this file directly as the certificate in kernel config works but embeds the source directory path in the kernel config. To avoid this symlink the certificate to the build directory and use relative path to refer to it. Also fabricate a certificate in the same location in build directory when none is provided. - kernel-obs-build: include 9p (boo#1195353) To be able to share files between host and the qemu vm of the build script, the 9p and 9p_virtio kernel modules need to be included in the initrd of kernel-obs-build. - mac80211: fix forwarded mesh frames AC & queue selection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mask out added spinlock in rndis_params (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5e: Fix modify header actions memory leak (git-fixes). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172). - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172). - net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes). - net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes). - net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: sfc: Replace in_interrupt() usage (git-fixes). - net: tipc: validate domain record count on input (bsc#1195254). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447). - netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). Update config files. - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278). - rpm/*.spec.in: Use https:// urls - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - sched/core: Mitigate race (git-fixes) - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes). - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). - scsi: nsp_cs: Check of ioremap return value (git-fixes). - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). - scsi: smartpqi: Add PCI IDs (bsc#1196627). - scsi: ufs: Fix race conditions related to driver data (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes). - usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes). - usb: dwc2: gadget: Fix kill_all_requests race (git-fixes). - usb: dwc2: use well defined macros for power_down (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: meson-g12a: Disable the regulator in the error handling path of the probe (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - usb: hub: Fix locking issues with address0_mutex (git-fixes). - usb: hub: Fix usb enumeration issue due to address0 race (git-fixes). - vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). Important SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1178134 SUSE bug 1179439 SUSE bug 1181147 SUSE bug 1191428 SUSE bug 1192273 SUSE bug 1193731 SUSE bug 1193787 SUSE bug 1193864 SUSE bug 1194463 SUSE bug 1194516 SUSE bug 1194943 SUSE bug 1195051 SUSE bug 1195211 SUSE bug 1195254 SUSE bug 1195353 SUSE bug 1195403 SUSE bug 1195612 SUSE bug 1195897 SUSE bug 1195905 SUSE bug 1195939 SUSE bug 1195949 SUSE bug 1195987 SUSE bug 1196079 SUSE bug 1196095 SUSE bug 1196130 SUSE bug 1196132 SUSE bug 1196155 SUSE bug 1196299 SUSE bug 1196301 SUSE bug 1196433 SUSE bug 1196468 SUSE bug 1196472 SUSE bug 1196488 SUSE bug 1196627 SUSE bug 1196723 SUSE bug 1196779 SUSE bug 1196830 SUSE bug 1196836 SUSE bug 1196866 SUSE bug 1196868 SUSE bug 1196956 SUSE bug 1196959 CVE-2021-0920 CVE-2021-39657 CVE-2021-39698 CVE-2021-44879 CVE-2021-45402 CVE-2022-0487 CVE-2022-0617 CVE-2022-0644 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25636 CVE-2022-26490 CVE-2022-26966 cpe:/o:opensuse:leap:15.3 Security update for SDL2 (Important) openSUSE Leap 15.3 This update for SDL2 fixes the following issues: - CVE-2020-14409: Fixed Integer Overflow resulting in heap corruption in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP (bsc#1181202). - CVE-2020-14410: Fixed heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP (bsc#1181201). Important SUSE bug 1181201 SUSE bug 1181202 CVE-2020-14409 CVE-2020-14410 cpe:/o:opensuse:leap:15.3 Security update for protobuf (Moderate) openSUSE Leap 15.3 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). Moderate SUSE bug 1195258 CVE-2021-22570 cpe:/o:opensuse:leap:15.3 Security update for salt (Important) openSUSE Leap 15.3 This update for salt fixes the following issues: - CVE-2022-22935: Sign authentication replies to prevent MiTM (bsc#1197417) - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. (bsc#1197417) - CVE-2022-22936: Prevent job and fileserver replays (bsc#1197417) - CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. (bsc#1197417) Important SUSE bug 1197417 CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941 cpe:/o:opensuse:leap:15.3 Security update for jawn (Important) openSUSE Leap 15.3 This update for jawn fixes the following issues: - CVE-2022-21653: Fixed DoS caused by a hash collision in SimpleFacade and MutableFacade (bsc#1194358). Important SUSE bug 1194358 CVE-2022-21653 cpe:/o:opensuse:leap:15.3 Security update for zlib (Important) openSUSE Leap 15.3 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). Important SUSE bug 1197459 CVE-2018-25032 cpe:/o:opensuse:leap:15.3 Security update for python2-numpy (Important) openSUSE Leap 15.3 This update for python2-numpy fixes the following issues: - CVE-2021-33430: Fixed buffer overflow that could lead to DoS in PyArray_NewFromDescr_int function of ctors.c (bsc#1193913). - CVE-2021-41496: Fixed buffer overflow that could lead to DoS in array_from_pyobj function of fortranobject.c (bsc#1193907). - CVE-2021-41495: Fixed Null Pointer Dereference in numpy.sort due to missing return value validation (bsc#1193911). Important SUSE bug 1193907 SUSE bug 1193911 SUSE bug 1193913 CVE-2021-33430 CVE-2021-41495 CVE-2021-41496 cpe:/o:opensuse:leap:15.3 Security update for kernel-firmware (Important) openSUSE Leap 15.3 This update for kernel-firmware fixes the following issues: Update Intel Wireless firmware for 9xxx (INTEL-SA-00539, bsc#1196333): CVE-2021-0161: Improper input validation in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0164: Improper access control in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access. CVE-2021-0165: Improper input validation in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0066: Improper input validation in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access. CVE-2021-0166: Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0168: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0170: Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an authenticated user to potentially enable information disclosure via local access. CVE-2021-0172: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0173: Improper Validation of Consistency within input in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0174: Improper Use of Validation Framework in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0175: Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0076: Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable denial of service via local access. CVE-2021-0176: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable denial of service via local access. CVE-2021-0183: Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0072: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable information disclosure via local access. CVE-2021-0071: Improper input validation in firmware for some Intel PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Update Intel Bluetooth firmware (INTEL-SA-00604,bsc#1195786): - CVE-2021-33139: Improper conditions check in firmware for some Intel Wireless Bluetooth and Killer Bluetooth products before may allow an authenticated user to potentially enable denial of service via adjacent access. - CVE-2021-33155: Improper input validation in firmware for some Intel Wireless Bluetooth and Killer Bluetooth products before may allow an authenticated user to potentially enable denial of service via adjacent access. Bug fixes: - Updated the AMD SEV firmware (bsc#1186938) - Reduced the LZMA2 dictionary size (bsc#1188662) Important SUSE bug 1186938 SUSE bug 1188662 SUSE bug 1192953 SUSE bug 1195786 SUSE bug 1196333 CVE-2021-0066 CVE-2021-0071 CVE-2021-0072 CVE-2021-0076 CVE-2021-0161 CVE-2021-0164 CVE-2021-0165 CVE-2021-0166 CVE-2021-0168 CVE-2021-0170 CVE-2021-0172 CVE-2021-0173 CVE-2021-0174 CVE-2021-0175 CVE-2021-0176 CVE-2021-0183 CVE-2021-33139 CVE-2021-33155 cpe:/o:opensuse:leap:15.3 Security update for yaml-cpp (Moderate) openSUSE Leap 15.3 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). Moderate SUSE bug 1121227 SUSE bug 1121230 SUSE bug 1122004 SUSE bug 1122021 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.3 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) - CVE-2021-35560: Fixed a vulnerability in the component Deployment. (bsc#1191902) - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake. (bsc#1191904) Important SUSE bug 1185055 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1191902 SUSE bug 1191904 SUSE bug 1191905 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191913 SUSE bug 1191914 SUSE bug 1192052 SUSE bug 1194198 SUSE bug 1194232 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-35556 CVE-2021-35559 CVE-2021-35560 CVE-2021-35564 CVE-2021-35565 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 cpe:/o:opensuse:leap:15.3 Security update for python (Moderate) openSUSE Leap 15.3 This update for python fixes the following issues: - CVE-2022-0391: Fixed URL sanitization containing ASCII newline and tabs in urlparse (bsc#1195396). - CVE-2021-4189: Fixed ftplib not to trust the PASV response (bsc#1194146). - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). Moderate SUSE bug 1175619 SUSE bug 1186819 SUSE bug 1194146 SUSE bug 1195396 CVE-2021-3572 CVE-2021-4189 CVE-2022-0391 cpe:/o:opensuse:leap:15.3 Security update for 389-ds (Important) openSUSE Leap 15.3 This update for 389-ds fixes the following issues: - CVE-2022-0918: Fixed a potential denial of service via crafted packet (bsc#1197275). - CVE-2022-0996: Fixed a mishandling of password expiry (bsc#1197345). - Resolved LDAP-Support not working with DHCP by adding required schema (bsc#1194068) - Resolved multiple index migration bug (bsc#1194084) Important SUSE bug 1194068 SUSE bug 1194084 SUSE bug 1197275 SUSE bug 1197345 CVE-2022-0918 CVE-2022-0996 cpe:/o:opensuse:leap:15.3 Security update for virglrenderer (Important) openSUSE Leap 15.3 This update for virglrenderer fixes the following issues: - CVE-2022-0175: Fixed missing initialization of res->ptr (bsc#1194601). Important SUSE bug 1194601 CVE-2022-0175 cpe:/o:opensuse:leap:15.3 Security update for nodejs14 (Moderate) openSUSE Leap 15.3 This update for nodejs14 fixes the following issues: - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names (bsc#1194511). - CVE-2021-44532: Fixed certificate Verification Bypass via String Injection (bsc#1194512). - CVE-2021-44533: Fixed incorrect handling of certificate subject and issuer fields (bsc#1194513). - CVE-2022-21824: Fixed prototype pollution via console.table properties (bsc#1194514). Moderate SUSE bug 1194511 SUSE bug 1194512 SUSE bug 1194513 SUSE bug 1194514 CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR (bsc#1197903): MFSA 2022-14 (bsc#1197903) * CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use * CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions * CVE-2022-1196: Fixed a use-after-free after VR Process destruction * CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument * CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen * CVE-2022-28286: Fixed that iframe contents could be rendered outside the border * CVE-2022-24713: Fixed a denial of service via complex regular expressions * CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 The following non-security bugs were fixed: - Adjust rust dependency for SP3 and later. TW uses always the newest version of rust, but we don't, so we can't use the rust+cargo notation, which would need both < and >= requirements. (bsc#1197698) Important SUSE bug 1197698 SUSE bug 1197903 CVE-2022-1097 CVE-2022-1196 CVE-2022-24713 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289 cpe:/o:opensuse:leap:15.3 Security update for nodejs12 (Moderate) openSUSE Leap 15.3 This update for nodejs12 fixes the following issues: - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names (bsc#1194511). - CVE-2021-44532: Fixed certificate Verification Bypass via String Injection (bsc#1194512). - CVE-2021-44533: Fixed incorrect handling of certificate subject and issuer fields (bsc#1194513). - CVE-2022-21824: Fixed prototype pollution via console.table properties (bsc#1194514). Moderate SUSE bug 1194511 SUSE bug 1194512 SUSE bug 1194513 SUSE bug 1194514 CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 cpe:/o:opensuse:leap:15.3 Security update for libexif (Important) openSUSE Leap 15.3 This update for libexif fixes the following issues: - CVE-2020-0181: Fixed an integer overflow that could lead to denial of service (bsc#1172802). - CVE-2020-0198: Fixed and unsigned integer overflow that could lead to denial of service (bsc#1172768). - CVE-2020-0452: Fixed a buffer overflow check that could be optimized away by the compiler (bsc#1178479). Important SUSE bug 1172768 SUSE bug 1172802 SUSE bug 1178479 CVE-2020-0181 CVE-2020-0198 CVE-2020-0452 cpe:/o:opensuse:leap:15.3 Security update for mozilla-nss (Important) openSUSE Leap 15.3 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. Important SUSE bug 1197903 CVE-2022-1097 cpe:/o:opensuse:leap:15.3 Security update for opensc (Important) openSUSE Leap 15.3 This update for opensc fixes the following issues: Security issues fixed: - CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957). - CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000). - CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005). - CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992). Non-security issues fixed: - Fixes segmentation fault in 'pkcs11-tool.c'. (bsc#1114649) Important SUSE bug 1114649 SUSE bug 1191957 SUSE bug 1191992 SUSE bug 1192000 SUSE bug 1192005 CVE-2021-42779 CVE-2021-42780 CVE-2021-42781 CVE-2021-42782 cpe:/o:opensuse:leap:15.3 Security update for libsolv, libzypp, zypper (Important) openSUSE Leap 15.3 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) Important SUSE bug 1184501 SUSE bug 1194848 SUSE bug 1195999 SUSE bug 1196061 SUSE bug 1196317 SUSE bug 1196368 SUSE bug 1196514 SUSE bug 1196925 SUSE bug 1197134 cpe:/o:opensuse:leap:15.3 Security update for xz (Important) openSUSE Leap 15.3 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 cpe:/o:opensuse:leap:15.3 Security update for subversion (Important) openSUSE Leap 15.3 This update for subversion fixes the following issues: - CVE-2022-24070: Fixed a memory corruption issue in mod_dav_svn as used by Apache HTTP server. This could be exploited by a remote attacker to cause a denial of service (bsc#1197940). - CVE-2021-28544: Fixed an information leak issue where Subversion servers may reveal the original path of files protected by path-based authorization (bsc#1197939). Important SUSE bug 1197939 SUSE bug 1197940 CVE-2021-28544 CVE-2022-24070 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) - CVE-2022-27223: Fixed an out-of-array access in /usb/gadget/udc/udc-xilinx.c. (bsc#1197245) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-45402: Fixed a pointer leak in check_alu_op() of kernel/bpf/verifier.c. (bsc#1196130). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) The following non-security bugs were fixed: - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649). - btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649). - btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649). - btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649). - btrfs: check if a log tree exists at inode_logged() (bsc#1194649). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649). - btrfs: do not log new dentries when logging that a new name exists (bsc#1194649). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649). - btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649). - btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649). - btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649). - btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649). - btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649). - btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649). - btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649). - btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes) - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - driver core: dd: fix return value of __setup handler (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - Drop HID multitouch fix patch (bsc#1197243), - ecryptfs: fix kernel panic with null dev_name (bsc#1197812). - ecryptfs: Fix typo in message (bsc#1197811). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1178134). - ext2: correct max file size computing (bsc#1197820). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815). - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). - KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - membarrier: Execute SYNC_CORE on the calling thread (git-fixes) - membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes) - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes). - net: enetc: initialize the RFS and RSS memories (git-fixes). - net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: watchdog: hold device global xmit lock during tx disable (git-fixes). - net/smc: Fix loop in smc_listen (git-fixes). - net/smc: fix using of uninitialized completions (git-fixes). - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes). - net/smc: Make sure the link_id is unique (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - NFC: port100: fix use-after-free in port100_send_complete (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - Revert 'build initrd without systemd' (bsc#1197300). - Revert 'Input: clear BTN_RIGHT/MIDDLE on buttonpads' (bsc#1197243). - Revert 'module, async: async_synchronize_full() on module init iff async is used' (bsc#1197888). - Revert 'Revert 'build initrd without systemd' (bsc#1197300)' - Revert 'usb: dwc3: gadget: Use list_replace_init() before traversing lists' (git-fixes). - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - team: protect features update by RCU to avoid deadlock (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m -> VIRTIO_PCI=y - usb: bdc: Adb shows offline after resuming from S2 (git-fixes). - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes). - usb: bdc: Fix unused assignment in bdc_probe() (git-fixes). - usb: bdc: remove duplicated error message (git-fixes). - usb: bdc: Use devm_clk_get_optional() (git-fixes). - usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes). - usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes). - usb: dwc2: gadget: Fix kill_all_requests race (git-fixes). - usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes). - usb: dwc3: meson-g12a: Disable the regulator in the error handling path of the probe (git-fixes). - usb: dwc3: qcom: add IRQ check (git-fixes). - usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - usb: hub: Fix locking issues with address0_mutex (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - VFS: filename_create(): fix incorrect intent (bsc#1197534). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134). - x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134). - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134). - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). Important SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1175667 SUSE bug 1177028 SUSE bug 1178134 SUSE bug 1179639 SUSE bug 1180153 SUSE bug 1189562 SUSE bug 1194589 SUSE bug 1194625 SUSE bug 1194649 SUSE bug 1194943 SUSE bug 1195051 SUSE bug 1195353 SUSE bug 1195640 SUSE bug 1195926 SUSE bug 1196018 SUSE bug 1196130 SUSE bug 1196196 SUSE bug 1196478 SUSE bug 1196488 SUSE bug 1196761 SUSE bug 1196823 SUSE bug 1196956 SUSE bug 1197227 SUSE bug 1197243 SUSE bug 1197245 SUSE bug 1197300 SUSE bug 1197302 SUSE bug 1197331 SUSE bug 1197343 SUSE bug 1197366 SUSE bug 1197389 SUSE bug 1197460 SUSE bug 1197462 SUSE bug 1197501 SUSE bug 1197534 SUSE bug 1197661 SUSE bug 1197675 SUSE bug 1197677 SUSE bug 1197702 SUSE bug 1197811 SUSE bug 1197812 SUSE bug 1197815 SUSE bug 1197817 SUSE bug 1197819 SUSE bug 1197820 SUSE bug 1197888 SUSE bug 1197889 SUSE bug 1197894 SUSE bug 1198027 SUSE bug 1198028 SUSE bug 1198029 SUSE bug 1198030 SUSE bug 1198031 SUSE bug 1198032 SUSE bug 1198033 SUSE bug 1198077 CVE-2021-39698 CVE-2021-45402 CVE-2021-45868 CVE-2022-0850 CVE-2022-0854 CVE-2022-1011 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1205 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-27223 CVE-2022-27666 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 cpe:/o:opensuse:leap:15.3 Security update for go1.16 (Important) openSUSE Leap 15.3 This update for go1.16 fixes the following issues: Update to version 1.16.15 (bsc#1182345): - CVE-2022-24921: Fixed a potential denial of service via large regular expressions (bsc#1196732). Non-security fixes: - Fixed an issue with v2 modules (go#51331). - Fixed an issue when building source in riscv64 (go#51198). - Increased compatibility for the DNS protocol in the net module (go#51161). - Fixed an issue with histograms in the runtime/metrics module (go#50733). Important SUSE bug 1182345 SUSE bug 1183043 SUSE bug 1196732 CVE-2022-24921 cpe:/o:opensuse:leap:15.3 Security update for go1.17 (Important) openSUSE Leap 15.3 This update for go1.17 fixes the following issues: Update to version 1.17.8 (bsc#1190649): - CVE-2022-24921: Fixed a potential denial of service via large regular expressions (bsc#1196732). Non-security fixes: - Fixed an issue with v2 modules (go#51332). - Fixed an issue when building source in riscv64 (go#51199). - Increased compatibility for the DNS protocol in the net module (go#51162). - Fixed an issue with histograms in the runtime/metrics module (go#50734). - Fixed an issue when parsing x509 certificates (go#51000). Important SUSE bug 1183043 SUSE bug 1190649 SUSE bug 1196732 CVE-2022-24921 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: - Updated to version 91.8 (bsc#1197903): - CVE-2022-1097: Fixed a memory corruption issue with NSSToken objects. - CVE-2022-28281: Fixed a memory corruption issue due to unexpected WebAuthN Extensions. - CVE-2022-1197: Fixed an issue where OpenPGP revocation information was ignored. - CVE-2022-1196: Fixed a memory corruption issue after VR process destruction. - CVE-2022-28282: Fixed a memory corruption issue in document translation. - CVE-2022-28285: Fixed a memory corruption issue in JIT code generation. - CVE-2022-28286: Fixed an iframe layout issue that could have been exploited to stage spoofing attacks. - CVE-2022-24713: Fixed a potential denial of service via complex regular expressions. - CVE-2022-28289: Fixed multiple memory corruption issues. Non-security fixes: - Changed Google accounts using password authentication to use OAuth2. - Fixed an issue where OpenPGP ECC keys created by Thunderbird could not be imported into GnuPG. - Fixed an issue where exporting multiple public PGP keys from Thunderbird was not possible. - Fixed an issue where replying to a newsgroup message erroneously displayed a 'No-reply' popup warning. - Fixed an issue with opening older address books. - Fixed an issue where LDAP directories would be lost when switching to 'Offline' mode. - Fixed an issue when importing webcals. Important SUSE bug 1197903 CVE-2022-1097 CVE-2022-1196 CVE-2022-1197 CVE-2022-24713 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649). - btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649). - btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649). - btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649). - btrfs: check if a log tree exists at inode_logged() (bsc#1194649). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649). - btrfs: do not log new dentries when logging that a new name exists (bsc#1194649). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649). - btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649). - btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649). - btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649). - btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649). - btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649). - btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649). - btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649). - btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes) - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - driver core: dd: fix return value of __setup handler (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - ecryptfs: fix kernel panic with null dev_name (bsc#1197812). - ecryptfs: Fix typo in message (bsc#1197811). - ext2: correct max file size computing (bsc#1197820). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - membarrier: Execute SYNC_CORE on the calling thread (git-fixes) - membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes) - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes). - net: enetc: initialize the RFS and RSS memories (git-fixes). - net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: watchdog: hold device global xmit lock during tx disable (git-fixes). - net/smc: Fix loop in smc_listen (git-fixes). - net/smc: fix using of uninitialized completions (git-fixes). - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes). - net/smc: Make sure the link_id is unique (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFS: Fix another issue with a list iterator pointing to the head (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m -> VIRTIO_PCI=y - usb: bdc: Adb shows offline after resuming from S2 (git-fixes). - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes). - usb: bdc: Fix unused assignment in bdc_probe() (git-fixes). - usb: bdc: remove duplicated error message (git-fixes). - usb: bdc: Use devm_clk_get_optional() (git-fixes). - usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes). - usb: dwc3: qcom: add IRQ check (git-fixes). - usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - VFS: filename_create(): fix incorrect intent (bsc#1197534). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134). - x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134). - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134). - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). Important SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1175667 SUSE bug 1177028 SUSE bug 1178134 SUSE bug 1179639 SUSE bug 1180153 SUSE bug 1189562 SUSE bug 1194649 SUSE bug 1195640 SUSE bug 1195926 SUSE bug 1196018 SUSE bug 1196196 SUSE bug 1196478 SUSE bug 1196761 SUSE bug 1196823 SUSE bug 1197227 SUSE bug 1197243 SUSE bug 1197300 SUSE bug 1197302 SUSE bug 1197331 SUSE bug 1197343 SUSE bug 1197366 SUSE bug 1197389 SUSE bug 1197462 SUSE bug 1197501 SUSE bug 1197534 SUSE bug 1197661 SUSE bug 1197675 SUSE bug 1197702 SUSE bug 1197811 SUSE bug 1197812 SUSE bug 1197815 SUSE bug 1197817 SUSE bug 1197819 SUSE bug 1197820 SUSE bug 1197888 SUSE bug 1197889 SUSE bug 1197894 SUSE bug 1197914 SUSE bug 1198027 SUSE bug 1198028 SUSE bug 1198029 SUSE bug 1198030 SUSE bug 1198031 SUSE bug 1198032 SUSE bug 1198033 CVE-2021-45868 CVE-2022-0850 CVE-2022-0854 CVE-2022-1011 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1205 CVE-2022-27666 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 cpe:/o:opensuse:leap:15.3 Security update for SDL2 (Important) openSUSE Leap 15.3 This update for SDL2 fixes the following issues: - CVE-2021-33657: Fix a buffer overflow when parsing a crafted BMP image (bsc#1198001). Important SUSE bug 1198001 CVE-2021-33657 cpe:/o:opensuse:leap:15.3 Security update for openjpeg2 (Important) openSUSE Leap 15.3 This update for openjpeg2 fixes the following issues: - CVE-2018-5727: Fixed integer overflow vulnerability in theopj_t1_encode_cblks function (bsc#1076314). - CVE-2018-5785: Fixed integer overflow caused by an out-of-bounds leftshift in the opj_j2k_setup_encoder function (bsc#1076967). - CVE-2018-6616: Fixed excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c (bsc#1079845). - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.ci (bsc#1140130). - CVE-2020-6851: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor (bsc#1160782). - CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). - CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). - CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457). - CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774). - CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738). Important SUSE bug 1076314 SUSE bug 1076967 SUSE bug 1079845 SUSE bug 1102016 SUSE bug 1106881 SUSE bug 1106882 SUSE bug 1140130 SUSE bug 1160782 SUSE bug 1162090 SUSE bug 1173578 SUSE bug 1180457 SUSE bug 1184774 SUSE bug 1197738 CVE-2018-14423 CVE-2018-16375 CVE-2018-16376 CVE-2018-20845 CVE-2018-5727 CVE-2018-5785 CVE-2018-6616 CVE-2020-15389 CVE-2020-27823 CVE-2020-6851 CVE-2020-8112 CVE-2021-29338 CVE-2022-1122 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227). - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032). - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-0812: Fixed an incorrect header size calculations in xprtrdma (bsc#1196639). - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331). - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836). - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366). - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1196973). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). The following non-security bugs were fixed: - ax88179_178a: Fixed memory issues that could be triggered by malicious USB devices (bsc#1196018). - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - gve/net: Fixed multiple bugfixes (jsc#SLE-23652). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - net: tipc: validate domain record count on input (bsc#1195254). - powerpc: Fixed issues related to slow I/O on PowerPC (bsc#1196433). Important SUSE bug 1189562 SUSE bug 1193738 SUSE bug 1194943 SUSE bug 1195051 SUSE bug 1195254 SUSE bug 1195353 SUSE bug 1196018 SUSE bug 1196114 SUSE bug 1196433 SUSE bug 1196468 SUSE bug 1196488 SUSE bug 1196514 SUSE bug 1196639 SUSE bug 1196761 SUSE bug 1196830 SUSE bug 1196836 SUSE bug 1196942 SUSE bug 1196973 SUSE bug 1197227 SUSE bug 1197331 SUSE bug 1197366 SUSE bug 1197391 SUSE bug 1198031 SUSE bug 1198032 SUSE bug 1198033 CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 cpe:/o:opensuse:leap:15.3 Security update for icedtea-web (Important) openSUSE Leap 15.3 This update for icedtea-web fixes the following issues: - CVE-2019-10181: Fixed an issue where an attacker could inject unsigned code in a signed JAR file (bsc#1142835). - CVE-2019-10182: Fixed a path traversal issue where an attacker could upload arbritrary files by tricking a victim into running a specially crafted application(bsc#1142825). - CVE-2019-10185: Fixed an issue where an attacker could write files to arbitrary locations during JAR auto-extraction (bsc#1142832). Important SUSE bug 1142825 SUSE bug 1142832 SUSE bug 1142835 CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 cpe:/o:opensuse:leap:15.3 Security update for jsoup, jsr-305 (Important) openSUSE Leap 15.3 This update for jsoup, jsr-305 fixes the following issues: - CVE-2021-37714: Fixed infinite in untrusted HTML or XML data parsing (bsc#1189749). Changes in jsr-305: - Build with java source and target levels 8 - Upgrade to upstream version 3.0.2 Changes in jsoup: - Upgrade to upstream version 1.14.2 - Generate tarball using source service instead of a script Important SUSE bug 1189749 CVE-2021-37714 cpe:/o:opensuse:leap:15.3 Security update for netty (Important) openSUSE Leap 15.3 This update for netty fixes the following issues: - Updated to version 4.1.75: - CVE-2021-37136: Fixed an unrestricted decompressed data size in Bzip2Decoder (bsc#1190610). - CVE-2021-37137: Fixed an unrestricted chunk length in SnappyFrameDecoder, which might lead to excessive memory usage (#bsc#1190613). - CVE-2021-43797: Fixed a potential HTTP request smuggling issue due to insufficient validation against control characters (bsc#1193672). - CVE-2021-21290: Fixed an information disclosure via the local system temporary directory (bsc#1182103). Important SUSE bug 1182103 SUSE bug 1183262 SUSE bug 1190610 SUSE bug 1190613 SUSE bug 1193672 CVE-2021-21290 CVE-2021-21295 CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 cpe:/o:opensuse:leap:15.3 Security update for SDL (Important) openSUSE Leap 15.3 This update for SDL fixes the following issues: - CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c. (bsc#1181202) - CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c. (bsc#1181201) - CVE-2021-33657: Fixed a Heap overflow problem in video/SDL_pixels.c. (bsc#1198001) Important SUSE bug 1181201 SUSE bug 1181202 SUSE bug 1198001 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 cpe:/o:opensuse:leap:15.3 Security update for GraphicsMagick (Important) openSUSE Leap 15.3 This update for GraphicsMagick fixes the following issues: - CVE-2022-1270: Fixed a heap buffer overflow when parsing MIFF (bsc#1198351). Important SUSE bug 1198351 CVE-2022-1270 cpe:/o:opensuse:leap:15.3 Security update for nbd (Important) openSUSE Leap 15.3 This update for nbd fixes the following issues: - CVE-2022-26495: Fixed an integer overflow with a resultant heap-based buffer overflow (bsc#1196827). - CVE-2022-26496: Fixed a stack-based buffer overflow when parsing the name field by sending a crafted NBD_OPT_INFO (bsc#1196828). Update to version 3.24 (bsc#1196827, bsc#1196828, CVE-2022-26495, CVE-2022-26496): * https://github.com/advisories/GHSA-q9rw-8758-hccj Update to version 3.23: * Don't overwrite the hostname with the TLS hostname Update to version 3.22: - nbd-server: handle auth for v6-mapped IPv4 addresses - nbd-client.c: parse the next option in all cases - configure.ac: silence a few autoconf 2.71 warnings - spec: Relax NBD_OPT_LIST_META_CONTEXTS - client: Don't confuse Unix socket with TLS hostname - server: Avoid deprecated g_memdup Update to version 3.21: - Fix --disable-manpages build - Fix a bug in whitespace handling regarding authorization files - Support client-side marking of devices as read-only - Support preinitialized NBD connection (i.e., skip the negotiation). - Fix the systemd unit file for nbd-client so it works with netlink (the more common situation nowadays) Update to 3.20.0 (no changelog) Update to version 3.19.0: * Better error messages in case of unexpected disconnects * Better compatibility with non-bash sh implementations (for configure.sh) * Fix for a segfault in NBD_OPT_INFO handling * The ability to specify whether to listen on both TCP and Unix domain sockets, rather than to always do so * Various minor editorial and spelling fixes in the documentation. Update to version 1.18.0: * Client: Add the '-g' option to avoid even trying the NBD_OPT_GO message * Server: fixes to inetd mode * Don't make gnutls and libnl automagic. * Server: bugfixes in handling of some export names during verification. * Server: clean supplementary groups when changing user. * Client: when using the netlink protocol, only set a timeout when there actually is a timeout, rather than defaulting to 0 seconds * Improve documentation on the nbdtab file * Minor improvements to some error messages * Improvements to test suite so it works better on non-GNU userland environments - Update to version 1.17.0: * proto: add xNBD command NBD_CMD_CACHE to the spec * server: do not crash when handling child name * server: Close socket pair when fork fails Important SUSE bug 1196827 SUSE bug 1196828 CVE-2022-26495 CVE-2022-26496 cpe:/o:opensuse:leap:15.3 Security update for dcraw (Moderate) openSUSE Leap 15.3 This update for dcraw fixes the following issues: - CVE-2017-13735: Fixed a denial of service issue due to a floating point exception (bsc#1056170). - CVE-2017-14608: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1063798). - CVE-2018-19655: Fixed a buffer overflow that could lead to an application crash (bsc#1117896). - CVE-2018-5801: Fixed an invalid memory access that could lead to denial of service (bsc#1084690). - CVE-2018-5805: Fixed a buffer overflow that could lead to an application crash (bsc#1097973). - CVE-2018-5806: Fixed an invalid memory access that could lead to denial of service (bsc#1097974). - CVE-2018-19565: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117622). - CVE-2018-19566: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117517). - CVE-2018-19567: Fixed a denial of service issue due to a floating point exception (bsc#1117512). - CVE-2018-19568: Fixed a denial of service issue due to a floating point exception (bsc#1117436). - CVE-2021-3624: Fixed a buffer overflow that could lead to code execution or denial of service (bsc#1189642). Non-security fixes: - Updated to version 9.28.0. Moderate SUSE bug 1056170 SUSE bug 1063798 SUSE bug 1084690 SUSE bug 1097973 SUSE bug 1097974 SUSE bug 1117436 SUSE bug 1117512 SUSE bug 1117517 SUSE bug 1117622 SUSE bug 1117896 SUSE bug 1189642 CVE-2017-13735 CVE-2017-14608 CVE-2018-19565 CVE-2018-19566 CVE-2018-19567 CVE-2018-19568 CVE-2018-19655 CVE-2018-5801 CVE-2018-5805 CVE-2018-5806 CVE-2021-3624 cpe:/o:opensuse:leap:15.3 Security update for openjpeg (Important) openSUSE Leap 15.3 This update for openjpeg fixes the following issues: - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2020-8112: Fixed a heap buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). - CVE-2020-15389: Fixed a use-after-free if a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). - CVE-2020-27823: Fixed a heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457), - CVE-2021-29338: Fixed an integer Overflow allows remote attackers to crash the application (bsc#1184774). Important SUSE bug 1102016 SUSE bug 1106881 SUSE bug 1162090 SUSE bug 1173578 SUSE bug 1180457 SUSE bug 1184774 CVE-2018-14423 CVE-2018-16376 CVE-2020-15389 CVE-2020-27823 CVE-2020-8112 CVE-2021-29338 cpe:/o:opensuse:leap:15.3 Security update for swtpm (Low) openSUSE Leap 15.3 This update for swtpm fixes the following issues: - Update to version 0.5.3 - CVE-2022-23645: Check header size indicator against expected size (bsc#1196240). Low SUSE bug 1196240 CVE-2022-23645 cpe:/o:opensuse:leap:15.3 Security update for tomcat (Important) openSUSE Leap 15.3 This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources() and always return null (bsc#1198136). Important SUSE bug 1198136 cpe:/o:opensuse:leap:15.3 Security update for libinput (Important) openSUSE Leap 15.3 This update for libinput fixes the following issues: - CVE-2022-1215: Fixed a format string vulnerability (bsc#1198111). Important SUSE bug 1198111 CVE-2022-1215 cpe:/o:opensuse:leap:15.3 Security update for dnsmasq (Important) openSUSE Leap 15.3 This update for dnsmasq fixes the following issues: - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Important SUSE bug 1197872 CVE-2022-0934 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) The following security bugs were fixed: - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094) - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bnc#1194087). - CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990) - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2020-24504: Fixed an uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers that may have allowed an authenticated user to potentially enable denial of service via local access. (bnc#1182404) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bnc#1179599) The following non-security bugs were fixed: - ACPI: battery: Accept charges over the design capacity as full (git-fixes). - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes). - ACPICA: Avoid evaluating methods too early during system resume (git-fixes). - Add SMB 2 support for getting and setting SACLs (bsc#1192606). - Add to supported.conf: fs/smbfs_common/cifs_arc4 fs/smbfs_common/cifs_md4 - ALSA: ctxfi: Fix out-of-range access (git-fixes). - ALSA: gus: fix null pointer dereference on pointer block (git-fixes). - ALSA: hda: hdac_ext_stream: fix potential locking issues (git-fixes). - ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes). - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes). - ALSA: ISA: not for M68K (git-fixes). - ALSA: synth: missing check for possible NULL after the call to kstrdup (git-fixes). - ALSA: timer: Fix use-after-free problem (git-fixes). - ALSA: timer: Unconditionally unlink slave instances, too (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes). - ARM: 8970/1: decompressor: increase tag size (git-fixes). - ARM: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes) - ARM: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes) - ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes) - ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes) - ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes) - ARM: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes) - ARM: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes) - ARM: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes) - ARM: 9091/1: Revert 'mm: qsd8x50: Fix incorrect permission faults' (git-fixes) - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes) - ARM: 9134/1: remove duplicate memcpy() definition (git-fixes) - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes) - ARM: 9141/1: only warn about XIP address when not compile testing (git-fixes) - ARM: 9155/1: fix early early_iounmap() (git-fixes) - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes) - ARM: at91: pm: of_node_put() after its usage (git-fixes) - ARM: at91: pm: use proper master clock register offset (git-fixes) - ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes) - ARM: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes) - ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes) - ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes) - ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes) - ARM: dts: am437x-l4: fix typo in can@0 node (git-fixes) - ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes) - ARM: dts: armada388-helios4: assign pinctrl to each fan (git-fixes) - ARM: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes) - ARM: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes) - ARM: dts: aspeed: tiogapass: Remove vuart (git-fixes) - ARM: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes) - ARM: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes) - ARM: dts: at91: at91sam9rl: fix ADC triggers (git-fixes) - ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes) - ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes) - ARM: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes) - ARM: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes) - ARM: dts: at91: sama5d2: map securam as device (git-fixes) - ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes) - ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes) - ARM: dts: at91: sama5d4: fix pinctrl muxing (git-fixes) - ARM: dts: at91: tse850: the emaclt;->phy interface is rmii (git-fixes) - ARM: dts: bcm: HR2: Fix PPI interrupt types (git-fixes) - ARM: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes) - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes) - ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes) - ARM: dts: BCM5301X: Fixed QSPI compatible string (git-fixes) - ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes) - ARM: dts: Configure missing thermal interrupt for 4430 (git-fixes) - ARM: dts: dra76x: Fix mmc3 max-frequency (git-fixes) - ARM: dts: dra76x: m_can: fix order of clocks (git-fixes) - ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes) - ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes) - ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes) - ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes) - ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes) - ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes) - ARM: dts: Fix dcan driver probe failed on am437x platform (git-fixes) - ARM: dts: Fix duovero smsc interrupt for suspend (git-fixes) - ARM: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes) - ARM: dts: gose: Fix ports node name for adv7180 (git-fixes) - ARM: dts: gose: Fix ports node name for adv7612 (git-fixes) - ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes) - ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes) - ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes) - ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes) - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes) - ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes) - ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes) - ARM: dts: imx6: phycore-som: fix emmc supply (git-fixes) - ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes) - ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes). - ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes) - ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes) - ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes) - ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes) - ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes) - ARM: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes) - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes) - ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes) - ARM: dts: imx6qdl-gw551x: fix audio SSI (git-fixes) - ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes) - ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes) - ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes) - ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes) - ARM: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes) - ARM: dts: imx6sl: fix rng node (git-fixes) - ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes) - ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes) - ARM: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes) - ARM: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes) - ARM: dts: imx6sx: Improve UART pins macro defines (git-fixes) - ARM: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes) - ARM: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes) - ARM: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes) - ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes) - ARM: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes) - ARM: dts: imx7d: Correct speed grading fuse settings (git-fixes) - ARM: dts: imx7d: fix opp-supported-hw (git-fixes) - ARM: dts: imx7ulp: Correct gpio ranges (git-fixes) - ARM: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes) - ARM: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes) - ARM: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes) - ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes) - ARM: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes) - ARM: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes) - ARM: dts: meson: fix PHY deassert timing requirements (git-fixes) - ARM: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes) - ARM: dts: meson8: Use a higher default GPU clock frequency (git-fixes) - ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: mt7623: add missing pause for switchport (git-fixes) - ARM: dts: N900: fix onenand timings (git-fixes). - ARM: dts: NSP: Correct FA2 mailbox node (git-fixes) - ARM: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes) - ARM: dts: NSP: Fixed QSPI compatible string (git-fixes) - ARM: dts: omap3-gta04a4: accelerometer irq fix (git-fixes) - ARM: dts: omap3430-sdp: Fix NAND device node (git-fixes) - ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes) - ARM: dts: oxnas: Fix clear-mask property (git-fixes) - ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes) - ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes) - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes) - ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes) - ARM: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes) - ARM: dts: r8a7740: Add missing extal2 to CPG node (git-fixes) - ARM: dts: r8a7779, marzen: Fix DU clock names (git-fixes) - ARM: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes) - ARM: dts: renesas: Fix IOMMU device node names (git-fixes) - ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes) - ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes) - ARM: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes) - ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes) - ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes) - ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes) - ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes) - ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes) - ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes) - ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes) - ARM: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes) - ARM: dts: sun8i: v3s: fix GIC node memory range (git-fixes) - ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes) - ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes) - ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sunxi: Fix DE2 clocks register range (git-fixes) - ARM: dts: turris-omnia: add comphy handle to eth2 (git-fixes) - ARM: dts: turris-omnia: add SFP node (git-fixes) - ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes) - ARM: dts: turris-omnia: describe switch interrupt (git-fixes) - ARM: dts: turris-omnia: enable HW buffer management (git-fixes) - ARM: dts: turris-omnia: fix hardware buffer management (git-fixes) - ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes) - ARM: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes). - ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes) - ARM: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes) - ARM: exynos: add missing of_node_put for loop iteration (git-fixes) - ARM: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes) - ARM: footbridge: fix PCI interrupt mapping (git-fixes) - ARM: imx: add missing clk_disable_unprepare() (git-fixes) - ARM: imx: add missing iounmap() (git-fixes) - ARM: imx: build suspend-imx6.S with arm instruction set (git-fixes) - ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes) - ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes) - ARM: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes) - ARM: mvebu: drop pointless check for coherency_base (git-fixes) - ARM: OMAP2+: Fix legacy mode dss_reset (git-fixes) - ARM: OMAP2+: omap_device: fix idling of devices during probe (git-fixes) - ARM: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes) - ARM: p2v: fix handling of LPAE translation in BE mode (git-fixes) - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes) - ARM: s3c24xx: fix missing system reset (git-fixes) - ARM: s3c24xx: fix mmc gpio lookup tables (git-fixes) - ARM: samsung: do not build plat/pm-common for Exynos (git-fixes) - ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes) - ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes) - ASoC: DAPM: Cover regression by kctl change notification fix (git-fixes). - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes). - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes). - ASoC: SOF: Intel: hda-dai: fix potential locking issue (git-fixes). - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes). - ath10k: fix invalid dma_addr_t token assignment (git-fixes). - ath10k: high latency fixes for beacon buffer (git-fixes). - Bbluetooth: btusb: Add another Bluetooth part for Realtek 8852AE (bsc#1193655). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - block: Fix use-after-free issue accessing struct io_cq (bsc#1193042). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - Bluetooth: Add additional Bluetooth part for Realtek 8852AE (bsc#1193655). - Bluetooth: btrtl: Refine the ic_id_table for clearer and more regular (bsc#1193655). - Bluetooth: btusb: Add the more support IDs for Realtek RTL8822CE (bsc#1193655). - Bluetooth: btusb: Add the new support ID for Realtek RTL8852A (bsc#1193655). - Bluetooth: btusb: btrtl: Add support for RTL8852A (bsc#1193655). - Bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes). - bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275). - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes). - bpf, arm: Fix register clobbering in div/mod implementation (git-fixes) - bpf, s390: Fix potential memory leak about jit_data (git-fixes). - bpf, x86: Fix 'no previous prototype' warning (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes). - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002). - btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002). - btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998). - btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998). - btrfs: make checksum item extension more efficient (bsc#1193002). - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes). - cifs use true,false for bool variable (bsc#1164565). - cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606). - cifs: add a debug macro that prints \\server\share for errors (bsc#1164565). - cifs: add a function to get a cached dir based on its dentry (bsc#1192606). - cifs: add a helper to find an existing readable handle to a file (bsc#1154355). - cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606). - cifs: add an smb3_fs_context to cifs_sb (bsc#1192606). - cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606). - cifs: add files to host new mount api (bsc#1192606). - cifs: add fs_context param to parsing helpers (bsc#1192606). - cifs: Add get_security_type_str function to return sec type (bsc#1192606). - cifs: add initial reconfigure support (bsc#1192606). - cifs: add missing mount option to /proc/mounts (bsc#1164565). - cifs: add missing parsing of backupuid (bsc#1192606). - cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606). - cifs: add mount parameter tcpnodelay (bsc#1192606). - cifs: add multichannel mount options and data structs (bsc#1192606). - cifs: add new debugging macro cifs_server_dbg (bsc#1164565). - cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1192606). - cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1192606). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: add passthrough for smb2 setinfo (bsc#1164565). - cifs: add server param (bsc#1192606). - cifs: add shutdown support (bsc#1192606). - cifs: add smb2 POSIX info level (bsc#1164565). - cifs: add SMB2_open() arg to return POSIX data (bsc#1164565). - cifs: add SMB3 change notification support (bsc#1164565). - cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565). - cifs: add support for flock (bsc#1164565). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1164565). - cifs: Add tracepoints for errors on flush or fsync (bsc#1164565). - cifs: Add witness information to debug data dump (bsc#1192606). - cifs: add witness mount option and data structs (bsc#1192606). - cifs: added WARN_ON for all the count decrements (bsc#1192606). - cifs: Adjust indentation in smb2_open_file (bsc#1164565). - cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606). - cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606). - cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606). - cifs: Allocate encryption header through kmalloc (bsc#1192606). - cifs: allow chmod to set mode bits using special sid (bsc#1164565). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: allow unlock flock and OFD lock across fork (bsc#1192606). - cifs: Always update signing key of first channel (bsc#1192606). - cifs: ask for more credit on async read/write code paths (bsc#1192606). - cifs: Assign boolean values to a bool variable (bsc#1192606). - cifs: Avoid doing network I/O while holding cache lock (bsc#1164565). - cifs: Avoid error pointer dereference (bsc#1192606). - cifs: avoid extra calls in posix_info_parse (bsc#1192606). - cifs: Avoid field over-reading memcpy() (bsc#1192606). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: avoid using MID 0xFFFF (bnc#1151927 5.3.8). - cifs: call wake_up(server->response_q) inside of cifs_reconnect() (bsc#1164565). - cifs: change confusing field serverName (to ip_addr) (bsc#1192606). - cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: check new file size when extending file by fallocate (bsc#1192606). - cifs: check pointer before freeing (bsc#1183534). - cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606). - cifs: cifs_md4 convert to SPDX identifier (bsc#1192606). - cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606). - cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565). - cifs: clarify comment about timestamp granularity for old servers (bsc#1192606). - cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606). - cifs: Clarify SMB1 code for delete (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Create (bsc#1192606). - cifs: Clarify SMB1 code for POSIX delete file (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Lock (bsc#1192606). - cifs: Clarify SMB1 code for rename open file (bsc#1192606). - cifs: Clarify SMB1 code for SetFileSize (bsc#1192606). - cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606). - cifs: Clean up DFS referral cache (bsc#1164565). - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606). - cifs: cleanup misc.c (bsc#1192606). - cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606). - cifs: Close cached root handle only if it had a lease (bsc#1164565). - cifs: Close open handle after interrupted close (bsc#1164565). - cifs: close the shared root handle on tree disconnect (bsc#1164565). - cifs: compute full_path already in cifs_readdir() (bsc#1192606). - cifs: connect individual channel servers to primary channel server (bsc#1192606). - cifs: connect: style: Simplify bool comparison (bsc#1192606). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: constify path argument of ->make_node() (bsc#1192606). - cifs: constify pathname arguments in a bunch of helpers (bsc#1192606). - cifs: Constify static struct genl_ops (bsc#1192606). - cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042). - cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606). - cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606). - cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606). - cifs: convert to use be32_add_cpu() (bsc#1192606). - cifs: Convert to use the fallthrough macro (bsc#1192606). - cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606). - cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606). - cifs: create a helper function to parse the query-directory response buffer (bsc#1164565). - cifs: create a helper to find a writeable handle by path name (bsc#1154355). - cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606). - cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606). - cifs: create sd context must be a multiple of 8 (bsc#1192606). - cifs: Deal with some warnings from W=1 (bsc#1192606). - cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606). - cifs: delete duplicated words in header files (bsc#1192606). - cifs: detect dead connections only when echoes are enabled (bsc#1192606). - cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606). - cifs: do d_move in rename (bsc#1164565). - cifs: do not allow changing posix_paths during remount (bsc#1192606). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606). - cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606). - cifs: Do not display RDMA transport on reconnect (bsc#1164565). - cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: do not ignore the SYNC flags in getattr (bsc#1164565). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606). - cifs: Do not miss cancelled OPEN responses (bsc#1164565). - cifs: do not negotiate session if session already exists (bsc#1192606). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565). - cifs: Do not use iov_iter::type directly (bsc#1192606). - cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: dump channel info in DebugData (bsc#1192606). - cifs: dump Security Type info in DebugData (bsc#1192606). - cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606). - cifs: enable change notification for SMB2.1 dialect (bsc#1164565). - cifs: enable extended stats by default (bsc#1192606). - cifs: Enable sticky bit with cifsacl mount option (bsc#1192606). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: escape spaces in share names (bsc#1192606). - cifs: export supported mount options via new mount_params /proc file (bsc#1192606). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1192606). - cifs: fix a comment for the timeouts when sending echos (bsc#1164565). - cifs: fix a memleak with modefromsid (bsc#1192606). - cifs: fix a sign extension bug (bsc#1192606). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1164565). - cifs: fix allocation size on newly created files (bsc#1192606). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: Fix atime update check vs mtime (bsc#1164565). - cifs: Fix bug which the return value by asynchronous read is error (bsc#1192606). - cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606). - cifs: fix channel signing (bsc#1192606). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606). - cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606). - cifs: Fix cifsacl ACE mask for group and others (bsc#1192606). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10). - cifs: fix credit accounting for extra channel (bsc#1192606). - cifs: fix dereference on ses before it is null checked (bsc#1164565). - cifs: fix dfs domain referrals (bsc#1192606). - cifs: fix DFS failover (bsc#1192606). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix dfs-links (bsc#1192606). - cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606). - cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: Fix fall-through warnings for Clang (bsc#1192606). - cifs: fix fallocate when trying to allocate a hole (bsc#1192606). - cifs: fix gcc warning in sid_to_id (bsc#1192606). - cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606). - cifs: Fix in error types returned for out-of-credit situations (bsc#1192606). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: Fix inconsistent indenting (bsc#1192606). - cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606). - cifs: fix incorrect kernel doc comments (bsc#1192606). - cifs: fix interrupted close commands (git-fixes). - cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606). - cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565). - cifs: Fix lookup of SMB connections on multichannel (bsc#1192606). - cifs: fix max ea value size (bnc#1151927 5.3.4). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606). - cifs: fix minor typos in comments and log messages (bsc#1192606). - cifs: Fix missed free operations (bnc#1151927 5.3.8). - cifs: fix missing null session check in mount (bsc#1192606). - cifs: fix missing spinlock around update to ses->status (bsc#1192606). - cifs: fix misspellings using codespell tool (bsc#1192606). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565). - cifs: Fix mode output in debugging statements (bsc#1164565). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: Fix mount options set in automount (bsc#1164565). - cifs: fix mounts to subdirectories of target (bsc#1192606). - cifs: fix nodfs mount option (bsc#1181710). - cifs: fix NULL dereference in match_prepath (bsc#1164565). - cifs: fix NULL dereference in smb2_check_message() (bsc#1192606). - cifs: Fix null pointer check in cifs_read (bsc#1192606). - cifs: Fix NULL pointer dereference in mid callback (bsc#1164565). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16). - cifs: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4). - cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: fix possible uninitialized access and race on iface_list (bsc#1192606). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565). - cifs: fix potential mismatch of UNC paths (bsc#1164565). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565). - cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: Fix preauth hash corruption (git-fixes). - cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042). - cifs: fix reference leak for tlink (bsc#1192606). - cifs: fix regression when mounting shares with prefix paths (bsc#1192606). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565). - cifs: Fix resource leak (bsc#1192606). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565). - cifs: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10). - cifs: Fix return value in __update_cache_entry (bsc#1164565). - cifs: fix rsize/wsize to be negotiated values (bsc#1192606). - cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606). - cifs: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: Fix some error pointers handling detected by static checker (bsc#1192606). - cifs: Fix spelling of 'security' (bsc#1192606). - cifs: fix string declarations and assignments in tracepoints (bsc#1192606). - cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606). - cifs: Fix task struct use-after-free on reconnect (bsc#1164565). - cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606). - cifs: Fix the target file was deleted when rename failed (bsc#1192606). - cifs: fix trivial typo (bsc#1192606). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565). - cifs: Fix unix perm bits to cifsacl conversion for 'other' bits (bsc#1192606). - cifs: fix unneeded null check (bsc#1192606). - cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606). - cifs: Fix use after free of file info structures (bnc#1151927 5.3.8). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606). - cifs: for compound requests, use open handle if possible (bsc#1192606). - cifs: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7). - cifs: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7). - cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606). - cifs: get mode bits from special sid on stat (bsc#1164565). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: get rid of cifs_sb->mountdata (bsc#1192606). - cifs: Get rid of kstrdup_const()'d paths (bsc#1164565). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606). - cifs: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7). - cifs: handle -EINTR in cifs_setattr (bsc#1192606). - cifs: handle 'guest' mount parameter (bsc#1192606). - cifs: handle 'nolease' option for vers=1.0 (bsc#1192606). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle prefix paths in reconnect (bsc#1164565). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: Handle witness client move notification (bsc#1192606). - cifs: have ->mkdir() handle race with another client sanely (bsc#1192606). - cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606). - cifs: Identify a connection by a conn_id (bsc#1192606). - cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606). - cifs: ignore auto and noauto options if given (bsc#1192606). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: improve fallocate emulation (bsc#1192606). - cifs: improve read performance for page size 64KB cache=strict vers=2.1+ (bsc#1192606). - cifs: In the new mount api we get the full devname as source= (bsc#1192606). - cifs: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606). - cifs: Initialize filesystem timestamp ranges (bsc#1164565). - cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: Introduce helpers for finding TCP connection (bsc#1164565). - cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: log mount errors using cifs_errorf() (bsc#1192606). - cifs: log warning message (once) if out of disk space (bsc#1164565). - cifs: make build_path_from_dentry() return const char * (bsc#1192606). - cifs: make const array static, makes object smaller (bsc#1192606). - cifs: Make extract_hostname function public (bsc#1192606). - cifs: Make extract_sharename function public (bsc#1192606). - cifs: make fs_context error logging wrapper (bsc#1192606). - cifs: make locking consistent around the server session status (bsc#1192606). - cifs: make multichannel warning more visible (bsc#1192606). - cifs: Make SMB2_notify_init static (bsc#1164565). - cifs: make sure we do not overflow the max EA buffer size (bsc#1164565). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565). - cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565). - cifs: minor fix to two debug messages (bsc#1192606). - cifs: minor kernel style fixes for comments (bsc#1192606). - cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606). - cifs: minor updates to Kconfig (bsc#1192606). - cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606). - cifs: missed ref-counting smb session in find (bsc#1192606). - cifs: missing null check for newinode pointer (bsc#1192606). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: modefromsid: make room for 4 ACE (bsc#1164565). - cifs: modefromsid: write mode ACE first (bsc#1164565). - cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606). - cifs: move cache mount options to fs_context.ch (bsc#1192606). - cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606). - cifs: move cifs_parse_devname to fs_context.c (bsc#1192606). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355). - cifs: move debug print out of spinlock (bsc#1192606). - cifs: Move more definitions into the shared area (bsc#1192606). - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606). - cifs: move security mount options into fs_context.ch (bsc#1192606). - cifs: move SMB FSCTL definitions to common code (bsc#1192606). - cifs: move smb version mount options into fs_context.c (bsc#1192606). - cifs: Move SMB2_Create definitions to the shared area (bsc#1192606). - cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606). - cifs: move the check for nohandlecache into open_shroot (bsc#1192606). - cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606). - cifs: move update of flags into a separate function (bsc#1192606). - cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606). - cifs: multichannel: move channel selection above transport layer (bsc#1192606). - cifs: multichannel: move channel selection in function (bsc#1192606). - cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606). - cifs: multichannel: use pointer for binding channel (bsc#1192606). - cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9). - cifs: New optype for session operations (bsc#1181507). - cifs: nosharesock should be set on new server (bsc#1192606). - cifs: nosharesock should not share socket with future sessions (bsc#1192606). - cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606). - cifs: Optimize readdir on reparse points (bsc#1164565). - cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606). - cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606). - cifs: plumb smb2 POSIX dir enumeration (bsc#1164565). - cifs: populate server_hostname for extra channels (bsc#1192606). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606). - cifs: print warning mounting with vers=1.0 (bsc#1164565). - cifs: properly invalidate cached root handle when closing it (bsc#1192606). - cifs: Properly process SMB3 lease breaks (bsc#1164565). - cifs: protect session channel fields with chan_lock (bsc#1192606). - cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606). - cifs: protect updating server->dstaddr with a spinlock (bsc#1192606). - cifs: Re-indent cifs_swn_reconnect() (bsc#1192606). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: reduce stack use in smb2_compound_op (bsc#1192606). - cifs: refactor cifs_get_inode_info() (bsc#1164565). - cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606). - cifs: Reformat DebugData and index connections by conn_id (bsc#1192606). - cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset. - cifs: release lock earlier in dequeue_mid error case (bsc#1192606). - cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606). - cifs: remove actimeo from cifs_sb (bsc#1192606). - cifs: remove bogus debug code (bsc#1179427). - cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606). - cifs: remove duplicated prototype (bsc#1192606). - cifs: remove old dead code (bsc#1192606). - cifs: remove pathname for file from SPDX header (bsc#1192606). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565). - cifs: remove redundant assignment to variable rc (bsc#1164565). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: Remove repeated struct declaration (bsc#1192606). - cifs: Remove set but not used variable 'capabilities' (bsc#1164565). - cifs: remove set but not used variable 'server' (bsc#1164565). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565). - cifs: remove set but not used variables (bsc#1164565). - cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606). - cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606). - cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606). - cifs: Remove the superfluous break (bsc#1192606). - cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606). - cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606). - cifs: Remove unnecessary struct declaration (bsc#1192606). - cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: remove unused variable 'server' (bsc#1192606). - cifs: remove unused variable 'sid_user' (bsc#1164565). - cifs: remove unused variable (bsc#1164565). - cifs: Remove useless variable (bsc#1192606). - cifs: remove various function description warnings (bsc#1192606). - cifs: rename a variable in SendReceive() (bsc#1164565). - cifs: rename cifs_common to smbfs_common (bsc#1192606). - cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606). - cifs: rename posix create rsp (bsc#1164565). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606). - cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565). - cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606). - cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606). - cifs: return cached_fid from open_shroot (bsc#1192606). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - cifs: returning mount parm processing errors correctly (bsc#1192606). - cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606). - cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606). - cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606). - cifs: send workstation name during ntlmssp session setup (bsc#1192606). - cifs: set a minimum of 120s for next dns resolution (bsc#1192606). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565). - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606). - cifs: Silently ignore unknown oplock break handle (bsc#1192606). - cifs: Simplify bool comparison (bsc#1192606). - cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606). - cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606). - cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606). - cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565). - cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606). - cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606). - cifs: smbd: Check send queue size before posting a send (bsc#1192606). - cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565). - cifs: smbd: Merge code to track pending packets (bsc#1192606). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565). - cifs: smbd: Properly process errors on ib_post_send (bsc#1192606). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565). - cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606). - cifs: sort interface list by speed (bsc#1192606). - cifs: Spelling s/EACCESS/EACCES/ (bsc#1192606). - cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: Standardize logging output (bsc#1192606). - cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606). - cifs: style: replace one-element array with flexible-array (bsc#1192606). - cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042). - cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042). - cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606). - cifs: switch servers depending on binding state (bsc#1192606). - cifs: switch to new mount api (bsc#1192606). - cifs: To match file servers, make sure the server hostname matches (bsc#1192606). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cifs: try harder to open new channels (bsc#1192606). - cifs: try opening channels after mounting (bsc#1192606). - cifs: uncomplicate printing the iocharset parameter (bsc#1192606). - cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606). - cifs: update ctime and mtime during truncate (bsc#1192606). - cifs: update FSCTL definitions (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update mnt_cifs_flags during reconfigure (bsc#1192606). - cifs: update new ACE pointer after populate_new_aces (bsc#1192606). - cifs: update super_operations to show_devname (bsc#1192606). - cifs: Use #define in cifs_dbg (bsc#1164565). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565). - cifs: use compounding for open and first query-dir for readdir() (bsc#1164565). - cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606). - cifs: use echo_interval even when connection not ready (bsc#1192606). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355). - cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1164565). - cifs: use mod_delayed_work() for server->reconnect if already queued (bsc#1164565). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565). - cifs: use SPDX-Licence-Identifier (bsc#1192606). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606). - cifs: use true,false for bool variable (bsc#1164565). - cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606). - cifs: Warn less noisily on default mount (bsc#1192606). - cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - cifs`: handle ERRBaduid for SMB1 (bsc#1192606). - clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes). - clk: ingenic: Fix bugs with divided dividers (git-fixes). - config: refresh BPF configs (jsc#SLE-22574) The SUSE-commit 9a413cc7eb56 ('config: disable unprivileged BPF by default (jsc#SLE-22573)') inherited from SLE15-SP2 puts the BPF config into the wrong place due to SLE15-SP3 additionally backported b24abcff918a ('bpf, kconfig: Add consolidated menu entry for bpf with core options'), and leads to duplicate CONFIG_BPF_UNPRIV_DEFAULT_OFF entires; this commit remove those BPF config. Also, disable unprivileged BPF for armv7hl, which did not inherit the config change from SLE15-SP2. - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - Convert trailing spaces and periods in path components (bsc#1179424). - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes). - crypto: pcrypt - Delay write to padata->info (git-fixes). - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes). - cxgb4: fix eeprom len when diagnostics not implemented (git-fixes). - dm raid: remove unnecessary discard limits for raid0 and raid10 (bsc#1192320). - dm: fix deadlock when swapping to encrypted device (bsc#1186332). - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes). - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes). - do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606). - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes). - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes). - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes). - drm/amd/display: Set plane update flags for all planes in reset (git-fixes). - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes). - drm/msm: Do hw_init() before capturing GPU state (git-fixes). - drm/msm/a6xx: Allocate enough space for GMU registers (git-fixes). - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes). - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (git-fixes). - drm/nouveau/svm: Fix refcount leak bug and missing check against null bug (git-fixes). - drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes). - drm/pl111: Actually fix CONFIG_VEXPRESS_CONFIG depends (git-fixes). - drm/plane-helper: fix uninitialized variable reference (git-fixes). - drm/vc4: fix error code in vc4_create_object() (git-fixes). - drop superfluous empty lines - e1000e: Separate TGP board type from SPT (bsc#1192874). - EDAC/amd64: Handle three rank interleaving mode (bsc#1152489). - elfcore: correct reference to CONFIG_UML (git-fixes). - elfcore: fix building with clang (bsc#1169514). - ethtool: fix ethtool msg len calculation for pause stats (jsc#SLE-15075). - firmware: qcom_scm: Mark string array const (git-fixes). - fuse: release pipe buf after last use (bsc#1193318). - gve: Add netif_set_xps_queue call (bsc#1176940). - gve: Add rx buffer pagecnt bias (bsc#1176940). - gve: Allow pageflips on larger pages (bsc#1176940). - gve: Do lazy cleanup in TX path (git-fixes). - gve: DQO: avoid unused variable warnings (bsc#1176940). - gve: Switch to use napi_complete_done (git-fixes). - gve: Track RX buffer allocation failures (bsc#1176940). - hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for yellow carp (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for Zen3 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Create common functions and macros for Zen CPU families (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Do not show Tdie for all Zen/Zen2/Zen3 CPU/APU (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) make some symbols static (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove residues of current and voltage (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Reorganize and simplify temperature support detection (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Rework the temperature offset calculation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) support Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Swap Tdie and Tctl on Family 17h CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update documentation and add temp2_input info (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update driver documentation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - i2c: cbus-gpio: set atomic transfer callback (git-fixes). - i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes). - i2c: stm32f7: recover the bus on access timeout (git-fixes). - i2c: stm32f7: stop dma transfer in case of NACK (git-fixes). - i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes). - i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes). - i40e: Fix correct max_pkt_size on VF RX queue (git-fixes). - i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes). - i40e: Fix display error code in dmesg (git-fixes). - i40e: Fix failed opcode appearing if handling messages from VF (git-fixes). - i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes). - i40e: Fix ping is lost after configuring ADq on VF (git-fixes). - i40e: Fix pre-set max number of queues for VF (git-fixes). - i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes). - iavf: check for null in iavf_fix_features (git-fixes). - iavf: do not clear a lock we do not hold (git-fixes). - iavf: Fix failure to exit out from last all-multicast mode (git-fixes). - iavf: Fix for setting queues to 0 (jsc#SLE-12877). - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes). - iavf: Fix reporting when setting descriptor count (git-fixes). - iavf: Fix return of set the new channel count (jsc#SLE-12877). - iavf: free q_vectors before queues in iavf_disable_vf (git-fixes). - iavf: prevent accidental free of filter structure (git-fixes). - iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes). - iavf: Restore VLAN filters after link down (git-fixes). - iavf: validate pointers (git-fixes). - ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568). - ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: Delete always true check of PF pointer (git-fixes). - ice: Fix not stopping Tx queues for VFs (jsc#SLE-7926). - ice: Fix VF true promiscuous mode (jsc#SLE-12878). - ice: fix vsi->txq_map sizing (jsc#SLE-7926). - ice: ignore dropped packets during init (git-fixes). - ice: Remove toggling of antispoof for VF trusted promiscuous mode (jsc#SLE-12878). - igb: fix netpoll exit with traffic (git-fixes). - igc: Remove _I_PHY_ID checking (bsc#1193169). - igc: Remove phy->type checking (bsc#1193169). - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes). - Input: iforce - fix control-message timeout (git-fixes). - iommu: Check if group is NULL before remove device (git-fixes). - iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes). - iommu/amd: Remove iommu_init_ga() (git-fixes). - iommu/mediatek: Fix out-of-range warning with clang (git-fixes). - iommu/vt-d: Consolidate duplicate cache invaliation code (git-fixes). - iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() (git-fixes). - iommu/vt-d: Update the virtual command related registers (git-fixes). - ipmi: Disable some operations during a panic (git-fixes). - kABI: dm: fix deadlock when swapping to encrypted device (bsc#1186332). - kabi: hide changes to struct uv_info (git-fixes). - kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise. - kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging. - kernel-obs-build: remove duplicated/unused parameters lbs=0 - this parameters is just giving 'unused parameter' and it looks like I can not find any version that implemented this. rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it alread loads the kernel module. quiet and panic=1 will now be also always added by OBS, so we do not have to set it here anymore. - kernel-source.spec: install-kernel-tools also required on 15.4 - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes). - lib/xz: Validate the value before assigning it to an enum variable (git-fixes). - libata: fix checking of DMA state (git-fixes). - linux/parser.h: add include guards (bsc#1192606). - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - md: add md_submit_discard_bio() for submitting discard bio (bsc#1192320). - md: fix a lock order reversal in md_alloc (git-fixes). - md/raid10: extend r10bio devs to raid disks (bsc#1192320). - md/raid10: improve discard request for far layout (bsc#1192320). - md/raid10: improve raid10 discard request (bsc#1192320). - md/raid10: initialize r10_bio->read_slot before use (bsc#1192320). - md/raid10: pull the code that wait for blocked dev into one function (bsc#1192320). - md/raid10: Remove unnecessary rcu_dereference in raid10_handle_discard (bsc#1192320). - mdio: aspeed: Fix 'Link is Down' issue (bsc#1176447). - media: imx: set a media_device bus_info string (git-fixes). - media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes). - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes). - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes). - media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes). - media: mt9p031: Fix corrupted frame after restarting stream (git-fixes). - media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes). - media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes). - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes). - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes). - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes). - media: uvcvideo: Return -EIO for control errors (git-fixes). - media: uvcvideo: Set capability in s_param (git-fixes). - media: uvcvideo: Set unique vdev name based in type (git-fixes). - memstick: r592: Fix a UAF bug when removing the driver (git-fixes). - MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876). - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes). - mmc: winbond: do not build on M68K (git-fixes). - mtd: core: do not remove debugfs directory if device is in use (git-fixes). - mwifiex: Properly initialize private structure on interface type changes (git-fixes). - mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes). - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes). - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes). - net: asix: fix uninit value bugs (git-fixes). - net: bnx2x: fix variable dereferenced before check (git-fixes). - net: bridge: fix under estimation in br_get_linkxstats_size() (bsc#1176447). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - net: delete redundant function declaration (git-fixes). - net: hns3: change affinity_mask to numa node range (bsc#1154353). - net: hns3: fix misuse vf id and vport id in some logs (bsc#1154353). - net: hns3: remove check VF uc mac exist when set by PF (bsc#1154353). - net: hso: fix control-request directions (git-fixes). - net: hso: fix muxed tty registration (git-fixes). - net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726). - net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726). - net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185726). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726). - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes). - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes). - net: stmmac: add EHL 2.5Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL PSE0 PSE1 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL RGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add TGL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: create dwmac-intel.c to contain all Intel platform (bsc#1192691). - net: stmmac: pci: Add HAPS support using GMAC5 (bsc#1192691). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes). - net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes). - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes). - net/mlx5: E-Switch, return error if encap isn't supported (jsc#SLE-15172). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes). - net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1176774). - netfilter: ctnetlink: do not erase error code with EINVAL (bsc#1176447). - netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY (bsc#1176447). - netfilter: flowtable: fix IPv6 tunnel addr match (bsc#1176447). - NFC: add NCI_UNREG flag to eliminate the race (git-fixes). - NFC: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes). - NFC: reorder the logic in nfc_{un,}register_device (git-fixes). - NFC: reorganize the functions in nci_request (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - NFS: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes). - NFS: do not take i_rwsem for swap IO (bsc#1191876). - NFS: Fix deadlocks in nfs_scan_commit_list() (git-fixes). - NFS: Fix up commit deadlocks (git-fixes). - NFS: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876). - nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes). - nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes). - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes). - NFSv4: Fix a regression in nfs_set_open_stateid_locked() (git-fixes). - nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969). - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). - PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes). - PCI/MSI: Deal with devices lying about their MSI mask capability (git-fixes). - perf: Correctly handle failed perf_get_aux_event() (git-fixes). - perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT (git-fixes). - perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes). - perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes). - perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes). - perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes). - perf/x86/vlbr: Add c->flags to vlbr event constraints (git-fixes). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: wmi: do not fail if disabling fails (git-fixes). - PM: hibernate: Get block device exclusively in swsusp_check() (git-fixes). - PM: hibernate: use correct mode for swsusp_close() (git-fixes). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes). - powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes). - powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (git-fixes). - powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes). - powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes). - powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 (jsc#SLE-13513 git-fixes). - powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes). - powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129). - powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129). - powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - qede: validate non LSO skb length (git-fixes). - r8152: limit the RX buffer size of RTL8153A for USB 2.0 (git-fixes). - r8169: Add device 10ec:8162 to driver r8169 (git-fixes). - RDMA/bnxt_re: Update statistics counter name (jsc#SLE-16649). - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - reset: socfpga: add empty driver allowing consumers to probe (git-fixes). - ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960). - rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files. - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-lt;version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well. - rt2x00: do not mark device gone on EPROTO errors during start (git-fixes). - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9). - s390: mm: Fix secure storage access exception handling (git-fixes). - s390/bpf: Fix branch shortening during codegen pass (bsc#1193993). - s390/uv: fully validate the VMA before calling follow_page() (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (git-fixes). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: mpt3sas: Fix system going into read-only mode (git-fixes). - scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes). - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes). - serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes). - serial: 8250: Fix RTS modem control while in rs485 mode (git-fixes). - serial: core: fix transmit-buffer reset and memleak (git-fixes). - smb2: clarify rc initialization in smb2_reconnect (bsc#1192606). - smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606). - smb3: add additional null check in SMB2_ioctl (bsc#1192606). - smb3: add additional null check in SMB2_open (bsc#1192606). - smb3: add additional null check in SMB2_tcon (bsc#1192606). - smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606). - smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606). - smb3: add debug messages for closing unmatched open (bsc#1164565). - smb3: add defines for new crypto algorithms (bsc#1192606). - smb3: Add defines for new information level, FileIdInformation (bsc#1164565). - smb3: add defines for new signing negotiate context (bsc#1192606). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: add dynamic trace points for socket connection (bsc#1192606). - smb3: add dynamic tracepoints for flush and close (bsc#1164565). - smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606). - smb3: add missing flag definitions (bsc#1164565). - smb3: Add missing reparse tags (bsc#1164565). - smb3: add missing worker function for SMB3 change notify (bsc#1164565). - smb3: add mount option to allow forced caching of read only share (bsc#1164565). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565). - smb3: Add new compression flags (bsc#1192606). - smb3: Add new info level for query directory (bsc#1192606). - smb3: add new module load parm enable_gcm_256 (bsc#1192606). - smb3: add new module load parm require_gcm_256 (bsc#1192606). - smb3: Add new parm 'nodelete' (bsc#1192606). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565). - smb3: add rasize mount parameter to improve readahead performance (bsc#1192606). - smb3: add some missing definitions from MS-FSCC (bsc#1192606). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565). - smb3: Add support for getting and setting SACLs (bsc#1192606). - smb3: Add support for lookup with posix extensions query info (bsc#1192606). - smb3: Add support for negotiating signing algorithm (bsc#1192606). - smb3: Add support for query info using posix extensions (level 100) (bsc#1192606). - smb3: add support for recognizing WSL reparse tags (bsc#1192606). - smb3: Add support for SMB311 query info (non-compounded) (bsc#1192606). - smb3: add support for stat of WSL reparse points for special file types (bsc#1192606). - smb3: add support for using info level for posix extensions query (bsc#1192606). - smb3: Add tracepoints for new compound posix query info (bsc#1192606). - smb3: Additional compression structures (bsc#1192606). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565). - smb3: allow disabling requesting leases (bnc#1151927 5.3.4). - smb3: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606). - smb3: allow dumping keys for multiuser mounts (bsc#1192606). - smb3: allow parallelizing decryption of reads (bsc#1164565). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565). - smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606). - smb3: avoid confusing warning message on mount to Azure (bsc#1192606). - smb3: Avoid Mid pending list corruption (bsc#1192606). - smb3: Backup intent flag missing from some more ops (bsc#1164565). - smb3: Call cifs reconnect from demultiplex thread (bsc#1192606). - smb3: change noisy error message to FYI (bsc#1192606). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565). - smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606). - smb3: correct smb3 ACL security descriptor (bsc#1192606). - smb3: default to minimum of two channels when multichannel specified (bsc#1192606). - smb3: display max smb3 requests in flight at any one time (bsc#1164565). - smb3: do not attempt multichannel to server which does not support it (bsc#1192606). - smb3: do not error on fsync when readonly (bsc#1192606). - smb3: do not fail if no encryption required but server does not support it (bsc#1192606). - smb3: do not log warning message if server does not populate salt (bsc#1192606). - smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606). - smb3: do not try to cache root directory if dir leases not supported (bsc#1192606). - smb3: dump in_send and num_waiters stats counters by default (bsc#1164565). - smb3: enable negotiating stronger encryption by default (bsc#1192606). - smb3: enable offload of decryption of large reads via mount option (bsc#1164565). - smb3: enable swap on SMB3 mounts (bsc#1192606). - smb3: extend fscache mount volume coherency check (bsc#1192606). - smb3: fix access denied on change notify request to some servers (bsc#1192606). - smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565). - smb3: Fix ids returned in POSIX query dir (bsc#1192606). - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606). - smb3: fix leak in 'open on server' perf counter (bnc#1151927 5.3.4). - smb3: Fix mkdir when idsfromsid configured on mount (bsc#1192606). - smb3: fix mode passed in on create for modetosid mount option (bsc#1164565). - smb3: fix mount failure to some servers when compression enabled (bsc#1192606). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - smb3: fix performance regression with setting mtime (bsc#1164565). - smb3: Fix persistent handles reconnect (bnc#1151927 5.3.11). - smb3: fix posix extensions mount option (bsc#1192606). - smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606). - smb3: fix potential null dereference in decrypt offload (bsc#1164565). - smb3: fix problem with null cifs super block with previous patch (bsc#1164565). - smb3: fix readpage for large swap cache (bsc#1192606). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565). - smb3: Fix regression in time handling (bsc#1164565). - smb3: fix signing verification of large reads (bsc#1154355). - smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606). - smb3: fix typo in compression flag (bsc#1192606). - smb3: fix typo in header file (bsc#1192606). - smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606). - smb3: fix uninitialized value for port in witness protocol move (bsc#1192606). - smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4). - smb3: fix unneeded error message on change notify (bsc#1192606). - smb3: Handle error case during offload read path (bsc#1192606). - smb3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - smb3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - smb3: Honor lease disabling for multiuser mounts (git-fixes). - smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - smb3: if max_channels set to more than one channel request multichannel (bsc#1192606). - smb3: improve check for when we send the security descriptor context on create (bsc#1164565). - smb3: improve handling of share deleted (and share recreated) (bsc#1154355). - smb3: incorrect file id in requests compounded with open (bsc#1192606). - smb3: Incorrect size for netname negotiate context (bsc#1154355). - smb3: limit noisy error (bsc#1192606). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565). - smb3: Minor cleanup of protocol definitions (bsc#1192606). - smb3: minor update to compression header definitions (bsc#1192606). - smb3: missing ACL related flags (bsc#1164565). - smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606). - smb3: only offload decryption of read responses if multiple requests (bsc#1164565). - smb3: pass mode bits into create calls (bsc#1164565). - smb3: prevent races updating CurrentMid (bsc#1192606). - smb3: print warning if server does not support requested encryption type (bsc#1192606). - smb3: print warning once if posix context returned on open (bsc#1164565). - smb3: query attributes on file close (bsc#1164565). - smb3: rc uninitialized in one fallocate path (bsc#1192606). - smb3: remind users that witness protocol is experimental (bsc#1192606). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1164565). - smb3: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606). - smb3: remove dead code for non compounded posix query info (bsc#1192606). - smb3: remove noisy debug message and minor cleanup (bsc#1164565). - smb3: remove overly noisy debug line in signing errors (bsc#1192606). - smb3: remove static checker warning (bsc#1192606). - smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042). - smb3: remove two unused variables (bsc#1192606). - smb3: remove unused flag passed into close functions (bsc#1164565). - smb3: rename nonces used for GCM and CCM encryption (bsc#1192606). - smb3: Resolve data corruption of TCP server info fields (bsc#1192606). - smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606). - smb3: set gcm256 when requested (bsc#1192606). - smb3: smbdirect support can be configured by default (bsc#1192606). - smb3: update comments clarifying SPNEGO info in negprot response (bsc#1192606). - smb3: update protocol header definitions based to include new flags (bsc#1192606). - smb3: update structures for new compression protocol definitions (bsc#1192606). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606). - smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606). - smbdirect: missing rc checks while waiting for rdma events (bsc#1192606). - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes). - soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes). - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes). - spi: spl022: fix Microwire full duplex mode (git-fixes). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876). - SUNRPC: remove scheduling boost for 'SWAPPER' tasks (bsc#1191876). - SUNRPC/auth: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC/xprt: async tasks mustn't block waiting for memory (bsc#1191876). - supported.conf: add pwm-rockchip References: jsc#SLE-22615 - swiotlb: avoid double free (git-fixes). - swiotlb: Fix the type of index (git-fixes). - TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1192606). - tlb: mmu_gather: add tlb_flush_*_range APIs - tracing: Add length protection to histogram string copies (git-fixes). - tracing: Change STR_VAR_MAX_LEN (git-fixes). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tracing: use %ps format string to print symbols (git-fixes). - tracing/histogram: Do not copy the fixed-size char array field over the field size (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes). - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes). - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes). - usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes). - usb: serial: option: add Fibocom FM101-GL variants (git-fixes). - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes). - vfs: do not parse forbidden flags (bsc#1192606). - x86/amd_nb: Add AMD family 19h model 50h PCI ids (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489). - x86/efi: Restore Firmware IDT before calling ExitBootServices() (git-fixes). - x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (bsc#1178134). - x86/mpx: Disable MPX for 32-bit userland (bsc#1193139). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489). - x86/pvh: add prototype for xen_pvh_init() (git-fixes). - x86/sev: Allow #VC exceptions on the VC2 stack (git-fixes). - x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword (bsc#1178134). - x86/sev: Fix stack type check in vc_switch_off_ist() (git-fixes). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489). - x86/Xen: swap NX determination and GDT setup on BSP (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen/privcmd: fix error handling in mmap-resource processing (git-fixes). - xen/pvh: add missing prototype to header (git-fixes). - xen/x86: fix PV trap handling on secondary processors (git-fixes). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes). - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes). - zram: fix return value on writeback_store (git-fixes). - zram: off by one in read_block_state() (git-fixes). Important SUSE bug 1139944 SUSE bug 1151927 SUSE bug 1152489 SUSE bug 1153275 SUSE bug 1154353 SUSE bug 1154355 SUSE bug 1161907 SUSE bug 1164565 SUSE bug 1166780 SUSE bug 1169514 SUSE bug 1176242 SUSE bug 1176447 SUSE bug 1176536 SUSE bug 1176544 SUSE bug 1176545 SUSE bug 1176546 SUSE bug 1176548 SUSE bug 1176558 SUSE bug 1176559 SUSE bug 1176774 SUSE bug 1176940 SUSE bug 1176956 SUSE bug 1177440 SUSE bug 1178134 SUSE bug 1178270 SUSE bug 1179211 SUSE bug 1179424 SUSE bug 1179426 SUSE bug 1179427 SUSE bug 1179599 SUSE bug 1181148 SUSE bug 1181507 SUSE bug 1181710 SUSE bug 1182404 SUSE bug 1183534 SUSE bug 1183540 SUSE bug 1183897 SUSE bug 1184318 SUSE bug 1185726 SUSE bug 1185902 SUSE bug 1186332 SUSE bug 1187541 SUSE bug 1189126 SUSE bug 1189158 SUSE bug 1191793 SUSE bug 1191876 SUSE bug 1192267 SUSE bug 1192320 SUSE bug 1192507 SUSE bug 1192511 SUSE bug 1192569 SUSE bug 1192606 SUSE bug 1192691 SUSE bug 1192845 SUSE bug 1192847 SUSE bug 1192874 SUSE bug 1192946 SUSE bug 1192969 SUSE bug 1192987 SUSE bug 1192990 SUSE bug 1192998 SUSE bug 1193002 SUSE bug 1193042 SUSE bug 1193139 SUSE bug 1193169 SUSE bug 1193306 SUSE bug 1193318 SUSE bug 1193349 SUSE bug 1193440 SUSE bug 1193442 SUSE bug 1193655 SUSE bug 1193993 SUSE bug 1194087 SUSE bug 1194094 CVE-2020-24504 CVE-2020-27820 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-4001 CVE-2021-4002 CVE-2021-43975 CVE-2021-43976 CVE-2021-45485 CVE-2021-45486 cpe:/o:opensuse:leap:15.3 Security update for netty (Moderate) openSUSE Leap 15.3 This update for netty fixes the following issues: - CVE-2021-21409: Fixed request smuggling via content-length header (bsc#1184203). Moderate SUSE bug 1184203 CVE-2021-21409 cpe:/o:opensuse:leap:15.3 Security update for podofo (Moderate) openSUSE Leap 15.3 This update for podofo fixes the following issues: - CVE-2019-20093: Fixed an invalid memory access that could cause an application crash (bsc#1159921). Moderate SUSE bug 1159921 CVE-2019-20093 cpe:/o:opensuse:leap:15.3 Security update for python-numpy (Important) openSUSE Leap 15.3 This update for python-numpy fixes the following issues: - CVE-2021-33430: Fixed buffer overflow that could lead to DoS in PyArray_NewFromDescr_int function of ctors.c (bsc#1193913). - CVE-2021-41496: Fixed buffer overflow that could lead to DoS in array_from_pyobj function of fortranobject.c (bsc#1193907). Important SUSE bug 1193907 SUSE bug 1193913 CVE-2021-33430 CVE-2021-41496 cpe:/o:opensuse:leap:15.3 Security update for busybox (Important) openSUSE Leap 15.3 This update for busybox fixes the following issues: - CVE-2011-5325: Fixed tar directory traversal (bsc#951562). - CVE-2015-9261: Fixed segfalts and application crashes in huft_build (bsc#1102912). - CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663). - CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662). - CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940). - CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976). - CVE-2017-15874: Fixed integer underflow in archival/libarchive/decompress_unlzma.c (bsc#1064978). - CVE-2017-16544: Fixed Insufficient sanitization of filenames when autocompleting (bsc#1069412). - CVE-2018-1000500 : Fixed missing SSL certificate validation in wget (bsc#1099263). - CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260). - CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426). - CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428). - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522). - CVE-2021-42373: Fixed NULL pointer dereference in man leading to DoS when a section name is supplied but no page argument is given (bsc#1192869). - CVE-2021-42374: Fixed out-of-bounds heap read in unlzma leading to information leak and DoS when crafted LZMA-compressed input is decompressed (bsc#1192869). - CVE-2021-42375: Fixed incorrect handling of a special element in ash leading to DoS when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters (bsc#1192869). - CVE-2021-42376: Fixed NULL pointer dereference in hush leading to DoS when processing a crafted shell command (bsc#1192869). - CVE-2021-42377: Fixed attacker-controlled pointer free in hush leading to DoS and possible code execution when processing a crafted shell command (bsc#1192869). - CVE-2021-42378: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the getvar_i function (bsc#1192869). - CVE-2021-42379: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the next_input_file function (bsc#1192869). - CVE-2021-42380: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the clrvar function (bsc#1192869). - CVE-2021-42381: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the hash_init function (bsc#1192869). - CVE-2021-42382: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the getvar_s function (bsc#1192869). - CVE-2021-42383: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the evaluate function (bsc#1192869). - CVE-2021-42384: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the handle_special function (bsc#1192869). - CVE-2021-42385: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the evaluate function (bsc#1192869). - CVE-2021-42386: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the nvalloc function (bsc#1192869). Important SUSE bug 1064976 SUSE bug 1064978 SUSE bug 1069412 SUSE bug 1099260 SUSE bug 1099263 SUSE bug 1102912 SUSE bug 1121426 SUSE bug 1121428 SUSE bug 1184522 SUSE bug 1192869 SUSE bug 951562 SUSE bug 970662 SUSE bug 970663 SUSE bug 991940 CVE-2011-5325 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2016-6301 CVE-2017-15873 CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747 CVE-2021-28831 CVE-2021-42373 CVE-2021-42374 CVE-2021-42375 CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). Important SUSE bug 1194547 CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 cpe:/o:opensuse:leap:15.3 Security update for mutt (Moderate) openSUSE Leap 15.3 This update for mutt fixes the following issues: - CVE-2022-1328: Fixed an invalid memory access when reading untrusted uuencoded data. This could result in including private memory in replies (bsc#1198518). Moderate SUSE bug 1198518 CVE-2022-1328 cpe:/o:opensuse:leap:15.3 Security update for SUSE Manager Client Tools (Moderate) openSUSE Leap 15.3 This update fixes the following issues: grafana: - Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422) + Security: * Fixes XSS vulnerability in handling data sources (bsc#1195726, CVE-2022-21702) * Fixes cross-origin request forgery vulnerability (bsc#1195727, CVE-2022-21703) * Fixes Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728, CVE-2022-21713) - Update to Go 1.17. - Add build-time dependency on `wire`. - Update license to GNU Affero General Public License v3.0. - Update to version 8.3.4 * GetUserInfo: return an error if no user was found (bsc#1194873, CVE-2022-21673) + Features and enhancements: * Alerting: Allow configuration of non-ready alertmanagers. * Alerting: Allow customization of Google chat message. * AppPlugins: Support app plugins with only default nav. * InfluxDB: query editor: skip fields in metadata queries. * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana. * Prometheus: Forward oauth tokens after prometheus datasource migration. + Bug fixes: * Azure Monitor: Bug fix for variable interpolations in metrics dropdowns. * Azure Monitor: Improved error messages for variable queries. * CloudMonitoring: Fixes broken variable queries that use group bys. * Configuration: You can now see your expired API keys if you have no active ones. * Elasticsearch: Fix handling multiple datalinks for a single field. * Export: Fix error being thrown when exporting dashboards using query variables that reference the default datasource. * ImportDashboard: Fixes issue with importing dashboard and name ending up in uid. * Login: Page no longer overflows on mobile. * Plugins: Set backend metadata property for core plugins. * Prometheus: Fill missing steps with null values. * Prometheus: Fix interpolation of $__rate_interval variable. * Prometheus: Interpolate variables with curly brackets syntax. * Prometheus: Respect the http-method data source setting. * Table: Fixes issue with field config applied to wrong fields when hiding columns. * Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin. * Variables: Fix so data source variables are added to adhoc configuration. + Plugin development fixes & changes: * Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing. - Update to version 8.3.3: * BarChart: Use new data error view component to show actions in panel edit. * CloudMonitor: Iterate over pageToken for resources. * Macaron: Prevent WriteHeader invalid HTTP status code panic. * AnnoListPanel: Fix interpolation of variables in tags. * CloudWatch: Allow queries to have no dimensions specified. * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0. * CloudWatch: Make sure MatchExact flag gets the right value. * Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page. * InfluxDB: Improve handling of metadata query errors in InfluxQL. * Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions. * Prometheus: Fix running of exemplar queries for non-histogram metrics. * Prometheus: Interpolate template variables in interval. * StateTimeline: Fix toolitp not showing when for frames with multiple fields. * TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore. * Variables: Fix repeating panels for on time range changed variables. * Variables: Fix so queryparam option works for scoped - Update to version 8.3.2 + Security: Fixes CVE-2021-43813 and CVE-2021-43815. - Update to version 8.3.1 + Security: Fixes CVE-2021-43798. - Update to version 8.3.0 * Alerting: Prevent folders from being deleted when they contain alerts. * Alerting: Show full preview value in tooltip. * BarGauge: Limit title width when name is really long. * CloudMonitoring: Avoid to escape regexps in filters. * CloudWatch: Add support for AWS Metric Insights. * TooltipPlugin: Remove other panels' shared tooltip in edit panel. * Visualizations: Limit y label width to 40% of visualization width. * Alerting: Clear alerting rule evaluation errors after intermittent failures. * Alerting: Fix refresh on legacy Alert List panel. * Dashboard: Fix queries for panels with non-integer widths. * Explore: Fix url update inconsistency. * Prometheus: Fix range variables interpolation for time ranges smaller than 1 second. * ValueMappings: Fixes issue with regex value mapping that only sets color. - Update to version 8.3.0-beta2 + Breaking changes: * Grafana 8 Alerting enabled by default for installations that do not use legacy alerting. * Keep Last State for 'If execution error or timeout' when upgrading to Grafana 8 alerting. * Alerting: Create DatasourceError alert if evaluation returns error. * Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting. * Alerting: Support mute timings configuration through the api for the embedded alert manager. * CloudWatch: Add missing AWS/Events metrics. * Docs: Add easier to find deprecation notices to certain data sources and to the changelog. * Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag. * Table: Add space between values for the DefaultCell and JSONViewCell. * Tracing: Make query editors available in dashboard for Tempo and Zipkin. * AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1. * Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor. * CodeEditor: Prevent suggestions from being clipped. * Dashboard: Fix cache timeout persistence. * Datasource: Fix stable sort order of query responses. * Explore: Fix error in query history when removing last item. * Logs: Fix requesting of older logs when flipped order. * Prometheus: Fix running of health check query based on access mode. * TextPanel: Fix suggestions for existing panels. * Tracing: Fix incorrect indentations due to reoccurring spanIDs. * Tracing: Show start time of trace with milliseconds precision. * Variables: Make renamed or missing variable section expandable. * Select: Select menus now properly scroll during keyboard navigation. - Update to version 8.3.0-beta1 * Alerting: Add UI for contact point testing with custom annotations and labels. * Alerting: Make alert state indicator in panel header work with Grafana 8 alerts. * Alerting: Option for Discord notifier to use webhook name. * Annotations: Deprecate AnnotationsSrv. * Auth: Omit all base64 paddings in JWT tokens for the JWT auth. * Azure Monitor: Clean up fields when editing Metrics. * AzureMonitor: Add new starter dashboards. * AzureMonitor: Add starter dashboard for app monitoring with Application Insights. * Barchart/Time series: Allow x axis label. * CLI: Improve error handling for installing plugins. * CloudMonitoring: Migrate to use backend plugin SDK contracts. * CloudWatch Logs: Add retry strategy for hitting max concurrent queries. * CloudWatch: Add AWS RoboMaker metrics and dimension. * CloudWatch: Add AWS Transfer metrics and dimension. * Dashboard: replace datasource name with a reference object. * Dashboards: Show logs on time series when hovering. * Elasticsearch: Add support for Elasticsearch 8.0 (Beta). * Elasticsearch: Add time zone setting to Date Histogram aggregation. * Elasticsearch: Enable full range log volume histogram. * Elasticsearch: Full range logs volume. * Explore: Allow changing the graph type. * Explore: Show ANSI colors when highlighting matched words in the logs panel. * Graph(old) panel: Listen to events from Time series panel. * Import: Load gcom dashboards from URL. * LibraryPanels: Improves export and import of library panels between orgs. * OAuth: Support PKCE. * Panel edit: Overrides now highlight correctly when searching. * PanelEdit: Display drag indicators on draggable sections. * Plugins: Refactor Plugin Management. * Prometheus: Add custom query parameters when creating PromLink url. * Prometheus: Remove limits on metrics, labels, and values in Metrics Browser. * StateTimeline: Share cursor with rest of the panels. * Tempo: Add error details when json upload fails. * Tempo: Add filtering for service graph query. * Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics. * Time series/Bar chart panel: Add ability to sort series via legend. * TimeSeries: Allow multiple axes for the same unit. * TraceView: Allow span links defined on dataFrame. * Transformations: Support a rows mode in labels to fields. * ValueMappings: Don't apply field config defaults to time fields. * Variables: Only update panels that are impacted by variable change. * API: Fix dashboard quota limit for imports. * Alerting: Fix rule editor issues with Azure Monitor data source. * Azure monitor: Make sure alert rule editor is not enabled when template variables are being used. * CloudMonitoring: Fix annotation queries. * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor. * Dashboard: Remove the current panel from the list of options in the Dashboard datasource. * Encryption: Fix decrypting secrets in alerting migration. * InfluxDB: Fix corner case where index is too large in ALIAS * NavBar: Order App plugins alphabetically. * NodeGraph: Fix zooming sensitivity on touchpads. * Plugins: Add OAuth pass-through logic to api/ds/query endpoint. * Snapshots: Fix panel inspector for snapshot data. * Tempo: Fix basic auth password reset on adding tag. * ValueMapping: Fixes issue with regex mappings. * grafana/ui: Enable slider marks display. - Update to version 8.2.7 - Update to version 8.2.6 * Security: Upgrade Docker base image to Alpine 3.14.3. * Security: Upgrade Go to 1.17.2. * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series. - Update to version 8.2.5 * Fix No Data behaviour in Legacy Alerting. * Alerting: Fix a bug where the metric in the evaluation string was not correctly populated. * Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator. * CloudMonitoring: Ignore min and max aggregation in MQL queries. * Dashboards: 'Copy' is no longer added to new dashboard titles. * DataProxy: Fix overriding response body when response is a WebSocket upgrade. * Elasticsearch: Use field configured in query editor as field for date_histogram aggregations. * Explore: Fix running queries without a datasource property set. * InfluxDB: Fix numeric aliases in queries. * Plugins: Ensure consistent plugin settings list response. * Tempo: Fix validation of float durations. * Tracing: Correct tags for each span are shown. - Update to version 8.2.4 + Security: Fixes CVE-2021-41244. - Update to version 8.2.3 + Security: Fixes CVE-2021-41174. - Update to version 8.2.2 * Annotations: We have improved tag search performance. * Application: You can now configure an error-template title. * AzureMonitor: We removed a restriction from the resource filter query. * Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments. * Prometheus: We removed the autocomplete limit for metrics. * Table: We improved the styling of the type icons to make them more distinct from column / field name. * ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations. * Alerting: Fix panic when Slack's API sends unexpected response. * Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default datasource. * Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no results. * Graph: You can now see annotation descriptions on hover. * Logs: The system now uses the JSON parser only if the line is parsed to an object. * Prometheus: We fixed the issue where the system did not reuse TCP connections when querying from Grafana alerting. * Prometheus: We fixed the problem that resulted in an error when a user created a query with a $__interval min step. * RowsToFields: We fixed the issue where the system was not properly interpreting number values. * Scale: We fixed how the system handles NaN percent when data min = data max. * Table panel: You can now create a filter that includes special characters. - Update to version 8.2.1 * Dashboard: Fix rendering of repeating panels. * Datasources: Fix deletion of data source if plugin is not found. * Packaging: Remove systemcallfilters sections from systemd unit files. * Prometheus: Add Headers to HTTP client options. - Update to version 8.2.0 * AWS: Updated AWS authentication documentation. * Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation. * Alerting: Allows more characters in label names so notifications are sent. * Alerting: Get alert rules for a dashboard or a panel using /api/v1/rules endpoints. * Annotations: Improved rendering performance of event markers. * CloudWatch Logs: Skip caching for log queries. * Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo. * Packaging: Add stricter systemd unit options. * Prometheus: Metrics browser can now handle label values with * CodeEditor: Ensure that we trigger the latest onSave callback provided to the component. * DashboardList/AlertList: Fix for missing All folder value. * Plugins: Create a mock icon component to prevent console errors. - Update to version 8.2.0-beta2 * AccessControl: Document new permissions restricting data source access. * TimePicker: Add fiscal years and search to time picker. * Alerting: Added support for Unified Alerting with Grafana HA. * Alerting: Added support for tune rule evaluation using configuration options. * Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts. * Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and disabling them for specific organisations. * CloudWatch: Introduced new math expression where it is necessary to specify the period field. * InfluxDB: Added support for $__interval and $__interval_ms in Flux queries for alerting. * InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision. * Plugins Catalog: Make the catalog the default way to interact with plugins. * Prometheus: Removed autocomplete limit for metrics. * Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set. * Alerting: Fixed rules migration to keep existing Grafana 8 alert rules. * Alerting: Fixed the silence file content generated during * Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights. * BarGauge: Fixed an issue where the cell color was lit even though there was no data. * BarGauge: Improved handling of streaming data. * CloudMonitoring: Fixed INT64 label unmarshal error. * ConfirmModal: Fixes confirm button focus on modal open. * Dashboard: Add option to generate short URL for variables with values containing spaces. * Explore: No longer hides errors containing refId property. * Fixed an issue that produced State timeline panel tooltip error when data was not in sync. * InfluxDB: InfluxQL query editor is set to always use resultFormat. * Loki: Fixed creating context query for logs with parsed labels. * PageToolbar: Fixed alignment of titles. * Plugins Catalog: Update to the list of available panels after an install, update or uninstall. * TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel. * Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable input. * Variables: Panel no longer crash when using the adhoc variable in data links. - Update to version 8.2.0-beta1 * AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration. * Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval. * Alerting: Add a Test button to test contact point. * Alerting: Allow creating/editing recording rules for Loki and Cortex. * Alerting: Metrics should have the label org instead of user. * Alerting: Sort notification channels by name to make them easier to locate. * Alerting: Support org level isolation of notification * AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph. * AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services. * AzureMonitor: Show error message when subscriptions request fails in ConfigEditor. * Chore: Update to Golang 1.16.7. * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs. * CloudWatch Logs: Disable query path using websockets (Live) feature. * CloudWatch/Logs: Don't group dataframes for non time series * Cloudwatch: Migrate queries that use multiple stats to one query per stat. * Dashboard: Keep live timeseries moving left (v2). * Datasources: Introduce response_limit for datasource responses. * Explore: Add filter by trace or span ID to trace to logs * Explore: Download traces as JSON in Explore Inspector. * Explore: Reuse Dashboard's QueryRows component. * Explore: Support custom display label for derived fields buttons for Loki datasource. * Grafana UI: Update monaco-related dependencies. * Graphite: Deprecate browser access mode. * InfluxDB: Improve handling of intervals in alerting. * InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better. * Jaeger: Add ability to upload JSON file for trace data. * LibraryElements: Enable specifying UID for new and existing library elements. * LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a library panel from the dashboard view. * Logs panel: Scroll to the bottom on page refresh when sorting in ascending order. * Loki: Add fuzzy search to label browser. * Navigation: Implement active state for items in the Sidemenu. * Packaging: Update PID file location from /var/run to /run. * Plugins: Add Hide OAuth Forward config option. * Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed. * Prometheus: Add browser access mode deprecation warning. * Prometheus: Add interpolation for built-in-time variables to backend. * Tempo: Add ability to upload trace data in JSON format. * TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels. * Transformations: Convert field types to time string number or boolean. * Value mappings: Add regular-expression based value mapping. * Zipkin: Add ability to upload trace JSON. * Admin: Prevent user from deleting user's current/active organization. * LibraryPanels: Fix library panel getting saved in the dashboard's folder. * OAuth: Make generic teams URL and JMES path configurable. * QueryEditor: Fix broken copy-paste for mouse middle-click * Thresholds: Fix undefined color in 'Add threshold'. * Timeseries: Add wide-to-long, and fix multi-frame output. * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All. * Grafana UI: Fix TS error property css is missing in type. - Update to version 8.1.8 - Update to version 8.1.7 * Alerting: Fix alerts with evaluation interval more than 30 seconds resolving before notification. * Elasticsearch/Prometheus: Fix usage of proper SigV4 service namespace. - Update to version 8.1.6 + Security: Fixes CVE-2021-39226. - Update to version 8.1.5 * BarChart: Fixes panel error that happens on second refresh. - Update to version 8.1.4 + Features and enhancements * Explore: Ensure logs volume bar colors match legend colors. * LDAP: Search all DNs for users. * Alerting: Fix notification channel migration. * Annotations: Fix blank panels for queries with unknown data sources. * BarChart: Fix stale values and x axis labels. * Graph: Make old graph panel thresholds work even if ngalert is enabled. * InfluxDB: Fix regex to identify / as separator. * LibraryPanels: Fix update issues related to library panels in rows. * Variables: Fix variables not updating inside a Panel when the preceding Row uses 'Repeat For'. - Update to version 8.1.3 + Bug fixes * Alerting: Fix alert flapping in the internal alertmanager. * Alerting: Fix request handler failed to convert dataframe 'results' to plugins.DataTimeSeriesSlice: input frame is not recognized as a time series. * Dashboard: Fix UIDs are not preserved when importing/creating dashboards thru importing .json file. * Dashboard: Forces panel re-render when exiting panel edit. * Dashboard: Prevent folder from changing when navigating to general settings. * Docker: Force use of libcrypto1.1 and libssl1.1 versions to fix CVE-2021-3711. * Elasticsearch: Fix metric names for alert queries. * Elasticsearch: Limit Histogram field parameter to numeric values. * Elasticsearch: Prevent pipeline aggregations to show up in terms order by options. * LibraryPanels: Prevent duplicate repeated panels from being created. * Loki: Fix ad-hoc filter in dashboard when used with parser. * Plugins: Track signed files + add warn log for plugin assets which are not signed. * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly. * Prometheus: Fix validate selector in metrics browser. * Security: Fix stylesheet injection vulnerability. * Security: Fix short URL vulnerability. - Update to version 8.1.2 * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers. * Datasource: Change HTTP status code for failed datasource health check to 400. * Explore: Add span duration to left panel in trace viewer. * Plugins: Use file extension allowlist when serving plugin assets instead of checking for UNIX executable. * Profiling: Add support for binding pprof server to custom network interfaces. * Search: Make search icon keyboard navigable. * Template variables: Keyboard navigation improvements. * Tooltip: Display ms within minute time range. * Alerting: Fix saving LINE contact point. * Annotations: Fix alerting annotation coloring. * Annotations: Alert annotations are now visible in the correct Panel. * Auth: Hide SigV4 config UI and disable middleware when its config flag is disabled. * Dashboard: Prevent incorrect panel layout by comparing window width against theme breakpoints. * Explore: Fix showing of full log context. * PanelEdit: Fix 'Actual' size by passing the correct panel size to Dashboard. * Plugins: Fix TLS datasource settings. * Variables: Fix issue with empty drop downs on navigation. * Variables: Fix URL util converting false into true. * Toolkit: Fix matchMedia not found error. - Update to version 8.1.1 * CloudWatch Logs: Fix crash when no region is selected. - Update to version 8.1.0 * Alerting: Deduplicate receivers during migration. * ColorPicker: Display colors as RGBA. * Select: Make portalling the menu opt-in, but opt-in everywhere. * TimeRangePicker: Improve accessibility. * Annotations: Correct annotations that are displayed upon page refresh. * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6. * Annotations: Fix data source template variable that was not available for annotations. * AzureMonitor: Fix annotations query editor that does not load. * Geomap: Fix scale calculations. * GraphNG: Fix y-axis autosizing. * Live: Display stream rate and fix duplicate channels in list * Loki: Update labels in log browser when time range changes in dashboard. * NGAlert: Send resolve signal to alertmanager on alerting -> Normal. * PasswordField: Prevent a password from being displayed when you click the Enter button. * Renderer: Remove debug.log file when Grafana is stopped. * Security: Update dependencies to fix CVE-2021-36222. - Update to version 8.1.0-beta3 * Alerting: Support label matcher syntax in alert rule list filter. * IconButton: Put tooltip text as aria-label. * Live: Experimental HA with Redis. * UI: FileDropzone component. * CloudWatch: Add AWS LookoutMetrics. * Docker: Fix builds by delaying go mod verify until all required files are copied over. * Exemplars: Fix disable exemplars only on the query that failed. * SQL: Fix SQL dataframe resampling (fill mode + time intervals). - Update to version 8.1.0-beta2 * Alerting: Expand the value string in alert annotations and * Auth: Add Azure HTTP authentication middleware. * Auth: Auth: Pass user role when using the authentication proxy. * Gazetteer: Update countries.json file to allow for linking to 3-letter country codes. * Config: Fix Docker builds by correcting formatting in sample.ini. * Explore: Fix encoding of internal URLs. - Update to version 8.1.0-beta1 * Alerting: Add Alertmanager notifications tab. * Alerting: Add button to deactivate current Alertmanager * Alerting: Add toggle in Loki/Prometheus data source configuration to opt out of alerting UI. * Alerting: Allow any 'evaluate for' value >=0 in the alert rule form. * Alerting: Load default configuration from status endpoint, if Cortex Alertmanager returns empty user configuration. * Alerting: view to display alert rule and its underlying data. * Annotation panel: Release the annotation panel. * Annotations: Add typeahead support for tags in built-in annotations. * AzureMonitor: Add curated dashboards for Azure services. * AzureMonitor: Add support for deep links to Microsoft Azure portal for Metrics. * AzureMonitor: Remove support for different credentials for Azure Monitor Logs. * AzureMonitor: Support querying any Resource for Logs queries. * Elasticsearch: Add frozen indices search support. * Elasticsearch: Name fields after template variables values instead of their name. * Elasticsearch: add rate aggregation. * Email: Allow configuration of content types for email notifications. * Explore: Add more meta information when line limit is hit. * Explore: UI improvements to trace view. * FieldOverrides: Added support to change display name in an override field and have it be matched by a later rule. * HTTP Client: Introduce dataproxy_max_idle_connections config variable. * InfluxDB: InfluxQL: adds tags to timeseries data. * InfluxDB: InfluxQL: make measurement search case insensitive. Legacy Alerting: Replace simplejson with a struct in webhook notification channel. * Legend: Updates display name for Last (not null) to just Last*. * Logs panel: Add option to show common labels. * Loki: Add $__range variable. * Loki: Add support for 'label_values(log stream selector, label)' in templating. * Loki: Add support for ad-hoc filtering in dashboard. * MySQL Datasource: Add timezone parameter. * NodeGraph: Show gradient fields in legend. * PanelOptions: Don't mutate panel options/field config object when updating. * PieChart: Make pie gradient more subtle to match other charts. * Prometheus: Update PromQL typeahead and highlighting. * Prometheus: interpolate variable for step field. * Provisioning: Improve validation by validating across all dashboard providers. * SQL Datasources: Allow multiple string/labels columns with time series. * Select: Portal select menu to document.body. * Team Sync: Add group mapping to support team sync in the Generic OAuth provider. * Tooltip: Make active series more noticeable. * Tracing: Add support to configure trace to logs start and end time. * Transformations: Skip merge when there is only a single data frame. * ValueMapping: Added support for mapping text to color, boolean values, NaN and Null. Improved UI for value mapping. * Visualizations: Dynamically set any config (min, max, unit, color, thresholds) from query results. * live: Add support to handle origin without a value for the port when matching with root_url. * Alerting: Handle marshaling Inf values. * AzureMonitor: Fix macro resolution for template variables. * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes resources. * AzureMonitor: Request and concat subsequent resource pages. * Bug: Fix parse duration for day. * Datasources: Improve error handling for error messages. * Explore: Correct the functionality of shift-enter shortcut across all uses. * Explore: Show all dataFrames in data tab in Inspector. * GraphNG: Fix Tooltip mode 'All' for XYChart. * Loki: Fix highlight of logs when using filter expressions with backticks. * Modal: Force modal content to overflow with scroll. * Plugins: Ignore symlinked folders when verifying plugin signature. * Toolkit: Improve error messages when tasks fail. - Update to version 8.0.7 - Update to version 8.0.6 * Alerting: Add annotation upon alert state change. * Alerting: Allow space in label and annotation names. * InfluxDB: Improve legend labels for InfluxDB query results. * Alerting: Fix improper alert by changing the handling of empty labels. * CloudWatch/Logs: Reestablish Cloud Watch alert behavior. * Dashboard: Avoid migration breaking on fieldConfig without defaults field in folded panel. * DashboardList: Fix issue not re-fetching dashboard list after variable change. * Database: Fix incorrect format of isolation level configuration parameter for MySQL. * InfluxDB: Correct tag filtering on InfluxDB data. * Links: Fix links that caused a full page reload. * Live: Fix HTTP error when InfluxDB metrics have an incomplete or asymmetrical field set. * Postgres/MySQL/MSSQL: Change time field to 'Time' for time series queries. * Postgres: Fix the handling of a null return value in query * Tempo: Show hex strings instead of uints for IDs. * TimeSeries: Improve tooltip positioning when tooltip overflows. * Transformations: Add 'prepare time series' transformer. - Update to version 8.0.5 * Cloudwatch Logs: Send error down to client. * Folders: Return 409 Conflict status when folder already exists. * TimeSeries: Do not show series in tooltip if it's hidden in the viz. * AzureMonitor: Fix issue where resource group name is missing on the resource picker button. * Chore: Fix AWS auth assuming role with workspace IAM. * DashboardQueryRunner: Fixes unrestrained subscriptions being * DateFormats: Fix reading correct setting key for use_browser_locale. * Links: Fix links to other apps outside Grafana when under sub path. * Snapshots: Fix snapshot absolute time range issue. * Table: Fix data link color. * Time Series: Fix X-axis time format when tick increment is larger than a year. * Tooltip Plugin: Prevent tooltip render if field is undefined. - Update to version 8.0.4 * Live: Rely on app url for origin check. * PieChart: Sort legend descending, update placeholder. * TimeSeries panel: Do not reinitialize plot when thresholds mode change. * Elasticsearch: Allow case sensitive custom options in date_histogram interval. * Elasticsearch: Restore previous field naming strategy when using variables. * Explore: Fix import of queries between SQL data sources. * InfluxDB: InfluxQL query editor: fix retention policy handling. * Loki: Send correct time range in template variable queries. * TimeSeries: Preserve RegExp series overrides when migrating from old graph panel. - Update to version 8.0.3 * Alerting: Increase alertmanager_conf column if MySQL. * Time series/Bar chart panel: Handle infinite numbers as nulls when converting to plot array. * TimeSeries: Ensure series overrides that contain color are migrated, and migrate the previous fieldConfig when changing the panel type. * ValueMappings: Improve singlestat value mappings migration. * Annotations: Fix annotation line and marker colors. * AzureMonitor: Fix KQL template variable queries without default workspace. * CloudWatch/Logs: Fix missing response data for log queries. * LibraryPanels: Fix crash in library panels list when panel plugin is not found. * LogsPanel: Fix performance drop when moving logs panel in * Loki: Parse log levels when ANSI coloring is enabled. * MSSQL: Fix issue with hidden queries still being executed. * PanelEdit: Display the VisualizationPicker that was not displayed if a panel has an unknown panel plugin. * Plugins: Fix loading symbolically linked plugins. * Prometheus: Fix issue where legend name was replaced with name Value in stat and gauge panels. * State Timeline: Fix crash when hovering over panel. - Update to version 8.0.2 * Datasource: Add support for max_conns_per_host in dataproxy settings. * Configuration: Fix changing org preferences in FireFox. * PieChart: Fix legend dimension limits. * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes. * Variables: Hide default data source if missing from regex. - Update to version 8.0.1 * Alerting/SSE: Fix 'count_non_null' reducer validation. * Cloudwatch: Fix duplicated time series. * Cloudwatch: Fix missing defaultRegion. * Dashboard: Fix Dashboard init failed error on dashboards with old singlestat panels in collapsed rows. * Datasource: Fix storing timeout option as numeric. * Postgres/MySQL/MSSQL: Fix annotation parsing for empty * Postgres/MySQL/MSSQL: Numeric/non-string values are now returned from query variables. * Postgres: Fix an error that was thrown when the annotation query did not return any results. * StatPanel: Fix an issue with the appearance of the graph when switching color mode. * Visualizations: Fix an issue in the Stat/BarGauge/Gauge/PieChart panels where all values mode were showing the same name if they had the same value. * Toolkit: Resolve external fonts when Grafana is served from a sub path. - Update to version 8.0.0 * The following endpoints were deprecated for Grafana v5.0 and support for them has now been removed: GET /dashboards/db/:slug GET /dashboard-solo/db/:slug GET /api/dashboard/db/:slug DELETE /api/dashboards/db/:slug * AzureMonitor: Require default subscription for workspaces() template variable query. * AzureMonitor: Use resource type display names in the UI. * Dashboard: Remove support for loading and deleting dashboard by slug. * InfluxDB: Deprecate direct browser access in data source. * VizLegend: Add a read-only property. * AzureMonitor: Fix Azure Resource Graph queries in Azure China. * Checkbox: Fix vertical layout issue with checkboxes due to fixed height. * Dashboard: Fix Table view when editing causes the panel data to not update. * Dashboard: Fix issues where unsaved-changes warning is not displayed. * Login: Fixes Unauthorized message showing when on login page or snapshot page. * NodeGraph: Fix sorting markers in grid view. * Short URL: Include orgId in generated short URLs. * Variables: Support raw values of boolean type. - Update to version 8.0.0-beta3 * The default HTTP method for Prometheus data source is now POST. * API: Support folder UID in dashboards API. * Alerting: Add support for configuring avatar URL for the Discord notifier. * Alerting: Clarify that Threema Gateway Alerts support only Basic IDs. * Azure: Expose Azure settings to external plugins. * AzureMonitor: Deprecate using separate credentials for Azure Monitor Logs. * AzureMonitor: Display variables in resource picker for Azure * AzureMonitor: Hide application insights for data sources not using it. * AzureMonitor: Support querying subscriptions and resource groups in Azure Monitor Logs. * AzureMonitor: remove requirement for default subscription. * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics. * CloudWatch: Add missing AWS AppSync metrics. * ConfirmModal: Auto focus delete button. * Explore: Add caching for queries that are run from logs * Loki: Add formatting for annotations. * Loki: Bring back processed bytes as meta information. * NodeGraph: Display node graph collapsed by default with trace view. * Overrides: Include a manual override option to hide something from visualization. * PieChart: Support row data in pie charts. * Prometheus: Update default HTTP method to POST for existing data sources. * Time series panel: Position tooltip correctly when window is scrolled or resized. * Admin: Fix infinite loading edit on the profile page. * Color: Fix issues with random colors in string and date * Dashboard: Fix issue with title or folder change has no effect after exiting settings view. * DataLinks: Fix an issue __series.name is not working in data link. * Datasource: Fix dataproxy timeout should always be applied for outgoing data source HTTP requests. * Elasticsearch: Fix NewClient not passing httpClientProvider to client impl. * Explore: Fix Browser title not updated on Navigation to Explore. * GraphNG: Remove fieldName and hideInLegend properties from UPlotSeriesBuilder. * OAuth: Fix fallback to auto_assign_org_role setting for Azure AD OAuth when no role claims exists. * PanelChrome: Fix issue with empty panel after adding a non data panel and coming back from panel edit. * StatPanel: Fix data link tooltip not showing for single value. * Table: Fix sorting for number fields. * Table: Have text underline for datalink, and add support for image datalink. * Transformations: Prevent FilterByValue transform from crashing panel edit. - Update to version 8.0.0-beta2 * AppPlugins: Expose react-router to apps. * AzureMonitor: Add Azure Resource Graph. * AzureMonitor: Managed Identity configuration UI. * AzureMonitor: Token provider with support for Managed Identities. * AzureMonitor: Update Logs workspace() template variable query to return resource URIs. * BarChart: Value label sizing. * CloudMonitoring: Add support for preprocessing. * CloudWatch: Add AWS/EFS StorageBytes metric. * CloudWatch: Allow use of missing AWS namespaces using custom * Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy. * InfluxDB: InfluxQL: allow empty tag values in the query editor. * Instrumentation: Instrument incoming HTTP request with histograms by default. * Library Panels: Add name endpoint & unique name validation to AddLibraryPanelModal. * Logs panel: Support details view. * PieChart: Always show the calculation options dropdown in the * PieChart: Remove beta flag. * Plugins: Enforce signing for all plugins. * Plugins: Remove support for deprecated backend plugin protocol version. * Tempo/Jaeger: Add better display name to legend. * Timeline: Add time range zoom. * Timeline: Adds opacity & line width option. * Timeline: Value text alignment option. * ValueMappings: Add duplicate action, and disable dismiss on backdrop click. * Zipkin: Add node graph view to trace response. * Annotations panel: Remove subpath from dashboard links. * Content Security Policy: Allow all image sources by default. * Content Security Policy: Relax default template wrt. loading of scripts, due to nonces not working. * Datasource: Fix tracing propagation for alert execution by introducing HTTP client outgoing tracing middleware. * InfluxDB: InfluxQL always apply time interval end. * Library Panels: Fixes 'error while loading library panels'. * NewsPanel: Fixes rendering issue in Safari. * PanelChrome: Fix queries being issued again when scrolling in and out of view. * Plugins: Fix Azure token provider cache panic and auth param nil value. * Snapshots: Fix key and deleteKey being ignored when creating an external snapshot. * Table: Fix issue with cell border not showing with colored background cells. * Table: Makes tooltip scrollable for long JSON values. * TimeSeries: Fix for Connected null values threshold toggle during panel editing. * Variables: Fixes inconsistent selected states on dashboard * Variables: Refreshes all panels even if panel is full screen. * QueryField: Remove carriage return character from pasted text. - Update to version 8.0.0-beta1 + License update: * AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL). * Removes the never refresh option for Query variables. * Removes the experimental Tags feature for Variables. + Deprecations: * The InfoBox & FeatureInfoBox are now deprecated please use the Alert component instead with severity info. * API: Add org users with pagination. * API: Return 404 when deleting nonexistent API key. * API: Return query results as JSON rather than base64 encoded Arrow. * Alerting: Allow sending notification tags to Opsgenie as extra properties. * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with Alert. * Auth: Add support for JWT Authentication. * AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics. * AzureMonitor: Azure settings in Grafana server config. * AzureMonitor: Migrate Metrics query editor to React. * BarChart panel: enable series toggling via legend. * BarChart panel: Adds support for Tooltip in BarChartPanel. * PieChart panel: Change look of highlighted pie slices. * CloudMonitoring: Migrate config editor from angular to react. * CloudWatch: Add Amplify Console metrics and dimensions. * CloudWatch: Add missing Redshift metrics to CloudWatch data * CloudWatch: Add metrics for managed RabbitMQ service. * DashboardList: Enable templating on search tag input. * Datasource config: correctly remove single custom http header. * Elasticsearch: Add generic support for template variables. * Elasticsearch: Allow omitting field when metric supports inline script. * Elasticsearch: Allow setting a custom limit for log queries. * Elasticsearch: Guess field type from first non-empty value. * Elasticsearch: Use application/x-ndjson content type for multisearch requests. * Elasticsearch: Use semver strings to identify ES version. * Explore: Add logs navigation to request more logs. * Explore: Map Graphite queries to Loki. * Explore: Scroll split panes in Explore independently. * Explore: Wrap each panel in separate error boundary. * FieldDisplay: Smarter naming of stat values when visualising row values (all values) in stat panels. * Graphite: Expand metric names for variables. * Graphite: Handle unknown Graphite functions without breaking the visual editor. * Graphite: Show graphite functions descriptions. * Graphite: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). * InfluxDB: Flux: Improve handling of complex response-structures. * InfluxDB: Support region annotations. * Inspector: Download logs for manual processing. * Jaeger: Add node graph view for trace. * Jaeger: Search traces. * Loki: Use data source settings for alerting queries. * NodeGraph: Exploration mode. * OAuth: Add support for empty scopes. * PanelChrome: New logic-less emotion based component with no dependency on PanelModel or DashboardModel. * PanelEdit: Adds a table view toggle to quickly view data in table form. * PanelEdit: Highlight matched words when searching options. * PanelEdit: UX improvements. * Plugins: PanelRenderer and simplified QueryRunner to be used from plugins. * Plugins: AuthType in route configuration and params interpolation. * Plugins: Enable plugin runtime install/uninstall capabilities. * Plugins: Support set body content in plugin routes. * Plugins: Introduce marketplace app. * Plugins: Moving the DataSourcePicker to grafana/runtime so it can be reused in plugins. * Prometheus: Add custom query params for alert and exemplars * Prometheus: Use fuzzy string matching to autocomplete metric names and label. * Routing: Replace Angular routing with react-router. * Slack: Use chat.postMessage API by default. * Tempo: Search for Traces by querying Loki directly from Tempo. * Tempo: Show graph view of the trace. * Themes: Switch theme without reload using global shortcut. * TimeSeries panel: Add support for shared cursor. * TimeSeries panel: Do not crash the panel if there is no time series data in the response. * Variables: Do not save repeated panels, rows and scopedVars. * Variables: Removes experimental Tags feature. * Variables: Removes the never refresh option. * Visualizations: Unify tooltip options across visualizations. * Visualizations: Refactor and unify option creation between new visualizations. * Visualizations: Remove singlestat panel. * APIKeys: Fixes issue with adding first api key. * Alerting: Add checks for non supported units - disable defaulting to seconds. * Alerting: Fix issue where Slack notifications won't link to user IDs. * Alerting: Omit empty message in PagerDuty notifier. * AzureMonitor: Fix migration error from older versions of App Insights queries. * CloudWatch: Fix AWS/Connect dimensions. * CloudWatch: Fix broken AWS/MediaTailor dimension name. * Dashboards: Allow string manipulation as advanced variable format option. * DataLinks: Includes harmless extended characters like Cyrillic characters. * Drawer: Fixes title overflowing its container. * Explore: Fix issue when some query errors were not shown. * Generic OAuth: Prevent adding duplicated users. * Graphite: Handle invalid annotations. * Graphite: Fix autocomplete when tags are not available. * InfluxDB: Fix Cannot read property 'length' of undefined in when parsing response. * Instrumentation: Enable tracing when Jaeger host and port are * Instrumentation: Prefix metrics with grafana. * MSSQL: By default let driver choose port. * OAuth: Add optional strict parsing of role_attribute_path. * Panel: Fixes description markdown with inline code being rendered on newlines and full width. * PanelChrome: Ignore data updates & errors for non data panels. * Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard. * Plugins: Remove pre-existing plugin installs when installing with grafana-cli. * Plugins: Support installing to folders with whitespace and fix pluginUrl trailing and leading whitespace failures. * Postgres/MySQL/MSSQL: Don't return connection failure details to the client. * Postgres: Fix ms precision of interval in time group macro when TimescaleDB is enabled. * Provisioning: Use dashboard checksum field as change indicator. * SQL: Fix so that all captured errors are returned from sql engine. * Shortcuts: Fixes panel shortcuts so they always work. * Table: Fixes so border is visible for cells with links. * Variables: Clear query when data source type changes. * Variables: Filters out builtin variables from unknown list. * Button: Introduce buttonStyle prop. * DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode. * grafana/ui: Update React Hook Form to v7. * IconButton: Introduce variant for red and blue icon buttons. * Plugins: Expose the getTimeZone function to be able to get the current selected timeZone. * TagsInput: Add className to TagsInput. * VizLegend: Move onSeriesColorChanged to PanelContext (breaking change). - Update to version 7.5.13 * Alerting: Fix NoDataFound for alert rules using AND operator. mgr-cfg: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 (bsc#1197579) - Version 4.2.7-1 * Fix installation problem for SLE15SP4 due missing python-selinux mgr-osad: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-push: - Version 4.2.5-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-virtualization: - Version 4.2.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 prometheus-postgres_exporter: - Version 0.10.0 * Added hardening to systemd service(s) with changes to `prometheus-postgres_exporter.service` (bsc#1181400) * Package rename from golang-github-wrouesnel-postgres_exporter (jsc#SLE-23051) rhnlib: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacecmd: - Version 4.2.16-1 * implement system.bootstrap (bsc#1194909) * Fix interactive mode for 'system_applyerrata' and 'errata_apply' (bsc#1194363) spacewalk-client-tools: - Version 4.2.18-1 * Fix the condition for preventing building python 2 subpackage for SLE15 - Version 4.2.17-1 * Update translation strings spacewalk-koan: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacewalk-oscap: - Version 4.2.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 suseRegisterInfo: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 Moderate SUSE bug 1181400 SUSE bug 1194363 SUSE bug 1194873 SUSE bug 1194909 SUSE bug 1195726 SUSE bug 1195727 SUSE bug 1195728 SUSE bug 1197579 CVE-2021-36222 CVE-2021-3711 CVE-2021-39226 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-21673 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 cpe:/o:opensuse:leap:15.3 Security update for grafana (Important) openSUSE Leap 15.3 This update for grafana fixes the following issues: - CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454) - CVE-2021-43813: Fixed markdown path traversal (bsc#1193688) Important SUSE bug 1191454 SUSE bug 1193688 CVE-2021-39226 CVE-2021-43813 cpe:/o:opensuse:leap:15.3 Security update for permissions (Moderate) openSUSE Leap 15.3 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). Moderate SUSE bug 1169614 cpe:/o:opensuse:leap:15.3 Security update for go1.18 (Moderate) openSUSE Leap 15.3 This update for go1.18 fixes the following issues: - CVE-2022-24675: Fixed a stack overlow in Decode() in encoding/pem (bsc#1198423). - CVE-2022-28327: Fixed a crash due to refused oversized scalars in generic P-256 (bsc#1198424). - CVE-2022-27536: Fixed a crash in Certificate.Verify in crypto/x509 (bsc#1198427). Bump go1.18 (bsc#1193742) Moderate SUSE bug 1183043 SUSE bug 1193742 SUSE bug 1198423 SUSE bug 1198424 SUSE bug 1198427 CVE-2022-24675 CVE-2022-27536 CVE-2022-28327 cpe:/o:opensuse:leap:15.3 Security update for go1.17 (Moderate) openSUSE Leap 15.3 This update for go1.17 fixes the following issues: - Updated to version 1.17.9 (bsc#1190649): - CVE-2022-24675: Fixed a stack overflow via crafted PEM file (bsc#1198423). - CVE-2022-28327: Fixed a potential panic when using big P-256 scalars in the crypto/elliptic module (bsc#1198424). Moderate SUSE bug 1190649 SUSE bug 1198423 SUSE bug 1198424 CVE-2022-24675 CVE-2022-28327 cpe:/o:opensuse:leap:15.3 Security update for ant (Moderate) openSUSE Leap 15.3 This update for ant fixes the following issues: - CVE-2021-36373: Fixed an excessive memory allocation when reading a specially crafted TAR archive (bsc#1188468). - CVE-2021-36374: Fixed an excessive memory allocation when reading a specially crafted ZIP archive (bsc#1188469). Moderate SUSE bug 1188468 SUSE bug 1188469 CVE-2021-36373 CVE-2021-36374 cpe:/o:opensuse:leap:15.3 Security update for cifs-utils (Important) openSUSE Leap 15.3 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Important SUSE bug 1197216 CVE-2022-27239 cpe:/o:opensuse:leap:15.3 Security update for webkit2gtk3 (Important) openSUSE Leap 15.3 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 (bsc#1198290): - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution. - CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error. Missing CVE reference for the update to 2.34.6 (bsc#1196133): - CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API. Important SUSE bug 1196133 SUSE bug 1198290 CVE-2022-22594 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22637 cpe:/o:opensuse:leap:15.3 Security update for firewalld, golang-github-prometheus-prometheus (Important) openSUSE Leap 15.3 This update for firewalld, golang-github-prometheus-prometheus fixes the following issues: Security fixes for golang-github-prometheus-prometheus: - CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods (bsc#1196338). Other non security changes for golang-github-prometheus-prometheus: - Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`. - Only recommends `firewalld-prometheus-config` as prometheus does not require it to run. - Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24373, jsc#SLE-24374, jsc#SLE-24375) Other non security changes for firewalld: - Provide dummy `firewalld-prometheus-config` package (bsc#1197042) Important SUSE bug 1196338 SUSE bug 1197042 CVE-2022-21698 cpe:/o:opensuse:leap:15.3 Security update for libaom (Moderate) openSUSE Leap 15.3 This update for libaom fixes the following issues: - CVE-2021-30473: AOMedia in aom_image.c frees memory that is not located on the heap (bsc#1185778). Moderate SUSE bug 1185778 CVE-2021-30473 cpe:/o:opensuse:leap:15.3 Security update for buildah (Moderate) openSUSE Leap 15.3 This update for buildah fixes the following issues: - CVE-2022-27651: Fixed incorrect default inheritable capabilities for linux container (bsc#1197870). Update to version 1.25.1. The following non-security bugs were fixed: - add workaround for https://bugzilla.opensuse.org/show_bug.cgi?id=1183043 Moderate SUSE bug 1197870 CVE-2022-27651 cpe:/o:opensuse:leap:15.3 Security update for cryptsetup (Moderate) openSUSE Leap 15.3 This update for cryptsetup fixes the following issues: - CVE-2021-4122: Fixed possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery (bsc#1194469). Moderate SUSE bug 1194469 CVE-2021-4122 cpe:/o:opensuse:leap:15.3 Security update for python-paramiko (Moderate) openSUSE Leap 15.3 This update for python-paramiko fixes the following issues: - CVE-2022-24302: Fixed a race condition between creation and chmod when writing private keys. (bsc#1197279) Moderate SUSE bug 1197279 CVE-2022-24302 cpe:/o:opensuse:leap:15.3 Security update for python-pip (Moderate) openSUSE Leap 15.3 This update for python-pip fixes the following issues: - Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916). - Make wheel a separate build run to avoid the setuptools/wheel build cycle. - Switch this package to use update-alternatives for all files in %{_bindir} so it doesn't collide with the versions on 'the latest' versions of Python interpreter (jsc#SLE-18038, bsc#1195831). Moderate SUSE bug 1176262 SUSE bug 1195831 CVE-2019-20916 cpe:/o:opensuse:leap:15.3 Security update for glib2 (Low) openSUSE Leap 15.3 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). Low SUSE bug 1183533 CVE-2021-28153 cpe:/o:opensuse:leap:15.3 Security update for nodejs12 (Important) openSUSE Leap 15.3 This update for nodejs12 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819). Important SUSE bug 1194819 SUSE bug 1196877 SUSE bug 1197283 SUSE bug 1198247 CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-0778 cpe:/o:opensuse:leap:15.3 Security update for nodejs14 (Important) openSUSE Leap 15.3 This update for nodejs14 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819). Important SUSE bug 1194819 SUSE bug 1196877 SUSE bug 1197283 SUSE bug 1198247 CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-0778 cpe:/o:opensuse:leap:15.3 Security update for libslirp (Important) openSUSE Leap 15.3 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] Important SUSE bug 1187364 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1198773 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 cpe:/o:opensuse:leap:15.3 Security update for libcaca (Moderate) openSUSE Leap 15.3 This update for libcaca fixes the following issues: - CVE-2022-0856: Fixed a divide by zero issue which could be exploited to cause an application crash (bsc#1197028). Moderate SUSE bug 1197028 CVE-2022-0856 cpe:/o:opensuse:leap:15.3 Security update for python-Twisted (Moderate) openSUSE Leap 15.3 This update for python-Twisted fixes the following issues: - CVE-2022-24801: Fixed to not be as lenient as earlier HTTP/1.1 RFCs to prevent HTTP request smuggling. (bsc#1198086) Moderate SUSE bug 1198086 CVE-2022-24801 cpe:/o:opensuse:leap:15.3 Security update for jasper (Moderate) openSUSE Leap 15.3 This update for jasper fixes the following issues: - CVE-2021-3467: Fixed NULL pointer deref in jp2_decode() (bsc#1184757). - CVE-2021-3443: Fixed NULL pointer deref in jp2_decode() (bsc#1184798). - CVE-2021-26927: Fixed NULL pointer deref in jp2_decode() (bsc#1182104). - CVE-2021-26926: Fixed an out of bounds read in jp2_decode() (bsc#1182105). Moderate SUSE bug 1182104 SUSE bug 1182105 SUSE bug 1184757 SUSE bug 1184798 CVE-2021-26926 CVE-2021-26927 CVE-2021-3443 CVE-2021-3467 cpe:/o:opensuse:leap:15.3 Security update for git (Important) openSUSE Leap 15.3 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). Important SUSE bug 1181400 SUSE bug 1198234 CVE-2022-24765 cpe:/o:opensuse:leap:15.3 Security update for python39 (Moderate) openSUSE Leap 15.3 This update for python39 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). - Update to 3.9.10 (jsc#SLE-23849) - Remove shebangs from from python-base libraries in _libdir. (bsc#1193179) - Update to 3.9.9: * Core and Builtins + bpo-30570: Fixed a crash in issubclass() from infinite recursion when searching pathological __bases__ tuples. + bpo-45494: Fix parser crash when reporting errors involving invalid continuation characters. Patch by Pablo Galindo. + bpo-45385: Fix reference leak from descr_check. Patch by Dong-hee Na. + bpo-45167: Fix deepcopying of types.GenericAlias objects. + bpo-44219: Release the GIL while performing isatty system calls on arbitrary file descriptors. In particular, this affects os.isatty(), os.device_encoding() and io.TextIOWrapper. By extension, io.open() in text mode is also affected. This change solves a deadlock in os.isatty(). Patch by Vincent Michel in bpo-44219. + bpo-44959: Added fallback to extension modules with '.sl' suffix on HP-UX + bpo-44050: Extensions that indicate they use global state (by setting m_size to -1) can again be used in multiple interpreters. This reverts to behavior of Python 3.8. + bpo-45121: Fix issue where Protocol.__init__ raises RecursionError when it's called directly or via super(). Patch provided by Yurii Karabas. + bpo-45083: When the interpreter renders an exception, its name now has a complete qualname. Previously only the class name was concatenated to the module name, which sometimes resulted in an incorrect full name being displayed. + bpo-45738: Fix computation of error location for invalid continuation characters in the parser. Patch by Pablo Galindo. + Library + bpo-45678: Fix bug in Python 3.9 that meant functools.singledispatchmethod failed to properly wrap the attributes of the target method. Patch by Alex Waygood. + bpo-45679: Fix caching of multi-value typing.Literal. Literal[True, 2] is no longer equal to Literal[1, 2]. + bpo-45438: Fix typing.Signature string representation for generic builtin types. + bpo-45581: sqlite3.connect() now correctly raises MemoryError if the underlying SQLite API signals memory error. Patch by Erlend E. Aasland. + bpo-39679: Fix bug in functools.singledispatchmethod that caused it to fail when attempting to register a classmethod() or staticmethod() using type annotations. Patch contributed by Alex Waygood. + bpo-45515: Add references to zoneinfo in the datetime documentation, mostly replacing outdated references to dateutil.tz. Change by Paul Ganssle. + bpo-45467: Fix incremental decoder and stream reader in the 'raw-unicode-escape' codec. Previously they failed if the escape sequence was split. + bpo-45461: Fix incremental decoder and stream reader in the 'unicode-escape' codec. Previously they failed if the escape sequence was split. + bpo-45239: Fixed email.utils.parsedate_tz() crashing with UnboundLocalError on certain invalid input instead of returning None. Patch by Ben Hoyt. + bpo-44904: Fix bug in the doctest module that caused it to fail if a docstring included an example with a classmethod property. Patch by Alex Waygood. + bpo-45406: Make inspect.getmodule() catch FileNotFoundError raised by :'func:inspect.getabsfile, and return None to indicate that the module could not be determined. + bpo-45262: Prevent use-after-free in asyncio. Make sure the cached running loop holder gets cleared on dealloc to prevent use-after-free in get_running_loop + bpo-45386: Make xmlrpc.client more robust to C runtimes where the underlying C strftime function results in a ValueError when testing for year formatting options. + bpo-45371: Fix clang rpath issue in distutils. The UnixCCompiler now uses correct clang option to add a runtime library directory (rpath) to a shared library. + bpo-20028: Improve error message of csv.Dialect when initializing. Patch by Vajrasky Kok and Dong-hee Na. + bpo-45343: Update bundled pip to 21.2.4 and setuptools to 58.1.0 + bpo-41710: On Unix, if the sem_clockwait() function is available in the C library (glibc 2.30 and newer), the threading.Lock.acquire() method now uses the monotonic clock (time.CLOCK_MONOTONIC) for the timeout, rather than using the system clock (time.CLOCK_REALTIME), to not be affected by system clock changes. Patch by Victor Stinner. + bpo-45328: Fixed http.client.HTTPConnection to work properly in OSs that don't support the TCP_NODELAY socket option. + bpo-1596321: Fix the threading._shutdown() function when the threading module was imported first from a thread different than the main thread: no longer log an error at Python exit. + bpo-45274: Fix a race condition in the Thread.join() method of the threading module. If the function is interrupted by a signal and the signal handler raises an exception, make sure that the thread remains in a consistent state to prevent a deadlock. Patch by Victor Stinner. + bpo-45238: Fix unittest.IsolatedAsyncioTestCase.debug(): it runs now asynchronous methods and callbacks. + bpo-36674: unittest.TestCase.debug() raises now a unittest.SkipTest if the class or the test method are decorated with the skipping decorator. + bpo-45235: Fix an issue where argparse would not preserve values in a provided namespace when using a subparser with defaults. + bpo-45234: Fixed a regression in copyfile(), copy(), copy2() raising FileNotFoundError when source is a directory, which should raise IsADirectoryError + bpo-45228: Fix stack buffer overflow in parsing J1939 network address. + bpo-45192: Fix the tempfile._infer_return_type function so that the dir argument of the tempfile functions accepts an object implementing the os.PathLike protocol. + bpo-45160: When tracing a tkinter variable used by a ttk OptionMenu, callbacks are no longer made twice. + bpo-35474: Calling mimetypes.guess_all_extensions() with strict=False no longer affects the result of the following call with strict=True. Also, mutating the returned list no longer affects the global state. + bpo-45166: typing.get_type_hints() now works with Final wrapped in ForwardRef. + bpo-45097: Remove deprecation warnings about the loop argument in asyncio incorrectly emitted in cases when the user does not pass the loop argument. + bpo-45081: Fix issue when dataclasses that inherit from typing.Protocol subclasses have wrong __init__. Patch provided by Yurii Karabas. + bpo-24444: Fixed an error raised in argparse help display when help for an option is set to 1+ blank spaces or when choices arg is an empty container. + bpo-45021: Fix a potential deadlock at shutdown of forked children when using concurrent.futures module + bpo-45030: Fix integer overflow in pickling and copying the range iterator. + bpo-39039: tarfile.open raises ReadError when a zlib error occurs during file extraction. + bpo-44594: Fix an edge case of ExitStack and AsyncExitStack exception chaining. They will now match with block behavior when __context__ is explicitly set to None when the exception is in flight. * Documentation + bpo-45726: Improve documentation for functools.singledispatch() and functools.singledispatchmethod. + bpo-45680: Amend the docs on GenericAlias objects to clarify that non-container classes can also implement __class_getitem__. Patch contributed by Alex Waygood. + bpo-45655: Add a new 'relevant PEPs' section to the top of the documentation for the typing module. Patch by Alex Waygood. + bpo-45604: Add level argument to multiprocessing.log_to_stderr function docs. + bpo-45464: Mention in the documentation of Built-in Exceptions that inheriting from multiple exception types in a single subclass is not recommended due to possible memory layout incompatibility. + bpo-45449: Add note about PEP 585 in collections.abc. + bpo-45516: Add protocol description to the importlib.abc.Traversable documentation. + bpo-20692: Add Programming FAQ entry explaining that int literal attribute access requires either a space after or parentheses around the literal. + bpo-45216: Remove extra documentation listing methods in difflib. It was rendering twice in pydoc and was outdated in some places. + bpo-45772: socket.socket documentation is corrected to a class from a function. + bpo-45392: Update the docstring of the type built-in to remove a redundant line and to mention keyword arguments for the constructor. * Tests + bpo-45578: Add tests for dis.distb() + bpo-45577: Add subtests for all pickle protocols in test_zoneinfo. + bpo-43592: test.libregrtest now raises the soft resource limit for the maximum number of file descriptors when the default is too low for our test suite as was often the case on macOS. + bpo-40173: Fix test.support.import_helper.import_fresh_module(). + bpo-45280: Add a test case for empty typing.NamedTuple. + bpo-45269: Cover case when invalid markers type is supplied to c_make_encoder. + bpo-45209: Fix UserWarning: resource_tracker warning in _test_multiprocessing._TestSharedMemory.test_shared_memory_cleaned_after_process_termination + bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so don't expect it in the output. Patch by Victor Stinner. + bpo-45156: Fixes infinite loop on unittest.mock.seal() of mocks created by create_autospec(). + bpo-45042: Fixes that test classes decorated with @hashlib_helper.requires_hashdigest were skipped all the time. + bpo-45235: Reverted an argparse bugfix that caused regression in the handling of default arguments for subparsers. This prevented leaf level arguments from taking precedence over root level arguments. + bpo-45765: In importlib.metadata, fix distribution discovery for an empty path. + bpo-45644: In-place JSON file formatting using python3 -m json.tool infile infile now works correctly, previously it left the file empty. Patch by Chris Wesseling. * Build + bpo-43158: setup.py now uses values from configure script to build the _uuid extension module. Configure now detects util-linux's libuuid, too. + bpo-45571: Modules/Setup now use PY_CFLAGS_NODIST instead of PY_CFLAGS to compile shared modules. + bpo-45532: Update sys.version to use main as fallback information. Patch by Jeong YunWon. + bpo-45405: Prevent internal configure error when running configure with recent versions of non-Apple clang. Patch by David Bohman. + bpo-45220: Avoid building with the Windows 11 SDK previews automatically. This may be overridden by setting the DefaultWindowsSDKVersion environment variable before building. * C API + bpo-44687: BufferedReader.peek() no longer raises ValueError when the entire file has already been buffered. + bpo-44751: Remove crypt.h include from the public Python.h header. - rpm-build-python dependency is available on the current Factory, not with SLE. - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. - Update to 3.9.7: - Security - Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - Add auditing events to the marshal module, and stop raising code.__init__ events for every unmarshalled code object. Directly instantiated code objects will continue to raise an event, and audit event handlers should inspect or collect the raw marshal data. This reduces a significant performance overhead when loading from .pyc files. - Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - Core and Builtins - Fixed pickling of range iterators that iterated for over 2**32 times. - Fix a race in WeakKeyDictionary, WeakValueDictionary and WeakSet when two threads attempt to commit the last pending removal. This fixes asyncio.create_task and fixes a data loss in asyncio.run where shutdown_asyncgens is not run - Fixed a corner case bug where the result of float.fromhex('0x.8p-1074') was rounded the wrong way. - Refine the syntax error for trailing commas in import statements. Patch by Pablo Galindo. - Restore behaviour of complex exponentiation with integer-valued exponent of type float or complex. - Correct the ast locations of f-strings with format specs and repeated expressions. Patch by Pablo Galindo - Use new trashcan macros (Py_TRASHCAN_BEGIN/END) in frameobject.c instead of the old ones (Py_TRASHCAN_SAFE_BEGIN/END). - Fix segmentation fault with deep recursion when cleaning method objects. Patch by Augusto Goulart and Pablo Galindo. - Fix bug where PyErr_SetObject hangs when the current exception has a cycle in its context chain. - Fix reference leaks in the error paths of update_bases() and __build_class__. Patch by Pablo Galindo. - Fix undefined behaviour in complex object exponentiation. - Remove uses of PyObject_GC_Del() in error path when initializing types.GenericAlias. - Remove the pass-through for hash() of weakref.proxy objects to prevent unintended consequences when the original referred object dies while the proxy is part of a hashable object. Patch by Pablo Galindo. - Fix ltrace functionality when exceptions are raised. Patch by Pablo Galindo - Fix a crash at Python exit when a deallocator function removes the last strong reference to a heap type. Patch by Victor Stinner. - Fix crash when using passing a non-exception to a generator's throw() method. Patch by Noah Oxer - Library - run() now always return a TestResult instance. Previously it returned None if the test class or method was decorated with a skipping decorator. - Fix bugs in cleaning up classes and modules in unittest: - Functions registered with addModuleCleanup() were not called unless the user defines tearDownModule() in their test module. - Functions registered with addClassCleanup() were not called if tearDownClass is set to None. - Buffering in TestResult did not work with functions registered with addClassCleanup() and addModuleCleanup(). - Errors in functions registered with addClassCleanup() and addModuleCleanup() were not handled correctly in buffered and debug modes. - Errors in setUpModule() and functions registered with addModuleCleanup() were reported in wrong order. - And several lesser bugs. - Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee. - Fix a crash in the signal handler of the faulthandler module: no longer modify the reference count of frame objects. Patch by Victor Stinner. - Method stopTestRun() is now always called in pair with method startTestRun() for TestResult objects implicitly created in run(). Previously it was not called for test methods and classes decorated with a skipping decorator. - argparse.BooleanOptionalAction's default value is no longer printed twice when used with argparse.ArgumentDefaultsHelpFormatter. - Upgrade bundled pip to 21.2.3 and setuptools to 57.4.0 - Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. Patch by Victor Stinner. - The @functools.total_ordering() decorator now works with metaclasses. - sqlite3 user-defined functions and aggregators returning strings with embedded NUL characters are no longer truncated. Patch by Erlend E. Aasland. - Always show loop= arg deprecations in asyncio.gather() and asyncio.sleep() - Non-protocol subclasses of typing.Protocol ignore now the __init__ method inherited from protocol base classes. - The tokenize.tokenize() doesn't incorrectly generate a NEWLINE token if the source doesn't end with a new line character but the last line is a comment, as the function is already generating a NL token. Patch by Pablo Galindo - Fix http.client.HTTPSConnection fails to download >2GiB data. - rcompleter does not call getattr() on property objects to avoid the side-effect of evaluating the corresponding method. - weakref.proxy objects referencing non-iterators now raise TypeError rather than dereferencing the null tp_iternext slot and crashing. - The implementation of collections.abc.Set._hash() now matches that of frozenset.__hash__(). - Fixed issue in compileall.compile_file() when sys.stdout is redirected. Patch by Stefan H?lzl. - Give priority to using the current class constructor in inspect.signature(). Patch by Weipeng Hong. - Fix memory leak in _tkinter._flatten() if it is called with a sequence or set, but not list or tuple. - Update shutil.copyfile() to raise FileNotFoundError instead of confusing IsADirectoryError when a path ending with a os.path.sep does not exist; shutil.copy() and shutil.copy2() are also affected. - handle StopIteration subclass raised from @contextlib.contextmanager generator - Make the implementation consistency of indexOf() between C and Python versions. Patch by Dong-hee Na. - Fixes TypedDict to work with typing.get_type_hints() and postponed evaluation of annotations across modules. - Fix bug with pdb's handling of import error due to a package which does not have a __main__ module - Fixed an exception thrown while parsing a malformed multipart email by email.message.EmailMessage. - pathlib.PureWindowsPath.is_reserved() now identifies a greater range of reserved filenames, including those with trailing spaces or colons. - Handle exceptions from parsing the arg of pdb's run/restart command. - The sqlite3 context manager now performs a rollback (thus releasing the database lock) if commit failed. Patch by Luca Citi and Erlend E. Aasland. - Improved string handling for sqlite3 user-defined functions and aggregates: - It is now possible to pass strings with embedded null characters to UDFs - Conversion failures now correctly raise MemoryError - Patch by Erlend E. Aasland. - Handle RecursionError in TracebackException's constructor, so that long exceptions chains are truncated instead of causing traceback formatting to fail. - Fix email.message.EmailMessage.set_content() when called with binary data and 7bit content transfer encoding. - The compresslevel and preset keyword arguments of tarfile.open() are now both documented and tested. - Fixed a Y2k38 bug in the compileall module where it would fail to compile files with a modification time after the year 2038. - Fix test___all__ on platforms lacking a shared memory implementation. - Pass multiprocessing BaseProxy argument manager_owned through AutoProxy. - email.utils.getaddresses() now accepts email.header.Header objects along with string values. Patch by Zackery Spytz. - lib2to3 now recognizes async generators everywhere. - Fix TypeError when required subparsers without dest do not receive arguments. Patch by Anthony Sottile. - Documentation - Removed the othergui.rst file, any references to it, and the list of GUI frameworks in the FAQ. In their place I've added links to the Python Wiki page on GUI frameworks. - Update the definition of __future__ in the glossary by replacing the confusing word 'pseudo-module' with a more accurate description. - Add typical examples to os.path.splitext docs - Clarify that shutil.make_archive() is not thread-safe due to reliance on changing the current working directory. - Update of three expired hyperlinks in Doc/distributing/index.rst: 'Project structure', 'Building and packaging the project', and 'Uploading the project to the Python Packaging Index'. - Updated the docstring and docs of filecmp.cmp() to be more accurate and less confusing especially in respect to shallow arg. - Match the docstring and python implementation of countOf() to the behavior of its c implementation. - List all kwargs for textwrap.wrap(), textwrap.fill(), and textwrap.shorten(). Now, there are nav links to attributes of TextWrap, which makes navigation much easier while minimizing duplication in the documentation. - Clarify that atexit uses equality comparisons internally. - Documentation of csv.Dialect is more descriptive. - Fix documentation for the return type of sysconfig.get_path(). - Add a 'Security Considerations' index which links to standard library modules that have explicitly documented security considerations. - Remove the unqualified claim that tkinter is threadsafe. It has not been true for several years and likely never was. An explanation of what is true may be added later, after more discussion, and possibly after patching _tkinter.c, - Tests - Add calls of gc.collect() in tests to support PyPy. - Made tests relying on the _asyncio C extension module optional to allow running on alternative Python implementations. Patch by Serhiy Storchaka. - Fix auto history tests of test_readline: sometimes, the newline character is not written at the end, so don't expect it in the output. - Add ability to wholesale silence DeprecationWarnings while running the regression test suite. - Notify users running test_decimal regression tests on macOS of potential harmless 'malloc can't allocate region' messages spewed by test_decimal. - Fixed floating point precision issue in turtle tests. - Regression tests, when run with -w, are now re-running only the affected test methods instead of re-running the entire test file. - Add test for nested queues when using multiprocessing shared objects AutoProxy[Queue] inside ListProxy and DictProxy - Add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling - bpo-44022 (bsc#1189241, CVE-2021-3737): http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server. - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. Moderate SUSE bug 1186819 SUSE bug 1189241 SUSE bug 1189287 SUSE bug 1189356 SUSE bug 1193179 CVE-2021-3572 CVE-2021-3733 CVE-2021-3737 cpe:/o:opensuse:leap:15.3 Security update for rust1.56 (Moderate) openSUSE Leap 15.3 This update for rust1.56 fixes the following issues: - CVE-2022-21658: Fixed race condition in std::fs::remove_dir_all (bsc#1194767). Moderate SUSE bug 1194767 CVE-2022-21658 cpe:/o:opensuse:leap:15.3 Security update for aide (Important) openSUSE Leap 15.3 This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735) Important SUSE bug 1194735 CVE-2021-45417 cpe:/o:opensuse:leap:15.3 Security update for xen (Moderate) openSUSE Leap 15.3 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). Moderate SUSE bug 1197423 SUSE bug 1197425 SUSE bug 1197426 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 cpe:/o:opensuse:leap:15.3 Security update for pcp (Moderate) openSUSE Leap 15.3 This update for pcp fixes the following issues: - CVE-2020-8025: Fixed outdated entries in permissions profiles for /var/lib/pcp/tmp/* (bsc#1171883). Moderate SUSE bug 1171883 CVE-2020-8025 cpe:/o:opensuse:leap:15.3 Security update for bind (Moderate) openSUSE Leap 15.3 This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance (bsc#1192146). Moderate SUSE bug 1192146 CVE-2021-25219 cpe:/o:opensuse:leap:15.3 Security update for amazon-ssm-agent (Important) openSUSE Leap 15.3 This update for amazon-ssm-agent fixes the following issues: - CVE-2022-29527: Fixed unsafe file creation mode of ssm-agent-users sudoer file (bsc#1196556). Update to version 3.1.1260.0 Important SUSE bug 1196556 CVE-2022-29527 cpe:/o:opensuse:leap:15.3 Security update for ruby2.5 (Important) openSUSE Leap 15.3 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). Important SUSE bug 1188160 SUSE bug 1188161 SUSE bug 1190375 SUSE bug 1193035 SUSE bug 1198441 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-41817 CVE-2022-28739 cpe:/o:opensuse:leap:15.3 Security update for java-11-openjdk (Important) openSUSE Leap 15.3 This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198672). - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198674). - CVE-2022-21496: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198673). - CVE-2022-21443: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198675). - CVE-2022-21476: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198671). Important SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 cpe:/o:opensuse:leap:15.3 Security update for rubygem-puma (Important) openSUSE Leap 15.3 This update for rubygem-puma fixes the following issues: rubygem-puma was updated to version 4.3.11: * CVE-2021-29509: Adjusted an incomplete fix for allows Denial of Service (DoS) (bsc#1188527) * CVE-2021-41136: Fixed request smuggling if HTTP header value contains the LF character (bsc#1191681) * CVE-2022-23634: Fixed information leak between requests (bsc#1196222) Important SUSE bug 1188527 SUSE bug 1191681 SUSE bug 1196222 CVE-2021-29509 CVE-2021-41136 CVE-2022-23634 cpe:/o:opensuse:leap:15.3 Security update for libwmf (Important) openSUSE Leap 15.3 This update for libwmf fixes the following issues: libwmf was updated to 0.2.12: * upstream changed to fork from Fedora: https://github.com/caolanm/libwmf * merged all the pending fixes * merge in fixes for libgd CVE-2019-6978 (bsc#1123522) * fixed memory allocation failure (CVE-2016-9011) * Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) Important SUSE bug 1006739 SUSE bug 1123522 SUSE bug 1174075 CVE-2016-9011 CVE-2019-6978 cpe:/o:opensuse:leap:15.3 Security update for apache2-mod_auth_mellon (Moderate) openSUSE Leap 15.3 This update for apache2-mod_auth_mellon fixes the following issues: - CVE-2021-3639: Fixed open Redirect vulnerability in logout URLs (bsc#1188926) Moderate SUSE bug 1188926 CVE-2021-3639 cpe:/o:opensuse:leap:15.3 Security update for pgadmin4 (Important) openSUSE Leap 15.3 This update for pgadmin4 fixes the following issues: - CVE-2022-0959: Fixed an unrestricted file upload (bsc#1197143). Important SUSE bug 1197143 CVE-2022-0959 cpe:/o:opensuse:leap:15.3 Security update for tar (Moderate) openSUSE Leap 15.3 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. Moderate SUSE bug 1029961 SUSE bug 1120610 SUSE bug 1130496 SUSE bug 1181131 CVE-2018-20482 CVE-2019-9923 CVE-2021-20193 cpe:/o:opensuse:leap:15.3 Security update for libvirt (Moderate) openSUSE Leap 15.3 This update for libvirt fixes the following issues: - CVE-2022-0897: Fixed a crash in nwfilter when counting number of network filters (bsc#1197636). The following non-security bugs were fixed: - qemu: Improve save operation by increasing pipe size c61d1e9b-virfile-set-pipe-size.patch, 47d6d185-virfile-fix-indent.patch, cd7acb33-virfile-report-error.patch bsc#1196625 - qemu: Directly query KVM for TSC scaling support 5df2c492-use-kvm-for-tsc-scaling.patch bsc#1193364 Moderate SUSE bug 1193364 SUSE bug 1196625 SUSE bug 1197636 CVE-2022-0897 cpe:/o:opensuse:leap:15.3 Security update for giflib (Moderate) openSUSE Leap 15.3 This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero (bsc#1146299). - CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c (bsc#1094832). - CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb (bsc#974847). Update to version 5.2.1 * In gifbuild.c, avoid a core dump on no color map. * Restore inadvertently removed library version numbers in Makefile. Changes in version 5.2.0 * The undocumented and deprecated GifQuantizeBuffer() entry point has been moved to the util library to reduce libgif size and attack surface. Applications needing this function are couraged to link the util library or make their own copy. * The following obsolete utility programs are no longer installed: gifecho, giffilter, gifinto, gifsponge. These were either installed in error or have been obsolesced by modern image-transformmation tools like ImageMagick convert. They may be removed entirely in a future release. * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84 * Address SF bug #134: Giflib fails to slurp significant number of gifs * Apply SPDX convention for license tagging. Changes in version 5.1.9 * The documentation directory now includes an HTMlified version of the GIF89 standard, and a more detailed description of how LZW compression is applied to GIFs. * Address SF bug #129: The latest version of giflib cannot be build on windows. * Address SF bug #126: Cannot compile giflib using c89 Changes in version 5.1.8 * Address SF bug #119: MemorySanitizer: FPE on unknown address (CVE-2019-15133 bsc#1146299) * Address SF bug #125: 5.1.7: xmlto is still required for tarball * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible * Address SF bug #122: 5.1.7 installs manpages to wrong directory * Address SF bug #121: make: getversion: Command not found * Address SF bug #120: 5.1.7 does not build a proper library - no Changes in version 5.1.7 * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs. Changes in version 5.1.6 * Fix library installation in the Makefile. Changes in version 5.1.5 * Fix SF bug #114: Null dereferences in main() of gifclrmp * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. This had been assigned (CVE-2018-11490 bsc#1094832). * Fix SF bug #111: segmentation fault in PrintCodeBlock * Fix SF bug #109: Segmentation fault of giftool reading a crafted file * Fix SF bug #107: Floating point exception in giftext utility * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 * Fix SF bug #104: Ineffective bounds check in DGifSlurp * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). (CVE-2016-3977 bsc#974847) * The horrible old autoconf build system has been removed with extreme prejudice. You now build this simply by running 'make' from the top-level directory. The following non-security bugs were fixed: - build path independent objects and inherit CFLAGS from the build system (bsc#1184123) Moderate SUSE bug 1094832 SUSE bug 1146299 SUSE bug 1184123 SUSE bug 974847 CVE-2016-3977 CVE-2018-11490 CVE-2019-15133 cpe:/o:opensuse:leap:15.3 Security update for zxing-cpp (Important) openSUSE Leap 15.3 This update for zxing-cpp fixes the following issues: - CVE-2021-28021: Fixed buffer overflow vulnerability in function stbi__extend_receive in stb_image.h via a crafted JPEG file. (bsc#1191743). - CVE-2021-42715: Fixed buffer overflow in stb_image PNM loader (bsc#1191942). - CVE-2021-42716: Fixed denial of service in stb_image HDR loader when reading crafted HDR files (bsc#1191944). Important SUSE bug 1191743 SUSE bug 1191942 SUSE bug 1191944 CVE-2021-28021 CVE-2021-42715 CVE-2021-42716 cpe:/o:opensuse:leap:15.3 Security update for ldb (Low) openSUSE Leap 15.3 This update for ldb fixes the following issues: - Update to version 2.4.2 - CVE-2021-3670: Fixed an issue where the LDAP server MaxQueryDuration value would not be honoured (bsc#1198397). Low SUSE bug 1198397 CVE-2021-3670 cpe:/o:opensuse:leap:15.3 Security update for rsyslog (Important) openSUSE Leap 15.3 This update for rsyslog fixes the following issues: - CVE-2022-24903: Fixed potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061). Important SUSE bug 1199061 CVE-2022-24903 cpe:/o:opensuse:leap:15.3 Security update for gzip (Important) openSUSE Leap 15.3 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) Important SUSE bug 1198062 SUSE bug 1198922 CVE-2022-1271 cpe:/o:opensuse:leap:15.3 Security update for clamav (Important) openSUSE Leap 15.3 This update for clamav fixes the following issues: - CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser (bsc#1199242). - CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check (bsc#1199246). - CVE-2022-20771: Fixed a possible infinite loop vulnerability in the TIFF file parser (bsc#1199244). - CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / Javascript normalizer (bsc#1199245). - CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module (bsc#1199274). Important SUSE bug 1199242 SUSE bug 1199244 SUSE bug 1199245 SUSE bug 1199246 SUSE bug 1199274 CVE-2022-20770 CVE-2022-20771 CVE-2022-20785 CVE-2022-20792 CVE-2022-20796 cpe:/o:opensuse:leap:15.3 Security update for curl (Moderate) openSUSE Leap 15.3 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) Moderate SUSE bug 1198614 SUSE bug 1198723 SUSE bug 1198766 CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 cpe:/o:opensuse:leap:15.3 Security update for pidgin (Important) openSUSE Leap 15.3 This update for pidgin fixes the following issues: - CVE-2022-26491: Fixed MITM vulnerability when DNSSEC wasn't used (bsc#1199025). Important SUSE bug 1199025 CVE-2022-26491 cpe:/o:opensuse:leap:15.3 Security update for slurm (Important) openSUSE Leap 15.3 This update for slurm fixes the following issues: - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to arbitrary unix socket as root (bsc#1199279). Important SUSE bug 1199278 SUSE bug 1199279 CVE-2022-29500 CVE-2022-29501 cpe:/o:opensuse:leap:15.3 Security update for openldap2 (Important) openSUSE Leap 15.3 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Important SUSE bug 1199240 CVE-2022-29155 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-27835: Fixed a use after free vulnerability in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2021-0707: Fixed a use after free vulnerability in dma_buf_release of dma-buf.c, which may lead to local escalation of privilege with no additional execution privileges needed (bnc#1198437). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-4154: Fixed a use-after-free vulnerability in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c, allowing a local privilege escalation by an attacker with user privileges by exploiting the fsconfig syscall parameter, leading to a container breakout and a denial of service on the system (bnc#1193842). - CVE-2022-0812: Fixed information leak when a file is read from RDMA (bsc#1196639) - CVE-2022-1158: Fixed a vulnerability in the kvm module that may lead to a use-after-free write or denial of service (bsc#1197660). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c (bnc#1197391). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-28893: Fixed a use after free vulnerability in inet_put_port where some sockets are not closed before xs_xprt_free() (bsc#1198330). - CVE-2022-29156: Fixed a double free vulnerability related to rtrs_clt_dev_release.ate (jsc#SLE-15176 bsc#1198515). The following non-security bugs were fixed: - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449). - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175). - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - adm8211: fix error return code in adm8211_probe() (git-fixes). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes) - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes) - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes) - arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes) - arm64: dts: ls1028a: fix memory node (git-fixes) - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes) - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes) - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes) - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes) - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes) - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes) - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes) - arm64: head: avoid over-mapping in map_memory (git-fixes) - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - block: Drop leftover references to RQF_SORTED (bsc#1182073). - bnx2x: fix napi API usage sequence (bsc#1198217). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cifs: fix bad fids sent over wire (bsc#1197157). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - dma-debug: fix return value of __setup handlers (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd: Add USBC connector ID (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes). - drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/mediatek: Add AAL output size configuration (git-fixes). - drm/mediatek: Fix aal size config (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - e1000e: Fix possible overflow in LTR decoding (git-fixes). - fibmap: Reject negative block numbers (bsc#1198448). - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1152489) - video: fbdev: w100fb: Reset global state (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - xen/blkfront: fix comment for need_copy (git-fixes). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xen: fix is_xen_pmu() (git-fixes). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). Important SUSE bug 1028340 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1121726 SUSE bug 1137728 SUSE bug 1152489 SUSE bug 1177028 SUSE bug 1179878 SUSE bug 1182073 SUSE bug 1183723 SUSE bug 1187055 SUSE bug 1191647 SUSE bug 1193556 SUSE bug 1193842 SUSE bug 1195926 SUSE bug 1196018 SUSE bug 1196114 SUSE bug 1196367 SUSE bug 1196514 SUSE bug 1196639 SUSE bug 1196942 SUSE bug 1197157 SUSE bug 1197391 SUSE bug 1197656 SUSE bug 1197660 SUSE bug 1197914 SUSE bug 1197926 SUSE bug 1198217 SUSE bug 1198330 SUSE bug 1198400 SUSE bug 1198413 SUSE bug 1198437 SUSE bug 1198448 SUSE bug 1198484 SUSE bug 1198515 SUSE bug 1198516 SUSE bug 1198660 SUSE bug 1198742 SUSE bug 1198825 SUSE bug 1199012 SUSE bug 1199024 CVE-2020-27835 CVE-2021-0707 CVE-2021-20292 CVE-2021-20321 CVE-2021-38208 CVE-2021-4154 CVE-2022-0812 CVE-2022-1158 CVE-2022-1280 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-28356 CVE-2022-28748 CVE-2022-28893 CVE-2022-29156 cpe:/o:opensuse:leap:15.3 Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (Important) openSUSE Leap 15.3 This update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core fixes the following issues: Security issues fixed: - CVE-2020-36518: Fixed a Java stack overflow exception and denial of service via a large depth of nested objects in jackson-databind. (bsc#1197132) - CVE-2020-25649: Fixed an insecure entity expansion in jackson-databind which was vulnerable to XML external entity (XXE). (bsc#1177616) - CVE-2020-28491: Fixed a bug which could cause `java.lang.OutOfMemoryError` exception in jackson-dataformats-binary. (bsc#1182481) Non security fixes: jackson-annotations - update from version 2.10.2 to version 2.13.0: + Build with source/target levels 8 + Add 'mvnw' wrapper + 'JsonSubType.Type' should accept array of names + Jackson version alignment with Gradle 6 + Add '@JsonIncludeProperties' + Add '@JsonTypeInfo(use=DEDUCTION)' + Ability to use '@JsonAnyGetter' on fields + Add '@JsonKey' annotation + Allow repeated calls to 'SimpleObjectIdResolver.bindItem()' for same mapping + Add 'namespace' property for '@JsonProperty' (for XML module) + Add target 'ElementType.ANNOTATION_TYPE' for '@JsonEnumDefaultValue' + 'JsonPattern.Value.pattern' retained as '', never (accidentally) exposed as 'null' + Rewrite to use `ant` for building in order to be able to use it in packages that have to be built before maven jackson-bom - update from version 2.10.2 to version 2.13.0: + Configure moditect plugin with '<jvmVersion>11</jvmVersion>' + jackson-bom manages the version of 'junit:junit' + Drop 'jackson-datatype-hibernate3' (support for Hibernate 3.x datatypes) + Removed 'jakarta' classifier variants of JAXB/JSON-P/JAX-RS modules due to the addition of new Jakarta artifacts (Jakarta-JSONP, Jakarta-xmlbind-annotations, Jakarta-rs-providers) + Add version for 'jackson-datatype-jakarta-jsonp' module (introduced after 2.12.2) + Add (beta) version for 'jackson-dataformat-toml' + Jakarta 9 artifact versions are missing from jackson-bom + Add default settings for 'gradle-module-metadata-maven-plugin' (gradle metadata) + Add default settings for 'build-helper-maven-plugin' + Drop 'jackson-module-scala_2.10' entry (not released for Jackson 2.12 or later) + Add override for 'version.plugin.bundle' (for 5.1.1) to help build on JDK 15+ + Add missing version for jackson-datatype-eclipse-collections jackson-core - update from version 2.10.2 to version 2.13.0: + Build with source and target levels 8 + Misleading exception for input source when processing byte buffer with start offset + Escape contents of source document snippet for 'JsonLocation._appendSourceDesc()' + Add 'StreamWriteException' type to eventually replace 'JsonGenerationException' + Replace 'getCurrentLocation()'/'getTokenLocation()' with 'currentLocation()'/'currentTokenLocation()' in 'JsonParser' + Replace 'JsonGenerator.writeObject()' (and related) with 'writePOJO()' + Replace 'getCurrentValue()'/'setCurrentValue()' with 'currentValue()'/'assignCurrentValue()' in 'JsonParser'/'JsonGenerator + Introduce O(n^1.5) BigDecimal parser implementation + ByteQuadsCanonicalizer.addName(String, int, int) has incorrect handling for case of q2 == null + UTF32Reader ArrayIndexOutOfBoundsException + Improve exception/JsonLocation handling for binary content: don't show content, include byte offset + Fix an issue with the TokenFilter unable to ignore properties when deserializing. + Optimize array allocation by 'JsonStringEncoder' + Add 'mvnw' wrapper + (partial) Optimize array allocation by 'JsonStringEncoder' + Add back accidentally removed 'JsonStringEncoder' related methods in 'BufferRecyclers' (like 'getJsonStringEncoder()') + 'ArrayOutOfBoundException' at 'WriterBasedJsonGenerator.writeString(Reader, int)' + Allow 'optional-padding' for 'Base64Variant' + More customizable TokenFilter inclusion (using 'Tokenfilter.Inclusion') + Publish Gradle Module Metadata + Add 'StreamReadCapability' for further format-based/format-agnostic handling improvements + Add 'JsonParser.isExpectedNumberIntToken()' convenience method + Add 'StreamWriteCapability' for further format-based/format-agnostic handling improvements + Add 'JsonParser.getNumberValueExact()' to allow precision-retaining buffering + Limit initial allocated block size by 'ByteArrayBuilder' to max block size + Add 'JacksonException' as parent class of 'JsonProcessingException' + Make 'JsonWriteContext.reset()' and 'JsonReadContext.reset()' methods public + Deprecate 'JsonParser.getCurrentTokenId()' (use '#currentTokenId()' instead) + Full 'LICENSE' included in jar for easier access by compliancy tools + Fix NPE in 'writeNumber(String)' method of 'UTF8JsonGenerator', 'WriterBasedJsonGenerator' + Add a String Array write method in the Streaming API + Synchronize variants of 'JsonGenerator#writeNumberField' with 'JsonGenerator#writeNumber' + Add JsonGenerator#writeNumber(char[], int, int) method + Do not clear aggregated contents of 'TextBuffer' when 'releaseBuffers()' called + 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)' + Optionally allow leading decimal in float tokens + Rewrite to use ant for building in order to be able to use it in packages that have to be built before maven + Parsing JSON with 'ALLOW_MISSING_VALUE' enabled results in endless stream of 'VALUE_NULL' tokens + Handle case when system property access is restricted + 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)' + DataFormatMatcher#getMatchedFormatName throws NPE when no match exists + 'JsonParser.getCurrentLocation()' byte/char offset update incorrectly for big payloads jackson-databind - update from version 2.10.5.1 to version 2.13.0: + '@JsonValue' with integer for enum does not deserialize correctly + 'AnnotatedMethod.getValue()/setValue()' doesn't have useful exception message + Add 'DatabindException' as intermediate subtype of 'JsonMappingException' + Jackson does not support deserializing new Java 9 unmodifiable collections + Allocate TokenBuffer instance via context objects (to allow format-specific buffer types) + Add mechanism for setting default 'ContextAttributes' for 'ObjectMapper' + Add 'DeserializationContext.readTreeAsValue()' methods for more convenient conversions for deserializers to use + Clean up support of typed 'unmodifiable', 'singleton' Maps/Sets/Collections + Extend internal bitfield of 'MapperFeature' to be 'long' + Add 'removeMixIn()' method in 'MapperBuilder' + Backport 'MapperBuilder' lambda-taking methods: 'withConfigOverride()', 'withCoercionConfig()', 'withCoercionConfigDefaults()' + configOverrides(boolean.class) silently ignored, whereas .configOverride(Boolean.class) works for both primitives and boxed boolean values + Dont track unknown props in buffer if 'ignoreAllUnknown' is true + Should allow deserialization of java.time types via opaque 'JsonToken.VALUE_EMBEDDED_OBJECT' + Optimize 'AnnotatedConstructor.call()' case by passing explicit null + Add AnnotationIntrospector.XmlExtensions interface for decoupling javax dependencies + Custom SimpleModule not included in list returned by ObjectMapper.getRegisteredModuleIds() after registration + Use more limiting default visibility settings for JDK types (java.*, javax.*) + Deep merge for 'JsonNode' using 'ObjectReader.readTree()' + IllegalArgumentException: Conflicting setter definitions for property with more than 2 setters + Serializing java.lang.Thread fails on JDK 11 and above + String-based 'Map' key deserializer is not deterministic when there is no single arg constructor + Add ArrayNode#set(int index, primitive_type value) + JsonStreamContext 'currentValue' wrongly references to '@JsonTypeInfo' annotated object + DOM 'Node' serialization omits the default namespace declaration + Support 'suppressed' property when deserializing 'Throwable' + 'AnnotatedMember.equals()' does not work reliably + Add 'MapperFeature.APPLY_DEFAULT_VALUES', initially for Scala module + For an absent property Jackson injects 'NullNode' instead of 'null' to a JsonNode-typed constructor argument of a '@ConstructorProperties'-annotated constructor + 'XMLGregorianCalendar' doesn't work with default typing + Content 'null' handling not working for root values + StdDeserializer rejects blank (all-whitespace) strings for ints + 'USE_BASE_TYPE_AS_DEFAULT_IMPL' not working with 'DefaultTypeResolverBuilder' + Add PropertyNamingStrategies.UpperSnakeCaseStrategy (and UPPER_SNAKE_CASE constant) + StackOverflowError when serializing JsonProcessingException + Support for BCP 47 'java.util.Locale' serialization/deserialization + String property deserializes null as 'null' for JsonTypeInfo.As.EXISTING_PROPERTY + Can not deserialize json to enum value with Object-/Array-valued input, '@JsonCreator' + Fix to avoid problem with 'BigDecimalNode', scale of 'Integer.MIN_VALUE' + Extend handling of 'FAIL_ON_NULL_FOR_PRIMITIVES' to cover coercion from (Empty) String via 'AsNull' + Add 'mvnw' wrapper + (regression) Factory method generic type resolution does not use Class-bound type parameter + Deserialization of 'empty' subtype with DEDUCTION failed + Merge findInjectableValues() results in AnnotationIntrospectorPair + READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE doesn't work with empty strings + 'TypeFactory' cannot convert 'Collection' sub-type without type parameters to canonical form and back + Fix for [modules-java8#207]: prevent fail on secondary Java 8 date/time types + EXTERNAL_PROPERTY does not work well with '@JsonCreator' and 'FAIL_ON_UNKNOWN_PROPERTIES' + String property deserializes null as 'null' for 'JsonTypeInfo.As.EXTERNAL_PROPERTY' + Property ignorals cause 'BeanDeserializer 'to forget how to read from arrays (not copying '_arrayDelegateDeserializer') + UntypedObjectDeserializer' mixes multiple unwrapped collections (related to #2733) + Two cases of incorrect error reporting about DeserializationFeature + Bug in polymorphic deserialization with '@JsonCreator', '@JsonAnySetter', 'JsonTypeInfo.As.EXTERNAL_PROPERTY' + Polymorphic subtype deduction ignores 'defaultImpl' attribute + MismatchedInputException: Cannot deserialize instance of 'com.fasterxml.jackson.databind.node.ObjectNode' out of VALUE_NULL token + Missing override for 'hasAsKey()' in 'AnnotationIntrospectorPair' + Creator lookup fails with 'InvalidDefinitionException' for conflict between single-double/single-Double arg constructor + 'MapDeserializer' forcing 'JsonMappingException' wrapping even if WRAP_EXCEPTIONS set to false + Auto-detection of constructor-based creator method skipped if there is an annotated factory-based creator method (regression from 2.11) + 'ObjectMapper.treeToValue()' no longer invokes 'JsonDeserializer.getNullValue()' + DeserializationProblemHandler is not invoked when trying to deserialize String + Fix failing 'double' JsonCreators in jackson 2.12.0 + Conflicting in POJOPropertiesCollector when having namingStrategy + Breaking API change in 'BasicClassIntrospector' (2.12.0) + 'JsonNode.requiredAt()' does NOT fail on some path expressions + Exception thrown when 'Collections.synchronizedList()' is serialized with type info, deserialized + Add option to resolve type from multiple existing properties, '@JsonTypeInfo(use=DEDUCTION)' + '@JsonIgnoreProperties' does not prevent Exception Conflicting getter/setter definitions for property + Deserialization Not Working Right with Generic Types and Builders + Add '@JsonIncludeProperties(propertyNames)' (reverse of '@JsonIgnoreProperties') + '@JsonAnyGetter' should be allowed on a field + Allow handling of single-arg constructor as property based by default + Allow case insensitive deserialization of String value into 'boolean'/'Boolean' (esp for Excel) + Allow use of '@JsonFormat(with=JsonFormat.Feature .ACCEPT_CASE_INSENSITIVE_PROPERTIES)' on Class + Abstract class included as part of known type ids for error message when using JsonSubTypes + Distinguish null from empty string for UUID deserialization + 'ReferenceType' does not expose valid containedType + Add 'CoercionConfig[s]' mechanism for configuring allowed coercions + 'JsonProperty.Access.READ_ONLY' does not work with 'getter-as-setter' 'Collection's + Support 'BigInteger' and 'BigDecimal' creators in 'StdValueInstantiator' + 'JsonProperty.Access.READ_ONLY' fails with collections when a property name is specified + 'BigDecimal' precision not retained for polymorphic deserialization + Support use of 'Void' valued properties ('MapperFeature.ALLOW_VOID_VALUED_PROPERTIES') + Explicitly fail (de)serialization of 'java.time.*' types in absence of registered custom (de)serializers + Improve description included in by 'DeserializationContext.handleUnexpectedToken()' + Support for JDK 14 record types ('java.lang.Record') + 'PropertyNamingStrategy' class initialization depends on its subclass, this can lead to class loading deadlock + 'FAIL_ON_IGNORED_PROPERTIES' does not throw on 'READONLY' properties with an explicit name + Add Gradle Module Metadata for version alignment with Gradle 6 + Allow 'JsonNode' auto-convert into 'ArrayNode' if duplicates found (for XML) + Allow values of 'untyped' auto-convert into 'List' if duplicates found (for XML) + Add 'ValueInstantiator.createContextual(...) + Support multiple names in 'JsonSubType.Type' + Disabling 'FAIL_ON_INVALID_SUBTYPE' breaks polymorphic deserialization of Enums + Explicitly fail (de)serialization of 'org.joda.time.*' types in absence of registered custom (de)serializers + Trailing zeros are stripped when deserializing BigDecimal values inside a @JsonUnwrapped property + Extract getter/setter/field name mangling from 'BeanUtil' into pluggable 'AccessorNamingStrategy' + Throw 'InvalidFormatException' instead of 'MismatchedInputException' for ACCEPT_FLOAT_AS_INT coercion failures + Add '@JsonKey' annotation (similar to '@JsonValue') for customizable serialization of Map keys + 'MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS' should work for enum as keys + Add support for disabling special handling of 'Creator properties' wrt alphabetic property ordering + Add 'JsonNode.canConvertToExactIntegral()' to indicate whether floating-point/BigDecimal values could be converted to integers losslessly + Improve static factory method generic type resolution logic + Allow preventing 'Enum from integer' coercion using new 'CoercionConfig' system + '@JsonValue' not considered when evaluating inclusion + Make some java platform modules optional + Add support for serializing 'java.sql.Blob' + 'AnnotatedCreatorCollector' should avoid processing synthetic static (factory) methods + Add errorprone static analysis profile to detect bugs at build time + Problem with implicit creator name detection for constructor detection + Add 'BeanDeserializerBase.isCaseInsensitive()' + Refactoring of 'CollectionDeserializer' to solve CSV array handling issues + Full 'LICENSE' included in jar for easier access by compliancy tools + Fix type resolution for static methods (regression in 2.11.3) + '@JsonCreator' on constructor not compatible with '@JsonIdentityInfo', 'PropertyGenerator' + Add debug improvements about 'ClassUtil.getClassMethods()' + Cannot detect creator arguments of mixins for JDK types + Add 'JsonFormat.Shape' awareness for UUID serialization ('UUIDSerializer') + Json serialization fails or a specific case that contains generics and static methods with generic parameters (2.11.1 -> 2.11.2 regression) + 'ObjectMapper.activateDefaultTypingAsProperty()' is not using parameter 'PolymorphicTypeValidator' + Problem deserialization 'raw generic' fields (like 'Map') in 2.11.2 + Fix issues with 'MapLikeType.isTrueMapType()', 'CollectionLikeType.isTrueCollectionType()' + Parser/Generator features not set when using 'ObjectMapper.createParser()', 'createGenerator()' + Polymorphic subtypes not registering on copied ObjectMapper (2.11.1) + Failure to read AnnotatedField value in Jackson 2.11 + 'TypeFactory.constructType()' does not take 'TypeBindings' correctly + Builder Deserialization with JsonCreator Value vs Array + JsonCreator on static method in Enum and Enum used as key in map fails randomly + 'StdSubtypeResolver' is not thread safe (possibly due to copy not being made with 'ObjectMapper.copy()') + 'Conflicting setter definitions for property' exception for 'Map' subtype during deserialization + Fail to deserialize local Records + Rearranging of props when property-based generator is in use leads to incorrect output + Jackson doesn't respect 'CAN_OVERRIDE_ACCESS_MODIFIERS=false' for deserializer properties + 'DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS' don't support 'Map' type field + JsonParser from MismatchedInputException cannot getText() for floating-point value + i-I case conversion problem in Turkish locale with case-insensitive deserialization + '@JsonInject' fails on trying to find deserializer even if inject-only + Polymorphic deserialization should handle case-insensitive Type Id property name if 'MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES' is enabled + TreeTraversingParser and UTF8StreamJsonParser create contexts differently + Support use of '@JsonAlias' for enum values + 'declaringClass' of 'enum-as-POJO' not removed for 'ObjectMapper' with a naming strategy + Fix 'JavaType.isEnumType()' to support sub-classes + BeanDeserializerBuilder Protected Factory Method for Extension + Support '@JsonSerialize(keyUsing)' and '@JsonDeserialize(keyUsing)' on Key class + Add 'SerializationFeature.WRITE_SELF_REFERENCES_AS_NULL' + 'ObjectMapper.registerSubtypes(NamedType...)' doesn't allow registering same POJO for two different type ids + 'DeserializationContext.handleMissingInstantiator()' throws 'MismatchedInputException' for non-static inner classes + Incorrect 'JsonStreamContext' for 'TokenBuffer' and 'TreeTraversingParser' + Add 'AnnotationIntrospector.findRenameByField()' to support Kotlin's 'is-getter' naming convention + Use '@JsonProperty(index)' for sorting properties on serialization + Java 8 'Optional' not working with '@JsonUnwrapped' on unwrappable type + Add 'MapperFeature.BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES' to allow blocking use of unsafe base type for polymorphic deserialization + 'ObjectMapper.setSerializationInclusion()' is ignored for 'JsonAnyGetter' + 'ValueInstantiationException' when deserializing using a builder and 'UNWRAP_SINGLE_VALUE_ARRAYS' + JsonIgnoreProperties(ignoreUnknown = true) does not work on field and method level + Failure to resolve generic type parameters on serialization + JsonParser cannot getText() for input stream on MismatchedInputException + ObjectReader readValue lacks Class<T> argument + Change default textual serialization of 'java.util.Date'/'Calendar' to include colon in timezone offset + Add 'ObjectMapper.createParser()' and 'createGenerator()' methods + Allow serialization of 'Properties' with non-String values + Add new factory method for creating custom 'EnumValues' to pass to 'EnumDeserializer + 'IllegalArgumentException' thrown for mismatched subclass deserialization + Add convenience methods for creating 'List', 'Map' valued 'ObjectReader's (ObjectMapper.readerForListOf()) + 'SerializerProvider.findContentValueSerializer()' methods jackson-dataformats-binary - update from version 2.10.1 to version 2.13.0: + (cbor) Should validate UTF-8 multi-byte validity for short decode path too + (ion) Deprecate 'CloseSafeUTF8Writer', remove use + (smile) Make 'SmileFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES' + (cbor) Make 'CBORFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES' + (cbor) Handle case of BigDecimal with Integer.MIN_VALUE for scale gracefully + (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (cbor) Another uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (smile) Add 'SmileGenerator.Feature.LENIENT_UTF_ENCODING' for lenient handling of broken Unicode surrogate pairs on writing + (avro) Add 'logicalType' support for some 'java.time' types; add 'AvroJavaTimeModule' for native ser/deser + Support base64 strings in 'getBinaryValue()' for CBOR and Smile + (cbor) 'ArrayIndexOutOfBounds' for truncated UTF-8 name + (avro) Generate logicalType switch + (smile) 'ArrayIndexOutOfBounds' for truncated UTF-8 name + (ion) 'jackson-dataformat-ion' does not handle null.struct deserialization correctly + 'Ion-java' dep 1.4.0 -> 1.8.0 + Minor change to Ion module registration names (fully-qualified) + (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (cbor) Uncaught exception in CBORParser._findDecodedFromSymbols() (by ossfuzzer) + (smile) Uncaught validation problem wrt Smile 'BigDecimal' type + (smile) ArrayIndexOutOfBoundsException for malformed Smile header + (cbor) Failed to handle case of alleged String with length of Integer.MAX_VALUE + (smile) Allocate byte[] lazily for longer Smile binary data payloads + (cbor) CBORParser need to validate zero-length byte[] for BigInteger + (smile) Handle invalid chunked-binary-format length gracefully + (smile) Allocate byte[] lazily for longer Smile binary data payloads (7-bit encoded) + (smile) ArrayIndexOutOfBoundsException in SmileParser._decodeShortUnicodeValue() + (smile) Handle sequence of Smile header markers without recursion + (cbor) CBOR loses 'Map' entries with specific 'long' Map key values (32-bit boundary) + (ion) Ion Polymorphic deserialization in 2.12 breaks wrt use of Native Type Ids when upgrading from 2.8 + (cbor) 'ArrayIndexOutOfBoundsException' in 'CBORParser' for invalid UTF-8 String + (cbor) Handle invalid CBOR content like '[0x84]' (incomplete array) + (ion) Respect 'WRITE_ENUMS_USING_TO_STRING' in 'EnumAsIonSymbolSerializer' + (ion) Add support for generating IonSexps + (ion) Add support for deserializing IonTimestamps and IonBlobs + (ion) Add 'IonObjectMapper.builderForBinaryWriters()' / '.builderforTextualWriters()' convenience methods + (ion) Enabling pretty-printing fails Ion serialization + (ion) Allow disabling native type ids in IonMapper + (smile) Small bug in byte-alignment for long field names in Smile, symbol table reuse + (ion) Add 'IonFactory.getIonSystem()' accessor + (ion) Optimize 'IonParser.getNumberType()' using 'IonReader.getIntegerSize()' + (cbor) Add 'CBORGenerator.Feature.LENIENT_UTF_ENCODING' for lenient handling of Unicode surrogate pairs on writing + (cbor) Add support for decoding unassigned 'simple values' (type 7) + Add Gradle Module Metadata (https://blog.gradle.org/alignment-with-gradle-module-metadata) + (avro) Cache record names to avoid hitting class loader + (avro) Avro null deserialization + (ion) Add 'IonFactory.getIonSystem()' accessor + (avro) Add 'AvroGenerator.canWriteBinaryNatively()' to support binary writes, fix 'java.util.UUID' representation + (ion) Allow 'IonObjectMapper' with class name annotation introspector to deserialize generic subtypes + Remove dependencies upon Jackson 1.X and Avro's JacksonUtils + 'jackson-databind' should not be full dependency for (cbor, protobuf, smile) modules + 'CBORGenerator.Feature.WRITE_MINIMAL_INTS' does not write most compact form for all integers + 'AvroGenerator' overrides 'getOutputContext()' properly + (ion) Add 'IonFactory.getIonSystem()' accessor + (avro) Fix schema evolution involving maps of non-scalar + (protobuf) Parsing a protobuf message doesn't properly skip unknown fields + (ion) IonObjectMapper close()s the provided IonWriter unnecessarily + ion-java dependency 1.4.0 -> 1.5.1 Important SUSE bug 1177616 SUSE bug 1182481 SUSE bug 1197132 CVE-2020-25649 CVE-2020-28491 CVE-2020-36518 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515). - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639). - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437). - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). The following non-security bugs were fixed: - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - adm8211: fix error return code in adm8211_probe() (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes) - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes) - arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes) - arm64: dts: ls1028a: fix memory node (git-fixes) - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes) - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes) - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes) - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes) - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes) - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes) - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes) - arm64: head: avoid over-mapping in map_memory (git-fixes) - arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes) - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489) - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - block: Drop leftover references to RQF_SORTED (bsc#1182073). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: fix bad fids sent over wire (bsc#1197157). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - dma-debug: fix return value of __setup handlers (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472) - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes). - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489) - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/mediatek: Add AAL output size configuration (git-fixes). - drm/mediatek: Fix aal size config (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472) - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534) - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1152472) - e1000e: Fix possible overflow in LTR decoding (git-fixes). - fibmap: Reject negative block numbers (bsc#1198448). - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449). - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). - rpm: Use bash for %() expansion (jsc#SLE-18234). - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - USB: dwc3: core: Fix tx/rx threshold settings (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Return proper request status (git-fixes). - USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489) - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1152489) - video: fbdev: w100fb: Reset global state (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - xen: fix is_xen_pmu() (git-fixes). - xen/blkfront: fix comment for need_copy (git-fixes). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). Important SUSE bug 1028340 SUSE bug 1071995 SUSE bug 1137728 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1177028 SUSE bug 1179878 SUSE bug 1182073 SUSE bug 1183723 SUSE bug 1187055 SUSE bug 1191647 SUSE bug 1193556 SUSE bug 1193842 SUSE bug 1194625 SUSE bug 1195651 SUSE bug 1195926 SUSE bug 1196018 SUSE bug 1196114 SUSE bug 1196367 SUSE bug 1196514 SUSE bug 1196639 SUSE bug 1196942 SUSE bug 1197157 SUSE bug 1197391 SUSE bug 1197656 SUSE bug 1197660 SUSE bug 1197677 SUSE bug 1197914 SUSE bug 1197926 SUSE bug 1198077 SUSE bug 1198217 SUSE bug 1198330 SUSE bug 1198400 SUSE bug 1198413 SUSE bug 1198437 SUSE bug 1198448 SUSE bug 1198484 SUSE bug 1198515 SUSE bug 1198516 SUSE bug 1198534 SUSE bug 1198742 SUSE bug 1198825 SUSE bug 1198989 SUSE bug 1199012 SUSE bug 1199024 CVE-2020-27835 CVE-2021-0707 CVE-2021-20292 CVE-2021-20321 CVE-2021-38208 CVE-2021-4154 CVE-2022-0812 CVE-2022-1158 CVE-2022-1280 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-28356 CVE-2022-28748 CVE-2022-28893 CVE-2022-29156 cpe:/o:opensuse:leap:15.3 Security update for e2fsprogs (Important) openSUSE Leap 15.3 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) Important SUSE bug 1198446 CVE-2022-1304 cpe:/o:opensuse:leap:15.3 Security update for containerd, docker (Important) openSUSE Leap 15.3 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). Important SUSE bug 1193930 SUSE bug 1196441 SUSE bug 1197284 SUSE bug 1197517 CVE-2021-43565 CVE-2022-23648 CVE-2022-24769 CVE-2022-27191 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985). - CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302). - CVE-2021-46283: nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace (bnc#1194518). - CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927). - CVE-2021-4202: Fixed a race condition during NFC device remove which could lead to a use-after-free memory corruption (bsc#1194529) - CVE-2021-4083: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bnc#1193727). - CVE-2021-4149: Fixed a locking condition in btrfs which could lead to system deadlocks (bsc#1194001). - CVE-2021-45485: In the IPv6 implementation net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses (bnc#1194094). - CVE-2021-45486: In the IPv4 implementation net/ipv4/route.c has an information leak because the hash table is very small (bnc#1194087). The following non-security bugs were fixed: - ACPI: APD: Check for NULL pointer after calling devm_ioremap() (git-fixes). - ACPI: Add stubs for wakeup handler functions (git-fixes). - ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (git-fixes). - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: ctl: Fix copy of updated id with element read/write (git-fixes). - ALSA: drivers: opl3: Fix incorrect use of vp->state (git-fixes). - ALSA: hda/hdmi: Disable silent stream on GLK (git-fixes). - ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100 (git-fixes). - ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 (git-fixes). - ALSA: hda/realtek: Fix quirk for Clevo NJ51CU (git-fixes). - ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers (git-fixes). - ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ (git-fixes). - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: hda: Make proper use of timecounter (git-fixes). - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: jack: Check the return value of kstrdup() (git-fixes). - ALSA: oss: fix compile error when OSS_DEBUG is enabled (git-fixes). - ALSA: pcm: oss: Fix negative period/buffer sizes (git-fixes). - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (git-fixes). - ALSA: pcm: oss: Limit the period size to 16MB (git-fixes). - ALSA: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID (git-fixes). - ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk (git-fixes). - ASoC: codecs: wcd934x: handle channel mappping list correctly (git-fixes). - ASoC: codecs: wcd934x: return correct value from mixer put (git-fixes). - ASoC: codecs: wcd934x: return error code correctly from hw_params (git-fixes). - ASoC: codecs: wsa881x: fix return values from kcontrol put (git-fixes). - ASoC: cs42l42: Correct configuring of switch inversion from ts-inv (git-fixes). - ASoC: cs42l42: Disable regulators if probe fails (git-fixes). - ASoC: cs42l42: Use device_property API instead of of_property (git-fixes). - ASoC: fsl_asrc: refine the check of available clock divider (git-fixes). - ASoC: fsl_mqs: fix MODULE_ALIAS (git-fixes). - ASoC: mediatek: Check for error clk pointer (git-fixes). - ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s (git-fixes). - ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent() (git-fixes). - ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer (git-fixes). - ASoC: rt5663: Handle device_property_read_u32_array error codes (git-fixes). - ASoC: samsung: idma: Check of ioremap return value (git-fixes). - ASoC: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked() (git-fixes). - ASoC: sunxi: fix a sound binding broken reference (git-fixes). - ASoC: tegra: Fix kcontrol put callback in ADMAIF (git-fixes). - ASoC: tegra: Fix kcontrol put callback in AHUB (git-fixes). - ASoC: tegra: Fix kcontrol put callback in DMIC (git-fixes). - ASoC: tegra: Fix kcontrol put callback in DSPK (git-fixes). - ASoC: tegra: Fix kcontrol put callback in I2S (git-fixes). - ASoC: tegra: Fix wrong value type in ADMAIF (git-fixes). - ASoC: tegra: Fix wrong value type in DMIC (git-fixes). - ASoC: tegra: Fix wrong value type in DSPK (git-fixes). - ASoC: tegra: Fix wrong value type in I2S (git-fixes). - ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA (git-fixes). - Add cherry-picked IDs for qemu fw_cfg patches - Bluetooth: L2CAP: Fix using wrong mode (git-fixes). - Bluetooth: bfusb: fix division by zero in send path (git-fixes). - Bluetooth: btmtksdio: fix resume failure (git-fixes). - Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (git-fixes). - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (git-fixes). - Bluetooth: hci_bcm: Check for error irq (git-fixes). - Bluetooth: hci_qca: Stop IBS timer during BT OFF (git-fixes). - Bluetooth: stop proccessing malicious adv data (git-fixes). - Documentation: ACPI: Fix data node reference documentation (git-fixes). - Documentation: dmaengine: Correctly describe dmatest with channel unset (git-fixes). - Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (git-fixes). - HID: add USB_HID dependancy to hid-chicony (git-fixes). - HID: add USB_HID dependancy to hid-prodikeys (git-fixes). - HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (git-fixes). - HID: bigbenff: prevent null pointer dereference (git-fixes). - HID: google: add eel USB id (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init (git-fixes). - HID: quirks: Add quirk for the Microsoft Surface 3 type-cover (git-fixes). - Input: appletouch - initialize work before device registration (git-fixes). - Input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes). - Input: elantech - fix stack out of bound access in elantech_change_report_id() (git-fixes). - Input: i8042 - add deferred probe support (bsc#1190256). - Input: i8042 - enable deferred probe quirk for ASUS UM325UA (bsc#1190256). - Input: max8925_onkey - do not mark comment as kernel-doc (git-fixes). - Input: spaceball - fix parsing of movement data packets (git-fixes). - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes). - Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes). - Move upstreamed patches into sorted section - NFC: st21nfca: Fix memory leak in device probe and remove (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - PCI/ACPI: Fix acpi_pci_osc_control_set() kernel-doc comment (git-fixes). - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes). - PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes). - PCI/MSI: Mask MSI-X vectors only on success (git-fixes). - PCI: cadence: Add cdns_plat_pcie_probe() missing return (git-fixes). - PCI: dwc: Do not remap invalid res (git-fixes). - PCI: mvebu: Check for errors from pci_bridge_emul_init() call (git-fixes). - PCI: mvebu: Do not modify PCI IO type bits in conf_write (git-fixes). - PCI: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge (git-fixes). - PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space (git-fixes). - PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device (git-fixes). - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes). - PCI: xgene: Fix IB window setup (git-fixes). - PM: runtime: Defer suspending suppliers (git-fixes). - PM: sleep: Do not assume that 'mem' is always present (git-fixes). - RDMA/hns: Replace kfree() with kvfree() (jsc#SLE-14777). - Rename colliding patches before the next SLE15-SP2 -> SLE15-SP3 merge - Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge - Revert 'PM: sleep: Do not assume that 'mem' is always present' (git-fixes). - Revert 'USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set' (git-fixes). - Revert 'net/mlx5: Add retry mechanism to the command entry index allocation' (jsc#SLE-15172). - USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (git-fixes). - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub (git-fixes). - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) (git-fixes). - USB: cdc-acm: fix break reporting (git-fixes). - USB: cdc-acm: fix racy tty buffer accesses (git-fixes). - USB: chipidea: fix interrupt deadlock (git-fixes). - USB: core: Fix bug in resuming hub's handling of wakeup requests (git-fixes). - USB: gadget: bRequestType is a bitfield, not a enum (git-fixes). - USB: gadget: detect too-big endpoint 0 requests (git-fixes). - USB: gadget: zero allocate endpoint 0 buffers (git-fixes). - USB: serial: cp210x: fix CP2105 GPIO registration (git-fixes). - USB: serial: option: add Telit FN990 compositions (git-fixes). - Update patches.suse/tpm-fix-potential-NULL-pointer-access-in-tpm_del_cha.patch (git-fixes bsc#1193660 ltc#195634). - Updated mpi3mr entry in supported.conf (bsc#1194578 jsc#SLE-18120) Moving this driver into the 'supported' package. - amd/display: downgrade validation failure log level (git-fixes). - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile (git-fixes). - atlantic: Fix buff_ring OOB in aq_ring_rx_clean (git-fixes). - ax25: NPD bug when detaching AX25 device (git-fixes). - backlight: qcom-wled: Fix off-by-one maximum with default num_strings (git-fixes). - backlight: qcom-wled: Override default length with qcom,enabled-strings (git-fixes). - backlight: qcom-wled: Pass number of elements to read to read_u32_array (git-fixes). - backlight: qcom-wled: Validate enabled string indices in DT (git-fixes). - batman-adv: mcast: do not send link-local multicast to mcast routers (git-fixes). - blk-cgroup: synchronize blkg creation against policy deactivation (bsc#1194584). - block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg() (git-fixes). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (git-fixes). - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (git-fixes). - can: kvaser_usb: get CAN clock frequency from device (git-fixes). - can: sja1000: fix use after free in ems_pcmcia_add_card() (git-fixes). - can: softing: softing_startstop(): fix set but not used variable warning (git-fixes). - can: softing_cs: softingcs_probe(): fix memleak on registration failure (git-fixes). - can: usb_8dev: remove unused member echo_skb from struct usb_8dev_priv (git-fixes). - can: xilinx_can: xcan_probe(): check for error irq (git-fixes). - char/mwave: Adjust io port register size (git-fixes). - clk: Do not parent clks until the parent is fully registered (git-fixes). - clk: Gemini: fix struct name in kernel-doc (git-fixes). - clk: bcm-2835: Pick the closest clock rate (git-fixes). - clk: bcm-2835: Remove rounding up the dividers (git-fixes). - clk: imx8mn: Fix imx8mn_clko1_sels (git-fixes). - clk: imx: pllv1: fix kernel-doc notation for struct clk_pllv1 (git-fixes). - clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (git-fixes). - clk: qcom: regmap-mux: fix parent clock lookup (git-fixes). - clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell (git-fixes). - crypto: caam - replace this_cpu_ptr with raw_cpu_ptr (git-fixes). - crypto: mxs-dcp - Use sg_mapping_iter to copy data (git-fixes). - crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() (git-fixes). - crypto: qat - do not ignore errors from enable_vf2pf_comms() (git-fixes). - crypto: qat - fix reuse of completion variable (git-fixes). - crypto: qat - handle both source of interrupt in VF ISR (git-fixes). - crypto: qce - fix uaf on qce_ahash_register_one (git-fixes). - crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (git-fixes). - crypto: stm32/cryp - fix double pm exit (git-fixes). - crypto: stm32/cryp - fix lrw chaining mode (git-fixes). - crypto: stm32/cryp - fix xts and race condition in crypto_engine requests (git-fixes). - debugfs: lockdown: Allow reading debugfs files that are not world readable (bsc#1193328 ltc#195566). - device property: Fix documentation for FWNODE_GRAPH_DEVICE_DISABLED (git-fixes). - dm crypt: document encrypted keyring key option (git-fixes). - dm writecache: add 'cleaner' and 'max_age' to Documentation (git-fixes). - dm writecache: advance the number of arguments when reporting max_age (git-fixes). - dm writecache: fix performance degradation in ssd mode (git-fixes). - dm writecache: flush origin device when writing and cache is full (git-fixes). - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() (git-fixes). - dmaengine: at_xdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (git-fixes). - dmaengine: at_xdmac: Fix concurrency over xfers_list (git-fixes). - dmaengine: at_xdmac: Fix lld view setting (git-fixes). - dmaengine: at_xdmac: Print debug message after realeasing the lock (git-fixes). - dmaengine: bestcomm: fix system boot lockups (git-fixes). - dmaengine: idxd: add module parameter to force disable of SVA (bsc#1192931). - dmaengine: idxd: enable SVA feature for IOMMU (bsc#1192931). - dmaengine: pxa/mmp: stop referencing config->slave_id (git-fixes). - dmaengine: st_fdma: fix MODULE_ALIAS (git-fixes). - drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (git-fixes). - drm/amd/display: Fix for the no Audio bug with Tiled Displays (git-fixes). - drm/amd/display: Update bounding box states (v2) (git-fixes). - drm/amd/display: Update number of DCN3 clock states (git-fixes). - drm/amd/display: add connector type check for CRC source set (git-fixes). - drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled (git-fixes). - drm/amd/display: fix incorrect CM/TF programming sequence in dwb (git-fixes). - drm/amd/display: fix missing writeback disablement if plane is removed (git-fixes). - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (git-fixes). - drm/amdgpu: Fix a printing message (git-fixes). - drm/amdgpu: Fix amdgpu_ras_eeprom_init() (git-fixes). - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE (git-fixes). - drm/amdgpu: revert 'Add autodump debugfs node for gpu reset v8' (git-fixes). - drm/amdkfd: Account for SH/SE count when setting up cu masks (git-fixes). - drm/amdkfd: Check for null pointer after calling kmemdup (git-fixes). - drm/ast: potential dereference of null pointer (git-fixes). - drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode (git-fixes). - drm/bridge: analogix_dp: Make PSR-exit block less (git-fixes). - drm/bridge: display-connector: fix an uninitialized pointer in probe() (git-fixes). - drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit (git-fixes). - drm/bridge: ti-sn65dsi86: Set max register for regmap (git-fixes). - drm/display: fix possible null-pointer dereference in dcn10_set_clock() (git-fixes). - drm/exynos: Always initialize mapping in exynos_drm_register_dma() (git-fixes). - drm/i915/fb: Fix rounding error in subsampled plane size calculation (git-fixes). - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/msm/dpu: fix safe status debugfs file (git-fixes). - drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660 (git-fixes). - drm/msm/dsi: set default num_data_lanes (git-fixes). - drm/msm/mdp5: fix cursor-related warnings (git-fixes). - drm/msm: mdp4: drop vblank get/put from prepare/complete_commit (git-fixes). - drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture() (git-fixes). - drm/panel: innolux-p079zca: Delete panel on attach() failure (git-fixes). - drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure (git-fixes). - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (git-fixes). - drm/rockchip: dsi: Disable PLL clock on bind error (git-fixes). - drm/rockchip: dsi: Fix unbalanced clock on probe error (git-fixes). - drm/rockchip: dsi: Hold pm-runtime across bind/unbind (git-fixes). - drm/rockchip: dsi: Reconfigure hardware on resume() (git-fixes). - drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get (git-fixes). - drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY (git-fixes). - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence (git-fixes). - drm/tegra: vic: Fix DMA API misuse (git-fixes). - drm/vboxvideo: fix a NULL vs IS_ERR() check (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered up during bind (git-fixes). - drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET (git-fixes). - drm/vc4: hdmi: Set a default HSM rate (git-fixes). - drm: fix null-ptr-deref in drm_dev_init_release() (git-fixes). - drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers (git-fixes). - drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel clock (git-fixes). - eeprom: idt_89hpesx: Put fwnode in matching case during ->probe() (git-fixes). - eeprom: idt_89hpesx: Restore printing the unsupported fwnode name (git-fixes). - ext4: Avoid trim error on fs with small groups (bsc#1191271). - ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - firmware: Update Kconfig help text for Google firmware (git-fixes). - firmware: arm_scmi: pm: Propagate return value to caller (git-fixes). - firmware: arm_scpi: Fix string overflow in SCPI genpd driver (git-fixes). - firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available() (git-fixes). - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries (git-fixes). - firmware: qemu_fw_cfg: fix kobject leak in probe error path (git-fixes). - firmware: qemu_fw_cfg: fix sysfs information leak (git-fixes). - firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' (git-fixes). - firmware: smccc: Fix check for ARCH_SOC_ID not implemented (git-fixes). - firmware: tegra: Fix error application of sizeof() to pointer (git-fixes). - firmware: tegra: Reduce stack usage (git-fixes). - firmware_loader: fix pre-allocated buf built-in firmware use (git-fixes). - floppy: Fix hang in watchdog when disk is ejected (git-fixes). - flow_offload: return EOPNOTSUPP for the unsupported mpls action type (bsc#1154353). - fuse: Pass correct lend value to filemap_write_and_wait_range() (bsc#1194953). - gpiolib: acpi: Make set-debounce-timeout failures non fatal (git-fixes). - gpu: host1x: Add back arm_iommu_detach_device() (git-fixes). - hwmon: (lm90) Add basic support for TI TMP461 (git-fixes). - hwmon: (lm90) Add max6654 support to lm90 driver (git-fixes). - hwmon: (lm90) Do not report 'busy' status bit as alarm (git-fixes). - hwmon: (lm90) Drop critical attribute support for MAX6654 (git-fixes). - hwmon: (lm90) Fix usage of CONFIG2 register in detect function (git-fixes). - hwmon: (lm90) Introduce flag indicating extended temperature support (git-fixes). - i2c: rk3x: Handle a spurious start completion interrupt flag (git-fixes). - i2c: validate user data in compat ioctl (git-fixes). - i3c: fix incorrect address slot lookup on 64-bit (git-fixes). - i3c: master: dw: check return of dw_i3c_master_get_free_pos() (git-fixes). - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (git-fixes). - i40e: Fix for displaying message regarding NVM version (git-fixes). - i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes). - i40e: Fix to not show opcode msg on unsuccessful VF MAC change (git-fixes). - i40e: fix use-after-free in i40e_sync_filters_subtask() (git-fixes). - iavf: Fix limit of total number of queues to active queues of VF (git-fixes). - iavf: restore MSI state on reset (git-fixes). - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (git-fixes). - ieee802154: fix error return code in ieee802154_llsec_getparams() (git-fixes). - ieee802154: fix error return code in ieee802154_add_iface() (git-fixes). - ieee802154: hwsim: Fix memory leak in hwsim_add_one (git-fixes). - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others (git-fixes). - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() (git-fixes). - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi (git-fixes). - igb: Fix removal of unicast MAC filters of VFs (git-fixes). - igbvf: fix double free in `igbvf_probe` (git-fixes). - igc: Fix typo in i225 LTR functions (jsc#SLE-13533). - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (git-fixes). - iio: ad7768-1: Call iio_trigger_notify_done() on error (git-fixes). - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (git-fixes). - iio: at91-sama5d2: Fix incorrect sign extension (git-fixes). - iio: dln2-adc: Fix lockdep complaint (git-fixes). - iio: dln2: Check return value of devm_iio_trigger_register() (git-fixes). - iio: itg3200: Call iio_trigger_notify_done() on error (git-fixes). - iio: kxsd9: Do not return error code in trigger handler (git-fixes). - iio: ltr501: Do not return error code in trigger handler (git-fixes). - iio: mma8452: Fix trigger reference couting (git-fixes). - iio: stk3310: Do not return error code in interrupt handler (git-fixes). - iio: trigger: Fix reference counting (git-fixes). - iio: trigger: stm32-timer: fix MODULE_ALIAS (git-fixes). - ionic: Initialize the 'lif->dbid_inuse' bitmap (bsc#1167773). - isofs: Fix out of bound access for corrupted isofs image (bsc#1194591). - iwlwifi: fw: correctly limit to monitor dump (git-fixes). - iwlwifi: mvm: Fix scan channel flags settings (git-fixes). - iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing() (git-fixes). - iwlwifi: mvm: avoid static queue number aliasing (git-fixes). - iwlwifi: mvm: disable RX-diversity in powersave (git-fixes). - iwlwifi: mvm: fix 32-bit build in FTM (git-fixes). - iwlwifi: mvm: fix access to BSS elements (git-fixes). - iwlwifi: mvm: test roc running status bits before removing the sta (git-fixes). - iwlwifi: pcie: free RBs during configure (git-fixes). - ixgbe: set X550 MDIO speed before talking to PHY (git-fixes). - kmod: make request_module() return an error when autoloading is disabled (git-fixes). - kobject: Restore old behaviour of kobject_del(NULL) (git-fixes). - kobject_uevent: remove warning in init_uevent_argv() (git-fixes). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - libata: add horkage for ASMedia 1092 (git-fixes). - libata: if T_LENGTH is zero, dma direction should be DMA_NONE (git-fixes). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - lockdown: Allow unprivileged users to see lockdown status (git-fixes). - mISDN: change function names to avoid conflicts (git-fixes). - mac80211: Fix monitor MTU limit so that A-MSDUs get through (git-fixes). - mac80211: agg-tx: do not schedule_and_wake_txq() under sta->lock (git-fixes). - mac80211: do not access the IV when it was stripped (git-fixes). - mac80211: fix lookup when adding AddBA extension element (git-fixes). - mac80211: fix regression in SSN handling of addba tx (git-fixes). - mac80211: initialize variable have_higher_than_11mbit (git-fixes). - mac80211: mark TX-during-stop for TX in in_reconfig (git-fixes). - mac80211: send ADDBA requests using the tid/queue of the aggregation session (git-fixes). - mac80211: track only QoS data frames for admission control (git-fixes). - mac80211: validate extended element ID is present (git-fixes). - mailbox: hi3660: convert struct comments to kernel-doc notation (git-fixes). - media: Revert 'media: uvcvideo: Set unique vdev name based in type' (bsc#1193255). - media: aspeed: Update signal status immediately to ensure sane hw state (git-fixes). - media: aspeed: fix mode-detect always time out at 2nd run (git-fixes). - media: cpia2: fix control-message timeouts (git-fixes). - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes). - media: dib8000: Fix a memleak in dib8000_init() (git-fixes). - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes). - media: dw2102: Fix use after free (git-fixes). - media: em28xx: fix control-message timeouts (git-fixes). - media: em28xx: fix memory leak in em28xx_init_dev (git-fixes). - media: flexcop-usb: fix control-message timeouts (git-fixes). - media: hantro: Fix probe func error path (git-fixes). - media: i2c: imx274: fix trivial typo expsoure/exposure (git-fixes). - media: i2c: imx274: fix trivial typo obainted/obtained (git-fixes). - media: imx-pxp: Initialize the spinlock prior to using it (git-fixes). - media: mceusb: fix control-message timeouts (git-fixes). - media: msi001: fix possible null-ptr-deref in msi001_probe() (git-fixes). - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (git-fixes). - media: pvrusb2: fix control-message timeouts (git-fixes). - media: rcar-csi2: Correct the selection of hsfreqrange (git-fixes). - media: rcar-csi2: Optimize the selection PHTW register (git-fixes). - media: redrat3: fix control-message timeouts (git-fixes). - media: s2255: fix control-message timeouts (git-fixes). - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (git-fixes). - media: si2157: Fix 'warm' tuner state detection (git-fixes). - media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() (git-fixes). - media: stk1160: fix control-message timeouts (git-fixes). - media: streamzap: remove unnecessary ir_raw_event_reset and handle (git-fixes). - media: uvcvideo: fix division by zero at stream start (git-fixes). - media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()' (git-fixes). - memblock: ensure there is no overflow in memblock_overlaps_region() (git-fixes). - memory: emif: Remove bogus debugfs error handling (git-fixes). - mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (git-fixes). - misc: fastrpc: Add missing lock before accessing find_vma() (git-fixes). - misc: fastrpc: fix improper packet size calculation (git-fixes). - misc: lattice-ecp3-config: Fix task hung when firmware load failed (git-fixes). - mmc: meson-mx-sdio: add IRQ check (git-fixes). - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (git-fixes). - mmc: sdhci-esdhc-imx: disable CMDQ support (git-fixes). - mmc: sdhci-pci: Add PCI ID for Intel ADL (git-fixes). - mmc: sdhci-tegra: Fix switch to HS400ES mode (git-fixes). - moxart: fix potential use-after-free on remove path (bsc#1194516). - mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode (git-fixes). - mt76: mt7915: fix an off-by-one bound check (git-fixes). - mtd: rawnand: fsmc: Fix timing computation (git-fixes). - mtd: rawnand: fsmc: Take instruction delay into account (git-fixes). - mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip() (git-fixes). - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (git-fixes). - mwifiex: Fix possible ABBA deadlock (git-fixes). - mwifiex: Try waking the firmware until we get an interrupt (git-fixes). - net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources (jsc#SLE-8464). - net/mlx5: Set command entry semaphore up once got index free (jsc#SLE-15172). - net/mlx5e: Fix wrong features assignment in case of error (git-fixes). - net/mlx5e: Wrap the tx reporter dump callback to extract the sq (jsc#SLE-15172). - net/sched: fq_pie: prevent dismantle issue (jsc#SLE-15172). - net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1176774). - net: create netdev->dev_addr assignment helpers (git-fixes). - net: ena: Fix error handling when calculating max IO queues number (bsc#1154492). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1154492). - net: ena: Fix wrong rx request id by resetting device (git-fixes). - net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (jsc#SLE-14777). - net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes). - net: usb: pegasus: Do not drop long Ethernet frames (git-fixes). - netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone (bsc#1176447). - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (git-fixes). - nfc: fix segfault in nfc_genl_dump_devices_done (git-fixes). - nfsd: Fix nsfd startup race (again) (git-fixes). - nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups (bsc#1176447). - nvme-tcp: block BH in sk state_change sk callback (git-fixes). - nvme-tcp: can't set sk_user_data without write_lock (git-fixes). - nvme-tcp: check sgl supported by target (git-fixes). - nvme-tcp: do not update queue count when failing to set io queues (git-fixes). - nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU (git-fixes). - nvme-tcp: fix crash triggered with a dataless request submission (git-fixes). - nvme-tcp: fix error codes in nvme_tcp_setup_ctrl() (git-fixes). - nvme-tcp: fix io_work priority inversion (git-fixes). - nvme-tcp: fix possible data corruption with bio merges (git-fixes). - nvme-tcp: fix possible req->offset corruption (git-fixes). - nvme-tcp: fix wrong setting of request iov_iter (git-fixes). - nvme-tcp: get rid of unused helper function (git-fixes). - nvme-tcp: pair send_mutex init with destroy (git-fixes). - nvme-tcp: pass multipage bvec to request iov_iter (git-fixes). - nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME (git-fixes). - pcmcia: fix setting of kthread task states (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (git-fixes). - pcnet32: Use pci_resource_len to validate PCI resource (git-fixes). - pinctrl: mediatek: fix global-out-of-bounds issue (git-fixes). - pinctrl: qcom: spmi-gpio: correct parent irqspec translation (git-fixes). - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (git-fixes). - pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() (git-fixes). - pipe: increase minimum default pipe size to 2 pages (bsc#1194587). - platform/x86: apple-gmux: use resource_size() with res (git-fixes). - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (git-fixes). - power: reset: ltc2952: Fix use of floating point literals (git-fixes). - power: supply: core: Break capacity loop (git-fixes). - power: supply: max17042_battery: Clear status bits in interrupt handler (git-fixes). - powerpc/64s: fix program check interrupt emergency stack path (bsc#1156395). - powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901 ltc#194976). - powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC (bsc#1156395). - powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses (bsc#1065729). - powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729). - powerpc/pseries/cpuhp: cache node corrections (bsc#1065729). - powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729). - powerpc/pseries/mobility: ignore ibm, platform-facilities updates (bsc#1065729). - powerpc/traps: do not enable irqs in _exception (bsc#1065729). - powerpc/xive: Add missing null check after calling kmalloc (bsc#1177437 ltc#188522 jsc#SLE-13294 git-fixes). - powerpc: add interrupt_cond_local_irq_enable helper (bsc#1065729). - powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901 ltc#194976). - pwm: mxs: Do not modify HW state in .probe() after the PWM chip was registered (git-fixes). - pwm: tiecap: Drop .free() callback (git-fixes). - qlcnic: potential dereference null pointer of rx_queue->page_ring (git-fixes). - quota: check block number when reading the block in quota file (bsc#1194589). - quota: correct error number in free_dqentry() (bsc#1194590). - random: fix data race on crng init time (git-fixes). - random: fix data race on crng_node_pool (git-fixes). - regmap: Call regmap_debugfs_exit() prior to _init() (git-fixes). - rndis_host: support Hytera digital radios (git-fixes). - rpmsg: core: Clean up resources on announce_create failure (git-fixes). - rtl8xxxu: Fix the handling of TX A-MPDU aggregation (git-fixes). - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (git-fixes). - rtw88: use read_poll_timeout instead of fixed sleep (git-fixes). - rtw88: wow: build wow function only if CONFIG_PM is on (git-fixes). - rtw88: wow: fix size access error of probe request (git-fixes). - sata: nv: fix debug format string mismatch (git-fixes). - select: Fix indefinitely sleeping task in poll_schedule_timeout() (bsc#1194027). - selftests: KVM: Explicitly use movq to read xmm registers (git-fixes). - selinux: fix potential memleak in selinux_add_opt() (git-fixes). - seq_buf: Fix overflow in seq_buf_putmem_hex() (git-fixes). - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 (git-fixes). - serial: pl011: Add ACPI SBSA UART match id (git-fixes). - serial: tty: uartlite: fix console setup (git-fixes). - sfc: Check null pointer of rx_queue->page_ring (git-fixes). - sfc: The RX page_ring is optional (git-fixes). - sfc: falcon: Check null pointer of rx_queue->page_ring (git-fixes). - sfc_ef100: potential dereference of null pointer (jsc#SLE-16683). - shmem: shmem_writepage() split unlikely i915 THP (git-fixes). - slimbus: qcom: fix potential NULL dereference in qcom_slim_prg_slew() (git-fixes). - soc/tegra: fuse: Fix bitwise vs. logical OR warning (git-fixes). - soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read (git-fixes). - soc: fsl: dpio: rename the enqueue descriptor variable (git-fixes). - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes). - soc: fsl: dpio: use an explicit NULL instead of 0 (git-fixes). - soc: fsl: dpio: use the combined functions to protect critical zone (git-fixes). - spi: change clk_disable_unprepare to clk_unprepare (git-fixes). - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (git-fixes). - spi: spi-rspi: Drop redeclaring ret variable in qspi_transfer_in() (git-fixes). - staging: emxx_udc: Fix passing of NULL to dma_alloc_coherent() (git-fixes). - staging: fbtft: Do not spam logs when probe is deferred (git-fixes). - staging: fbtft: Rectify GPIO handling (git-fixes). - staging: fieldbus: anybuss: jump to correct label in an error path (git-fixes). - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (git-fixes). - staging: rtl8192e: return error code from rtllib_softmac_init() (git-fixes). - staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() (git-fixes). - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (git-fixes). - string.h: fix incompatibility between FORTIFY_SOURCE and KASAN (git-fixes). - thermal/drivers/imx8mm: Enable ADC when enabling monitor (git-fixes). - thermal/drivers/int340x: Do not set a wrong tcc offset on resume (git-fixes). - thermal: core: Reset previous low and high trip during thermal zone init (git-fixes). - tpm: add request_locality before write TPM_INT_ENABLE (git-fixes). - tpm: fix potential NULL pointer access in tpm_del_char_device (git-fixes). - tracing/kprobes: 'nmissed' not showed correctly for kretprobe (git-fixes). - tracing/uprobes: Check the return value of kstrdup() for tu->filename (git-fixes). - tracing: Add test for user space strings when filtering on string pointers (git-fixes). - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (git-fixes). - tty: max310x: fix flexible_array.cocci warnings (git-fixes). - tty: serial: atmel: Call dma_async_issue_pending() (git-fixes). - tty: serial: atmel: Check return code of dmaengine_submit() (git-fixes). - tty: serial: earlycon dependency (git-fixes). - tty: serial: qcom_geni_serial: Drop __init from qcom_geni_console_setup (git-fixes). - tty: serial: uartlite: allow 64 bit address (git-fixes). - tty: synclink_gt: rename a conflicting function name (git-fixes). - udf: Fix crash after seekdir (bsc#1194592). - uio: uio_dmem_genirq: Catch the Exception (git-fixes). - usb: core: config: fix validation of wMaxPacketValue entries (git-fixes). - usb: core: config: using bit mask instead of individual bits (git-fixes). - usb: dwc2: check return value after calling platform_get_resource() (git-fixes). - usb: dwc3: gadget: Continue to process pending requests (git-fixes). - usb: dwc3: gadget: Ignore EP queue requests during bus reset (git-fixes). - usb: dwc3: gadget: Reclaim extra TRBs after request completion (git-fixes). - usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield (git-fixes). - usb: dwc3: ulpi: Fix USB2.0 HS/FS/LS PHY suspend regression (git-fixes). - usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one (git-fixes). - usb: dwc3: ulpi: fix checkpatch warning (git-fixes). - usb: ftdi-elan: fix memory leak on device disconnect (git-fixes). - usb: gadget: composite: Allow bMaxPower=0 if self-powered (git-fixes). - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear (git-fixes). - usb: gadget: u_ether: fix race in setting MAC address in setup phase (git-fixes). - usb: mtu3: add memory barrier before set GPD's HWO (git-fixes). - usb: mtu3: fix interval value for intr and isoc (git-fixes). - usb: mtu3: fix list_head check warning (git-fixes). - usb: mtu3: set interval of FS intr and isoc endpoint (git-fixes). - usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes). - usb: xhci: Extend support for runtime power management for AMD's Yellow carp (git-fixes). - usermodehelper: reset umask to default before executing user process (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - video: backlight: Drop maximum brightness override for brightness zero (git-fixes). - watchdog: Fix OMAP watchdog early handling (git-fixes). - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (git-fixes). - wcn36xx: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (git-fixes). - wcn36xx: Release DMA channel descriptor allocations (git-fixes). - wcn36xx: handle connection loss indication (git-fixes). - wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma (git-fixes). - x86/platform/uv: Add more to secondary CPU kdump info (bsc#1194493). - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes). - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (git-fixes). - xhci: avoid race between disable slot command and host runtime suspend (git-fixes). - xhci: fix unsafe memory usage in xhci tracing (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1154353 SUSE bug 1154492 SUSE bug 1156395 SUSE bug 1167773 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1177437 SUSE bug 1190256 SUSE bug 1191271 SUSE bug 1191929 SUSE bug 1192931 SUSE bug 1193255 SUSE bug 1193328 SUSE bug 1193660 SUSE bug 1193669 SUSE bug 1193727 SUSE bug 1193901 SUSE bug 1193927 SUSE bug 1194001 SUSE bug 1194027 SUSE bug 1194087 SUSE bug 1194094 SUSE bug 1194302 SUSE bug 1194493 SUSE bug 1194516 SUSE bug 1194517 SUSE bug 1194518 SUSE bug 1194529 SUSE bug 1194578 SUSE bug 1194580 SUSE bug 1194584 SUSE bug 1194586 SUSE bug 1194587 SUSE bug 1194589 SUSE bug 1194590 SUSE bug 1194591 SUSE bug 1194592 SUSE bug 1194888 SUSE bug 1194953 SUSE bug 1194985 CVE-2021-4083 CVE-2021-4135 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-45485 CVE-2021-45486 CVE-2021-46283 CVE-2022-0185 CVE-2022-0322 cpe:/o:opensuse:leap:15.3 Security update for nodejs8 (Moderate) openSUSE Leap 15.3 This update for nodejs8 fixes the following issues: - CVE-2021-44906: Fixed prototype pollution in npm dependency (bsc#1198247). - CVE-2021-44907: Fixed insuficient sanitation in npm dependency (bsc#1197283). - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819). Moderate SUSE bug 1194819 SUSE bug 1197283 SUSE bug 1198247 CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 cpe:/o:opensuse:leap:15.3 Security update for rust1.55 (Moderate) openSUSE Leap 15.3 This update for rust1.55 fixes the following issues: - CVE-2022-21658: Fixed race condition in std::fs::remove_dir_all (bsc#1194767). Moderate SUSE bug 1194767 CVE-2022-21658 cpe:/o:opensuse:leap:15.3 Security update for nodejs10 (Important) openSUSE Leap 15.3 This update for nodejs10 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). - CVE-2022-21824: Fixed prototype pollution via console.table (bsc#1194514). - CVE-2021-44906: Fixed prototype pollution in npm dependency (bsc#1198247). - CVE-2021-44907: Fixed insuficient sanitation in npm dependency (bsc#1197283). - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819). Important SUSE bug 1191962 SUSE bug 1191963 SUSE bug 1192153 SUSE bug 1192154 SUSE bug 1192696 SUSE bug 1194514 SUSE bug 1194819 SUSE bug 1197283 SUSE bug 1198247 CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-21824 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: Various security fixes MFSA 2022-18 (bsc#1198970): - CVE-2022-1520: Incorrect security status shown after viewing an attached email (bmo#1745019). - CVE-2022-29914: Fullscreen notification bypass using popups (bmo#1746448). - CVE-2022-29909: Bypassing permission prompt in nested browsing contexts (bmo#1755081). - CVE-2022-29916: Leaking browser history with CSS variables (bmo#1760674). - CVE-2022-29911: iframe sandbox bypass (bmo#1761981). - CVE-2022-29912: Reader mode bypassed SameSite cookies (bmo#1692655). - CVE-2022-29913: Speech Synthesis feature not properly disabled (bmo#1764778). - CVE-2022-29917: Memory safety bugs fixed in Thunderbird 91.9 (bmo#1684739, bmo#1706441, bmo#1753298, bmo#1762614, bmo#1762620). Important SUSE bug 1198970 CVE-2022-1520 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29913 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 cpe:/o:opensuse:leap:15.3 Security update for ucode-intel (Moderate) openSUSE Leap 15.3 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220510 release. (bsc#1199423) Updated to Intel CPU Microcode 20220419 release. (bsc#1198717) - CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423). Moderate SUSE bug 1198717 SUSE bug 1199423 CVE-2022-21151 cpe:/o:opensuse:leap:15.3 Security update for libslirp (Important) openSUSE Leap 15.3 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] Important SUSE bug 1187364 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1198773 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970): - CVE-2022-29914: Fullscreen notification bypass using popups - CVE-2022-29909: Bypassing permission prompt in nested browsing contexts - CVE-2022-29916: Leaking browser history with CSS variables - CVE-2022-29911: iframe Sandbox bypass - CVE-2022-29912: Reader mode bypassed SameSite cookies - CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 Important SUSE bug 1198970 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 cpe:/o:opensuse:leap:15.3 Security update for rust1.57 (Moderate) openSUSE Leap 15.3 This update for rust1.57 fixes the following issues: - CVE-2022-21658: Fixed race condition in std::fs::remove_dir_all (bsc#1194767). Moderate SUSE bug 1194767 CVE-2022-21658 cpe:/o:opensuse:leap:15.3 Security update for libxml2 (Important) openSUSE Leap 15.3 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Important SUSE bug 1196490 SUSE bug 1199132 CVE-2022-23308 CVE-2022-29824 cpe:/o:opensuse:leap:15.3 Security update for unbound (Important) openSUSE Leap 15.3 This update for unbound fixes the following issues: - CVE-2019-25031: Fixed configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack (bsc#1185382). - CVE-2019-25032: Fixed integer overflow in the regional allocator via regional_alloc (bsc#1185383). - CVE-2019-25033: Fixed integer overflow in the regional allocator via the ALIGN_UP macro (bsc#1185384). - CVE-2019-25034: Fixed integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write (bsc#1185385). - CVE-2019-25035: Fixed out-of-bounds write in sldns_bget_token_par (bsc#1185386). - CVE-2019-25036: Fixed assertion failure and denial of service in synth_cname (bsc#1185387). - CVE-2019-25037: Fixed assertion failure and denial of service in dname_pkt_copy via an invalid packet (bsc#1185388). - CVE-2019-25038: Fixed integer overflow in a size calculation in dnscrypt/dnscrypt.c (bsc#1185389). - CVE-2019-25039: Fixed integer overflow in a size calculation in respip/respip.c (bsc#1185390). - CVE-2019-25040: Fixed infinite loop via a compressed name in dname_pkt_copy (bsc#1185391). - CVE-2019-25041: Fixed assertion failure via a compressed name in dname_pkt_copy (bsc#1185392). - CVE-2019-25042: Fixed out-of-bounds write via a compressed name in rdata_copy (bsc#1185393). - CVE-2020-28935: Fixed symbolic link traversal when writing PID file (bsc#1179191). Important SUSE bug 1076963 SUSE bug 1112009 SUSE bug 1112033 SUSE bug 1179191 SUSE bug 1185382 SUSE bug 1185383 SUSE bug 1185384 SUSE bug 1185385 SUSE bug 1185386 SUSE bug 1185387 SUSE bug 1185388 SUSE bug 1185389 SUSE bug 1185390 SUSE bug 1185391 SUSE bug 1185392 SUSE bug 1185393 CVE-2019-25031 CVE-2019-25032 CVE-2019-25033 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 CVE-2020-28935 cpe:/o:opensuse:leap:15.3 Security update for ImageMagick (Moderate) openSUSE Leap 15.3 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350). Bugfixes: - Use png_get_eXIf_1 when available (bsc#1197147). Moderate SUSE bug 1197147 SUSE bug 1199350 CVE-2022-28463 cpe:/o:opensuse:leap:15.3 Security update for php7 (Low) openSUSE Leap 15.3 This update for php7 fixes the following issues: - Fixed filter_var bypass vulnerability (bsc#1197644). Low SUSE bug 1197644 cpe:/o:opensuse:leap:15.3 Security update for qemu (Low) openSUSE Leap 15.3 This update for qemu fixes the following issues: - CVE-2021-20196: Fixed null pointer dereference that may lead to guest crash (bsc#1181361). Low SUSE bug 1181361 CVE-2021-20196 cpe:/o:opensuse:leap:15.3 Security update for expat (Important) openSUSE Leap 15.3 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). Important SUSE bug 1194251 SUSE bug 1194362 SUSE bug 1194474 SUSE bug 1194476 SUSE bug 1194477 SUSE bug 1194478 SUSE bug 1194479 SUSE bug 1194480 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 cpe:/o:opensuse:leap:15.3 Security update for libarchive (Moderate) openSUSE Leap 15.3 This update for libarchive fixes the following issues: - CVE-2022-26280: Fixed out-of-bounds read via the component zipx_lzma_alone_init (bsc#1197634). Moderate SUSE bug 1197634 CVE-2022-26280 cpe:/o:opensuse:leap:15.3 Security update for webkit2gtk3 (Important) openSUSE Leap 15.3 This update for webkit2gtk3 fixes the following issues: - Update to version 2.34.3 (bsc#1194019). - CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy when processing maliciously crafted web content. - CVE-2021-30890: Fixed logic issue allowing universal cross site scripting when processing maliciously crafted web content. Important SUSE bug 1194019 CVE-2019-8766 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2020-13753 CVE-2020-27918 CVE-2020-29623 CVE-2020-3902 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9952 CVE-2021-1765 CVE-2021-1788 CVE-2021-1817 CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-1844 CVE-2021-1871 CVE-2021-30661 CVE-2021-30666 CVE-2021-30682 CVE-2021-30761 CVE-2021-30762 CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30858 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 cpe:/o:opensuse:leap:15.3 Security update for go1.18 (Moderate) openSUSE Leap 15.3 This update for go1.18 fixes the following issues: - CVE-2022-29526: Fixed faccessat() system call operation that checked the wrong group (bsc#1199413). - go1.18.2 (released 2022-05-10) (bsc#1193742). Moderate SUSE bug 1193742 SUSE bug 1199413 CVE-2022-29526 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 (bsc#1199768): - CVE-2022-1802: Prototype pollution in Top-Level Await implementation - CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution Important SUSE bug 1199768 CVE-2022-1529 CVE-2022-1802 cpe:/o:opensuse:leap:15.3 Security update for slurm_20_11 (Important) openSUSE Leap 15.3 This update for slurm_20_11 fixes the following issues: - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to arbitrary unix socket as root (bsc#1199279). Important SUSE bug 1199278 SUSE bug 1199279 CVE-2022-29500 CVE-2022-29501 cpe:/o:opensuse:leap:15.3 Security update for json-c (Important) openSUSE Leap 15.3 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) Important SUSE bug 1171479 CVE-2020-12762 cpe:/o:opensuse:leap:15.3 Security update for kernel-firmware (Moderate) openSUSE Leap 15.3 This update for kernel-firmware fixes the following issues: Update AMD ucode and SEV firmware - (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, CVE-2021-46744, bsc#1199459, bsc#1199470) Moderate SUSE bug 1199459 SUSE bug 1199470 CVE-2021-26312 CVE-2021-26339 CVE-2021-26342 CVE-2021-26347 CVE-2021-26348 CVE-2021-26349 CVE-2021-26350 CVE-2021-26364 CVE-2021-26372 CVE-2021-26373 CVE-2021-26375 CVE-2021-26376 CVE-2021-26378 CVE-2021-26388 CVE-2021-46744 cpe:/o:opensuse:leap:15.3 Security update for redis (Moderate) openSUSE Leap 15.3 This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection (bsc#1198952). - CVE-2022-24736: Fixed Lua NULL pointer dereference (bsc#1198953). Moderate SUSE bug 1198952 SUSE bug 1198953 CVE-2022-24735 CVE-2022-24736 cpe:/o:opensuse:leap:15.3 Security update for fribidi (Moderate) openSUSE Leap 15.3 This update for fribidi fixes the following issues: - CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147). - CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148). - CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150). Moderate SUSE bug 1196147 SUSE bug 1196148 SUSE bug 1196150 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 cpe:/o:opensuse:leap:15.3 Security update for cups (Important) openSUSE Leap 15.3 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474) Important SUSE bug 1199474 CVE-2022-26691 cpe:/o:opensuse:leap:15.3 Security update for go1.17 (Moderate) openSUSE Leap 15.3 This update for go1.17 fixes the following issues: - CVE-2022-29526: Fixed faccessat() system call operation that checked the wrong group (bsc#1199413). - go1.17.10 (released 2022-05-10) (bsc#1190649). Moderate SUSE bug 1190649 SUSE bug 1199413 CVE-2022-29526 cpe:/o:opensuse:leap:15.3 Security update for curl (Important) openSUSE Leap 15.3 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) Important SUSE bug 1199223 SUSE bug 1199224 CVE-2022-27781 CVE-2022-27782 cpe:/o:opensuse:leap:15.3 Security update for tiff (Important) openSUSE Leap 15.3 This update for tiff fixes the following issues: - CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964). - CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965). - CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066). - CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197072). - CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073). - CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() (bsc#1197074). - CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197631). - CVE-2022-0891: Fixed heap buffer overflow in extractImageSection (bsc#1197068). Important SUSE bug 1195964 SUSE bug 1195965 SUSE bug 1197066 SUSE bug 1197068 SUSE bug 1197072 SUSE bug 1197073 SUSE bug 1197074 SUSE bug 1197631 CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-1056 cpe:/o:opensuse:leap:15.3 Security update for pcre2 (Important) openSUSE Leap 15.3 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). Important SUSE bug 1199232 CVE-2022-1586 cpe:/o:opensuse:leap:15.3 Security update for helm-mirror (Moderate) openSUSE Leap 15.3 This update for helm-mirror fixes the following issues: - Updated to version 0.3.1: - CVE-2019-18658: Fixed a potential symbolic link issue in helm that could be used to leak sensitive files (bsc#1156646). Moderate SUSE bug 1156646 SUSE bug 1197728 CVE-2019-18658 cpe:/o:opensuse:leap:15.3 Security update for postgresql10 (Important) openSUSE Leap 15.3 This update for postgresql10 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:opensuse:leap:15.3 Security update for dpdk (Moderate) openSUSE Leap 15.3 This update for dpdk fixes the following issues: Security: - CVE-2021-3839: Fixed a memory corruption issue during vhost-user communication (bsc#1198963). - CVE-2022-0669: Fixed a denial of service that could be triggered by a vhost-user master (bsc#1198964). Bugfixes: - kni: allow configuring thread granularity (bsc#1195172). - Fixed reading of PCI device name as UTF strings (bsc#1198873). Moderate SUSE bug 1195172 SUSE bug 1198873 SUSE bug 1198963 SUSE bug 1198964 CVE-2021-3839 CVE-2022-0669 cpe:/o:opensuse:leap:15.3 Security update for postgresql12 (Important) openSUSE Leap 15.3 This update for postgresql12 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:opensuse:leap:15.3 Security update for postgresql13 (Important) openSUSE Leap 15.3 This update for postgresql13 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:opensuse:leap:15.3 Security update for polkit (Important) openSUSE Leap 15.3 This update for polkit fixes the following issues: - CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568). Important SUSE bug 1194568 CVE-2021-4034 cpe:/o:opensuse:leap:15.3 Security update for postgresql14 (Important) openSUSE Leap 15.3 This update for postgresql14 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:opensuse:leap:15.3 Security update for hdf5 (Important) openSUSE Leap 15.3 This update for hdf5 fixes the following issues: Security issues fixed: - CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405). - CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401). - CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404). - CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570). - CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569). - CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568). - CVE-2018-17434: Fixed SIGFPE signal raise in function apply_filters() of h5repack_filters.c (bsc#1109566). - CVE-2018-17433: Fixed heap-based buffer overflow in ReadGifImageDesc() in gifread.c (bsc#1109565). - CVE-2018-17432: Fixed NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c (bsc#1109564). - CVE-2018-17237: Fixed SIGFPE signal raise in the function H5D__chunk_set_info_real() (bsc#1109168). - CVE-2018-17234: Fixed memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167). - CVE-2018-14460: Fixed heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c (bsc#1102175). - CVE-2018-14033: Fixed heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c (bsc#1101471). - CVE-2018-14032: Fixed heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c (bsc#1101474). - CVE-2018-11206: Fixed out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c (bsc#1093657). Bugfixes: - Fix python-h5py packages built against out-of-date version of HDF5 (bsc#1196682). - Fix netcdf-cxx4 packages built against out-of-date version of HDF5 (bsc#1179521). Important SUSE bug 1093657 SUSE bug 1101471 SUSE bug 1101474 SUSE bug 1102175 SUSE bug 1109167 SUSE bug 1109168 SUSE bug 1109564 SUSE bug 1109565 SUSE bug 1109566 SUSE bug 1109568 SUSE bug 1109569 SUSE bug 1109570 SUSE bug 1167401 SUSE bug 1167404 SUSE bug 1167405 SUSE bug 1179521 SUSE bug 1196682 CVE-2018-11206 CVE-2018-14032 CVE-2018-14033 CVE-2018-14460 CVE-2018-17234 CVE-2018-17237 CVE-2018-17432 CVE-2018-17433 CVE-2018-17434 CVE-2018-17436 CVE-2018-17437 CVE-2018-17438 CVE-2020-10809 CVE-2020-10810 CVE-2020-10811 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027) - CVE-2022-31736: Cross-Origin resource's length leaked - CVE-2022-31737: Heap buffer overflow in WebGL - CVE-2022-31738: Browser window spoof using fullscreen mode - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files - CVE-2022-31740: Register allocation problem in WASM on arm64 - CVE-2022-31741: Uninitialized variable leads to invalid memory read - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information - CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 Important SUSE bug 1200027 CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 cpe:/o:opensuse:leap:15.3 Security update for patch (Moderate) openSUSE Leap 15.3 This update for patch fixes the following issues: Security issues fixed: - CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (bsc#1142041). - CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leading to a crash (bsc#1080985). Bugfixes: - Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn't apply, leading to a segmentation fault (bsc#1111572). - Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (bsc#1198106). Moderate SUSE bug 1080985 SUSE bug 1111572 SUSE bug 1142041 SUSE bug 1198106 CVE-2018-6952 CVE-2019-13636 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985). - CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302). - CVE-2021-46283: nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace (bnc#1194518). - CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927). - CVE-2021-4202: Fixed a race condition during NFC device remove which could lead to a use-after-free memory corruption (bsc#1194529) - CVE-2021-4083: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allowed a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4 (bnc#1193727). - CVE-2021-4149: Fixed a locking condition in btrfs which could lead to system deadlocks (bsc#1194001). - CVE-2021-45485: In the IPv6 implementation in net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses (bnc#1194094). - CVE-2021-45486: In the IPv4 implementation in net/ipv4/route.c has an information leak because the hash table is very small (bnc#1194087). The following non-security bugs were fixed: - ACPI: APD: Check for NULL pointer after calling devm_ioremap() (git-fixes). - ACPI: Add stubs for wakeup handler functions (git-fixes). - ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (git-fixes). - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: ctl: Fix copy of updated id with element read/write (git-fixes). - ALSA: drivers: opl3: Fix incorrect use of vp->state (git-fixes). - ALSA: hda/hdmi: Disable silent stream on GLK (git-fixes). - ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100 (git-fixes). - ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 (git-fixes). - ALSA: hda/realtek: Fix quirk for Clevo NJ51CU (git-fixes). - ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers (git-fixes). - ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ (git-fixes). - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: hda: Make proper use of timecounter (git-fixes). - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: jack: Check the return value of kstrdup() (git-fixes). - ALSA: oss: fix compile error when OSS_DEBUG is enabled (git-fixes). - ALSA: pcm: oss: Fix negative period/buffer sizes (git-fixes). - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (git-fixes). - ALSA: pcm: oss: Limit the period size to 16MB (git-fixes). - ALSA: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID (git-fixes). - ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk (git-fixes). - ASoC: codecs: wcd934x: handle channel mappping list correctly (git-fixes). - ASoC: codecs: wcd934x: return correct value from mixer put (git-fixes). - ASoC: codecs: wcd934x: return error code correctly from hw_params (git-fixes). - ASoC: codecs: wsa881x: fix return values from kcontrol put (git-fixes). - ASoC: cs42l42: Correct configuring of switch inversion from ts-inv (git-fixes). - ASoC: cs42l42: Disable regulators if probe fails (git-fixes). - ASoC: cs42l42: Use device_property API instead of of_property (git-fixes). - ASoC: fsl_asrc: refine the check of available clock divider (git-fixes). - ASoC: fsl_mqs: fix MODULE_ALIAS (git-fixes). - ASoC: mediatek: Check for error clk pointer (git-fixes). - ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s (git-fixes). - ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent() (git-fixes). - ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer (git-fixes). - ASoC: rt5663: Handle device_property_read_u32_array error codes (git-fixes). - ASoC: samsung: idma: Check of ioremap return value (git-fixes). - ASoC: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked() (git-fixes). - ASoC: sunxi: fix a sound binding broken reference (git-fixes). - ASoC: tegra: Fix kcontrol put callback in ADMAIF (git-fixes). - ASoC: tegra: Fix kcontrol put callback in AHUB (git-fixes). - ASoC: tegra: Fix kcontrol put callback in DMIC (git-fixes). - ASoC: tegra: Fix kcontrol put callback in DSPK (git-fixes). - ASoC: tegra: Fix kcontrol put callback in I2S (git-fixes). - ASoC: tegra: Fix wrong value type in ADMAIF (git-fixes). - ASoC: tegra: Fix wrong value type in DMIC (git-fixes). - ASoC: tegra: Fix wrong value type in DSPK (git-fixes). - ASoC: tegra: Fix wrong value type in I2S (git-fixes). - ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA (git-fixes). - Add cherry-picked IDs for qemu fw_cfg patches - Bluetooth: L2CAP: Fix using wrong mode (git-fixes). - Bluetooth: bfusb: fix division by zero in send path (git-fixes). - Bluetooth: btmtksdio: fix resume failure (git-fixes). - Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (git-fixes). - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (git-fixes). - Bluetooth: hci_bcm: Check for error irq (git-fixes). - Bluetooth: hci_qca: Stop IBS timer during BT OFF (git-fixes). - Bluetooth: stop proccessing malicious adv data (git-fixes). - Documentation: ACPI: Fix data node reference documentation (git-fixes). - Documentation: dmaengine: Correctly describe dmatest with channel unset (git-fixes). - Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (git-fixes). - HID: add USB_HID dependancy to hid-chicony (git-fixes). - HID: add USB_HID dependancy to hid-prodikeys (git-fixes). - HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (git-fixes). - HID: bigbenff: prevent null pointer dereference (git-fixes). - HID: google: add eel USB id (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init (git-fixes). - HID: quirks: Add quirk for the Microsoft Surface 3 type-cover (git-fixes). - Input: appletouch - initialize work before device registration (git-fixes). - Input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes). - Input: elantech - fix stack out of bound access in elantech_change_report_id() (git-fixes). - Input: i8042 - add deferred probe support (bsc#1190256). - Input: i8042 - enable deferred probe quirk for ASUS UM325UA (bsc#1190256). - Input: max8925_onkey - do not mark comment as kernel-doc (git-fixes). - Input: spaceball - fix parsing of movement data packets (git-fixes). - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes). - Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes). - Move upstreamed patches into sorted section - NFC: st21nfca: Fix memory leak in device probe and remove (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - PCI/ACPI: Fix acpi_pci_osc_control_set() kernel-doc comment (git-fixes). - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes). - PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes). - PCI/MSI: Mask MSI-X vectors only on success (git-fixes). - PCI: cadence: Add cdns_plat_pcie_probe() missing return (git-fixes). - PCI: dwc: Do not remap invalid res (git-fixes). - PCI: mvebu: Check for errors from pci_bridge_emul_init() call (git-fixes). - PCI: mvebu: Do not modify PCI IO type bits in conf_write (git-fixes). - PCI: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge (git-fixes). - PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space (git-fixes). - PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device (git-fixes). - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes). - PCI: xgene: Fix IB window setup (git-fixes). - PM: runtime: Defer suspending suppliers (git-fixes). - PM: sleep: Do not assume that 'mem' is always present (git-fixes). - RDMA/hns: Replace kfree() with kvfree() (jsc#SLE-14777). - Revert 'PM: sleep: Do not assume that 'mem' is always present' (git-fixes). - Revert 'USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set' (git-fixes). - Revert 'net/mlx5: Add retry mechanism to the command entry index allocation' (jsc#SLE-15172). - USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (git-fixes). - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub (git-fixes). - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) (git-fixes). - USB: cdc-acm: fix break reporting (git-fixes). - USB: cdc-acm: fix racy tty buffer accesses (git-fixes). - USB: chipidea: fix interrupt deadlock (git-fixes). - USB: core: Fix bug in resuming hub's handling of wakeup requests (git-fixes). - USB: gadget: bRequestType is a bitfield, not a enum (git-fixes). - USB: gadget: detect too-big endpoint 0 requests (git-fixes). - USB: gadget: zero allocate endpoint 0 buffers (git-fixes). - USB: serial: cp210x: fix CP2105 GPIO registration (git-fixes). - USB: serial: option: add Telit FN990 compositions (git-fixes). - Update patches.suse/tpm-fix-potential-NULL-pointer-access-in-tpm_del_cha.patch (git-fixes bsc#1193660 ltc#195634). - Updated mpi3mr entry in supported.conf (bsc#1194578 jsc#SLE-18120) Moving this driver into the 'supported' package. - amd/display: downgrade validation failure log level (git-fixes). - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile (git-fixes). - atlantic: Fix buff_ring OOB in aq_ring_rx_clean (git-fixes). - ax25: NPD bug when detaching AX25 device (git-fixes). - backlight: qcom-wled: Fix off-by-one maximum with default num_strings (git-fixes). - backlight: qcom-wled: Override default length with qcom,enabled-strings (git-fixes). - backlight: qcom-wled: Pass number of elements to read to read_u32_array (git-fixes). - backlight: qcom-wled: Validate enabled string indices in DT (git-fixes). - batman-adv: mcast: do not send link-local multicast to mcast routers (git-fixes). - blk-cgroup: synchronize blkg creation against policy deactivation (bsc#1194584). - block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg() (git-fixes). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (git-fixes). - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (git-fixes). - can: kvaser_usb: get CAN clock frequency from device (git-fixes). - can: sja1000: fix use after free in ems_pcmcia_add_card() (git-fixes). - can: softing: softing_startstop(): fix set but not used variable warning (git-fixes). - can: softing_cs: softingcs_probe(): fix memleak on registration failure (git-fixes). - can: usb_8dev: remove unused member echo_skb from struct usb_8dev_priv (git-fixes). - can: xilinx_can: xcan_probe(): check for error irq (git-fixes). - char/mwave: Adjust io port register size (git-fixes). - clk: Do not parent clks until the parent is fully registered (git-fixes). - clk: Gemini: fix struct name in kernel-doc (git-fixes). - clk: bcm-2835: Pick the closest clock rate (git-fixes). - clk: bcm-2835: Remove rounding up the dividers (git-fixes). - clk: imx8mn: Fix imx8mn_clko1_sels (git-fixes). - clk: imx: pllv1: fix kernel-doc notation for struct clk_pllv1 (git-fixes). - clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (git-fixes). - clk: qcom: regmap-mux: fix parent clock lookup (git-fixes). - clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell (git-fixes). - crypto: caam - replace this_cpu_ptr with raw_cpu_ptr (git-fixes). - crypto: mxs-dcp - Use sg_mapping_iter to copy data (git-fixes). - crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() (git-fixes). - crypto: qat - do not ignore errors from enable_vf2pf_comms() (git-fixes). - crypto: qat - fix reuse of completion variable (git-fixes). - crypto: qat - handle both source of interrupt in VF ISR (git-fixes). - crypto: qce - fix uaf on qce_ahash_register_one (git-fixes). - crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (git-fixes). - crypto: stm32/cryp - fix double pm exit (git-fixes). - crypto: stm32/cryp - fix lrw chaining mode (git-fixes). - crypto: stm32/cryp - fix xts and race condition in crypto_engine requests (git-fixes). - debugfs: lockdown: Allow reading debugfs files that are not world readable (bsc#1193328 ltc#195566). - device property: Fix documentation for FWNODE_GRAPH_DEVICE_DISABLED (git-fixes). - dm crypt: document encrypted keyring key option (git-fixes). - dm writecache: add 'cleaner' and 'max_age' to Documentation (git-fixes). - dm writecache: advance the number of arguments when reporting max_age (git-fixes). - dm writecache: fix performance degradation in ssd mode (git-fixes). - dm writecache: flush origin device when writing and cache is full (git-fixes). - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() (git-fixes). - dmaengine: at_xdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (git-fixes). - dmaengine: at_xdmac: Fix concurrency over xfers_list (git-fixes). - dmaengine: at_xdmac: Fix lld view setting (git-fixes). - dmaengine: at_xdmac: Print debug message after realeasing the lock (git-fixes). - dmaengine: bestcomm: fix system boot lockups (git-fixes). - dmaengine: idxd: add module parameter to force disable of SVA (bsc#1192931). - dmaengine: idxd: enable SVA feature for IOMMU (bsc#1192931). - dmaengine: pxa/mmp: stop referencing config->slave_id (git-fixes). - dmaengine: st_fdma: fix MODULE_ALIAS (git-fixes). - drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (git-fixes). - drm/amd/display: Fix for the no Audio bug with Tiled Displays (git-fixes). - drm/amd/display: Update bounding box states (v2) (git-fixes). - drm/amd/display: Update number of DCN3 clock states (git-fixes). - drm/amd/display: add connector type check for CRC source set (git-fixes). - drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled (git-fixes). - drm/amd/display: fix incorrect CM/TF programming sequence in dwb (git-fixes). - drm/amd/display: fix missing writeback disablement if plane is removed (git-fixes). - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (git-fixes). - drm/amdgpu: Fix a printing message (git-fixes). - drm/amdgpu: Fix amdgpu_ras_eeprom_init() (git-fixes). - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE (git-fixes). - drm/amdgpu: revert 'Add autodump debugfs node for gpu reset v8' (git-fixes). - drm/amdkfd: Account for SH/SE count when setting up cu masks (git-fixes). - drm/amdkfd: Check for null pointer after calling kmemdup (git-fixes). - drm/ast: potential dereference of null pointer (git-fixes). - drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode (git-fixes). - drm/bridge: analogix_dp: Make PSR-exit block less (git-fixes). - drm/bridge: display-connector: fix an uninitialized pointer in probe() (git-fixes). - drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit (git-fixes). - drm/bridge: ti-sn65dsi86: Set max register for regmap (git-fixes). - drm/display: fix possible null-pointer dereference in dcn10_set_clock() (git-fixes). - drm/exynos: Always initialize mapping in exynos_drm_register_dma() (git-fixes). - drm/i915/fb: Fix rounding error in subsampled plane size calculation (git-fixes). - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/msm/dpu: fix safe status debugfs file (git-fixes). - drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660 (git-fixes). - drm/msm/dsi: set default num_data_lanes (git-fixes). - drm/msm/mdp5: fix cursor-related warnings (git-fixes). - drm/msm: mdp4: drop vblank get/put from prepare/complete_commit (git-fixes). - drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture() (git-fixes). - drm/panel: innolux-p079zca: Delete panel on attach() failure (git-fixes). - drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure (git-fixes). - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (git-fixes). - drm/rockchip: dsi: Disable PLL clock on bind error (git-fixes). - drm/rockchip: dsi: Fix unbalanced clock on probe error (git-fixes). - drm/rockchip: dsi: Hold pm-runtime across bind/unbind (git-fixes). - drm/rockchip: dsi: Reconfigure hardware on resume() (git-fixes). - drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get (git-fixes). - drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY (git-fixes). - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence (git-fixes). - drm/tegra: vic: Fix DMA API misuse (git-fixes). - drm/vboxvideo: fix a NULL vs IS_ERR() check (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered up during bind (git-fixes). - drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET (git-fixes). - drm/vc4: hdmi: Set a default HSM rate (git-fixes). - drm: fix null-ptr-deref in drm_dev_init_release() (git-fixes). - drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers (git-fixes). - drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel clock (git-fixes). - eeprom: idt_89hpesx: Put fwnode in matching case during ->probe() (git-fixes). - eeprom: idt_89hpesx: Restore printing the unsupported fwnode name (git-fixes). - ext4: Avoid trim error on fs with small groups (bsc#1191271). - ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - firmware: Update Kconfig help text for Google firmware (git-fixes). - firmware: arm_scmi: pm: Propagate return value to caller (git-fixes). - firmware: arm_scpi: Fix string overflow in SCPI genpd driver (git-fixes). - firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available() (git-fixes). - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries (git-fixes). - firmware: qemu_fw_cfg: fix kobject leak in probe error path (git-fixes). - firmware: qemu_fw_cfg: fix sysfs information leak (git-fixes). - firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' (git-fixes). - firmware: smccc: Fix check for ARCH_SOC_ID not implemented (git-fixes). - firmware: tegra: Fix error application of sizeof() to pointer (git-fixes). - firmware: tegra: Reduce stack usage (git-fixes). - firmware_loader: fix pre-allocated buf built-in firmware use (git-fixes). - floppy: Fix hang in watchdog when disk is ejected (git-fixes). - flow_offload: return EOPNOTSUPP for the unsupported mpls action type (bsc#1154353). - fuse: Pass correct lend value to filemap_write_and_wait_range() (bsc#1194953). - gpiolib: acpi: Make set-debounce-timeout failures non fatal (git-fixes). - gpu: host1x: Add back arm_iommu_detach_device() (git-fixes). - hwmon: (lm90) Add basic support for TI TMP461 (git-fixes). - hwmon: (lm90) Add max6654 support to lm90 driver (git-fixes). - hwmon: (lm90) Do not report 'busy' status bit as alarm (git-fixes). - hwmon: (lm90) Drop critical attribute support for MAX6654 (git-fixes). - hwmon: (lm90) Fix usage of CONFIG2 register in detect function (git-fixes). - hwmon: (lm90) Introduce flag indicating extended temperature support (git-fixes). - i2c: rk3x: Handle a spurious start completion interrupt flag (git-fixes). - i2c: validate user data in compat ioctl (git-fixes). - i3c: fix incorrect address slot lookup on 64-bit (git-fixes). - i3c: master: dw: check return of dw_i3c_master_get_free_pos() (git-fixes). - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (git-fixes). - i40e: Fix for displaying message regarding NVM version (git-fixes). - i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes). - i40e: Fix to not show opcode msg on unsuccessful VF MAC change (git-fixes). - i40e: fix use-after-free in i40e_sync_filters_subtask() (git-fixes). - iavf: Fix limit of total number of queues to active queues of VF (git-fixes). - iavf: restore MSI state on reset (git-fixes). - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (git-fixes). - ieee802154: fix error return code in ieee802154_llsec_getparams() (git-fixes). - ieee802154: fix error return code in ieee802154_add_iface() (git-fixes). - ieee802154: hwsim: Fix memory leak in hwsim_add_one (git-fixes). - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others (git-fixes). - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() (git-fixes). - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi (git-fixes). - igb: Fix removal of unicast MAC filters of VFs (git-fixes). - igbvf: fix double free in `igbvf_probe` (git-fixes). - igc: Fix typo in i225 LTR functions (jsc#SLE-13533). - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (git-fixes). - iio: ad7768-1: Call iio_trigger_notify_done() on error (git-fixes). - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (git-fixes). - iio: at91-sama5d2: Fix incorrect sign extension (git-fixes). - iio: dln2-adc: Fix lockdep complaint (git-fixes). - iio: dln2: Check return value of devm_iio_trigger_register() (git-fixes). - iio: itg3200: Call iio_trigger_notify_done() on error (git-fixes). - iio: kxsd9: Do not return error code in trigger handler (git-fixes). - iio: ltr501: Do not return error code in trigger handler (git-fixes). - iio: mma8452: Fix trigger reference couting (git-fixes). - iio: stk3310: Do not return error code in interrupt handler (git-fixes). - iio: trigger: Fix reference counting (git-fixes). - iio: trigger: stm32-timer: fix MODULE_ALIAS (git-fixes). - ionic: Initialize the 'lif->dbid_inuse' bitmap (bsc#1167773). - isofs: Fix out of bound access for corrupted isofs image (bsc#1194591). - iwlwifi: fw: correctly limit to monitor dump (git-fixes). - iwlwifi: mvm: Fix scan channel flags settings (git-fixes). - iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing() (git-fixes). - iwlwifi: mvm: avoid static queue number aliasing (git-fixes). - iwlwifi: mvm: disable RX-diversity in powersave (git-fixes). - iwlwifi: mvm: fix 32-bit build in FTM (git-fixes). - iwlwifi: mvm: fix access to BSS elements (git-fixes). - iwlwifi: mvm: test roc running status bits before removing the sta (git-fixes). - iwlwifi: pcie: free RBs during configure (git-fixes). - ixgbe: set X550 MDIO speed before talking to PHY (git-fixes). - kmod: make request_module() return an error when autoloading is disabled (git-fixes). - kobject: Restore old behaviour of kobject_del(NULL) (git-fixes). - kobject_uevent: remove warning in init_uevent_argv() (git-fixes). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - libata: add horkage for ASMedia 1092 (git-fixes). - libata: if T_LENGTH is zero, dma direction should be DMA_NONE (git-fixes). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - lockdown: Allow unprivileged users to see lockdown status (git-fixes). - mISDN: change function names to avoid conflicts (git-fixes). - mac80211: Fix monitor MTU limit so that A-MSDUs get through (git-fixes). - mac80211: agg-tx: do not schedule_and_wake_txq() under sta->lock (git-fixes). - mac80211: do not access the IV when it was stripped (git-fixes). - mac80211: fix lookup when adding AddBA extension element (git-fixes). - mac80211: fix regression in SSN handling of addba tx (git-fixes). - mac80211: initialize variable have_higher_than_11mbit (git-fixes). - mac80211: mark TX-during-stop for TX in in_reconfig (git-fixes). - mac80211: send ADDBA requests using the tid/queue of the aggregation session (git-fixes). - mac80211: track only QoS data frames for admission control (git-fixes). - mac80211: validate extended element ID is present (git-fixes). - mailbox: hi3660: convert struct comments to kernel-doc notation (git-fixes). - media: Revert 'media: uvcvideo: Set unique vdev name based in type' (bsc#1193255). - media: aspeed: Update signal status immediately to ensure sane hw state (git-fixes). - media: aspeed: fix mode-detect always time out at 2nd run (git-fixes). - media: cpia2: fix control-message timeouts (git-fixes). - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes). - media: dib8000: Fix a memleak in dib8000_init() (git-fixes). - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes). - media: dw2102: Fix use after free (git-fixes). - media: em28xx: fix control-message timeouts (git-fixes). - media: em28xx: fix memory leak in em28xx_init_dev (git-fixes). - media: flexcop-usb: fix control-message timeouts (git-fixes). - media: hantro: Fix probe func error path (git-fixes). - media: i2c: imx274: fix trivial typo expsoure/exposure (git-fixes). - media: i2c: imx274: fix trivial typo obainted/obtained (git-fixes). - media: imx-pxp: Initialize the spinlock prior to using it (git-fixes). - media: mceusb: fix control-message timeouts (git-fixes). - media: msi001: fix possible null-ptr-deref in msi001_probe() (git-fixes). - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (git-fixes). - media: pvrusb2: fix control-message timeouts (git-fixes). - media: rcar-csi2: Correct the selection of hsfreqrange (git-fixes). - media: rcar-csi2: Optimize the selection PHTW register (git-fixes). - media: redrat3: fix control-message timeouts (git-fixes). - media: s2255: fix control-message timeouts (git-fixes). - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (git-fixes). - media: si2157: Fix 'warm' tuner state detection (git-fixes). - media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() (git-fixes). - media: stk1160: fix control-message timeouts (git-fixes). - media: streamzap: remove unnecessary ir_raw_event_reset and handle (git-fixes). - media: uvcvideo: fix division by zero at stream start (git-fixes). - media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()' (git-fixes). - memblock: ensure there is no overflow in memblock_overlaps_region() (git-fixes). - memory: emif: Remove bogus debugfs error handling (git-fixes). - mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (git-fixes). - misc: fastrpc: Add missing lock before accessing find_vma() (git-fixes). - misc: fastrpc: fix improper packet size calculation (git-fixes). - misc: lattice-ecp3-config: Fix task hung when firmware load failed (git-fixes). - mmc: meson-mx-sdio: add IRQ check (git-fixes). - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (git-fixes). - mmc: sdhci-esdhc-imx: disable CMDQ support (git-fixes). - mmc: sdhci-pci: Add PCI ID for Intel ADL (git-fixes). - mmc: sdhci-tegra: Fix switch to HS400ES mode (git-fixes). - move to 'mainline soon' section: - patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch - moxart: fix potential use-after-free on remove path (bsc#1194516). - mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode (git-fixes). - mt76: mt7915: fix an off-by-one bound check (git-fixes). - mtd: rawnand: fsmc: Fix timing computation (git-fixes). - mtd: rawnand: fsmc: Take instruction delay into account (git-fixes). - mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip() (git-fixes). - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (git-fixes). - mwifiex: Fix possible ABBA deadlock (git-fixes). - mwifiex: Try waking the firmware until we get an interrupt (git-fixes). - net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources (jsc#SLE-8464). - net/mlx5: Set command entry semaphore up once got index free (jsc#SLE-15172). - net/mlx5e: Fix wrong features assignment in case of error (git-fixes). - net/mlx5e: Wrap the tx reporter dump callback to extract the sq (jsc#SLE-15172). - net/sched: fq_pie: prevent dismantle issue (jsc#SLE-15172). - net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1176774). - net: create netdev->dev_addr assignment helpers (git-fixes). - net: ena: Fix error handling when calculating max IO queues number (bsc#1154492). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1154492). - net: ena: Fix wrong rx request id by resetting device (git-fixes). - net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (jsc#SLE-14777). - net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes). - net: usb: pegasus: Do not drop long Ethernet frames (git-fixes). - netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone (bsc#1176447). - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (git-fixes). - nfc: fix segfault in nfc_genl_dump_devices_done (git-fixes). - nfsd: Fix nsfd startup race (again) (git-fixes). - nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups (bsc#1176447). - nvme-tcp: block BH in sk state_change sk callback (git-fixes). - nvme-tcp: can't set sk_user_data without write_lock (git-fixes). - nvme-tcp: check sgl supported by target (git-fixes). - nvme-tcp: do not update queue count when failing to set io queues (git-fixes). - nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU (git-fixes). - nvme-tcp: fix crash triggered with a dataless request submission (git-fixes). - nvme-tcp: fix error codes in nvme_tcp_setup_ctrl() (git-fixes). - nvme-tcp: fix io_work priority inversion (git-fixes). - nvme-tcp: fix possible data corruption with bio merges (git-fixes). - nvme-tcp: fix possible req->offset corruption (git-fixes). - nvme-tcp: fix wrong setting of request iov_iter (git-fixes). - nvme-tcp: get rid of unused helper function (git-fixes). - nvme-tcp: pair send_mutex init with destroy (git-fixes). - nvme-tcp: pass multipage bvec to request iov_iter (git-fixes). - nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME (git-fixes). - pcmcia: fix setting of kthread task states (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (git-fixes). - pcnet32: Use pci_resource_len to validate PCI resource (git-fixes). - pinctrl: mediatek: fix global-out-of-bounds issue (git-fixes). - pinctrl: qcom: spmi-gpio: correct parent irqspec translation (git-fixes). - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (git-fixes). - pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() (git-fixes). - pipe: increase minimum default pipe size to 2 pages (bsc#1194587). - platform/x86: apple-gmux: use resource_size() with res (git-fixes). - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (git-fixes). - power: reset: ltc2952: Fix use of floating point literals (git-fixes). - power: supply: core: Break capacity loop (git-fixes). - power: supply: max17042_battery: Clear status bits in interrupt handler (git-fixes). - powerpc/64s: fix program check interrupt emergency stack path (bsc#1156395). - powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901 ltc#194976). - powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC (bsc#1156395). - powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses (bsc#1065729). - powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729). - powerpc/pseries/cpuhp: cache node corrections (bsc#1065729). - powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729). - powerpc/pseries/mobility: ignore ibm, platform-facilities updates (bsc#1065729). - powerpc/traps: do not enable irqs in _exception (bsc#1065729). - powerpc/xive: Add missing null check after calling kmalloc (bsc#1177437 ltc#188522 jsc#SLE-13294 git-fixes). - powerpc: add interrupt_cond_local_irq_enable helper (bsc#1065729). - powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901 ltc#194976). - pwm: mxs: Do not modify HW state in .probe() after the PWM chip was registered (git-fixes). - pwm: tiecap: Drop .free() callback (git-fixes). - qlcnic: potential dereference null pointer of rx_queue->page_ring (git-fixes). - quota: check block number when reading the block in quota file (bsc#1194589). - quota: correct error number in free_dqentry() (bsc#1194590). - random: fix data race on crng init time (git-fixes). - random: fix data race on crng_node_pool (git-fixes). - regmap: Call regmap_debugfs_exit() prior to _init() (git-fixes). - rndis_host: support Hytera digital radios (git-fixes). - rpmsg: core: Clean up resources on announce_create failure (git-fixes). - rtl8xxxu: Fix the handling of TX A-MPDU aggregation (git-fixes). - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (git-fixes). - rtw88: use read_poll_timeout instead of fixed sleep (git-fixes). - rtw88: wow: build wow function only if CONFIG_PM is on (git-fixes). - rtw88: wow: fix size access error of probe request (git-fixes). - sata: nv: fix debug format string mismatch (git-fixes). - scsi: lpfc: Add additional debugfs support for CMF (bsc#1194266). - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc#1194266). - scsi: lpfc: Cap CMF read bytes to MBPI (bsc#1194266). - scsi: lpfc: Change return code on I/Os received during link bounce (bsc#1194266). - scsi: lpfc: Fix NPIV port deletion crash (bsc#1194266). - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc#1194266). - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc#1194266). - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc#1194266). - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc#1194266). - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes). - scsi: qla2xxx: Format log strings only if needed (git-fixes). - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes). - scsi: qla2xxx: edif: Fix app start delay (git-fixes). - scsi: qla2xxx: edif: Fix app start fail (git-fixes). - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes). - scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes). - scsi: qla2xxx: edif: Increase ELS payload (git-fixes). - select: Fix indefinitely sleeping task in poll_schedule_timeout() (bsc#1194027). - selftests: KVM: Explicitly use movq to read xmm registers (git-fixes). - selinux: fix potential memleak in selinux_add_opt() (git-fixes). - seq_buf: Fix overflow in seq_buf_putmem_hex() (git-fixes). - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 (git-fixes). - serial: pl011: Add ACPI SBSA UART match id (git-fixes). - serial: tty: uartlite: fix console setup (git-fixes). - sfc: Check null pointer of rx_queue->page_ring (git-fixes). - sfc: The RX page_ring is optional (git-fixes). - sfc: falcon: Check null pointer of rx_queue->page_ring (git-fixes). - sfc_ef100: potential dereference of null pointer (jsc#SLE-16683). - shmem: shmem_writepage() split unlikely i915 THP (git-fixes). - slimbus: qcom: fix potential NULL dereference in qcom_slim_prg_slew() (git-fixes). - soc/tegra: fuse: Fix bitwise vs. logical OR warning (git-fixes). - soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read (git-fixes). - soc: fsl: dpio: rename the enqueue descriptor variable (git-fixes). - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes). - soc: fsl: dpio: use an explicit NULL instead of 0 (git-fixes). - soc: fsl: dpio: use the combined functions to protect critical zone (git-fixes). - spi: change clk_disable_unprepare to clk_unprepare (git-fixes). - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (git-fixes). - spi: spi-rspi: Drop redeclaring ret variable in qspi_transfer_in() (git-fixes). - staging: emxx_udc: Fix passing of NULL to dma_alloc_coherent() (git-fixes). - staging: fbtft: Do not spam logs when probe is deferred (git-fixes). - staging: fbtft: Rectify GPIO handling (git-fixes). - staging: fieldbus: anybuss: jump to correct label in an error path (git-fixes). - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (git-fixes). - staging: rtl8192e: return error code from rtllib_softmac_init() (git-fixes). - staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() (git-fixes). - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (git-fixes). - string.h: fix incompatibility between FORTIFY_SOURCE and KASAN (git-fixes). - thermal/drivers/imx8mm: Enable ADC when enabling monitor (git-fixes). - thermal/drivers/int340x: Do not set a wrong tcc offset on resume (git-fixes). - thermal: core: Reset previous low and high trip during thermal zone init (git-fixes). - tpm: add request_locality before write TPM_INT_ENABLE (git-fixes). - tpm: fix potential NULL pointer access in tpm_del_char_device (git-fixes). - tracing/kprobes: 'nmissed' not showed correctly for kretprobe (git-fixes). - tracing/uprobes: Check the return value of kstrdup() for tu->filename (git-fixes). - tracing: Add test for user space strings when filtering on string pointers (git-fixes). - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (git-fixes). - tty: max310x: fix flexible_array.cocci warnings (git-fixes). - tty: serial: atmel: Call dma_async_issue_pending() (git-fixes). - tty: serial: atmel: Check return code of dmaengine_submit() (git-fixes). - tty: serial: earlycon dependency (git-fixes). - tty: serial: qcom_geni_serial: Drop __init from qcom_geni_console_setup (git-fixes). - tty: serial: uartlite: allow 64 bit address (git-fixes). - tty: synclink_gt: rename a conflicting function name (git-fixes). - udf: Fix crash after seekdir (bsc#1194592). - uio: uio_dmem_genirq: Catch the Exception (git-fixes). - usb: core: config: fix validation of wMaxPacketValue entries (git-fixes). - usb: core: config: using bit mask instead of individual bits (git-fixes). - usb: dwc2: check return value after calling platform_get_resource() (git-fixes). - usb: dwc3: gadget: Continue to process pending requests (git-fixes). - usb: dwc3: gadget: Ignore EP queue requests during bus reset (git-fixes). - usb: dwc3: gadget: Reclaim extra TRBs after request completion (git-fixes). - usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield (git-fixes). - usb: dwc3: ulpi: Fix USB2.0 HS/FS/LS PHY suspend regression (git-fixes). - usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one (git-fixes). - usb: dwc3: ulpi: fix checkpatch warning (git-fixes). - usb: ftdi-elan: fix memory leak on device disconnect (git-fixes). - usb: gadget: composite: Allow bMaxPower=0 if self-powered (git-fixes). - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear (git-fixes). - usb: gadget: u_ether: fix race in setting MAC address in setup phase (git-fixes). - usb: mtu3: add memory barrier before set GPD's HWO (git-fixes). - usb: mtu3: fix interval value for intr and isoc (git-fixes). - usb: mtu3: fix list_head check warning (git-fixes). - usb: mtu3: set interval of FS intr and isoc endpoint (git-fixes). - usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes). - usb: xhci: Extend support for runtime power management for AMD's Yellow carp (git-fixes). - usermodehelper: reset umask to default before executing user process (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - video: backlight: Drop maximum brightness override for brightness zero (git-fixes). - watchdog: Fix OMAP watchdog early handling (git-fixes). - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (git-fixes). - wcn36xx: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (git-fixes). - wcn36xx: Release DMA channel descriptor allocations (git-fixes). - wcn36xx: handle connection loss indication (git-fixes). - wireguard: allowedips: add missing __rcu annotation to satisfy sparse (git-fixes). - wireguard: device: reset peer src endpoint when netns exits (git-fixes). - wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() (git-fixes). - wireguard: receive: drop handshakes if queue lock is contended (git-fixes). - wireguard: receive: use ring buffer for incoming handshakes (git-fixes). - wireguard: selftests: actually test for routing loops (git-fixes). - wireguard: selftests: increase default dmesg log size (git-fixes). - wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma (git-fixes). - x86/platform/uv: Add more to secondary CPU kdump info (bsc#1194493). - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes). - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (git-fixes). - xhci: avoid race between disable slot command and host runtime suspend (git-fixes). - xhci: fix unsafe memory usage in xhci tracing (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1154353 SUSE bug 1154492 SUSE bug 1156395 SUSE bug 1167773 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1177437 SUSE bug 1190256 SUSE bug 1191271 SUSE bug 1191929 SUSE bug 1192931 SUSE bug 1193255 SUSE bug 1193328 SUSE bug 1193660 SUSE bug 1193669 SUSE bug 1193727 SUSE bug 1193901 SUSE bug 1193927 SUSE bug 1194001 SUSE bug 1194027 SUSE bug 1194087 SUSE bug 1194094 SUSE bug 1194266 SUSE bug 1194302 SUSE bug 1194493 SUSE bug 1194516 SUSE bug 1194517 SUSE bug 1194518 SUSE bug 1194529 SUSE bug 1194578 SUSE bug 1194580 SUSE bug 1194584 SUSE bug 1194586 SUSE bug 1194587 SUSE bug 1194589 SUSE bug 1194590 SUSE bug 1194591 SUSE bug 1194592 SUSE bug 1194888 SUSE bug 1194953 SUSE bug 1194985 CVE-2021-4083 CVE-2021-4135 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-45485 CVE-2021-45486 CVE-2021-46283 CVE-2022-0185 CVE-2022-0322 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: - CVE-2021-4140: Fixed Iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). Important SUSE bug 1194547 CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 cpe:/o:opensuse:leap:15.3 Security update for mariadb (Important) openSUSE Leap 15.3 This update for mariadb fixes the following issues: Update to 10.5.16 (bsc#1199928): - CVE-2021-46669 (bsc#1199928) - CVE-2022-27376 (bsc#1198628) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27379 (bsc#1198605) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27382 (bsc#1198609) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27444 (bsc#1198634) - CVE-2022-27445 (bsc#1198629) - CVE-2022-27446 (bsc#1198630) - CVE-2022-27447 (bsc#1198631) - CVE-2022-27448 (bsc#1198632) - CVE-2022-27449 (bsc#1198633) - CVE-2022-27451 (bsc#1198639) - CVE-2022-27452 (bsc#1198640) - CVE-2022-27455 (bsc#1198638) - CVE-2022-27456 (bsc#1198635) - CVE-2022-27457 (bsc#1198636) - CVE-2022-27458 (bsc#1198637) - The following issue is not affecting this package: CVE-2022-21427 External refernences: - https://mariadb.com/kb/en/library/mariadb-10516-release-notes - https://mariadb.com/kb/en/library/mariadb-10516-changelog Important SUSE bug 1198603 SUSE bug 1198604 SUSE bug 1198605 SUSE bug 1198606 SUSE bug 1198607 SUSE bug 1198609 SUSE bug 1198610 SUSE bug 1198611 SUSE bug 1198612 SUSE bug 1198613 SUSE bug 1198628 SUSE bug 1198629 SUSE bug 1198630 SUSE bug 1198631 SUSE bug 1198632 SUSE bug 1198633 SUSE bug 1198634 SUSE bug 1198635 SUSE bug 1198636 SUSE bug 1198637 SUSE bug 1198638 SUSE bug 1198639 SUSE bug 1198640 SUSE bug 1199928 CVE-2021-46669 CVE-2022-21427 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27451 CVE-2022-27452 CVE-2022-27455 CVE-2022-27456 CVE-2022-27457 CVE-2022-27458 cpe:/o:opensuse:leap:15.3 Security update for go1.17 (Important) openSUSE Leap 15.3 This update for go1.17 fixes the following issues: Update to go1.17.11 (released 2022-06-01) (bsc#1190649): - CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers (bsc#1200134). - CVE-2022-30629: Fixed crypto/tls session tickets lack random ticket_age_add (bsc#1200135). - CVE-2022-29804: Fixed path/filepath Clean(`.\c:`) returns `c:` on Windows (bsc#1200137). - CVE-2022-30580: Fixed os/exec empty Cmd.Path can result in running unintended binary on Windows (bsc#1200136). Important SUSE bug 1190649 SUSE bug 1200134 SUSE bug 1200135 SUSE bug 1200136 SUSE bug 1200137 CVE-2022-29804 CVE-2022-30580 CVE-2022-30629 CVE-2022-30634 cpe:/o:opensuse:leap:15.3 Security update for go1.18 (Important) openSUSE Leap 15.3 This update for go1.18 fixes the following issues: Update to go1.18.3 (released 2022-06-01) (bsc#1193742): - CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers (bsc#1200134). - CVE-2022-30629: Fixed crypto/tls session tickets lack random ticket_age_add (bsc#1200135). - CVE-2022-29804: Fixed path/filepath Clean(`.\c:`) returns `c:` on Windows (bsc#1200137). - CVE-2022-30580: Fixed os/exec empty Cmd.Path can result in running unintended binary on Windows (bsc#1200136). Important SUSE bug 1193742 SUSE bug 1200134 SUSE bug 1200135 SUSE bug 1200136 SUSE bug 1200137 CVE-2022-29804 CVE-2022-30580 CVE-2022-30629 CVE-2022-30634 cpe:/o:opensuse:leap:15.3 Security update for google-gson (Important) openSUSE Leap 15.3 This update for google-gson fixes the following issues: - CVE-2022-25647: Fixed deserialization of untrusted data (bsc#1199064). Important SUSE bug 1199064 CVE-2022-25647 cpe:/o:opensuse:leap:15.3 Security update for netty3 (Moderate) openSUSE Leap 15.3 This update for netty3 fixes the following issues: - CVE-2021-43797: Fixed a potential HTTP request smuggling issue due to insufficient validation against control characters (bsc#1193672). Moderate SUSE bug 1193672 SUSE bug 1197787 CVE-2021-43797 cpe:/o:opensuse:leap:15.3 Security update for u-boot (Important) openSUSE Leap 15.3 This update for u-boot fixes the following issues: - CVE-2022-30552: A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (bsc#1200363) - CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (bsc#1200364) - CVE-2022-30767: Fixed an unbounded memcpy with a failed length check leading to a buffer overflow (bsc#1199623). Important SUSE bug 1199623 SUSE bug 1200363 SUSE bug 1200364 CVE-2022-30552 CVE-2022-30767 CVE-2022-30790 cpe:/o:opensuse:leap:15.3 Security update for u-boot (Important) openSUSE Leap 15.3 This update for u-boot fixes the following issues: - A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (CVE-2022-30552, bsc#1200363) - A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (CVE-2022-30790, bsc#1200364) Important SUSE bug 1200363 SUSE bug 1200364 CVE-2022-30552 CVE-2022-30790 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 91.9.1 MFSA 2022-19 (bsc#1199768): - CVE-2022-1802: Prototype pollution in Top-Level Await implementation (bmo#1770137). - CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution (bmo#1770048). Update to Mozilla Thunderbird 91.10 MFSA 2022-22 (bsc#1200027): - CVE-2022-31736: Cross-Origin resource's length leaked (bmo#1735923) - CVE-2022-31737: Heap buffer overflow in WebGL (bmo#1743767) - CVE-2022-31738: Browser window spoof using fullscreen mode (bmo#1756388) - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files (bmo#1765049) - CVE-2022-31740: Register allocation problem in WASM on arm64 (bmo#1766806) - CVE-2022-31741: Uninitialized variable leads to invalid memory read (bmo#1767590) - CVE-2022-1834: Braille space character caused incorrect sender email to be shown for a digitally signed email (bmo#1767816) - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information (bmo#1730434) - CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10 (bmo#1760765, bmo#1765610, bmo#1766283, bmo#1767365, bmo#1768559, bmo#1768734) Important SUSE bug 1199768 SUSE bug 1200027 CVE-2022-1529 CVE-2022-1802 CVE-2022-1834 CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 cpe:/o:opensuse:leap:15.3 Security update for gimp (Moderate) openSUSE Leap 15.3 This update for gimp fixes the following issues: - CVE-2022-30067: Fixed uncontrolled memory consumption via crafted XCF file (bsc#1199653). Moderate SUSE bug 1199653 CVE-2022-30067 cpe:/o:opensuse:leap:15.3 Security update for grub2 (Important) openSUSE Leap 15.3 This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) Important SUSE bug 1191184 SUSE bug 1191185 SUSE bug 1191186 SUSE bug 1193282 SUSE bug 1197948 SUSE bug 1198460 SUSE bug 1198493 SUSE bug 1198495 SUSE bug 1198496 SUSE bug 1198581 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 cpe:/o:opensuse:leap:15.3 Security update for xen (Important) openSUSE Leap 15.3 This update for xen fixes the following issues: - CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) (bsc#1197426) - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) Important SUSE bug 1027519 SUSE bug 1197426 SUSE bug 1199965 SUSE bug 1199966 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 cpe:/o:opensuse:leap:15.3 Security update for python-Twisted (Important) openSUSE Leap 15.3 This update for python-Twisted fixes the following issues: - CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory (bsc#1196739). Important SUSE bug 1196739 CVE-2022-21716 cpe:/o:opensuse:leap:15.3 Security update for webkit2gtk3 (Important) openSUSE Leap 15.3 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 (bsc#1200106) - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287). - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). Important SUSE bug 1199287 SUSE bug 1200106 CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - arm: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver: core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded &lt;linux/pm_runtime.h> (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded &lt;linux/pm_runtime.h> (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). Important SUSE bug 1055117 SUSE bug 1061840 SUSE bug 1065729 SUSE bug 1103269 SUSE bug 1118212 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1158266 SUSE bug 1167773 SUSE bug 1176447 SUSE bug 1178134 SUSE bug 1180100 SUSE bug 1183405 SUSE bug 1188885 SUSE bug 1195826 SUSE bug 1196426 SUSE bug 1196478 SUSE bug 1196570 SUSE bug 1196840 SUSE bug 1197446 SUSE bug 1197472 SUSE bug 1197601 SUSE bug 1197675 SUSE bug 1198438 SUSE bug 1198577 SUSE bug 1198971 SUSE bug 1198989 SUSE bug 1199035 SUSE bug 1199052 SUSE bug 1199063 SUSE bug 1199114 SUSE bug 1199314 SUSE bug 1199505 SUSE bug 1199507 SUSE bug 1199564 SUSE bug 1199626 SUSE bug 1199631 SUSE bug 1199650 SUSE bug 1199670 SUSE bug 1199839 SUSE bug 1200019 SUSE bug 1200045 SUSE bug 1200046 SUSE bug 1200192 SUSE bug 1200216 CVE-2019-19377 CVE-2021-33061 CVE-2022-0168 CVE-2022-1184 CVE-2022-1652 CVE-2022-1729 CVE-2022-1972 CVE-2022-20008 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-30594 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - ARM: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489) - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init & module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472) - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489) - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472) - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534) - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1152472) - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - Fix double fget() in vhost_net_set_backend() (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - lpfc: Readd update to version 14.2.0.1 (bsc#1197675 bsc#1196478 bsc#1198989) The update was reverted due to some regression on older hardware. These have been fixed in the meantime, thus update the driver. - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded &lt;linux/pm_runtime.h> (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded &lt;linux/pm_runtime.h> (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: dwc3: core: Fix tx/rx threshold settings (git-fixes). - usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - usb: dwc3: gadget: Return proper request status (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489) - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). Important SUSE bug 1055117 SUSE bug 1061840 SUSE bug 1065729 SUSE bug 1103269 SUSE bug 1118212 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1158266 SUSE bug 1167773 SUSE bug 1176447 SUSE bug 1178134 SUSE bug 1180100 SUSE bug 1183405 SUSE bug 1188885 SUSE bug 1195612 SUSE bug 1195651 SUSE bug 1195826 SUSE bug 1196426 SUSE bug 1196478 SUSE bug 1196570 SUSE bug 1196840 SUSE bug 1197446 SUSE bug 1197472 SUSE bug 1197601 SUSE bug 1197675 SUSE bug 1198438 SUSE bug 1198534 SUSE bug 1198577 SUSE bug 1198971 SUSE bug 1198989 SUSE bug 1199035 SUSE bug 1199052 SUSE bug 1199063 SUSE bug 1199114 SUSE bug 1199314 SUSE bug 1199505 SUSE bug 1199507 SUSE bug 1199564 SUSE bug 1199626 SUSE bug 1199631 SUSE bug 1199650 SUSE bug 1199670 SUSE bug 1199839 SUSE bug 1200019 SUSE bug 1200045 SUSE bug 1200046 SUSE bug 1200192 SUSE bug 1200216 CVE-2019-19377 CVE-2021-33061 CVE-2022-0168 CVE-2022-1184 CVE-2022-1652 CVE-2022-1729 CVE-2022-1972 CVE-2022-20008 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-24448 CVE-2022-30594 cpe:/o:opensuse:leap:15.3 Security update for 389-ds (Important) openSUSE Leap 15.3 This update for 389-ds fixes the following issues: - CVE-2021-4091: Fixed double free in psearch (bsc#1195324). - CVE-2022-1949: Fixed full access control bypass with simple crafted query (bsc#1199889). Important SUSE bug 1195324 SUSE bug 1199889 CVE-2021-4091 CVE-2022-1949 cpe:/o:opensuse:leap:15.3 Security update for libvirt (Important) openSUSE Leap 15.3 This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) Important SUSE bug 1191668 SUSE bug 1192017 SUSE bug 1193623 SUSE bug 1193719 SUSE bug 1193981 SUSE bug 1194041 CVE-2021-4147 cpe:/o:opensuse:leap:15.3 Security update for qemu (Low) openSUSE Leap 15.3 This update for qemu fixes the following issues: - CVE-2020-13253: Fixed an OOB access that could crash the guest resulting in DoS (bsc#1172033) - CVE-2021-20196: Fixed null pointer dereference that may lead to guest crash (bsc#1181361). Low SUSE bug 1172033 SUSE bug 1181361 CVE-2020-13253 CVE-2021-20196 cpe:/o:opensuse:leap:15.3 Security update for vim (Important) openSUSE Leap 15.3 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). Important SUSE bug 1070955 SUSE bug 1191770 SUSE bug 1192167 SUSE bug 1192902 SUSE bug 1192903 SUSE bug 1192904 SUSE bug 1193466 SUSE bug 1193905 SUSE bug 1194093 SUSE bug 1194216 SUSE bug 1194217 SUSE bug 1194388 SUSE bug 1194872 SUSE bug 1194885 SUSE bug 1195004 SUSE bug 1195203 SUSE bug 1195332 SUSE bug 1195354 SUSE bug 1196361 SUSE bug 1198596 SUSE bug 1198748 SUSE bug 1199331 SUSE bug 1199333 SUSE bug 1199334 SUSE bug 1199651 SUSE bug 1199655 SUSE bug 1199693 SUSE bug 1199745 SUSE bug 1199747 SUSE bug 1199936 SUSE bug 1200010 SUSE bug 1200011 SUSE bug 1200012 CVE-2017-17087 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 cpe:/o:opensuse:leap:15.3 Security update for rubygem-actionpack-5_1, rubygem-activesupport-5_1 (Important) openSUSE Leap 15.3 This update for rubygem-actionpack-5_1 and rubygem-activesupport-5_1 fixes the following issues: - CVE-2021-22904: Fixed possible DoS Vulnerability in Action Controller Token Authentication (bsc#1185780) - CVE-2022-23633: Fixed possible exposure of information vulnerability in Action Pack (bsc#1196182) Important SUSE bug 1185780 SUSE bug 1196182 CVE-2021-22904 CVE-2022-23633 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP1 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table. (bnc#1055710) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605). The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - net: ena: A typo fix in the file ena_com.h (bsc#1198777). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198777). - net: ena: Add debug prints for invalid req_id resets (bsc#1198777). - net: ena: add device distinct log prefix to files (bsc#1198777). - net: ena: add jiffies of last napi call to stats (bsc#1198777). - net: ena: aggregate doorbell common operations into a function (bsc#1198777). - net: ena: aggregate stats increase into a function (bsc#1198777). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198777). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198777). - net: ena: Change the name of bad_csum variable (bsc#1198777). - net: ena: Extract recurring driver reset code into a function (bsc#1198777). - net: ena: fix coding style nits (bsc#1198777). - net: ena: fix DMA mapping function issues in XDP (bsc#1198777). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198777). - net: ena: fix inaccurate print type (bsc#1198777). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198777). - net: ena: Fix wrong rx request id by resetting device (bsc#1198777). - net: ena: Improve error logging in driver (bsc#1198777). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198777). - net: ena: introduce XDP redirect implementation (bsc#1198777). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198777). - net: ena: Move reset completion print to the reset function (bsc#1198777). - net: ena: optimize data access in fast-path code (bsc#1198777). - net: ena: re-organize code to improve readability (bsc#1198777). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198777). - net: ena: remove extra words from comments (bsc#1198777). - net: ena: Remove module param and change message severity (bsc#1198777). - net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198777). - net: ena: Remove redundant return code check (bsc#1198777). - net: ena: Remove unused code (bsc#1198777). - net: ena: store values in their appropriate variables types (bsc#1198777). - net: ena: Update XDP verdict upon failure (bsc#1198777). - net: ena: use build_skb() in RX path (bsc#1198777). - net: ena: use constant value for net_device allocation (bsc#1198777). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198777). - net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1198777). - net: ena: use xdp_frame in XDP TX flow (bsc#1198777). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198777). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes). - powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). Important SUSE bug 1028340 SUSE bug 1055710 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1084513 SUSE bug 1087082 SUSE bug 1114648 SUSE bug 1158266 SUSE bug 1172456 SUSE bug 1177282 SUSE bug 1182171 SUSE bug 1183723 SUSE bug 1187055 SUSE bug 1191647 SUSE bug 1191958 SUSE bug 1195065 SUSE bug 1195651 SUSE bug 1196018 SUSE bug 1196367 SUSE bug 1196426 SUSE bug 1196999 SUSE bug 1197219 SUSE bug 1197343 SUSE bug 1197663 SUSE bug 1198400 SUSE bug 1198516 SUSE bug 1198577 SUSE bug 1198660 SUSE bug 1198687 SUSE bug 1198742 SUSE bug 1198777 SUSE bug 1198825 SUSE bug 1199012 SUSE bug 1199063 SUSE bug 1199314 SUSE bug 1199399 SUSE bug 1199426 SUSE bug 1199505 SUSE bug 1199507 SUSE bug 1199605 SUSE bug 1199650 SUSE bug 1200143 SUSE bug 1200144 SUSE bug 1200249 CVE-2017-13695 CVE-2018-7755 CVE-2019-19377 CVE-2019-20811 CVE-2020-26541 CVE-2021-20292 CVE-2021-20321 CVE-2021-33061 CVE-2021-38208 CVE-2021-39711 CVE-2021-43389 CVE-2022-1011 CVE-2022-1184 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-22942 CVE-2022-28748 CVE-2022-30594 cpe:/o:opensuse:leap:15.3 Security update for golang-github-prometheus-alertmanager (Important) openSUSE Leap 15.3 This update for golang-github-prometheus-alertmanager fixes the following issues: Update golang-github-prometheus-alertmanager from version 0.21.0 to version 0.23.0 (bsc#1196338, jsc#SLE-24077) - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with prometheus/client_golang 1.11.1 - Update required Go version to 1.16 - Use %autosetup macro - Update to version 0.23.0: * Release 0.23.0 * Release 0.23.0-rc.0 * amtool: Detect version drift and warn users (#2672) * Add ability to skip TLS verification for amtool (#2663) * Fix empty isEqual in amtool. (#2668) * Fix main tests (#2670) * cli: add new template render command (#2538) * OpsGenie: refer to alert instead of incident (#2609) * Docs: target_match and source_match are DEPRECATED (#2665) * Fix test not waiting for cluster member to be ready - Add go_modules to _service. - Added hardening to systemd service(s) with a modified prometheus-alertmanager.service (bsc#1181400) Important SUSE bug 1181400 SUSE bug 1196338 CVE-2022-21698 cpe:/o:opensuse:leap:15.3 Security update for log4j (Important) openSUSE Leap 15.3 This update for log4j fixes the following issues: - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. (bsc#1194844) - CVE-2022-23305: Fixed SQL injection when application is configured to use JDBCAppender. (bsc#1194843) - CVE-2022-23302: Fixed remote code execution when application is configured to use JMSSink. (bsc#1194842) Important SUSE bug 1194842 SUSE bug 1194843 SUSE bug 1194844 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 cpe:/o:opensuse:leap:15.3 Security update for node_exporter (Important) openSUSE Leap 15.3 This security update for golang-github-prometheus-node_exporter provides: Update golang-github-prometheus-node_exporter from version 1.1.2 to version 1.3.0 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with prometheus/client_golang 1.11.1 - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error fix already included upstream * Bug fixes Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 * Bug fixes Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Capture permission denied error for 'energy_uj' file (bsc#1190535) Important SUSE bug 1190535 SUSE bug 1196338 CVE-2022-21698 cpe:/o:opensuse:leap:15.3 Security update for drbd (Important) openSUSE Leap 15.3 This update of drbd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1012: Fixed a small table perturb size in the TCP source port generation algorithm which could leads to information leak. (bsc#1199482). - CVE-2022-20141: Fixed an use after free due to improper locking. This bug could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. (bnc#1200604) - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - raid5: introduce MD_BROKEN (git-fixes). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). Important SUSE bug 1177282 SUSE bug 1184924 SUSE bug 1198924 SUSE bug 1199365 SUSE bug 1199482 SUSE bug 1200015 SUSE bug 1200143 SUSE bug 1200144 SUSE bug 1200206 SUSE bug 1200207 SUSE bug 1200249 SUSE bug 1200259 SUSE bug 1200263 SUSE bug 1200343 SUSE bug 1200494 SUSE bug 1200529 SUSE bug 1200604 CVE-2020-26541 CVE-2022-1012 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 CVE-2022-20141 CVE-2022-32250 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). Important SUSE bug 1177282 SUSE bug 1199365 SUSE bug 1200015 SUSE bug 1200143 SUSE bug 1200144 SUSE bug 1200206 SUSE bug 1200207 SUSE bug 1200249 SUSE bug 1200259 SUSE bug 1200263 SUSE bug 1200268 SUSE bug 1200529 CVE-2020-26541 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 cpe:/o:opensuse:leap:15.3 Security update for python39 (Important) openSUSE Leap 15.3 This update for python39 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). - Update to 3.9.13: - Core and Builtins - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-46775: Some Windows system error codes(>= 10000) are now mapped into the correct errno and may now raise a subclass of OSError. Patch by Dong-hee Na. - bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the --without-doc-strings compilation flag no longer do so. - The classes affected are pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias. - The functions affected are 24 methods in ctypes. - Patch by Oleg Iarygin. - bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters. - Library - gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle. - gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify(). - gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled. - bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by G?ry Ogam. - gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules. - gh-91810: ElementTree method write() and function tostring() now use the text file''s encoding ('UTF-8' if not available) instead of locale encoding in XML declaration when encoding='unicode' is specified. - gh-91832: Add required attribute to argparse.Action repr output. - gh-91734: Fix OSS audio support on Solaris. - gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised. - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test. - gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError. - gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu. - gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is 'fork' as that can lead to deadlocks in the child processes due to a fork happening while threads are running. - gh-91575: Update case-insensitive matching in the re module to the latest Unicode version. - gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle. - bpo-34480: Fix a bug where _markupbase raised an UnboundLocalError when an invalid keyword was found in marked section. Patch by Marek Suscak. - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX. - bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters. - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak - bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter. - bpo-44911: IsolatedAsyncioTestCase will no longer throw an exception while cancelling leaked tasks. Patch by Bar Harel. - bpo-44493: Add missing terminated NUL in sockaddr_un's length - This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. - bpo-42627: Fix incorrect parsing of Windows registry proxy settings - bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev. - Documentation - gh-91888: Add a new gh role to the documentation to link to GitHub issues. - gh-91783: Document security issues concerning the use of the function shutil.unpack_archive() - gh-91547: Remove 'Undocumented modules' page. - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree(). - bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529. - bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.4.4. - bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7's Documentation Strings paragraph. Patch by Oleg Iarygin. - bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky. - bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents. - bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed. - bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan 'yyyyyyyan' Orestes. - bpo-38056: Overhaul the Error Handlers documentation in codecs. - bpo-13553: Document tkinter.Tk args. - Tests - gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up. - bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD. - bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom. - Build - bpo-47103: Windows PGInstrument builds now copy a required DLL into the output directory, making it easier to run the profile stage of a PGO build. - Windows - bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032. - bpo-46785: Fix race condition between os.stat() and unlinking a file on Windows, by using errors codes returned by FindFirstFileW() when appropriate in win32_xstat_impl. - bpo-40859: Update Windows build to use xz-5.2.5 - Tools/Demos - gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter. - Update to 3.9.12: - bpo-46968: Check for the existence of the 'sys/auxv.h' header in faulthandler to avoid compilation problems in systems where this header doesn't exist. Patch by Pablo Galindo - bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context. - bpo-23691: Protect the re.finditer() iterator from re-entering. - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a 'zipfile.BadZipFile: Bad CRC-32 for file' exception when reading a ZipFile from multiple threads. - bpo-38256: Fix binascii.crc32() when it is compiled to use zlib'c crc32 to work properly on inputs 4+GiB in length instead of returning the wrong result. The workaround prior to this was to always feed the function data in increments smaller than 4GiB or to just call the zlib module function. - bpo-39394: A warning about inline flags not at the start of the regular expression now contains the position of the flag. - bpo-47061: Deprecate the various modules listed by PEP 594: - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau, telnetlib, uu, xdrlib - bpo-2604: Fix bug where doctests using globals would fail when run multiple times. - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. - bpo-47022: The asynchat, asyncore and smtpd modules have been deprecated since at least Python 3.6. Their documentation has now been updated to note they will removed in Python 3.12 (PEP 594). - bpo-46421: Fix a unittest issue where if the command was invoked as python -m unittest and the filename(s) began with a dot (.), a ValueError is returned. - bpo-40296: Fix supporting generic aliases in pydoc. - bpo-14156: argparse.FileType now supports an argument of '-'; in binary mode, returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes including 'x' and 'a' are treated equivalently to 'w' when argument is '-'. Patch contributed by Josh Rosenberg - Update to 3.9.11: - bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner. - bpo-46794: Bump up the libexpat version into 2.4.6 - bpo-46762: Fix an assert failure in debug builds when a '<', '>', or '=' is the last character in an f-string that's missing a closing right brace. - bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra. - bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c. - bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated. - bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property. - bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings. - bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner. - bpo-46383: Fix invalid signature of _zoneinfo's module_free function to resolve a crash on wasm32-emscripten platform. - bpo-43253: Fix a crash when closing transports where the underlying socket handle is already invalid on the Proactor event loop. - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings. - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4) - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension's request to Linux kernel to use AMX_TILE instruction set on Sapphire Rapids Xeon processor to succeed, unblocking use of the ISA in frameworks. - bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch by Stefan Zabka. - bpo-46932: Update bundled libexpat to 2.4.7 - bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when the iterator is not exhausted. Patch by Jacob Walls. - bpo-44886: Inherit asyncio proactor datagram transport from asyncio.DatagramTransport. - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for selector-based event loops. Patch by Thomas Grainger. - bpo-46811: Make test suite support Expat >=2.4.5 - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to transport-based APIs. - bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python. - bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders when running from the guest operating-system. - bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo. - bpo-45863: When the tarfile module creates a pax format archive, it will put an integer representation of timestamps in the ustar header (if possible) for the benefit of older unarchivers, in addition to the existing full-precision timestamps in the pax extended header. - bpo-46672: Fix NameError in asyncio.gather() when initial type check fails. - bpo-45948: Fixed a discrepancy in the C implementation of the xml.etree.ElementTree module. Now, instantiating an xml.etree.ElementTree.XMLParser with a target=None keyword provides a default xml.etree.ElementTree.TreeBuilder target as the Python implementation does. - bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable. - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 - bpo-46487: Add the get_write_buffer_limits method to asyncio.transports.WriteTransport and to the SSL transport. - bpo-46539: In typing.get_type_hints(), support evaluating stringified ClassVar and Final annotations inside Annotated. Patch by Gregory Beauregard. - bpo-46491: Allow typing.Annotated to wrap typing.Final and typing.ClassVar. Patch by Gregory Beauregard. - bpo-46436: Fix command-line option -d/--directory in module http.server which is ignored when combined with command-line option --cgi. Patch by G?ry Ogam. - bpo-41403: Make mock.patch() raise a TypeError with a relevant error message on invalid arg. Previously it allowed a cryptic AttributeError to escape. - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace. - bpo-46469: asyncio generic classes now return types.GenericAlias in __class_getitem__ instead of the same class. - bpo-46434: pdb now gracefully handles help when __doc__ is missing, for example when run with pregenerated optimized .pyc files. - bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef now honor the module parameter of typing.ForwardRef. Forward references from different modules are now differentiated. - bpo-43118: Fix a bug in inspect.signature() that was causing it to fail on some subclasses of classes with a __text_signature__ referencing module globals. Patch by Weipeng Hong. - bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a directory name with a trailing slash. - bpo-20392: Fix inconsistency with uppercase file extensions in MimeTypes.guess_type(). Patch by Kumar Aditya. - bpo-46080: Fix exception in argparse help text generation if a argparse.BooleanOptionalAction argument's default is argparse.SUPPRESS and it has help specified. Patch by Felix Fontein. - bpo-44439: Fix .write() method of a member file in ZipFile, when the input data is an object that supports the buffer protocol, the file length may be wrong. - bpo-45703: When a namespace package is imported before another module from the same namespace is created/installed in a different sys.path location while the program is running, calling the importlib.invalidate_caches() function will now also guarantee the new module is noticed. - bpo-24959: Fix bug where unittest sometimes drops frames from tracebacks of exceptions raised in tests. - bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner. - bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution. - bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion. - bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner. - bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner. - bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython. - bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner. - bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner. - bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale. - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__. - bpo-45925: Update Windows installer to use SQLite 3.37.2. - bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, 'Close' and 'Exit' are now 'Close Window' (the current one) and 'Exit' is now 'Exit IDLE' (by closing all windows). In Shell, 'quit()' and 'exit()' mean 'close Shell'. If there are no other windows, this also exits IDLE. - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy. Important SUSE bug 1192249 SUSE bug 1198511 CVE-2015-20107 cpe:/o:opensuse:leap:15.3 Security update for salt (Important) openSUSE Leap 15.3 This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass PAM authentication (bsc#1200566) Important SUSE bug 1200566 CVE-2022-22967 cpe:/o:opensuse:leap:15.3 Security update for liblouis (Important) openSUSE Leap 15.3 This update for liblouis fixes the following issues: - CVE-2022-26981: fix buffer overrun in compilePassOpcode (bsc#1197085). - CVE-2022-31783: prevent an invalid memory write in compileRule (bsc#1200120). Important SUSE bug 1197085 SUSE bug 1200120 CVE-2022-26981 CVE-2022-31783 cpe:/o:opensuse:leap:15.3 Security update for php7 (Important) openSUSE Leap 15.3 This update for php7 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645) - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628). Important SUSE bug 1200628 SUSE bug 1200645 CVE-2022-31625 CVE-2022-31626 cpe:/o:opensuse:leap:15.3 Security update for rubygem-rack (Critical) openSUSE Leap 15.3 This update for rubygem-rack fixes the following issues: - CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS (bsc#1200748) - CVE-2022-30123: Fixed crafted requests can cause shell escape sequences (bsc#1200750) Critical SUSE bug 1200748 SUSE bug 1200750 CVE-2022-30122 CVE-2022-30123 cpe:/o:opensuse:leap:15.3 Security update for openssl-1_1 (Moderate) openSUSE Leap 15.3 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Moderate SUSE bug 1185637 SUSE bug 1199166 SUSE bug 1200550 CVE-2022-1292 CVE-2022-2068 cpe:/o:opensuse:leap:15.3 Security update for liblouis (Important) openSUSE Leap 15.3 This update for liblouis fixes the following issues: - CVE-2022-26981: fix buffer overrun in compilePassOpcode (bsc#1197085). - CVE-2022-31783: prevent an invalid memory write in compileRule (bsc#1200120). Important SUSE bug 1130813 SUSE bug 1197085 SUSE bug 1200120 CVE-2022-26981 CVE-2022-31783 cpe:/o:opensuse:leap:15.3 Security update for qemu (Important) openSUSE Leap 15.3 This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak (bsc#1198712) - CVE-2021-4207: Fixed double fetch in qxl_cursor() can lead to heap buffer overflow (bsc#1198037) - CVE-2021-4206: Fixed integer overflow in cursor_alloc() can lead to heap buffer overflow (bsc#1198035) Important SUSE bug 1197084 SUSE bug 1198035 SUSE bug 1198037 SUSE bug 1198712 SUSE bug 1199018 SUSE bug 1199924 CVE-2021-4206 CVE-2021-4207 CVE-2022-26354 cpe:/o:opensuse:leap:15.3 Security update for ImageMagick (Moderate) openSUSE Leap 15.3 This update for ImageMagick fixes the following issues: - CVE-2019-17540: Fixed heap-based buffer overflow in ReadPSInfo in coders/ps.c. (bsc#1153866) - CVE-2022-32545: Fixed an outside the range of representable values of type. (bsc#1200388) - CVE-2022-32546: Fixed an outside the range of representable values of type. (bsc#1200389) - CVE-2022-32547: Fixed a load of misaligned address at MagickCore/property.c. (bsc#1200387) Moderate SUSE bug 1153866 SUSE bug 1200387 SUSE bug 1200388 SUSE bug 1200389 CVE-2019-17540 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547 cpe:/o:opensuse:leap:15.3 Security update for log4j12 (Important) openSUSE Leap 15.3 This update for log4j12 fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844) - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843) - CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842) Important SUSE bug 1193184 SUSE bug 1194842 SUSE bug 1194843 SUSE bug 1194844 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 cpe:/o:opensuse:leap:15.3 Security update for dpdk (Important) openSUSE Leap 15.3 This update of dpdk fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.3 Security update for dpdk (Important) openSUSE Leap 15.3 This update of dpdk fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.3 Security update for conmon, libcontainers-common, libseccomp, podman (Moderate) openSUSE Leap 15.3 This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with port binded to all IPs - fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers is seen as orginating from localhost - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 Update to version 3.4.4: * Bugfixes - Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535). - Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523). - Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint='' option (to clear the container's entrypoint) (#12521). - Update to version 3.4.3: * Security - This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. * Features - The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287). * Bugfixes - Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065). - Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933). - Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438). - Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189). - Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263). - Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642). - Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248). - Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329). - Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532). - Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086). - Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400). - Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402). - Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452). - Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457). - Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra ' (#11416). * API - The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services. - Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842). - Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419). - Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420). - Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378). - Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392). - Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409). - Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453). - Update to version 3.4.2: * Fixed a bug where podman tag could not tag manifest lists (#12046). * Fixed a bug where built-in volumes specified by images would not be created correctly under some circumstances. * Fixed a bug where, when using Podman Machine on OS X, containers in pods did not have working port forwarding from the host (#12207). * Fixed a bug where the podman network reload command command on containers using the slirp4netns network mode and the rootlessport port forwarding driver would make an unnecessary attempt to restart rootlessport on containers that did not forward ports. * Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged flag when set to false) (#11995). * Fixed a bug where the podman pod rm command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034). * Fixed a bug where the podman pod rm command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force was specified (#11713). * Fixed a bug where the --memory flag to podman run and podman create did not accept a limit of 0 (which should specify unlimited memory) (#12002). * Fixed a bug where the remote Podman client's podman build command could attempt to build a Dockerfile in the working directory of the podman system service instance instead of the Dockerfile specified by the user (#12054). * Fixed a bug where the podman logs --tail command could function improperly (printing more output than requested) when the journald log driver was used. * Fixed a bug where containers run using the slirp4netns network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062). * Fixed a bug where some Podman commands could cause an extra dbus-daemon process to be created (#9727). * Fixed a bug where rootless Podman would sometimes print warnings about a failure to move the pause process into a given CGroup (#12065). * Fixed a bug where the checkpointed field in podman inspect on a container was not set to false after a container was restored. * Fixed a bug where the podman system service command would print overly-verbose logs about request IDs (#12181). * Fixed a bug where Podman could, when creating a new container without a name explicitly specified by the user, sometimes use an auto-generated name already in use by another container if multiple containers were being created in parallel (#11735). Update to version 3.4.1: * Bugfixes - Fixed a bug where podman machine init could, under some circumstances, create invalid machine configurations which could not be started (#11824). - Fixed a bug where the podman machine list command would not properly populate some output fields. - Fixed a bug where podman machine rm could leave dangling sockets from the removed machine (#11393). - Fixed a bug where podman run --pids-limit=-1 was not supported (it now sets the PID limit in the container to unlimited) (#11782). - Fixed a bug where podman run and podman attach could throw errors about a closed network connection when STDIN was closed by the client (#11856). - Fixed a bug where the podman stop command could fail when run on a container that had another podman stop command run on it previously. - Fixed a bug where the --sync flag to podman ps was nonfunctional. - Fixed a bug where the Windows and OS X remote clients' podman stats command would fail (#11909). - Fixed a bug where the podman play kube command did not properly handle environment variables whose values contained an = (#11891). - Fixed a bug where the podman generate kube command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z or :Z) (#11929). - Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965). - Fixed a bug where the podman generate kube command could, under some circumstances, generate YAML including an invalid targetPort field for forwarded ports (#11930). - Fixed a bug where rootless Podman's podman info command could, under some circumstances, not read available CGroup controllers (#11931). - Fixed a bug where podman container checkpoint --export would fail to checkpoint any container created with --log-driver=none (#11974). * API - Fixed a bug where the Compat Create endpoint for Containers could panic when no options were passed to a bind mount of tmpfs (#11961). Update to version 3.4.0: * Features - Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: 'always', which always run before the pod is started, and 'once', which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option. - Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created. - The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container. - The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML. - The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command. - A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time. - Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file). - The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again. - Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option. - The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp. - The podman image scp command has been added. This command allows images to be transferred between different hosts. - The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed. - The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified). - The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation. - Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited. - The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265). - The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use. - The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf. - The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine. - The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527). * Changes - The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so. - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages. - The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file. - Podman no longer depends on ip for removing networks (#11403). - The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release. - The podman machine start command now prints a message when the VM is successfully started. - The podman stats command can now be used on containers that are paused. - The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run). - Successful healthchecks will no longer add a healthy line to the system log to reduce log spam. - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry. * Bugfixes - Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly. - Fixed a bug where the Windows remote client improperly validated volume paths (#10900). - Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped. - Fixed a bug where images created by podman commit did not include ports exposed by the container. - Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171). - Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352). - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443). - Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container. - Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path. - Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387). - Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344). - Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418). - Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411). - Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421). - Fixed a bug where the podman info command could segfault when accessing cgroup information. - Fixed a bug where the podman logs -f command could hang when a container exited (#11461). - Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732). - Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified. - Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392). - Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf. - Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785). - Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496). - Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469). - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444). - Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540). - Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically. - Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod. - Fixed a bug where the podman container runlabel command could fail if the image name given included a tag. - Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596). - Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557). - Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output. - Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687). - Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633). - Fixed a bug where the podman generate kube command would add default environment variables to generated YAML. - Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672). - Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207). - Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731). - Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740). - Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750). * API - The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612). - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients. - The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623). - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225). - The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831). - The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered. - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails. - The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227). - Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235). - Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages. - Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053). Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the --pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert '.cirrus.yml: use fresh images for all VMs' * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html Switch to crun (bsc#1188914) Update to version 3.2.3: * Bump to v3.2.3 * Update release notes for v3.2.3 * vendor containers/common@v0.38.16 * vendor containers/buildah@v1.21.3 * Fix race conditions in rootless cni setup * CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf * Make rootless-cni setup more robust * Support uid,gid,mode options for secrets * vendor containers/common@v0.38.15 * [CI:DOCS] podman search: clarify that results depend on implementation * vendor containers/common@v0.38.14 * vendor containers/common@v0.38.13 * [3.2] vendor containers/common@v0.38.12 * Bump README to v3.2.2 * Bump to v3.2.3-dev - Update to version 3.2.2: * Bump to v3.2.2 * fix systemcontext to use correct TMPDIR * Scrub podman commands to use report package * Fix volumes with uid and gid options * Vendor in c/common v0.38.11 * Initial release notes for v3.2.2 * Fix restoring of privileged containers * Fix handling of podman-remote build --device * Add support for podman remote build -f - . * Fix panic condition in cgroups.getAvailableControllers * Fix permissions on initially created named volumes * Fix building static podman-remote * add correct slirp ip to /etc/hosts * disable tty-size exec checks in system tests * Fix resize race with podman exec -it * Fix documentation of the --format option of podman push * Fix systemd-resolved detection. * Health Check is not handled in the compat LibpodToContainerJSON * Do not use inotify for OCICNI * getContainerNetworkInfo: lock netNsCtr before sync * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership * Create the /etc/mtab file if does not exists * [v3.2] cp: do not allow dir->file copying * create: support images with invalid platform * vendor containers/common@v0.38.10 * logs: k8s-file: restore poll sleep * logs: k8s-file: fix spurious error logs * utils: move message from warning to debug * Bump to v3.2.2-dev - Update to version 3.2.1: * Bump to v3.2.1 * Updated release notes for v3.2.1 * Fix network connect race with docker-compose * Revert 'Ensure minimum API version is set correctly in tests' * Fall back to string for dockerfile parameter * remote events: fix --stream=false * [CI:DOCS] fix incorrect network remove api doc * remote: always send resize before the container starts * remote events: support labels * remote pull: cancel pull when connection is closed * Fix network prune api docs * Improve systemd-resolved detection * logs: k8s-file: fix race * Fix image prune --filter cmd behavior * Several shell completion fixes * podman-remote build should handle -f option properly * System tests: deal with crun 0.20.1 * Fix build tags for pkg/machine... * Fix pre-checkpointing * container: ignore named hierarchies * [v3.2] vendor containers/common@v0.38.9 * rootless: fix fast join userns path * [v3.2] vendor containers/common@v0.38.7 * [v3.2] vendor containers/common@v0.38.6 * Correct qemu options for Intel macs * Ensure minimum API version is set correctly in tests * Bump to v3.2.1-dev - Update to version 3.2.0: * Bump to v3.2.0 * Fix network create macvlan with subnet option * Final release notes updates for v3.2.0 * add ipv6 nameservers only when the container has ipv6 enabled * Use request context instead of background * [v.3.2] events: support disjunctive filters * System tests: add :Z to volume mounts * generate systemd: make mounts portable * vendor containers/storage@v1.31.3 * vendor containers/common@v0.38.5 * Bump to v3.2.0-dev * Bump to v3.2.0-RC3 * Update release notes for v3.2.0-RC3 * Fix race on podman start --all * Fix race condition in running ls container in a pod * docs: --cert-dir: point to containers-certs.d(5) * Handle hard links in different directories * Improve OCI Runtime error * Handle hard links in remote builds * Podman info add support for status of cgroup controllers * Drop container does not exist on removal to debugf * Downgrade API service routing table logging * add libimage events * docs: generate systemd: XDG_RUNTIME_DIR * Fix problem copying files when container is in host pid namespace * Bump to v3.2.0-dev * Bump to v3.2.0-RC2 * update c/common * Update Cirrus DEST_BRANCH to v3.2 * Updated vendors of c/image, c/storage, Buildah * Initial release notes for v3.2.0-RC2 * Add script for identifying commits in release branches * Add host.containers.internal entry into container's etc/hosts * image prune: remove unused images only with `--all` * podman network reload add rootless support * Use more recent `stale` release... * network tutorial: update with rootless cni changes * [CI:DOCS] Update first line in intro page * Use updated VM images + updated automation tooling * auto-update service: prune images * make vendor * fix system upgrade tests * Print 'extracting' only on compressed file * podman image tree: restore previous behavior * fix network restart always test * fix incorrect log driver in podman container image * Add support for cli network prune --filter flag * Move filter parsing to common utils * Bump github.com/containers/storage from 1.30.2 to 1.30.3 * Update nix pin with `make nixpkgs` * [CI:DOCS] hack/bats - new helper for running system tests * fix restart always with slirp4netns * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 * Add host.serviceIsRemote to podman info results * Add client disconnect to build handler loop * Remove obsolete skips * Fix podman-remote build --rm=false ... * fix: improved 'containers/{name}/wait' endpoint * Bump github.com/containers/storage from 1.30.1 to 1.30.2 * Add envars to the generated systemd unit * fix: use UTC Time Stamps in response JSON * fix container startup for empty pidfile * Kube like pods should share ipc,net,uts by default * fix: compat API 'images/get' for multiple images * Revert escaped double dash man page flag syntax * Report Download complete in Compatibility mode * Add documentation on short-names * Bump github.com/docker/docker * Adds support to preserve auto update labels in generate and play kube * [CI:DOCS] Stop conversion of `--` into en dash * Revert Patch to relabel if selinux not enabled * fix per review request * Add support for environment variable secrets * fix pre review request * Fix infinite loop in isPathOnVolume * Add containers.conf information for changing defaults * CI: run rootless tests under ubuntu * Fix wrong macvlan PNG in networking doc. * Add restart-policy to container filters & --filter to podman start * Fixes docker-compose cannot set static ip when use ipam * channel: simplify implementation * build: improve regex for iidfile * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * cgroup: fix rootless --cgroup-parent with pods * fix: docker APIv2 `images/get` * codespell cleanup * Minor podmanimage docs updates. * Fix handling of runlabel IMAGE and NAME * Bump to v3.2.0-dev * Bump to v3.2.0-rc1 * rootless: improve automatic range split * podman: set volatile storage flag for --rm containers * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * migrate Podman to containers/common/libimage * Add filepath glob support to --security-opt unmask * Force log_driver to k8s-file for containers in containers * add --mac-address to podman play kube * compat api: Networks must be empty instead of null * System tests: honor $OCI_RUNTIME (for CI) * is this a bug? * system test image: add arm64v8 image * Fix troubleshooting documentation on handling sublemental groups. * Add --all to podman start * Fix variable reference typo. in multi-arch image action * cgroup: always honor --cgroup-parent with cgroupfs * Bump github.com/uber/jaeger-client-go * Don't require tests for github-actions & metadata * Detect if in podman machine virtual vm * Fix multi-arch image workflow typo * [CI:DOCS] Add titles to remote docs (windows) * Remove unused VolumeList* structs * Cirrus: Update F34beta -> F34 * Update container image docs + fix unstable execution * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * TODO complete * Docker returns 'die' status rather then 'died' status * Check if another VM is running on machine start * [CI:DOCS] Improve titles of command HTML pages * system tests: networking: fix another race condition * Use seccomp_profile as default profile if defined in containers.conf * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 * Vendored * Autoupdate local label functional * System tests: fix two race conditions * Add more documentation on conmon * Allow docker volume create API to pass without name * Cirrus: Update Ubuntu images to 21.04 * Skip blkio-weight test when no kernel BFQ support * rootless: Tell the user what was led to the error, not just what it is * Add troubleshooting advice about the --userns option. * Fix images prune filter until * Fix logic for pushing stable multi-arch images * Fixes generate kube incorrect when bind-mounting '/' and '/root' * libpod/image: unit tests: don't use system's registries.conf.d * runtime: create userns when CAP_SYS_ADMIN is not present * rootless: attempt to copy current mappings first * [CI:DOCS] Restore missing content to manpages * [CI:DOCS] Fix Markdown layout bugs * Fix podman ps --filter ancestor to match exact ImageName/ImageID * Add machine-enabled to containers.conf for machine * Several multi-arch image build/push fixes * Add podman run --timeout option * Parse slirp4netns net options with compat api * Fix rootlesskit port forwarder with custom slirp cidr * Fix removal race condition in ListContainers * Add github-action workflow to build/push multi-arch * rootless: if root is not sub?id raise a debug message * Bump github.com/containers/common from 0.36.0 to 0.37.0 * Add go template shell completion for --format * Add --group-add keep-groups: suplimentary groups into container * Fixes from make codespell * Typo fix to usage text of --compress option * corrupt-image test: fix an oops * Add --noheading flag to all list commands * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 * [CI:DOCS] Fix Markdown table layout bugs * podman-remote should show podman.sock info * rmi: don't break when the image is missing a manifest * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * Add support for CDI device configuration * [CI:DOCS] Add missing dash to verbose option * Bump github.com/uber/jaeger-client-go * Remove an advanced layer diff function * Ensure mount destination is clean, no trailing slash * add it for inspect pidfile * [CI:DOCS] Fix introduction page typo * support pidfile on container restore * fix start it * skip pidfile test on remote * improve document * set pidfile default value int containerconfig * add pidfile in inspection * add pidfile it for container start * skip pidfile it on remote * Modify according to comments * WIP: drop test requirement * runtime: bump required conmon version * runtime: return findConmon to libpod * oci: drop ExecContainerCleanup * oci: use `--full-path` option for conmon * use AttachSocketPath when removing conmon files * hide conmon-pidfile flag on remote mode * Fix possible panic in libpod/image/prune.go * add --ip to podman play kube * add flag autocomplete * add ut * add flag '--pidfile' for podman create/run * Add network bindings tests: remove and list * Fix build with GO111MODULE=off * system tests: build --pull-never: deal with flakes * compose test: diagnose flakes v3 * podman play kube apply correct log driver * Fixes podman-remote save to directories does not work * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 * Update documentation of podman-run to reflect volume 'U' option * Fix flake on failed podman-remote build : try 2 * compose test: ongoing efforts to diagnose flakes * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix flake on failed podman-remote build * System tests: fix racy podman-inspect * Fixes invalid expression in save command * Bump github.com/containers/common from 0.35.4 to 0.36.0 * Update nix pin with `make nixpkgs` * compose test: try to get useful data from flakes * Remove in-memory state implementation * Fix message about runtime to show only the actual runtime * System tests: setup: better cleanup of stray images * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 * Reflect current state of prune implementation in docs * Do not delete container twice * [CI:DOCS] Correct status code for /pods/create * vendor in containers/storage v1.29.0 * cgroup: do not set cgroup parent when rootless and cgroupfs * Overhaul Makefile binary and release worflows * Reorganize Makefile with sections and guide * Simplify Makefile help target * Don't shell to obtain current directory * Remove unnecessary/not-needed release.txt target * Fix incorrect version number output * Exclude .gitignore from test req. * Fix handling of $NAME and $IMAGE in runlabel * Update podman image Dockerfile to support Podman in container * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 * Fix slashes in socket URLs * Add network prune filters support to bindings * Add support for play/generate kube volumes * Update manifest API endpoints * Fix panic when not giving a machine name for ssh * cgroups: force 64 bits to ParseUint * Bump k8s.io/api from 0.20.5 to 0.21.0 * [CI:DOCS] Fix formatting of podman-build man page * buildah-bud tests: simplify * Add missing return * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 * speed up CI handling of images * Volumes prune endpoint should use only prune filters * Cirrus: Use Fedora 34beta images * Bump go.sum + Makefile for golang 1.16 * Exempt Makefile changes from test requirements * Adjust libpod API Container Wait documentation to the code * [CI:DOCS] Update swagger definition of inspect manifest * use updated ubuntu images * podman unshare: add --rootless-cni to join the ns * Update swagger-check * swagger: remove name wildcards * Update buildah-bud diffs * Handle podman-remote --arch, --platform, --os * buildah-bud tests: handle go pseudoversions, plus... * Fix flaking rootless compose test * rootless cni add /usr/sbin to PATH if not present * System tests: special case for RHEL: require runc * Add --requires flag to podman run/create * [CI:DOCS] swagger-check: compare operations * [CI:DOCS] Polish swagger OpertionIDs * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Cirrus: Make use of shared get_ci_vm container * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add support for podman --context default * Verify existence of auth file if specified * fix machine naming conventions * Initial network bindings tests * Update release notes to indicate CVE fix * Move socket activation check into init() and set global condition. * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 * Http api tests for network prune with until filter * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add transport and destination info to manifest doc * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 * Add default template functions * Fix missing podman-remote build options * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 * Add ssh connection to root user * Add rootless docker-compose test to the CI * Use the slrip4netns dns in the rootless cni ns * Cleanup the rootless cni namespace * Add new docker-compose test for two networks * Make the docker-compose test work rootless * Remove unused rootless-cni-infra container files * Only use rootless RLK when the container has ports * Fix dnsname test * Enable rootless network connect/disconnect * Move slirp4netns functions into an extra file * Fix pod infra container cni network setup * Add rootless support for cni and --uidmap * rootless cni without infra container * Recreate until container prune tests for bindings * Remove --execute from podman machine ssh * Fixed podman-remote --network flag * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Fix unmount doc reference in image.rst * Should send the OCI runtime path not just the name to buildah * podman machine shell completion * Fix handling of remove --log-rusage param * Fix bindings prune containers flaky test * [CI:DOCS] Add local html build info to docs/README.md * Add podman machine list * Trim white space from /top endpoint results * Remove semantic version suffices from API calls * podman machine init --ignition-path * Document --volume from podman-remote run/create client * Update main branch to reflect the release of v3.1.0 * Silence podman network reload errors with iptables-nft * Containers prune endpoint should use only prune filters * resolve proper aarch64 image names * APIv2 basic test: relax APIVersion check * Add machine support for qemu-system-aarch64 * podman machine init user input * manpage xref: helpful diagnostic for unescaped dash-dash * Bump to v3.2.0-dev * swagger: update system version response body * buildah-bud tests: reenable pull-never test * [NO TESTS NEEDED] Shrink the size of podman-remote * Add powershell completions * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted * Fix long option format on docs.podman.io * system tests: friendier messages for 2-arg is() * service: use LISTEN_FDS * man pages: correct seccomp-policy label * rootless: use is_fd_inherited * podman generate systemd --new do not duplicate params * play kube: add support for env vars defined from secrets * play kube: support optional/mandatory env var from config map * play kube: prepare supporting other env source than config maps * Add machine support for more Linux distros * [NO TESTS NEEDED] Use same function podman-remote rmi as podman * Podman machine enhancements * Add problematic volume name to kube play error messages * Fix podman build --pull-never * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix list pods filter handling in libpod api * Remove resize race condition * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 * Use TMPDIR when commiting images * Add RequiresMountsFor= to systemd generate * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 * Fix swapped dimensions from terminal.GetSize * Rename podman machine create to init and clean up * Correct json field name * system tests: new interactive tests * Improvements for machine * libpod/image: unit tests: use a `registries.conf` for aliases * libpod/image: unit tests: defer cleanup * libpod/image: unit tests: use `require.NoError` * Add --execute flag to podman machine ssh * introduce podman machine * Podman machine CLI and interface stub * Support multi doc yaml for generate/play kube * Fix filters in image http compat/libpod api endpoints * Bump github.com/containers/common from 0.35.3 to 0.35.4 * Bump github.com/containers/storage from 1.28.0 to 1.28.1 * Check if stdin is a term in --interactive --tty mode * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot * [NO TESTS NEEDED] Fix rootless volume plugins * Ensure manually-created volumes have correct ownership * Bump github.com/rootless-containers/rootlesskit * Unification of until filter across list/prune endpoints * Unification of label filter across list/prune endpoints * fixup * fix: build endpoint for compat API * [CI:DOCS] Add note to mappings for user/group userns in build * Bump k8s.io/api from 0.20.1 to 0.20.5 * Validate passed in timezone from tz option * WIP: run buildah bud tests using podman * Fix containers list/prune http api filter behaviour * Generate Kubernetes PersistentVolumeClaims from named volumes - Update to version 3.1.2: * Bump to v3.1.2 * Update release notes for v3.1.2 * Ensure mount destination is clean, no trailing slash * Fixes podman-remote save to directories does not work * [CI:DOCS] Add missing dash to verbose option * [CI:DOCS] Fix Markdown table layout bugs * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * rmi: don't break when the image is missing a manifest * Bump containers/image to v5.11.1 * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1 * Fix lint * Bump to v3.1.2-dev - Split podman-remote into a subpackage - Add missing scriptlets for systemd units - Escape macros in comments - Drop some obsolete workarounds, including %{go_nostrip} - Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume 'U' option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev - Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases - Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors - Create docker subpackage to allow replacing docker with corresponding aliases to podman. - Update to v3.0.1 * Changes - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output. Bugfixes - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315). - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output. - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems. - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393). - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415). - Fixed a bug where Podman would treat the --entrypoint=[''] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377). - Fixed a bug where Podman would set the HOME environment variable to '' when the container ran as a user without an assigned home directory (#9378). - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374). - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365). - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed. - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387). - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373). - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191). - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247). * API - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port. - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred. - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232). - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library. * Misc - Updated Buildah to v1.19.4 - Updated the containers/storage library to v1.24.6 - Changes from v3.0.0 * Features - Podman now features initial support for Docker Compose. - Added the podman rename command, which allows containers to be renamed after they are created (#1925). - The Podman remote client now supports the podman copy command. - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload). - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them. - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454). - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes. - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times. - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132). - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077). - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443). - The podman pod create command now supports the --net=none option (#9165). - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver. - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container. - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths. - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945. - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512). - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter. The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option. - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned. - The podman volume prune commands now supports filtering what volumes will be pruned. - The podman system prune command now includes information on space reclaimed (#8658). - The podman info command will now properly print information about packages in use on Gentoo and Arch systems. - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384). - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d. - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf. - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000). * Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. * Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here. - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year. - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615). - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501). - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for podman run when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. * Bugfixes - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040). - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034). - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847). - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176 - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842). - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567). - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374). - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803). - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608). - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers. - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790). - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838). - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710). - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921). - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740). - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798). - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture (#8782). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0. - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879). - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733). - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886). - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506). - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849). - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged. - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846). - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile. - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700). - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680). - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748). - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751). - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored. - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694). - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547). - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined. - Fixed a bug where the --layers option to podman build was nonfunctional (#8643). - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990). - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650). - Fixed a bug where --format did not support JSON output for individual fields (#8444). - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498). - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588). - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234). - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230). - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773). - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510). - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303). - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003). API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a 'no such file' error if an invalid executable was passed) (#8281) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters (#8860). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did. * Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/image library to v5.10.2 - Updated the containers/common library to v0.33.4 - Update to v2.2.1 * Changes - Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using --mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volume will not have them in v2.2.1, and these containers will need to be re-created. * Bugfixes - Fixed a bug where rootless Podman would, on systems without the XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539). - Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors (#8613). - Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running. - Fixed a bug where the podman system reset command would print a warning about a duplicate shutdown handler being registered. - Fixed a bug where rootless Podman would attempt to mount sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers. - Fixed a bug where the podman run and podman create commands would fail to create containers from untagged images (#8558). - Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication (#8498). - Fixed a bug where the podman exec command did not move the Conmon process for the exec session into the correct cgroup. - Fixed a bug where shell completion for the ancestor option to podman ps --filter did not work correctly. - Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if --rm was set) if the Podman command that created them was invoked with --log-level=debug. * API - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the Binds and Mounts parameters in HostConfig. - Fixed a bug where the Compat Create endpoint for Containers ignored the Name query parameter. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the 'default' value for NetworkMode (this value is used extensively by docker-compose) (#8544). - Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the target query parameter as the image's tag. * Misc - Podman v2.2.0 vendored a non-released, custom version of the github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging. - Updated the containers/image library to v5.9.0 - Update to v2.2.0 * Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here. - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created. - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks. - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855). - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742). - The podman play kube command now supports persistent volumes claims using Podman named volumes. - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567). - The podman play kube command now supports a --log-driver option to set the log driver for created containers. - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles. - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302). - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757). - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added. - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434). - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097). - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster. - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository. - The podman search command can now output JSON using the --format=json option. - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The --tls-verify and --authfile options have been enabled for use with remote Podman. - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095). - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option. - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option. - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable. - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match. - The podman pod ps command now supports a new filter status, that matches pods in a certain state. * Changes - The podman network rm --force command will now also remove pods that are using the network (#7791). - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given. - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release. - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941). - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659). - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running. - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container. - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906). - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657). - The podman network rm command now has a new alias, podman network remove (#8402). * Bugfixes - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776). - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior. - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789). - Fixed a bug where the podman untag --all command was not supported with remote Podman. - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826). - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798). - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381). - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837). - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872). - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476). - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878). - Fixed a bug where the --format 'table {{ .Field }}' option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886). - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490). - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807). - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830). - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751). - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004). - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026). - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted. - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038). - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979). - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations. - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054). - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073). - Fixed a bug where the podman ps command did not include information on all ports a container was publishing. - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions. - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088). - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089). - Fixed a bug where the --extract option to podman cp was nonfunctional. - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091). - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148). - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139). - Fixed a bug where the podman attach command would not exit when containers stopped (#8154). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160). - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159). - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023). - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181). - Fixed a bug where filters passed to podman volume list were not inclusive (#6765). - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253). - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221). - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322). - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332). - Fixed a bug where the podman stats command did not show memory limits for containers (#8265). - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386). - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it). - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491). - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables. - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473). - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host. - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385). - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck. - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448). - Fixed a bug where the podman container ps alias for podman ps was missing (#8445). * API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version). - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860). - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count. - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so). - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946). - Fixed a bug where the 'no such image' error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response. - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time. - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter. - add dependency to timezone package or podman fails to build a - Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib SELinux support [jsc#SMO-15] libseccomp was updated to release 2.5.3: * Update the syscall table for Linux v5.15 * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2 * Document that seccomp_rule_add() may return -EACCES Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. update to 2.5.1: * Fix a bug where seccomp_load() could only be called once * Change the notification fd handling to only request a notification fd if * the filter has a _NOTIFY action * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage * Clarify the maintainers' GPG keys Update to release 2.5.0 * Add support for the seccomp user notifications, see the seccomp_notify_alloc(3), seccomp_notify_receive(3), seccomp_notify_respond(3) manpages for more information * Add support for new filter optimization approaches, including a balanced tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for more information * Add support for the 64-bit RISC-V architecture * Performance improvements when adding new rules to a filter thanks to the use of internal shadow transactions and improved syscall lookup tables * Properly document the libseccomp API return values and include them in the stable API promise * Improvements to the s390 and s390x multiplexed syscall handling * Multiple fixes and improvements to the libseccomp manpages * Moved from manually maintained syscall tables to an automatically generated syscall table in CSV format * Update the syscall tables to Linux v5.8.0-rc5 * Python bindings and build now default to Python 3.x * Improvements to the tests have boosted code coverage to over 93% Update to release 2.4.3 * Add list of authorized release signatures to README.md * Fix multiplexing issue with s390/s390x shm* syscalls * Remove the static flag from libseccomp tools compilation * Add define for __SNR_ppoll * Fix potential memory leak identified by clang in the scmp_bpf_sim tool Update to release 2.4.2 * Add support for io-uring related system calls conmon was updated to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify Update to version 2.0.29: * Reset OOM score back to 0 for container runtime * call functions registered with atexit on SIGTERM * conn_sock: fix potential segfault Update to version 2.0.27: * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment Update to version 2.0.22: * added man page * attach: always chdir * conn_sock: Explicitly free a heap-allocated string * refactor I/O and add SD_NOTIFY proxy support Update to version 2.0.21: * protect against kill(-1) * Makefile: enable debuginfo generation * Remove go.sum file and add go.mod * Fail if conmon config could not be written * nix: remove double definition for e2fsprogs * Speedup static build by utilizing CI cache on `/nix` folder * Fix nix build for failing e2fsprogs tests * test: fix CI * Use Podman for building libcontainers-common was updated to include: - common 0.44.0 - image 5.16.0 - podman 3.3.1 - storage 1.36.0 (changes too long to list) CVEs fixed: CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602 Moderate SUSE bug 1176804 SUSE bug 1177598 SUSE bug 1181640 SUSE bug 1182998 SUSE bug 1188520 SUSE bug 1188914 SUSE bug 1193166 SUSE bug 1193273 CVE-2020-14370 CVE-2020-15157 CVE-2021-20199 CVE-2021-20291 CVE-2021-3602 CVE-2021-4024 CVE-2021-41190 cpe:/o:opensuse:leap:15.3 Security update for s390-tools (Important) openSUSE Leap 15.3 This update of s390-tools fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793): - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651) Important SUSE bug 1200793 CVE-2022-2200 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-2226: An email with a mismatching OpenPGP signature date was accepted as valid (bmo#1775441) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102 (bmo#1763634, bmo#1772651) Important SUSE bug 1200793 CVE-2022-2200 CVE-2022-2226 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 cpe:/o:opensuse:leap:15.3 Security update for openssl-1_0_0 (Moderate) openSUSE Leap 15.3 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Moderate SUSE bug 1199166 SUSE bug 1200550 CVE-2022-1292 CVE-2022-2068 cpe:/o:opensuse:leap:15.3 Security update for fwupd (Important) openSUSE Leap 15.3 This update of fwupd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.3 Security update for resource-agents (Important) openSUSE Leap 15.3 This update for resource-agents fixes the following issues: - Predictable log file in /tmp in mariadb.in (bsc#1146691). - Allow aws-vpc-move-ip to specify an interface label to distinguish the IP address (bsc#1199766) - Implement options to disable DAD and to allow sending NA in the background (bsc#1196164) Important SUSE bug 1146691 SUSE bug 1196164 SUSE bug 1199766 cpe:/o:opensuse:leap:15.3 Security update for curl (Important) openSUSE Leap 15.3 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) Important SUSE bug 1200735 SUSE bug 1200737 CVE-2022-32206 CVE-2022-32208 cpe:/o:opensuse:leap:15.3 Security update for openssl-1_1 (Important) openSUSE Leap 15.3 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). Important SUSE bug 1201099 CVE-2022-2097 cpe:/o:opensuse:leap:15.3 Security update for fwupdate (Important) openSUSE Leap 15.3 This update of fwupdate fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.3 Security update for containerd, docker and runc (Important) openSUSE Leap 15.3 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container hasexited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. Important SUSE bug 1192051 SUSE bug 1199460 SUSE bug 1199565 SUSE bug 1200088 SUSE bug 1200145 CVE-2022-29162 CVE-2022-31030 cpe:/o:opensuse:leap:15.3 Security update for apache2 (Important) openSUSE Leap 15.3 This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338) - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340) - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341) - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345) - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350) - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352) - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348) Important SUSE bug 1200338 SUSE bug 1200340 SUSE bug 1200341 SUSE bug 1200345 SUSE bug 1200348 SUSE bug 1200350 SUSE bug 1200352 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 cpe:/o:opensuse:leap:15.3 Security update for python (Important) openSUSE Leap 15.3 This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Important SUSE bug 1198511 CVE-2015-20107 cpe:/o:opensuse:leap:15.3 Security update for libnbd (Moderate) openSUSE Leap 15.3 This update for libnbd fixes the following issues: - CVE-2022-0485: Fixed nbdcopy failure if NBD read or write fails (bsc#1195636). Moderate SUSE bug 1195636 CVE-2022-0485 cpe:/o:opensuse:leap:15.3 Security update for crash (Important) openSUSE Leap 15.3 This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.3 Security update for freerdp (Critical) openSUSE Leap 15.3 This update for freerdp fixes the following issues: - CVE-2022-24882: Fixed incorrect check parameters in NTLM (bsc#1198919). - CVE-2022-24883: Fixed authentication against invalid SAM files (bsc#1198921). Critical SUSE bug 1198919 SUSE bug 1198921 CVE-2022-24882 CVE-2022-24883 cpe:/o:opensuse:leap:15.3 Security update for python3 (Important) openSUSE Leap 15.3 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Important SUSE bug 1198511 CVE-2015-20107 cpe:/o:opensuse:leap:15.3 Security update for pcre (Important) openSUSE Leap 15.3 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) Important SUSE bug 1199232 CVE-2022-1586 cpe:/o:opensuse:leap:15.3 Security update for xorg-x11-server (Important) openSUSE Leap 15.3 This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). Important SUSE bug 1194179 SUSE bug 1194181 CVE-2022-2319 CVE-2022-2320 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3 move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). Important SUSE bug 1065729 SUSE bug 1179195 SUSE bug 1180814 SUSE bug 1185762 SUSE bug 1192761 SUSE bug 1193629 SUSE bug 1194013 SUSE bug 1195504 SUSE bug 1195775 SUSE bug 1196901 SUSE bug 1197362 SUSE bug 1197754 SUSE bug 1198020 SUSE bug 1199487 SUSE bug 1199489 SUSE bug 1199657 SUSE bug 1200217 SUSE bug 1200263 SUSE bug 1200442 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200600 SUSE bug 1200608 SUSE bug 1200619 SUSE bug 1200622 SUSE bug 1200692 SUSE bug 1200806 SUSE bug 1200807 SUSE bug 1200809 SUSE bug 1200810 SUSE bug 1200813 SUSE bug 1200816 SUSE bug 1200820 SUSE bug 1200821 SUSE bug 1200822 SUSE bug 1200825 SUSE bug 1200828 SUSE bug 1200829 SUSE bug 1200925 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201143 SUSE bug 1201147 SUSE bug 1201149 SUSE bug 1201160 SUSE bug 1201171 SUSE bug 1201177 SUSE bug 1201193 SUSE bug 1201222 CVE-2021-26341 CVE-2021-4157 CVE-2022-1679 CVE-2022-20132 CVE-2022-20154 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVE-2022-34918 cpe:/o:opensuse:leap:15.3 Security update for oracleasm (Important) openSUSE Leap 15.3 This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.3 Security update for python-PyJWT (Important) openSUSE Leap 15.3 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). Important SUSE bug 1199756 CVE-2022-29217 cpe:/o:opensuse:leap:15.3 Security update for p11-kit (Moderate) openSUSE Leap 15.3 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) Moderate SUSE bug 1180065 CVE-2020-29362 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). The following non-security bugs were fixed: - exec: Force single empty string when argv is empty (bsc#1200571). Important SUSE bug 1194013 SUSE bug 1196901 SUSE bug 1199487 SUSE bug 1199657 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200604 SUSE bug 1200605 SUSE bug 1200608 SUSE bug 1200619 SUSE bug 1200692 SUSE bug 1200762 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201251 CVE-2021-26341 CVE-2021-4157 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 cpe:/o:opensuse:leap:15.3 Security update for nodejs14 (Important) openSUSE Leap 15.3 This update for nodejs14 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). Important SUSE bug 1201325 SUSE bug 1201326 SUSE bug 1201327 SUSE bug 1201328 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 cpe:/o:opensuse:leap:15.3 Security update for nodejs12 (Important) openSUSE Leap 15.3 This update for nodejs12 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). Important SUSE bug 1201325 SUSE bug 1201326 SUSE bug 1201327 SUSE bug 1201328 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 cpe:/o:opensuse:leap:15.3 Security update for dovecot23 (Important) openSUSE Leap 15.3 This update for dovecot23 fixes the following issues: - CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267). Important SUSE bug 1201267 CVE-2022-30550 cpe:/o:opensuse:leap:15.3 Security update for webkit2gtk3 (Important) openSUSE Leap 15.3 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 (bsc#1201221): - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution. Important SUSE bug 1201221 CVE-2022-22662 CVE-2022-22677 CVE-2022-26710 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 15.3 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0) - CVE-2022-21426: Better XPath expression handling (bsc#1198672) - CVE-2022-21443: Improved Object Identification (bsc#1198675) - CVE-2022-21434: Better invocation handler handling (bsc#1198674) - CVE-2022-21476: Improve Santuario processing (bsc#1198671) - CVE-2022-21496: Improve URL supports (bsc#1198673) And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes. Important SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 cpe:/o:opensuse:leap:15.3 Security update for mozilla-nss (Important) openSUSE Leap 15.3 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. Important SUSE bug 1192079 SUSE bug 1192080 SUSE bug 1192086 SUSE bug 1192087 SUSE bug 1192228 SUSE bug 1198486 SUSE bug 1200027 CVE-2022-31741 cpe:/o:opensuse:leap:15.3 Security update for gpg2 (Important) openSUSE Leap 15.3 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) Important SUSE bug 1196125 SUSE bug 1201225 CVE-2022-34903 cpe:/o:opensuse:leap:15.3 Security update for logrotate (Important) openSUSE Leap 15.3 This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). Important SUSE bug 1192449 SUSE bug 1200278 SUSE bug 1200802 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3: move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). - x86/entry: Remove skip_r11rcx (bsc#1201644). Important SUSE bug 1065729 SUSE bug 1179195 SUSE bug 1180814 SUSE bug 1184924 SUSE bug 1185762 SUSE bug 1192761 SUSE bug 1193629 SUSE bug 1194013 SUSE bug 1195504 SUSE bug 1195775 SUSE bug 1196901 SUSE bug 1197362 SUSE bug 1197754 SUSE bug 1198020 SUSE bug 1198924 SUSE bug 1199482 SUSE bug 1199487 SUSE bug 1199489 SUSE bug 1199657 SUSE bug 1200217 SUSE bug 1200263 SUSE bug 1200343 SUSE bug 1200442 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200600 SUSE bug 1200604 SUSE bug 1200605 SUSE bug 1200608 SUSE bug 1200619 SUSE bug 1200622 SUSE bug 1200692 SUSE bug 1200806 SUSE bug 1200807 SUSE bug 1200809 SUSE bug 1200810 SUSE bug 1200813 SUSE bug 1200816 SUSE bug 1200820 SUSE bug 1200821 SUSE bug 1200822 SUSE bug 1200825 SUSE bug 1200828 SUSE bug 1200829 SUSE bug 1200925 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201143 SUSE bug 1201147 SUSE bug 1201149 SUSE bug 1201160 SUSE bug 1201171 SUSE bug 1201177 SUSE bug 1201193 SUSE bug 1201222 SUSE bug 1201644 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 CVE-2021-26341 CVE-2021-4157 CVE-2022-1012 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVE-2022-34918 cpe:/o:opensuse:leap:15.3 Security update for git (Important) openSUSE Leap 15.3 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). Important SUSE bug 1201431 CVE-2022-29187 cpe:/o:opensuse:leap:15.3 Security update for nodejs16 (Important) openSUSE Leap 15.3 This update for nodejs16 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). The following non-security bug was fixed: - Add buildtime version check to determine if we need patched openssl Requires: or already in upstream. (bsc#1192489) Important SUSE bug 1192489 SUSE bug 1201325 SUSE bug 1201326 SUSE bug 1201327 SUSE bug 1201328 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 cpe:/o:opensuse:leap:15.3 Security update for squid (Important) openSUSE Leap 15.3 This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. (bsc#1200907) - CVE-2021-33620: Fixed DoS in HTTP Response processing (bsc#1185923, bsc#1186654) Important SUSE bug 1185923 SUSE bug 1186654 SUSE bug 1200907 CVE-2021-33620 CVE-2021-46784 cpe:/o:opensuse:leap:15.3 Security update for python-M2Crypto (Important) openSUSE Leap 15.3 This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). Important SUSE bug 1178829 CVE-2020-25657 cpe:/o:opensuse:leap:15.3 Security update for aws-iam-authenticator (Important) openSUSE Leap 15.3 This update for aws-iam-authenticator fixes the following issues: - CVE-2022-2385: Fixed AccessKeyID validation bypass (bsc#1201395). Important SUSE bug 1201395 CVE-2022-2385 cpe:/o:opensuse:leap:15.3 Security update for ldb, samba (Important) openSUSE Leap 15.3 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following security bugs were fixed: samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ldb was updated to version 2.4.3 * Fix build problems, waf produces incorrect names for python extensions; (bso#15071); Important SUSE bug 1196224 SUSE bug 1198255 SUSE bug 1199247 SUSE bug 1199734 SUSE bug 1200556 SUSE bug 1200964 SUSE bug 1201490 SUSE bug 1201492 SUSE bug 1201493 SUSE bug 1201495 SUSE bug 1201496 CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 cpe:/o:opensuse:leap:15.3 Security update for rubygem-tzinfo (Important) openSUSE Leap 15.3 This update for rubygem-tzinfo fixes the following issues: - CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files (bsc#1201835). Important SUSE bug 1201835 CVE-2022-31163 cpe:/o:opensuse:leap:15.3 Security update for xen (Important) openSUSE Leap 15.3 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). Important SUSE bug 1027519 SUSE bug 1199965 SUSE bug 1199966 SUSE bug 1200549 SUSE bug 1201394 SUSE bug 1201469 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 cpe:/o:opensuse:leap:15.3 Security update for booth (Important) openSUSE Leap 15.3 This update for booth fixes the following issues: - CVE-2022-2553: authfile directive in booth config file is completely ignored (bsc#1201946). Important SUSE bug 1201946 CVE-2022-2553 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.12.0 ESR (bsc#1201758): - CVE-2022-36319: Mouse Position spoofing with CSS transforms - CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters Important SUSE bug 1201758 CVE-2022-36318 CVE-2022-36319 cpe:/o:opensuse:leap:15.3 Security update for dwarves and elfutils (Moderate) openSUSE Leap 15.3 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. Moderate SUSE bug 1033084 SUSE bug 1033085 SUSE bug 1033086 SUSE bug 1033087 SUSE bug 1033088 SUSE bug 1033089 SUSE bug 1033090 SUSE bug 1082318 SUSE bug 1104264 SUSE bug 1106390 SUSE bug 1107066 SUSE bug 1107067 SUSE bug 1111973 SUSE bug 1112723 SUSE bug 1112726 SUSE bug 1123685 SUSE bug 1125007 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 cpe:/o:opensuse:leap:15.3 Security update for gimp (Moderate) openSUSE Leap 15.3 This update for gimp fixes the following issues: - CVE-2022-30067: Fixed uncontrolled memory consumption via crafted XCF file (bsc#1199653). Moderate SUSE bug 1199653 CVE-2022-30067 cpe:/o:opensuse:leap:15.3 Security update for mokutil (Moderate) openSUSE Leap 15.3 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. Moderate SUSE bug 1198458 cpe:/o:opensuse:leap:15.3 Security update for xscreensaver (Moderate) openSUSE Leap 15.3 This update for xscreensaver fixes the following issues: - CVE-2021-34557: Fixed potential crash and unlock while disconnecting video output with more than 10 monitors (bsc#1186918) Moderate SUSE bug 1186918 CVE-2021-34557 cpe:/o:opensuse:leap:15.3 Security update for tiff (Low) openSUSE Leap 15.3 This update for tiff fixes the following issues: - CVE-2022-2056: Fixed a division by zero denial of service (bsc#1201176). - CVE-2022-2057: Fixed a division by zero denial of service (bsc#1201175). - CVE-2022-2058: Fixed a division by zero denial of service (bsc#1201174). Low SUSE bug 1201174 SUSE bug 1201175 SUSE bug 1201176 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 cpe:/o:opensuse:leap:15.3 Security update for pcre2 (Important) openSUSE Leap 15.3 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). Important SUSE bug 1164384 SUSE bug 1199235 CVE-2019-20454 CVE-2022-1587 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.3 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 7 Fix Pack 10 [bsc#1201643] - CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670), CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674), CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675), CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931). Important SUSE bug 1191912 SUSE bug 1194931 SUSE bug 1198670 SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 SUSE bug 1201643 CVE-2021-35561 CVE-2022-21299 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 cpe:/o:opensuse:leap:15.3 Security update for u-boot (Important) openSUSE Leap 15.3 This update for u-boot fixes the following issues: - CVE-2022-33967: Fixed heap overflow in squashfs filesystem implementation (bsc#1201745). - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). Important SUSE bug 1201214 SUSE bug 1201745 CVE-2022-33967 CVE-2022-34835 cpe:/o:opensuse:leap:15.3 Security update for u-boot (Important) openSUSE Leap 15.3 This update for u-boot fixes the following issues: - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). Important SUSE bug 1201214 CVE-2022-34835 cpe:/o:opensuse:leap:15.3 Security update for harfbuzz (Important) openSUSE Leap 15.3 This update for harfbuzz fixes the following issues: - CVE-2022-33068: Fixed a integer overflow in hb-ot-shape-fallback.cc (bsc#1200900). Important SUSE bug 1200900 CVE-2022-33068 cpe:/o:opensuse:leap:15.3 Security update for qpdf (Important) openSUSE Leap 15.3 This update for qpdf fixes the following issues: - CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF:processXRefStream (bsc#1201830). - CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514). Important SUSE bug 1188514 SUSE bug 1201830 CVE-2021-36978 CVE-2022-34503 cpe:/o:opensuse:leap:15.3 Security update for go1.17 (Important) openSUSE Leap 15.3 This update for go1.17 fixes the following issues: Update to go version 1.17.13 (bsc#1190649): - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic (bsc#1202035). - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (bsc#1201444). - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (bsc#1201437). - CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (bsc#1201448). - CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (bsc#1201443). - CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (bsc#1201434) - CVE-2022-30630: io/fs: stack exhaustion in Glob (bsc#1201447). - CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (bsc#1201436) - CVE-2022-30632: path/filepath: stack exhaustion in Glob (bsc#1201445). - CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal (bsc#1201440). Important SUSE bug 1190649 SUSE bug 1201434 SUSE bug 1201436 SUSE bug 1201437 SUSE bug 1201440 SUSE bug 1201443 SUSE bug 1201444 SUSE bug 1201445 SUSE bug 1201447 SUSE bug 1201448 SUSE bug 1202035 CVE-2022-1705 CVE-2022-1962 CVE-2022-28131 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32189 cpe:/o:opensuse:leap:15.3 Security update for go1.18 (Important) openSUSE Leap 15.3 This update for go1.18 fixes the following issues: Update to go version 1.18.5 (bsc#1193742): - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic (bsc#1202035). - CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (bsc#1201434) - CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (bsc#1201436) - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (bsc#1201437). - CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal (bsc#1201440). - CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (bsc#1201443). - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (bsc#1201444). - CVE-2022-30632: path/filepath: stack exhaustion in Glob (bsc#1201445). - CVE-2022-30630: io/fs: stack exhaustion in Glob (bsc#1201447). - CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (bsc#1201448). Important SUSE bug 1193742 SUSE bug 1201434 SUSE bug 1201436 SUSE bug 1201437 SUSE bug 1201440 SUSE bug 1201443 SUSE bug 1201444 SUSE bug 1201445 SUSE bug 1201447 SUSE bug 1201448 SUSE bug 1202035 CVE-2022-1705 CVE-2022-1962 CVE-2022-28131 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32189 cpe:/o:opensuse:leap:15.3 Security update for python-ujson (Moderate) openSUSE Leap 15.3 This update for python-ujson fixes the following issues: - CVE-2022-31116: Fixed improper decoding of escaped surrogate characters (bsc#1201255). - CVE-2022-31117: Fixed a double free while reallocating a buffer for string decoding (bsc#1201254). Moderate SUSE bug 1201254 SUSE bug 1201255 CVE-2022-31116 CVE-2022-31117 cpe:/o:opensuse:leap:15.3 Security update for wavpack (Low) openSUSE Leap 15.3 This update for wavpack fixes the following issues: - CVE-2022-2476: Fixed a Null pointer dereference in wvunpack (bsc#1201716). Low SUSE bug 1201716 CVE-2022-2476 cpe:/o:opensuse:leap:15.3 Security update for java-11-openjdk (Important) openSUSE Leap 15.3 This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.16+8 (July 2022 CPU) - CVE-2022-21540: Improve class compilation (bsc#1201694) - CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692) - CVE-2022-34169: Improve Xalan supports (bsc#1201684) Important SUSE bug 1201684 SUSE bug 1201692 SUSE bug 1201694 CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 cpe:/o:opensuse:leap:15.3 Security update for ncurses (Moderate) openSUSE Leap 15.3 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). Moderate SUSE bug 1198627 CVE-2022-29458 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940). - CVE-2022-29581: Fixed improper update of reference count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs that could lead to a use-after-free (bnc#1201429). - CVE-2021-33655: Fixed an out of bounds write by ioctl cmd FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed an out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636). - CVE-2022-21505: Fixed a kernel lockdown bypass via IMA policy (bsc#1201458). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829). - CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring which allowed a local attacker to escalate privileges to root (bnc#1199647).- CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler in Rose subsystem that allowed unprivileged attackers to crash the system (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). The following non-security bugs were fixed: - Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676). - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364). - bpf: enable BPF type format (BTF) (jsc#SLE-24559). - nfs: avoid NULL pointer dereference when there is unflushed data (bsc#1201196). - hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364). - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364). - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364). - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - lkdtm: Disable return thunks in rodata.c (bsc#1178134). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364). - net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364). - nvme: consider also host_iface when checking ip options (bsc#1199670). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - x86/bugs: Remove apostrophe typo (bsc#1178134). - x86/entry: Remove skip_r11rcx (bsc#1201644). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). Important SUSE bug 1178134 SUSE bug 1198829 SUSE bug 1199364 SUSE bug 1199647 SUSE bug 1199665 SUSE bug 1199670 SUSE bug 1200521 SUSE bug 1200598 SUSE bug 1200644 SUSE bug 1200651 SUSE bug 1200762 SUSE bug 1200910 SUSE bug 1201196 SUSE bug 1201206 SUSE bug 1201251 SUSE bug 1201381 SUSE bug 1201429 SUSE bug 1201458 SUSE bug 1201635 SUSE bug 1201636 SUSE bug 1201644 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 SUSE bug 1201846 SUSE bug 1201930 SUSE bug 1201940 SUSE bug 1201954 SUSE bug 1201956 SUSE bug 1201958 CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2022-1116 CVE-2022-1462 CVE-2022-20166 CVE-2022-21505 CVE-2022-2318 CVE-2022-26365 CVE-2022-29581 CVE-2022-32250 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-36946 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 91.12 * changed: Support for Google Talk chat accounts removed * fixed: OpenPGP signatures were broken when 'Primary Password' dialog remained open * fixed: Various security fixes - Security fixes (MFSA 2022-31) (bsc#1201758): - CVE-2022-36319: Fixed mouse Position spoofing with CSS transforms (bmo#1737722) - CVE-2022-36318: Fixed directory indexes for bundled resources reflected URL parameters (bmo#1771774) Important SUSE bug 1201758 CVE-2022-36318 CVE-2022-36319 cpe:/o:opensuse:leap:15.3 Security update for python-codecov (Moderate) openSUSE Leap 15.3 This update for python-codecov fixes the following issues: - CVE-2019-10800: Fixed sanitization of gcov arguments before being being provided to the popen method (bsc#1201494). Moderate SUSE bug 1201494 CVE-2019-10800 cpe:/o:opensuse:leap:15.3 Security update for libnbd (Moderate) openSUSE Leap 15.3 This update for libnbd fixes the following issues: - CVE-2022-0485: Fixed a missing error handling that may create corrupted destination image (bsc#1195636). Moderate SUSE bug 1195636 CVE-2022-0485 cpe:/o:opensuse:leap:15.3 Test update for SUSE:SLE-15-SP2:Update (security) (Important) openSUSE Leap 15.3 This is a security test update for SUSE:SLE-15-SP2:Update Important SUSE bug 1194507 cpe:/o:opensuse:leap:15.3 Security update for cifs-utils (Moderate) openSUSE Leap 15.3 This update for cifs-utils fixes the following issues: - CVE-2022-29869: Fixed verbose messages on option parsing causing information leak (bsc#1198976). Moderate SUSE bug 1198976 CVE-2022-29869 cpe:/o:opensuse:leap:15.3 Security update for webkit2gtk3 (Important) openSUSE Leap 15.3 This update for webkit2gtk3 fixes the following issues: - Update to version 2.36.5 (bsc#1201980): - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when using GTK4. - Fix LTO builds with GCC. - Fix several crashes and rendering issues. - Security fixes: - CVE-2022-32792: Fixed processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to UI spoofing. Important SUSE bug 1201980 CVE-2022-32792 CVE-2022-32816 cpe:/o:opensuse:leap:15.3 Security update for python-Twisted (Important) openSUSE Leap 15.3 This update for python-Twisted fixes the following issues: - CVE-2020-10109: Fixed an HTTP request smuggling issue (bsc#1166458). Important SUSE bug 1166458 CVE-2020-10109 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598). - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940). The following non-security bugs were fixed: - cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926). - cifs: To match file servers, make sure the server hostname matches (bsc#1201926). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926). - cifs: set a minimum of 120s for next dns resolution (bsc#1201926). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) - x86/entry: Remove skip_r11rcx (bsc#1201644). Important SUSE bug 1195775 SUSE bug 1195926 SUSE bug 1198484 SUSE bug 1198829 SUSE bug 1200442 SUSE bug 1200598 SUSE bug 1200910 SUSE bug 1201429 SUSE bug 1201635 SUSE bug 1201636 SUSE bug 1201644 SUSE bug 1201926 SUSE bug 1201930 SUSE bug 1201940 CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-20166 CVE-2022-36946 cpe:/o:opensuse:leap:15.3 Security update for samba (Critical) openSUSE Leap 15.3 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). Critical SUSE bug 1139519 SUSE bug 1183572 SUSE bug 1183574 SUSE bug 1188571 SUSE bug 1191227 SUSE bug 1191532 SUSE bug 1192684 SUSE bug 1193690 SUSE bug 1194859 SUSE bug 1195048 CVE-2020-27840 CVE-2021-20277 CVE-2021-20316 CVE-2021-36222 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 cpe:/o:opensuse:leap:15.3 Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate) openSUSE Leap 15.3 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs Moderate SUSE bug 1195916 SUSE bug 1196696 CVE-2020-29651 cpe:/o:opensuse:leap:15.3 Security update for ntfs-3g_ntfsprogs (Important) openSUSE Leap 15.3 This update for ntfs-3g_ntfsprogs fixes the following issues: Updated to version 2022.5.17 (bsc#1199978): - CVE-2022-30783: Fixed an issue where messages between NTFS-3G and the kernel could be intercepted when using libfuse-lite. - CVE-2022-30784: Fixed a memory exhaustion issue when opening a crafted NTFS image. - CVE-2022-30785: Fixed a bug where arbitrary memory read and write operations could be achieved whe using libfuse-lite. - CVE-2022-30786: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30787: Fixed an integer underflow which enabled arbitrary memory read operations when using libfuse-lite. - CVE-2022-30788: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30789: Fixed a memory corruption issue when opening a crafted NTFS image. Important SUSE bug 1199978 CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789 cpe:/o:opensuse:leap:15.3 Security update for podman (Important) openSUSE Leap 15.3 This update for podman fixes the following issues: Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image to a public registry and run arbitrary code in the victim's context via the 'podman top' command (bsc#1182428). - CVE-2022-27191: Fixed a potential crash via SSH under specific configurations (bsc#1197284). - CVE-2022-21698: Fixed a potential denial of service that affected servers that used Prometheus instrumentation (bsc#1196338). Important SUSE bug 1182428 SUSE bug 1196338 SUSE bug 1197284 CVE-2022-1227 CVE-2022-21698 CVE-2022-27191 cpe:/o:opensuse:leap:15.3 Security update for nodejs10 (Important) openSUSE Leap 15.3 This update for nodejs10 fixes the following issues: - CVE-2021-22930, CVE-2021-22940: Fixed two memory corruption issues during HTTP/2 stream cancellation (bsc#1188917, bsc#1189368). - CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2021-22960, CVE-2021-22959: Fixed multiple HTTP request smuggling issues in the underlying HTTP parser (bsc#1201325, bsc#1201326, bsc#1201327, bsc#1191602, bsc#1191601). - CVE-2022-32212: Fixed a DNS rebinding issue caused by improper IPv4 validation (bsc#1201328). Important SUSE bug 1188917 SUSE bug 1189368 SUSE bug 1191601 SUSE bug 1191602 SUSE bug 1201325 SUSE bug 1201326 SUSE bug 1201327 SUSE bug 1201328 CVE-2021-22930 CVE-2021-22940 CVE-2021-22959 CVE-2021-22960 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 15.3 This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u345 (icedtea-3.24.0) - CVE-2022-21540: Fixed a potential Java sandbox bypass (bsc#1201694). - CVE-2022-21541: Fixed a potential Java sandbox bypass (bsc#1201692). - CVE-2022-34169: Fixed an issue where arbitrary bytecode could be executed via a malicious stylesheet (bsc#1201684). - Non-security fixes: - Allowed for customization of PKCS12 keystores (bsc#1195163). Important SUSE bug 1195163 SUSE bug 1201684 SUSE bug 1201692 SUSE bug 1201694 CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 cpe:/o:opensuse:leap:15.3 Security update for systemd-presets-common-SUSE (Moderate) openSUSE Leap 15.3 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) Moderate SUSE bug 1199524 SUSE bug 1200485 CVE-2022-1706 cpe:/o:opensuse:leap:15.3 Security update for u-boot (Important) openSUSE Leap 15.3 This update for u-boot fixes the following issues: - CVE-2022-33103: Fixed a flaw in the squashfs subsystem that could lead to arbitrary code execution (bsc#1201213). Important SUSE bug 1201213 CVE-2022-33103 cpe:/o:opensuse:leap:15.3 Security update for rubygem-rails-html-sanitizer (Moderate) openSUSE Leap 15.3 This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2022-32209: Fixed a potential content injection under specific configurations (bsc#1201183). Moderate SUSE bug 1201183 CVE-2022-32209 cpe:/o:opensuse:leap:15.3 Security update for perl-HTTP-Daemon (Moderate) openSUSE Leap 15.3 This update for perl-HTTP-Daemon fixes the following issues: - CVE-2022-31081: Fixed request smuggling in HTTP::Daemon (bsc#1201157). Moderate SUSE bug 1201157 CVE-2022-31081 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616). - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154). - CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598) - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bnc#1200015). - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940). The following non-security bugs were fixed: - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes). - FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes). - Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676). - Fixed battery detection problem on macbooks (bnc#1201206). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes). - KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes). - KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes). - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes). - KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (git-fixes). - KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes). - KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes). - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes). - KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes). - Sort in RETbleed backport into the sorted section Now that it is upstream.. - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - amd-xgbe: Update DMA coherency values (git-fixes). - arm64 module: set plt* section addresses to 0x0 (git-fixes) - arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes) - arm64: asm: Add new-style position independent function annotations (git-fixes) - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes) - arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes) - arm64: dts: marvell: espressobin: add ethernet alias (git-fixes) - arm64: dts: mcbin: support 2W SFP modules (git-fixes) - arm64: fix compat syscall return truncation (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64: module: rework special section handling (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: stackleak: fix current_top_of_stack() (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes) - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ax88179_178a: add ethtool_op_get_ts_info() (git-fixes). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes). - block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes). - block: Fix fsync always failed if once failed (git-fixes). - block: Fix wrong offset in bio_truncate() (git-fixes). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: do not delete queue kobject before its children (git-fixes). - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes). - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364). - bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559). - bpf: Add in-kernel split BTF support (jsc#SLE-24559). - bpf: Assign ID to vmlinux BTF and return extra info for BTF in GET_OBJ_INFO (jsc#SLE-24559). - bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559). - bpf: Load and verify kernel module BTFs (jsc#SLE-24559). - bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559). - bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - config: enable DEBUG_INFO_BTF This option allows users to access the btf type information for vmlinux but not kernel modules. - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - cxgb4: Fix the -Wmisleading-indentation warning (git-fixes). - dm btree remove: assign new_root only when removal succeeds (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm integrity: conditionally disable 'recalculate' feature (git-fixes). - dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm integrity: fix the maximum number of arguments (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm persistent data: packed struct should have an aligned() attribute too (git-fixes). - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes). - dm snapshot: fix crash with transient storage and zero chunk size (git-fixes). - dm snapshot: flush merged data before committing metadata (git-fixes). - dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes). - dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm verity: fix FEC for RS roots unaligned to block size (git-fixes). - dm: fix mempool NULL pointer race when completing IO (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix potential silent data corruption (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/net: Fix kABI in tun.c (git-fixes). - drivers: net: fix memory leak in atusb_probe (git-fixes). - drivers: net: fix memory leak in peak_usb_create_dev (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - ftgmac100: Restart MAC HW once (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - hex2bin: make the function hex_to_bin constant-time (git-fixes). - hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364). - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364). - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364). - i2c: Fix a potential use after free (git-fixes). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kabi: create module private struct to hold btf size/data (jsc#SLE-24559). - kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (jsc#SLE-24559). - kbuild: Skip module BTF generation for out-of-tree external modules (jsc#SLE-24559). - kbuild: add marker for build log of *.mod.o (jsc#SLE-24559). - kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild (jsc#SLE-24559). - kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559). - kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559). - kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559). - lib/string.c: implement stpcpy (git-fixes). - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes). - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes). - linux/random.h: Use false with bool (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1178134). - macvlan: remove redundant null check on data (git-fixes). - md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md: Set prev_flush_start and flush_bio in an atomic way (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: rc: increase rc-mm tolerance and add debug message (git-fixes). - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes). - media: rtl28xxu: add missing sleep before probing slave demod (git-fixes). - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes). - media: smipcie: fix interrupt handling and IR timeout (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes). - media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes). - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memregion: Fix memregion_free() fallback definition (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364). - net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364). - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes). - net/sonic: Fix some resource leaks in error handling paths (git-fixes). - net: ag71xx: remove unnecessary MTU reservation (git-fixes). - net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes). - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes). - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes). - net: amd-xgbe: Reset link when the link never comes back (git-fixes). - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes). - net: axienet: Handle deferred probe on clock properly (git-fixes). - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes). - net: dsa: bcm_sf2: put device node before return (git-fixes). - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes). - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes). - net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes). - net: enetc: keep RX ring consumer index in sync with hardware (git-fixes). - net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes). - net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes). - net: hns3: fix error mask definition of flow director (git-fixes). - net: hso: bail out on interrupt URB allocation failure (git-fixes). - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes). - net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes). - net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes). - net: macb: add function to disable all macb clocks (git-fixes). - net: macb: restore cmp registers on resume path (git-fixes). - net: macb: unprepare clocks in case of failure (git-fixes). - net: mscc: Fix OF_MDIO config check (git-fixes). - net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes). - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes). - net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes). - net: stmmac: stop each tx channel independently (git-fixes). - net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes). - net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nvme: consider also host_iface when checking ip options (bsc#1199670). - octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - profiling: fix shift-out-of-bounds bugs (git fixes). - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - random: remove useless header comment (git fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules. - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)). - sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)). - scripts: dummy-tools, add pahole (jsc#SLE-24559). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: ufs: Release clock if DMA map fails (git-fixes). - scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - spi: &lt;linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes). - spi: amd: Limit max transfer and message size (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)). - usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1178134). - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). Important SUSE bug 1178134 SUSE bug 1196616 SUSE bug 1198829 SUSE bug 1199364 SUSE bug 1199647 SUSE bug 1199665 SUSE bug 1199670 SUSE bug 1200015 SUSE bug 1200521 SUSE bug 1200598 SUSE bug 1200644 SUSE bug 1200651 SUSE bug 1200762 SUSE bug 1200910 SUSE bug 1201196 SUSE bug 1201206 SUSE bug 1201251 SUSE bug 1201381 SUSE bug 1201429 SUSE bug 1201442 SUSE bug 1201458 SUSE bug 1201635 SUSE bug 1201636 SUSE bug 1201644 SUSE bug 1201645 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 SUSE bug 1201846 SUSE bug 1201930 SUSE bug 1201940 SUSE bug 1201954 SUSE bug 1201956 SUSE bug 1201958 SUSE bug 1202154 CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2022-1116 CVE-2022-1462 CVE-2022-20166 CVE-2022-21505 CVE-2022-2318 CVE-2022-26365 CVE-2022-2639 CVE-2022-29581 CVE-2022-32250 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-36946 cpe:/o:opensuse:leap:15.3 Security update for gfbgraph (Important) openSUSE Leap 15.3 This update for gfbgraph fixes the following issues: - CVE-2021-39358: Fixed missing TLS certificate verification (bsc#1189850). Important SUSE bug 1189850 CVE-2021-39358 cpe:/o:opensuse:leap:15.3 Security update for spice (Important) openSUSE Leap 15.3 This update for spice fixes the following issues: - CVE-2021-20201: Fixed an issue which could allow clients to cause a denial of service by repeatedly renegotiating a connection (bsc#1181686). Important SUSE bug 1181686 CVE-2021-20201 cpe:/o:opensuse:leap:15.3 Security update for gnutls (Important) openSUSE Leap 15.3 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). Important SUSE bug 1202020 CVE-2022-2509 cpe:/o:opensuse:leap:15.3 Security update for bluez (Important) openSUSE Leap 15.3 This update for bluez fixes the following issues: - CVE-2022-0204: Fixed a buffer overflow in the implementation of the gatt protocol (bsc#1194704). Important SUSE bug 1194704 CVE-2022-0204 cpe:/o:opensuse:leap:15.3 Security update for freerdp (Important) openSUSE Leap 15.3 This update for freerdp fixes the following issues: - CVE-2021-41159: Fixed improper validation of client input (bsc#1191895). - CVE-2022-41160: Fixed improper region checks (bsc#1191895). Important SUSE bug 1191895 CVE-2021-41159 CVE-2022-41160 cpe:/o:opensuse:leap:15.3 Security update for raptor (Moderate) openSUSE Leap 15.3 This update for raptor fixes the following issues: - CVE-2020-25713: Fixed an out of bounds access triggered via a malformed input file (bsc#1178903). Moderate SUSE bug 1178903 CVE-2020-25713 cpe:/o:opensuse:leap:15.3 Security update for python-lxml (Important) openSUSE Leap 15.3 This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253). Important SUSE bug 1201253 CVE-2022-2309 cpe:/o:opensuse:leap:15.3 Security update for libyang (Important) openSUSE Leap 15.3 This update for libyang fixes the following issues: - CVE-2021-28905: Fixed a reachable assertion which could be exploited by an attacker to cause a denial of service (bsc#1186377). Important SUSE bug 1186377 CVE-2021-28905 cpe:/o:opensuse:leap:15.3 Security update for keepalived (Important) openSUSE Leap 15.3 This update for keepalived fixes the following issues: - CVE-2021-44225: Fix a potential privilege escalation due to insufficient control in the D-Bus policy (bsc#1193115). Important SUSE bug 1193115 CVE-2021-44225 cpe:/o:opensuse:leap:15.3 Security update for open-vm-tools (Important) openSUSE Leap 15.3 This update for open-vm-tools fixes the following issues: - Updated to version 12.1.0 (build 20219665) (bsc#1202733): - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657). Important SUSE bug 1202657 SUSE bug 1202733 CVE-2022-31676 cpe:/o:opensuse:leap:15.3 Security update for libslirp (Moderate) openSUSE Leap 15.3 This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365). Non-security fixes: - Fix the version header (bsc#1201551) Moderate SUSE bug 1187365 SUSE bug 1201551 CVE-2021-3593 cpe:/o:opensuse:leap:15.3 Security update for postgresql10 (Important) openSUSE Leap 15.3 This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Important SUSE bug 1202368 CVE-2022-2625 cpe:/o:opensuse:leap:15.3 Security update for zlib (Important) openSUSE Leap 15.3 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). Important SUSE bug 1202175 CVE-2022-37434 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.3 This update for java-1_8_0-ibm fixes the following issues: - Updated to Java 8.0 Service Refresh 7 Fix Pack 11 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). Important SUSE bug 1201684 SUSE bug 1201685 SUSE bug 1201692 SUSE bug 1201694 SUSE bug 1202427 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 cpe:/o:opensuse:leap:15.3 Security update for gstreamer-plugins-good (Important) openSUSE Leap 15.3 This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). Important SUSE bug 1201688 SUSE bug 1201693 SUSE bug 1201702 SUSE bug 1201704 SUSE bug 1201706 SUSE bug 1201707 SUSE bug 1201708 CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 cpe:/o:opensuse:leap:15.3 Security update for rsync (Important) openSUSE Leap 15.3 This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server (bsc#1201840). Important SUSE bug 1201840 CVE-2022-29154 cpe:/o:opensuse:leap:15.3 Security update for ucode-intel (Moderate) openSUSE Leap 15.3 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ Moderate SUSE bug 1201727 CVE-2022-21233 cpe:/o:opensuse:leap:15.3 Security update for postgresql13 (Important) openSUSE Leap 15.3 This update for postgresql13 fixes the following issues: - Update to 13.8: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Important SUSE bug 1198166 SUSE bug 1202368 CVE-2022-2625 cpe:/o:opensuse:leap:15.3 Security update for postgresql12 (Important) openSUSE Leap 15.3 This update for postgresql12 fixes the following issues: - Update to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Important SUSE bug 1198166 SUSE bug 1202368 CVE-2022-2625 cpe:/o:opensuse:leap:15.3 Security update for postgresql14 (Important) openSUSE Leap 15.3 This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). - Upgrade to version 14.4 (bsc#1200437) - Release notes: https://www.postgresql.org/docs/release/14.4/ - Release announcement: https://www.postgresql.org/about/news/p-2470/ - Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437) - Pin to llvm13 until the next patchlevel update (bsc#1198166) Important SUSE bug 1198166 SUSE bug 1200437 SUSE bug 1202368 CVE-2022-2625 cpe:/o:opensuse:leap:15.3 Security update for gdk-pixbuf (Moderate) openSUSE Leap 15.3 This update for gdk-pixbuf fixes the following issues: - CVE-2021-46829: Fixed overflow when compositing or clearing frames (bsc#1201826). Moderate SUSE bug 1201826 CVE-2021-46829 cpe:/o:opensuse:leap:15.3 Security update for curl (Low) openSUSE Leap 15.3 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). Low SUSE bug 1202593 CVE-2022-35252 cpe:/o:opensuse:leap:15.3 Security update for 389-ds (Moderate) openSUSE Leap 15.3 This update for 389-ds fixes the following issues: - CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470). Non-security fixes: - Update to version 1.4.4.19~git46.c900a28c8: * CI - makes replication/acceptance_test.py::test_modify_entry more robust * UI - LDAP Editor is not updated when we switch instances - Improvements to openldap import with password policy present (bsc#1199908) - Update to version 1.4.4.19~git43.8ba2ea21f: * fix covscan * BUG - pid file handling * Memory leak in slapi_ldap_get_lderrno * Need a compatibility option about sub suffix handling * Release tarballs don't contain cockpit webapp * Replication broken after password change * Harden ReplicationManager.wait_for_replication * dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int' * CLI - dsconf backend export breaks with multiple backends * CLI - improve task handling Moderate SUSE bug 1199908 SUSE bug 1202470 CVE-2022-2850 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.13.0 ESR (bsc#1202645): - CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling. - CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions. - CVE-2022-38478: Fixed various memory safety issues. Important SUSE bug 1202645 CVE-2022-38472 CVE-2022-38473 CVE-2022-38478 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-openj9 (Important) openSUSE Leap 15.3 This update for java-1_8_0-openj9 fixes the following issues: - Updated to OpenJDK 8u345 build 01 with OpenJ9 0.33.0 virtual machine: - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). - Updated to OpenJDK 8u332 build 09 with OpenJ9 0.32.0 virtual machine: - CVE-2021-41041: Failed an issue that could allow unverified methods to be invoked using MethodHandles (bsc#1198935). - CVE-2022-21426: Fixed a remote partial denial of service issue (component: JAXP) (bsc#1198672). - CVE-2022-21434: Fixed an issue that could allow a remote attacker to update, insert or delete data (component: Libraries) (bsc#1198674). - CVE-2022-21443: Fixed a remote partial denial of service issue (component: Libraries) (bsc#1198675). - CVE-2022-21476: Fixed an issue that could allow unauthorized access to confidential data (component: Libraries) (bsc#1198671). - CVE-2022-21496: Fixed an issue that could allow a remote attacker to update, insert or delete data (component: JNDI) (bsc#1198673). Important SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 SUSE bug 1198935 SUSE bug 1201684 SUSE bug 1201692 SUSE bug 1201694 CVE-2021-41041 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 cpe:/o:opensuse:leap:15.3 Security update for python-Flask-Security-Too (Important) openSUSE Leap 15.3 This update for python-Flask-Security-Too fixes the following issues: - CVE-2021-21241: Fixed an issue where GET requests lacking CSRF protection to certain endpoints could return the user's authentication token (bsc#1181058). Important SUSE bug 1181058 CVE-2021-21241 cpe:/o:opensuse:leap:15.3 Security update for openvswitch (Moderate) openSUSE Leap 15.3 This update for openvswitch fixes the following issues: - CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524). Moderate SUSE bug 1188524 CVE-2021-36980 cpe:/o:opensuse:leap:15.3 Security update for python-bottle (Important) openSUSE Leap 15.3 This update for python-bottle fixes the following issues: - CVE-2022-31799: Fixed an error mishandling issue that could lead to remote denial of service (bsc#1200286). Important SUSE bug 1200286 CVE-2022-31799 cpe:/o:opensuse:leap:15.3 Security update for gimp (Moderate) openSUSE Leap 15.3 This update for gimp fixes the following issues: - CVE-2022-32990: Fixed an unhandled exception which may lead to denial of service (bsc#1201192). Moderate SUSE bug 1201192 CVE-2022-32990 cpe:/o:opensuse:leap:15.3 Security update for openvswitch (Moderate) openSUSE Leap 15.3 This update for openvswitch fixes the following issues: - CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524). Moderate SUSE bug 1188524 CVE-2021-36980 cpe:/o:opensuse:leap:15.3 Security update for ImageMagick (Moderate) openSUSE Leap 15.3 This update for ImageMagick fixes the following issues: - CVE-2021-20224: Fixed an integer overflow that could be triggered via a crafted file (bsc#1202800). - CVE-2022-2719: Fixed a reachable assertion that could lead to denial of service via a crafted file (bsc#1202250). Moderate SUSE bug 1202250 SUSE bug 1202800 CVE-2021-20224 CVE-2022-2719 cpe:/o:opensuse:leap:15.3 Security update for icu (Moderate) openSUSE Leap 15.3 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). Moderate SUSE bug 1193951 CVE-2020-21913 cpe:/o:opensuse:leap:15.3 Security update for icu (Moderate) openSUSE Leap 15.3 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). Moderate SUSE bug 1193951 CVE-2020-21913 cpe:/o:opensuse:leap:15.3 Security update for udisks2 (Moderate) openSUSE Leap 15.3 This update for udisks2 fixes the following issues: - CVE-2021-3802: Fixed insecure defaults in user-accessible mount helpers (bsc#1190606). - Fixed vulnerability that allowed mounting ext4 devices over existing entries in fstab (bsc#1098797). Moderate SUSE bug 1098797 SUSE bug 1190606 CVE-2021-3802 cpe:/o:opensuse:leap:15.3 Security update for libyajl (Moderate) openSUSE Leap 15.3 This update for libyajl fixes the following issues: - CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405). Moderate SUSE bug 1198405 CVE-2022-24795 cpe:/o:opensuse:leap:15.3 Important security update for SUSE Manager Client Tools (Important) openSUSE Leap 15.3 This update fixes the following issues: ansible: - Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133) * CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) (bsc#1187725) * CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) (bsc#1188061) * ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) (bsc#1176460) - Update to 2.9.22: * CVE-2021-3447 (bsc#1183684) multiple modules expose secured values * CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option * CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values * CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values * CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module dracut-saltboot: - Require e2fsprogs (bsc#1202614) - Update to version 0.1.1657643023.0d694ce * Update dracut-saltboot dependencies (bsc#1200970) * Fix network loading when ipappend is used in pxe config * Add new information messages golang-github-QubitProducts-exporter_exporter: - Remove license file from %doc mgr-daemon: - Version 4.3.5-1 * Update translation strings mgr-virtualization: - Version 4.3.6-1 * Report all VMs in poller, not only running ones (bsc#1199528) prometheus-blackbox_exporter: - Exclude s390 arch python-hwdata: - Declare the LICENSE file as license and not doc spacecmd: - Version 4.3.14-1 * Fix missing argument on system_listmigrationtargets (bsc#1201003) * Show correct help on calling kickstart_importjson with no arguments * Fix tracebacks on spacecmd kickstart_export (bsc#1200591) * Change proxy container config default filename to end with tar.gz * Update translation strings spacewalk-client-tools: - Version 4.3.11-1 * Update translation strings uyuni-common-libs: - Version 4.3.5-1 * Fix reposync issue about 'rpm.hdr' object has no attribute 'get' uyuni-proxy-systemd-services: - Version 4.3.6-1 * Expose port 80 (bsc#1200142) * Use volumes rather than bind mounts * TFTPD to listen on udp port (bsc#1200968) * Add TAG variable in configuration * Fix containers namespaces in configuration zypp-plugin-spacewalk: - 1.0.13 * Log in before listing channels. (bsc#1197963, bsc#1193585) Important SUSE bug 1176460 SUSE bug 1180816 SUSE bug 1180942 SUSE bug 1181119 SUSE bug 1181935 SUSE bug 1183684 SUSE bug 1187725 SUSE bug 1188061 SUSE bug 1193585 SUSE bug 1197963 SUSE bug 1199528 SUSE bug 1200142 SUSE bug 1200591 SUSE bug 1200968 SUSE bug 1200970 SUSE bug 1201003 SUSE bug 1202614 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 CVE-2021-20228 CVE-2021-3447 CVE-2021-3583 CVE-2021-3620 cpe:/o:opensuse:leap:15.3 Security update for libEMF (Moderate) openSUSE Leap 15.3 This update for libEMF fixes the following issues: - CVE-2020-13999: Fixed an integer overflow that could lead to denial of service via a crafted file (bsc#1173070). Moderate SUSE bug 1173070 CVE-2020-13999 cpe:/o:opensuse:leap:15.3 Security update for vim (Important) openSUSE Leap 15.3 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0313: - CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902). - CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903). - CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904). - CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249). - CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356). - CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359). - CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363). - CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414). - CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552). - CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270). - CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697). - CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698). - CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700). - CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701). - CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732). - CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132). - CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133). - CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134). - CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135). - CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136). - CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150). - CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151). - CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152). - CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153). - CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154). - CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155). - CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863). - CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046). - CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049). - CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050). - CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051). - CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420). - CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421). - CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511). - CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512). - CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515). - CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599). - CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687). - CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689). - CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862). Bugfixes: - Fixing vim error on startup (bsc#1200884). - Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620). Important SUSE bug 1200270 SUSE bug 1200697 SUSE bug 1200698 SUSE bug 1200700 SUSE bug 1200701 SUSE bug 1200732 SUSE bug 1200884 SUSE bug 1200902 SUSE bug 1200903 SUSE bug 1200904 SUSE bug 1201132 SUSE bug 1201133 SUSE bug 1201134 SUSE bug 1201135 SUSE bug 1201136 SUSE bug 1201150 SUSE bug 1201151 SUSE bug 1201152 SUSE bug 1201153 SUSE bug 1201154 SUSE bug 1201155 SUSE bug 1201249 SUSE bug 1201356 SUSE bug 1201359 SUSE bug 1201363 SUSE bug 1201620 SUSE bug 1201863 SUSE bug 1202046 SUSE bug 1202049 SUSE bug 1202050 SUSE bug 1202051 SUSE bug 1202414 SUSE bug 1202420 SUSE bug 1202421 SUSE bug 1202511 SUSE bug 1202512 SUSE bug 1202515 SUSE bug 1202552 SUSE bug 1202599 SUSE bug 1202687 SUSE bug 1202689 SUSE bug 1202862 CVE-2022-1720 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581 CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923 CVE-2022-2946 CVE-2022-3016 cpe:/o:opensuse:leap:15.3 Security update for gdk-pixbuf (Important) openSUSE Leap 15.3 This update for gdk-pixbuf fixes the following issues: - CVE-2021-44648: Fixed overflow vulnerability in lzw code size (bsc#1194633). Important SUSE bug 1194633 CVE-2021-44648 cpe:/o:opensuse:leap:15.3 Security update for libyang (Important) openSUSE Leap 15.3 This update for libyang fixes the following issues: - CVE-2021-28906: Fixed missing check in read_yin_leaf that can lead to DoS (bsc#1186378) - CVE-2021-28904: Fixed missing check in ext_get_plugin that lead to DoS (bsc#1186376). - CVE-2021-28903: Fixed stack overflow in lyxml_parse_mem (bsc#1186375). - CVE-2021-28902: Fixed missing check in read_yin_container that can lead to DoS (bsc#1186374). Important SUSE bug 1186374 SUSE bug 1186375 SUSE bug 1186376 SUSE bug 1186378 CVE-2021-28902 CVE-2021-28903 CVE-2021-28904 CVE-2021-28906 cpe:/o:opensuse:leap:15.3 Security update for frr (Important) openSUSE Leap 15.3 This update for frr fixes the following issues: - CVE-2022-37032: Fixed out-of-bounds read in the BGP daemon that may lead to information disclosure or denial of service (bsc#1202023). - CVE-2019-25074: Fixed a memory leak in the IS-IS daemon that may lead to server memory exhaustion (bsc#1202022). Important SUSE bug 1202022 SUSE bug 1202023 CVE-2019-25074 CVE-2022-37032 cpe:/o:opensuse:leap:15.3 Security update for qpdf (Important) openSUSE Leap 15.3 This update for qpdf fixes the following issues: - CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514). Important SUSE bug 1188514 CVE-2021-36978 cpe:/o:opensuse:leap:15.3 Security update for clamav (Important) openSUSE Leap 15.3 This update for clamav fixes the following issues: clamav was updated to 0.103.7 (bsc#1202986) * Upgrade the vendored UnRAR library to version 6.1.7. * Fix logical signature 'Intermediates' feature. * Relax constraints on slightly malformed zip archives that contain overlapping file entries. Important SUSE bug 1202986 cpe:/o:opensuse:leap:15.3 Security update for nodejs16 (Moderate) openSUSE Leap 15.3 This update for nodejs16 fixes the following issues: - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request (bsc#1202382). - CVE-2022-35948: Fixed CRLF injection via Content-Type (bsc#1202383). - CVE-2022-29244: Fixed npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace (bsc#1200517). - CVE-2022-31150: Fixed CRLF injection in node-undici (bsc#1201710). Bugfixes: - Enable crypto-policies for SLE15 SP4+ and TW (bsc#1200303) Moderate SUSE bug 1200303 SUSE bug 1200517 SUSE bug 1201710 SUSE bug 1202382 SUSE bug 1202383 CVE-2022-29244 CVE-2022-31150 CVE-2022-35948 CVE-2022-35949 cpe:/o:opensuse:leap:15.3 Security update for freetype2 (Moderate) openSUSE Leap 15.3 This update for freetype2 fixes the following issues: - CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830). - CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832). - CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823). Non-security fixes: - Updated to version 2.10.4 Moderate SUSE bug 1198823 SUSE bug 1198830 SUSE bug 1198832 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 cpe:/o:opensuse:leap:15.3 Security update for rubygem-kramdown (Important) openSUSE Leap 15.3 This update for rubygem-kramdown fixes the following issues: - CVE-2020-14001: Fixed processing template options inside documents allowing unintended read access or embedded Ruby code execution (bsc#1174297). Important SUSE bug 1174297 CVE-2020-14001 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272). - CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). The following non-security bugs were fixed: - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ARM: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes). - ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes). - ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes). - ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: x86: accept userspace interrupt only if no event is injected (git-fixes). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes). - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: qcom: Fix pipe clock imbalance (git-fixes). - SUNRPC reverting d03727b248d0 ('NFSv4 fix CLOSE not waiting for direct IO compeletion') (git-fixes). - SUNRPC: Clean up scheduling of autoclose (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722). - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720). - blk-iocost: fix weight updates of inner active iocgs (bsc#1202717). - blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722). - blktrace: fix blk_rq_merge documentation (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: m_can: process interrupt only when not runtime suspended (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810). - ceph: do not truncate file in atomic_open (bsc#1202811). - cgroup: Trace event cgroup id fields should be u64 (git-fixes). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes). - coresight: cti: Correct the parameter for pm_runtime_put (git-fixes). - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - ehea: fix error return code in ehea_restart_qps() (git-fixes). - enetc: Fix endianness issues for enetc_qos (git-fixes). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - fuse: Remove the control interface for virtio-fs (bsc#1203137). - fuse: ioctl: translate ENOSYS (bsc#1203136). - fuse: limit nsec (bsc#1203135). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - ice: report supported and advertised autoneg using PHY capabilities (git-fixes). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: ssif: initialize ssif_info->client early (git-fixes). - ixgbevf: add correct exception tracing for XDP (git-fixes). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - kabi/severities: add stmmac driver local sumbols - kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kfifo: fix kfifo_to_user() return type (git-fixes). - kfifo: fix ternary sign extension bugs (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - net/mlx5e: Check for needed capability for cvlan matching (git-fixes). - net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes). - net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes). - net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: mt7530: fix VLAN traffic leaks (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: enetc: unmap DMA in enetc_send_cmd() (git-fixes). - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes). - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes). - net: ethernet: ezchip: fix error handling (git-fixes). - net: ethernet: ezchip: remove redundant check (git-fixes). - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes). - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes). - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes). - net: fec_ptp: add clock rate zero check (git-fixes). - net: ftgmac100: Fix crash when removing driver (git-fixes). - net: hdlc_x25: Return meaningful error code in x25_open (git-fixes). - net: hns: Fix kernel-doc (git-fixes). - net: lantiq: fix memory corruption in RX ring (git-fixes). - net: lapbether: Prevent racing when checking whether the netif is running (git-fixes). - net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes). - net: netcp: Fix an error message (git-fixes). - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmicro: handle clk_prepare() failure during init (git-fixes). - net: stmmac: Modify configuration method of EEE timers (git-fixes). - net: stmmac: Use resolved link config in mac_link_up() (git-fixes). - net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes). - net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - nfsd: fix use-after-free due to delegation race (git-fixes). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - ocfs2: drop acl cache for directories too (bsc#1191667). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). - octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes). - perf bench: Share some global variables to fix build with gcc 10 (git-fixes). - pinctrl/rockchip: fix gpio device creation (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: Staticify functions without prototypes (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: define get_cycles macro for arch-override (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - profiling: fix shift too large makes kernel panic (git-fixes). - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: fix 2KB pgtable release race (git-fixes). - s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - selftests: futex: Use variable MAKE instead of make (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes). - silence nfscache allocation warnings with kvzalloc (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - tee: optee: Fix incorrect page free bug (git-fixes). - thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes). - usb: dwc3: ep0: Fix delay status handling (git-fixes). - usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes). - usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes). - usb: dwc3: gadget: Remove unnecessary checks (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Store resource index of start cmd (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings. - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - xfs: Fix assert failure in xfs_setattr_size() (git-fixes). - xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: mark a data structure sick if there are cross-referencing errors (git-fixes). - xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes). Important SUSE bug 1023051 SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1179722 SUSE bug 1179723 SUSE bug 1181862 SUSE bug 1191662 SUSE bug 1191667 SUSE bug 1191881 SUSE bug 1192594 SUSE bug 1192968 SUSE bug 1194272 SUSE bug 1194535 SUSE bug 1197158 SUSE bug 1197755 SUSE bug 1197756 SUSE bug 1197757 SUSE bug 1197760 SUSE bug 1197763 SUSE bug 1197920 SUSE bug 1198971 SUSE bug 1199291 SUSE bug 1200431 SUSE bug 1200845 SUSE bug 1200868 SUSE bug 1200869 SUSE bug 1200870 SUSE bug 1200871 SUSE bug 1200872 SUSE bug 1200873 SUSE bug 1201019 SUSE bug 1201420 SUSE bug 1201610 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201948 SUSE bug 1202096 SUSE bug 1202097 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202393 SUSE bug 1202396 SUSE bug 1202447 SUSE bug 1202564 SUSE bug 1202577 SUSE bug 1202636 SUSE bug 1202672 SUSE bug 1202701 SUSE bug 1202708 SUSE bug 1202709 SUSE bug 1202710 SUSE bug 1202711 SUSE bug 1202712 SUSE bug 1202713 SUSE bug 1202714 SUSE bug 1202715 SUSE bug 1202716 SUSE bug 1202717 SUSE bug 1202718 SUSE bug 1202720 SUSE bug 1202722 SUSE bug 1202745 SUSE bug 1202756 SUSE bug 1202810 SUSE bug 1202811 SUSE bug 1202860 SUSE bug 1202895 SUSE bug 1202898 SUSE bug 1203063 SUSE bug 1203098 SUSE bug 1203107 SUSE bug 1203116 SUSE bug 1203117 SUSE bug 1203135 SUSE bug 1203136 SUSE bug 1203137 CVE-2016-3695 CVE-2020-27784 CVE-2021-4155 CVE-2021-4203 CVE-2022-20368 CVE-2022-20369 CVE-2022-2588 CVE-2022-26373 CVE-2022-2663 CVE-2022-2905 CVE-2022-2977 CVE-2022-3028 CVE-2022-36879 CVE-2022-39188 CVE-2022-39190 cpe:/o:opensuse:leap:15.3 Security update for libzapojit (Important) openSUSE Leap 15.3 This update for libzapojit fixes the following issues: - CVE-2021-39360: Fixed missing guard against invalid SSL certificates (bsc#1189844). Important SUSE bug 1189844 CVE-2021-39360 cpe:/o:opensuse:leap:15.3 Security update for perl (Moderate) openSUSE Leap 15.3 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). Moderate SUSE bug 1047178 CVE-2017-6512 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: Updated to Mozilla Thunderbird 102.2.2: - CVE-2022-3033: Fixed leaking of sensitive information when composing a response to an HTML email with a META refresh tag (bsc#1203007). - CVE-2022-3032: Fixed missing blocking of remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute (bsc#1203007). - CVE-2022-3034: Fixed issue where iframe element in an HTML email could trigger a network request (bsc#1203007). - CVE-2022-36059: Fixed DoS in Matrix SDK bundled with Thunderbird service attack (bsc#1203007). - CVE-2022-38472: Fixed Address bar spoofing via XSLT error handling (bsc#1202645). - CVE-2022-38473: Fixed cross-origin XSLT Documents inheriting the parent's permissions (bsc#1202645). - CVE-2022-38476: Fixed data race and potential use-after-free in PK11_ChangePW (bsc#1202645). - CVE-2022-38477: Fixed memory safety bugs (bsc#1202645). - CVE-2022-38478: Fixed memory safety bugs (bsc#1202645). - CVE-2022-36319: Fixed mouse position spoofing with CSS transforms (bsc#1201758). - CVE-2022-36318: Fixed directory indexes for bundled resources reflected URL parameters (bsc#1201758). - CVE-2022-36314: Fixed unexpected network loads when opening local .lnk files (bsc#1201758). - CVE-2022-2505: Fixed memory safety bugs (bsc#1201758). - CVE-2022-34479: Fixed vulnerability which could overlay the address bar with web content (bsc#1200793). - CVE-2022-34470: Fixed use-after-free in nsSHistory (bsc#1200793). - CVE-2022-34468: Fixed CSP sandbox header without `allow-scripts` bypass via retargeted javascript (bsc#1200793). - CVE-2022-2226: Fixed emails with a mismatching OpenPGP signature date incorrectly accepted as valid (bsc#1200793). - CVE-2022-34481: Fixed integer overflow in ReplaceElementsAt (bsc#1200793). - CVE-2022-31744: Fixed CSP bypass enabling stylesheet injection (bsc#1200793). - CVE-2022-34472: Fixed unavailable PAC file resulting in OCSP requests being blocked (bsc#1200793). - CVE-2022-34478: Fixed Microsoft protocols attacks if a user accepts a prompt (bsc#1200793). - CVE-2022-2200: Fixed vulnerability where undesired attributes could be set as part of prototype pollution (bsc#1200793). - CVE-2022-34484: Fixed memory safety bugs (bsc#1200793). Important SUSE bug 1200793 SUSE bug 1201758 SUSE bug 1202645 SUSE bug 1203007 CVE-2022-2200 CVE-2022-2226 CVE-2022-2505 CVE-2022-3032 CVE-2022-3033 CVE-2022-3034 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 CVE-2022-36059 CVE-2022-36314 CVE-2022-36318 CVE-2022-36319 CVE-2022-38472 CVE-2022-38473 CVE-2022-38476 CVE-2022-38477 CVE-2022-38478 cpe:/o:opensuse:leap:15.3 Security update for ruby2.5 (Moderate) openSUSE Leap 15.3 This update for ruby2.5 fixes the following issues: - CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse (bsc#1193081). Moderate SUSE bug 1193081 CVE-2021-41819 cpe:/o:opensuse:leap:15.3 Security update for glibc (Important) openSUSE Leap 15.3 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) Important SUSE bug 1194640 SUSE bug 1194768 SUSE bug 1194770 SUSE bug 1194785 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 cpe:/o:opensuse:leap:15.3 Security update for libtirpc (Important) openSUSE Leap 15.3 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). Important SUSE bug 1201680 CVE-2021-46828 cpe:/o:opensuse:leap:15.3 Security update for sqlite3 (Moderate) openSUSE Leap 15.3 This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). sqlite was updated to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. Update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. [boo#1201783] Update to 3.39.1: * Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view * Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. * Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. * Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. * Enhance the sqlite_stmt virtual table so that it buffers all of its output. Update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value '3') from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. Update to 3.38.5: * Fix a blunder in the CLI of the 3.38.4 release Update to 3.38.4: * fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key Update to 3.38.3: * Fix a case of the query planner be overly aggressive with optimizing automatic-index and Bloom-filter construction, using inappropriate ON clause terms to restrict the size of the automatic-index or Bloom filter, and resulting in missing rows in the output. * Other minor patches. See the timeline for details. Update to 3.38.2: * Fix a problem with the Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. * Other minor patches. - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). Update to 3.38.1: * Fix problems with the new Bloom filter optimization that might cause some obscure queries to get an incorrect answer. * Fix the localtime modifier of the date and time functions so that it preserves fractional seconds. * Fix the sqlite_offset SQL function so that it works correctly even in corner cases such as when the argument is a virtual column or the column of a view. * Fix row value IN operator constraints on virtual tables so that they work correctly even if the virtual table implementation relies on bytecode to filter rows that do not satisfy the constraint. * Other minor fixes to assert() statements, test cases, and documentation. See the source code timeline for details. Update to 3.38.0 * Add the -> and ->> operators for easier processing of JSON * The JSON functions are now built-ins * Enhancements to date and time functions * Rename the printf() SQL function to format() for better compatibility, with alias for backwards compatibility. * Add the sqlite3_error_offset() interface for helping localize an SQL error to a specific character in the input SQL text * Enhance the interface to virtual tables * CLI columnar output modes are enhanced to correctly handle tabs and newlines embedded in text, and add options like '--wrap N', '--wordwrap on', and '--quote' to the columnar output modes. * Query planner enhancements using a Bloom filter to speed up large analytic queries, and a balanced merge tree to evaluate UNION or UNION ALL compound SELECT statements that have an ORDER BY clause. * The ALTER TABLE statement is changed to silently ignores entries in the sqlite_schema table that do not parse when PRAGMA writable_schema=ON Update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change Update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. Updated to 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ('START') is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert extension when a column has no collating sequence. Moderate SUSE bug 1189802 SUSE bug 1195773 SUSE bug 1201783 CVE-2021-36690 CVE-2022-35737 cpe:/o:opensuse:leap:15.3 Security update for wireshark (Moderate) openSUSE Leap 15.3 This update for wireshark fixes the following issues: Updated to Wireshark 3.6.8: - CVE-2022-3190: Fixed F5 Ethernet Trailer dissector infinite loop (bsc#1203388). - CVE-2021-4186: Fixed Gryphon dissector crash (bsc#1194165). Moderate SUSE bug 1194165 SUSE bug 1203388 CVE-2021-4186 CVE-2022-3190 cpe:/o:opensuse:leap:15.3 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important) openSUSE Leap 15.3 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: Security issues fixed: - CVE-2022-1798: Fix arbitrary file read on the host from KubeVirt VMs (bsc#1202516) Security issues fixed in vendored dependencies: - CVE-2022-1996: Fixed go-restful CORS bypass (bsc#1200528) - CVE-2022-29162: Fixed runc incorrect handling of inheritable capabilities in default configuration (bsc#1199460) Other fixes: - Pack nft rules and nsswitch.conf for virt-handler - Only create 1MiB-aligned disk images (bsc#1199603) - Avoid to return nil failure message - Use semantic equality comparison - Allow to configure utility containers for update test - Install nftables to manage network rules - Install tar to allow kubectl cp ... - Symlink nsswitch.conf and nft rules to proper locations - Enable USB redirection support for QEMU - Install vim-small instread of vim - Drop libvirt-daemon-driver-storage-core - Install ethtool and gawk (bsc#1199392) - Use non-versioned appliance to avoid redundant rpm query - Explicitly state the dependency on kubevirt main package Important SUSE bug 1199392 SUSE bug 1199460 SUSE bug 1199603 SUSE bug 1200528 SUSE bug 1202516 CVE-2022-1798 CVE-2022-1996 CVE-2022-29162 cpe:/o:opensuse:leap:15.3 Security update for go1.18 (Important) openSUSE Leap 15.3 This update for go1.18 fixes the following issues: Update to go version 1.18.6 (bsc#1193742): - CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors after sending GOAWAY (bsc#1203185). Important SUSE bug 1193742 SUSE bug 1203185 CVE-2022-27664 cpe:/o:opensuse:leap:15.3 Security update for go1.19 (Important) openSUSE Leap 15.3 This update for go1.19 fixes the following issues: Update to go version 1.19.1 (bsc#1200441): - CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors after sending GOAWAY (bsc#1203185). - CVE-2022-32190: Fixed missing stripping of relative path components in net/url JoinPath (bsc#1203186). Important SUSE bug 1200441 SUSE bug 1203185 SUSE bug 1203186 CVE-2022-27664 CVE-2022-32190 cpe:/o:opensuse:leap:15.3 Security update for oniguruma (Important) openSUSE Leap 15.3 This update for oniguruma fixes the following issues: - CVE-2019-19246: Fixed an out of bounds access during regular expression matching (bsc#1157805). - CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression (bsc#1164569). - CVE-2019-19203: Fixed an out of bounds access when performing a string search (bsc#1164550). - CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a crafted regular expression, which could lead to denial of service (bsc#1150130). - CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179). - CVE-2019-13224: Fixed a potential use-after-free when handling multiple different encodings (bsc#1142847). Important SUSE bug 1142847 SUSE bug 1150130 SUSE bug 1157805 SUSE bug 1164550 SUSE bug 1164569 SUSE bug 1177179 CVE-2019-13224 CVE-2019-16163 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2020-26159 cpe:/o:opensuse:leap:15.3 Security update for xen (Important) openSUSE Leap 15.3 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Important SUSE bug 1194576 SUSE bug 1194581 SUSE bug 1194588 CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 cpe:/o:opensuse:leap:15.3 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important) openSUSE Leap 15.3 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.43.2 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.43.2 Security issues fixed: - CVE-2022-1996: Fixed CORS bypass in go-restful vendored dependency (bsc#1200528) Other fixes: - Include additional tools used by cdi-importer: cdi-containerimage-server cdi-source-update-poller - Pack only cdi-{cr,operator}.yaml into the manifests RPM - Install tar package (used for cloning filesystem PVCs) Important SUSE bug 1200528 CVE-2022-1996 cpe:/o:opensuse:leap:15.3 Security update for containerd, docker (Moderate) openSUSE Leap 15.3 This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015). - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434). - CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334). - CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121). - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273). Moderate SUSE bug 1191015 SUSE bug 1191121 SUSE bug 1191334 SUSE bug 1191434 SUSE bug 1193273 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 cpe:/o:opensuse:leap:15.3 Security update for rubygem-rack (Moderate) openSUSE Leap 15.3 This update for rubygem-rack fixes the following issues: - CVE-2020-8184: Fixed vulnerability where percent-encoded cookies can be used to overwrite existing prefixed cookie names (bsc#1173351). - CVE-2020-8161: Fixed directory traversal in Rack:Directory (bsc#1172037). Moderate SUSE bug 1172037 SUSE bug 1173351 CVE-2020-8161 CVE-2020-8184 cpe:/o:opensuse:leap:15.3 Security update for webkit2gtk3 (Important) openSUSE Leap 15.3 This update for webkit2gtk3 fixes the following issues: - CVE-2022-32893: Fixed several crashes and rendering issues (bsc#1202807). - Fixed WebKitGTK not allow to be used from non-main threads (bsc#1202169). Important SUSE bug 1202169 SUSE bug 1202807 CVE-2022-32893 cpe:/o:opensuse:leap:15.3 Security update for dpdk (Important) openSUSE Leap 15.3 This update for dpdk fixes the following issues: - CVE-2022-2132: Fixed DoS when a vhost header crosses more than two descriptors and exhausts all mbufs (bsc#1202903). - CVE-2022-28199: Fixed buffer overflow in the vhost code (bsc#1202956). Important SUSE bug 1202903 SUSE bug 1202956 CVE-2022-2132 CVE-2022-28199 cpe:/o:opensuse:leap:15.3 Security update for mariadb (Important) openSUSE Leap 15.3 This update for mariadb fixes the following issues: Update to 10.5.17: - CVE-2022-32082: Fixed assertion failure at table->get_ref_count() == 0 in dict0dict.cc (bsc#1201162). - CVE-2022-32089: Fixed segmentation fault via the component st_select_lex_unit::exclude_level (bsc#1201169). - CVE-2022-32081: Fixed use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc (bsc#1201161). - CVE-2022-32091: Fixed use-after-poison in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc (bsc#1201170). - CVE-2022-32084: Fixed segmentation fault via the component sub_select (bsc#1201164). - CVE-2022-38791: Fixed deadlock in compress_write in extra/mariabackup/ds_compress.cc (bsc#1202863). - CVE-2022-32088: Fixed segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort (bsc#1201168). - CVE-2022-32087: Fixed segmentation fault via the component Item_args::walk_args (bsc#1201167). - CVE-2022-32086: Fixed segmentation fault via the component Item_field::fix_outer_field (bsc#1201166). - CVE-2022-32085: Fixed segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor (bsc#1201165). - CVE-2022-32083: Fixed segmentation fault via the component Item_subselect::init_expr_cache_tracker (bsc#1201163). Bugfixes: - Fixed mysql-systemd-helper being unaware of custom group (bsc#1200105). Important SUSE bug 1200105 SUSE bug 1201161 SUSE bug 1201162 SUSE bug 1201163 SUSE bug 1201164 SUSE bug 1201165 SUSE bug 1201166 SUSE bug 1201167 SUSE bug 1201168 SUSE bug 1201169 SUSE bug 1201170 SUSE bug 1202863 CVE-2022-32081 CVE-2022-32082 CVE-2022-32083 CVE-2022-32084 CVE-2022-32085 CVE-2022-32086 CVE-2022-32087 CVE-2022-32088 CVE-2022-32089 CVE-2022-32091 CVE-2022-38791 cpe:/o:opensuse:leap:15.3 Security update for libarchive (Moderate) openSUSE Leap 15.3 This update for libarchive fixes the following issues: - CVE-2021-23177: Fixed symlink ACL extraction that modifies ACLs of the target system (bsc#1192425). Moderate SUSE bug 1192425 CVE-2021-23177 cpe:/o:opensuse:leap:15.3 Security update for permissions (Moderate) openSUSE Leap 15.3 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). Moderate SUSE bug 1203018 CVE-2022-31252 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 102.3.0esr ESR (bsc#1200793, bsc#1201758, bsc#1202645, bsc#1203477): - CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages. - CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads. - CVE-2022-40958: Fixed bypassing secure context restriction for cookies with __Host and __Secure prefix. - CVE-2022-40956: Fixed content-security-policy base-uri bypass. - CVE-2022-40957: Fixed incoherent instruction cache when building WASM on ARM64. - CVE-2022-40962: Fixed memory safety bugs. - CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling. - CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions. - CVE-2022-38478: Fixed various memory safety issues. - CVE-2022-38476: Fixed data race and potential use-after-free in PK11_ChangePW. - CVE-2022-38477: Fixed memory safety bugs. - CVE-2022-36319: Fixed mouse position spoofing with CSS transforms. - CVE-2022-36318: Fixed directory indexes for bundled resources reflected URL parameters. - CVE-2022-36314: Fixed unexpected network loads when opening local .lnk files. - CVE-2022-2505: Fixed memory safety bugs. - CVE-2022-34479: Fixed vulnerabilty where a popup window could be resized in a way to overlay the address bar with web content. - CVE-2022-34470: Fixed use-after-free in nsSHistory. - CVE-2022-34468: Fixed bypass of CSP sandbox header without `allow-scripts` via retargeted javascript: URI. - CVE-2022-34482: Fixed drag and drop of malicious image that could have led to malicious executable and potential code execution. - CVE-2022-34483: Fixed drag and drop of malicious image that could have led to malicious executable and potential code execution. - CVE-2022-34476: Fixed vulnerability where ASN.1 parser could have been tricked into accepting malformed ASN.1. - CVE-2022-34481: Fixed potential integer overflow in ReplaceElementsAt - CVE-2022-34474: Fixed vulnerability where sandboxed iframes could redirect to external schemes. - CVE-2022-34469: Fixed TLS certificate errors on HSTS-protected domains which could be bypassed by the user on Firefox for Android. - CVE-2022-34471: Fixed vulnerability where a compromised server could trick a browser into an addon downgrade. - CVE-2022-34472: Fixed vulnerability where an unavailable PAC file resulted in OCSP requests being blocked. - CVE-2022-34478: Fixed vulnerability where Microsoft protocols can be attacked if a user accepts a prompt. - CVE-2022-2200: Fixed vulnerability where undesired attributes could be set as part of prototype pollution. - CVE-2022-34480: Fixed free of uninitialized pointer in lg_init. - CVE-2022-34477: Fixed vulnerability in MediaError message property leaking information on cross-origin same-site pages. - CVE-2022-34475: Fixed vulnerability where the HTML Sanitizer could have been bypassed via same-origin script via use tags. - CVE-2022-34473: Fixed vulnerability where the HTML Sanitizer could have been bypassed via use tags. - CVE-2022-34484: Fixed memory safety bugs. - CVE-2022-34485: Fixed memory safety bugs. Important SUSE bug 1200793 SUSE bug 1201758 SUSE bug 1202645 SUSE bug 1203477 CVE-2022-2200 CVE-2022-2505 CVE-2022-34468 CVE-2022-34469 CVE-2022-34470 CVE-2022-34471 CVE-2022-34472 CVE-2022-34473 CVE-2022-34474 CVE-2022-34475 CVE-2022-34476 CVE-2022-34477 CVE-2022-34478 CVE-2022-34479 CVE-2022-34480 CVE-2022-34481 CVE-2022-34482 CVE-2022-34483 CVE-2022-34484 CVE-2022-34485 CVE-2022-36314 CVE-2022-36318 CVE-2022-36319 CVE-2022-38472 CVE-2022-38473 CVE-2022-38476 CVE-2022-38477 CVE-2022-38478 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962 cpe:/o:opensuse:leap:15.3 Security update for snakeyaml (Important) openSUSE Leap 15.3 This update for snakeyaml fixes the following issues: - CVE-2022-38750: Fixed uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (bsc#1203158). - CVE-2022-38749: Fixed StackOverflowError for many open unmatched brackets (bsc#1203149). - CVE-2022-38752: Fixed uncaught exception in java.base/java.util.ArrayList.hashCode (bsc#1203154). - CVE-2022-38751: Fixed unrestricted data matched with Regular Expressions (bsc#1203153). - CVE-2022-25857: Fixed denial of service vulnerability due missing to nested depth limitation for collections (bsc#1202932). Important SUSE bug 1202932 SUSE bug 1203149 SUSE bug 1203153 SUSE bug 1203154 SUSE bug 1203158 CVE-2020-13936 CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 CVE-2022-38752 cpe:/o:opensuse:leap:15.3 Security update for unzip (Moderate) openSUSE Leap 15.3 This update for unzip fixes the following issues: - CVE-2022-0530: Fixed SIGSEGV during the conversion of an utf-8 string to a local string (bsc#1196177). - CVE-2022-0529: Fixed heap out-of-bound writes and reads during conversion of wide string to local string (bsc#1196180) Moderate SUSE bug 1196177 SUSE bug 1196180 CVE-2022-0529 CVE-2022-0530 cpe:/o:opensuse:leap:15.3 Security update for libcaca (Moderate) openSUSE Leap 15.3 This update for libcaca fixes the following issues: - CVE-2021-3410: Fixed overflow when multiplying large ints (bsc#1182731). Moderate SUSE bug 1182731 CVE-2021-3410 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2022-1012: Fixed a memory leak problem that was found in the TCP source port generation algorithm in net/ipv4/tcp.c (bnc#1199482). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-29581: Fixed improper update of reference count vulnerability in net/sched that allowed a local attacker to cause privilege escalation to root (bnc#1199665). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). The following non-security bugs were fixed: - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - cifs: fix error paths in cifs_tree_connect() (bsc#1177440). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: skip trailing separators of prefix paths (bsc#1188944). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - objtool: Add --backtrace support (bsc#1202396). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Allow no-op CFI ops in alternatives (bsc#1202396). - objtool: Convert insn type to enum (bsc#1202396). - objtool: Do not use ignore flag for fake jumps (bsc#1202396). - objtool: Fix !CFI insn_state propagation (bsc#1202396). - objtool: Fix ORC vs alternatives (bsc#1202396). - objtool: Fix sibling call detection (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Remove check preventing branches within alternative (bsc#1202396). - objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396). - objtool: Rename struct cfi_state (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Rewrite alt->skip_orig (bsc#1202396). - objtool: Set insn->func for alternatives (bsc#1202396). - objtool: Support conditional retpolines (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - objtool: Track original function across branches (bsc#1202396). - objtool: Uniquely identify alternative instruction groups (bsc#1202396). - objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153 bsc#1202335). - tcp: change source port randomizarion at connect() time (bsc#1180153 bsc#1202335). Important SUSE bug 1177440 SUSE bug 1180153 SUSE bug 1188944 SUSE bug 1191881 SUSE bug 1194535 SUSE bug 1196616 SUSE bug 1197158 SUSE bug 1199482 SUSE bug 1199665 SUSE bug 1201019 SUSE bug 1201420 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201948 SUSE bug 1202096 SUSE bug 1202097 SUSE bug 1202154 SUSE bug 1202335 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202393 SUSE bug 1202396 SUSE bug 1202672 SUSE bug 1202897 SUSE bug 1202898 SUSE bug 1203098 SUSE bug 1203107 CVE-2020-36516 CVE-2021-4203 CVE-2022-1012 CVE-2022-20368 CVE-2022-20369 CVE-2022-21385 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-29581 CVE-2022-2977 CVE-2022-3028 CVE-2022-36879 CVE-2022-39188 cpe:/o:opensuse:leap:15.3 Security update for dpdk (Important) openSUSE Leap 15.3 This update for dpdk fixes the following issues: - CVE-2022-2132: Fixed DoS when a vhost header crosses more than two descriptors and exhausts all mbufs (bsc#1202903). Important SUSE bug 1202903 CVE-2022-2132 cpe:/o:opensuse:leap:15.3 Security update for rust1.62 (Moderate) openSUSE Leap 15.3 This update for rust1.62 fixes the following issues: - CVE-2022-36113: Fixed symlink hijack vulnerability (bsc#1203433). - CVE-2022-36114: Fixed zip bomb vulnerability (bsc#1203431). Moderate SUSE bug 1203431 SUSE bug 1203433 CVE-2022-36113 CVE-2022-36114 cpe:/o:opensuse:leap:15.3 Security update for libostree (Important) openSUSE Leap 15.3 This update for libostree fixes the following issues: - CVE-2014-9862: Fixed arbitrary write on heap vulnerability (bsc#1201770). Important SUSE bug 1201770 CVE-2014-9862 cpe:/o:opensuse:leap:15.3 Security update for vsftpd (Important) openSUSE Leap 15.3 This update for vsftpd fixes the following issues: - CVE-2021-3618: Enforced security checks against ALPACA attack (PM-3322, jsc#SLE-23896, bsc#1187686, bsc#1187678). - Added hardening to systemd services (bsc#1181400). Bugfixes: - Fixed a seccomp failure in FIPS mode when SSL was enabled (bsc#1052900). - Allowed wait4() to be called so that the broker can wait for its child processes (bsc#1021387). - Fixed hang when using seccomp and syslog (bsc#971784). - Allowed sendto() syscall when /dev/log support is enabled (bsc#786024). Important SUSE bug 1021387 SUSE bug 1052900 SUSE bug 1181400 SUSE bug 1187678 SUSE bug 1187686 SUSE bug 786024 SUSE bug 971784 CVE-2021-3618 cpe:/o:opensuse:leap:15.3 Security update for slurm_18_08 (Important) openSUSE Leap 15.3 This update for slurm_18_08 fixes the following issues: - CVE-2022-31251: Fixed a potential security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed an architectural flaw can be exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a vulnerability where an unprivileged user can send data to arbitrary unix socket as root (bsc#1199279). Important SUSE bug 1199278 SUSE bug 1199279 SUSE bug 1201674 CVE-2022-29500 CVE-2022-29501 CVE-2022-31251 cpe:/o:opensuse:leap:15.3 Security update for slurm (Important) openSUSE Leap 15.3 This update for slurm fixes the following issues: - CVE-2022-31251: Fixed a potential security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed an architectural flaw can be exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a vulnerability where an unprivileged user can send data to arbitrary unix socket as root (bsc#1199279). Important SUSE bug 1199278 SUSE bug 1199279 SUSE bug 1201674 CVE-2022-29500 CVE-2022-29501 CVE-2022-31251 cpe:/o:opensuse:leap:15.3 Security update for python39 (Important) openSUSE Leap 15.3 This update for python39 fixes the following issues: python39 was updated to version 3.9.14: - CVE-2020-10735: Fixed DoS due to int() type in PyLong_FromString() not limiting amount of digits when converting text to int (bsc#1203125). - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 SUSE bug 1203125 CVE-2020-10735 CVE-2021-28861 cpe:/o:opensuse:leap:15.3 Security update for slurm (Important) openSUSE Leap 15.3 This update for slurm fixes the following issues: - CVE-2022-31251: Fixed a potential security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed an architectural flaw can be exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a vulnerability where an unprivileged user can send data to arbitrary unix socket as root (bsc#1199279). Important SUSE bug 1199278 SUSE bug 1199279 SUSE bug 1201674 CVE-2022-29500 CVE-2022-29501 CVE-2022-31251 cpe:/o:opensuse:leap:15.3 Security update for slurm_20_02 (Important) openSUSE Leap 15.3 This update for slurm_20_02 fixes the following issues: - CVE-2022-31251: Fixed security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed architectural flaw that can be exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed vulnerability where an unprivileged user can send data to arbitrary unix socket as root (bsc#1199279). Bugfixes: - Fixed qstat error message (torque wrapper) (bsc#1186646). Important SUSE bug 1186646 SUSE bug 1199278 SUSE bug 1199279 SUSE bug 1201674 CVE-2022-29500 CVE-2022-29501 CVE-2022-31251 cpe:/o:opensuse:leap:15.3 Security update for libgit2 (Important) openSUSE Leap 15.3 This update for libgit2 fixes the following issues: - CVE-2022-24765: Fixed potential command injection via git worktree (bsc#1198234). - CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431). Important SUSE bug 1198234 SUSE bug 1201431 CVE-2022-24765 CVE-2022-29187 cpe:/o:opensuse:leap:15.3 Security update for libgit2 (Important) openSUSE Leap 15.3 This update for libgit2 fixes the following issues: - Fixed DoS by oob write in constructed commit object with a very large number of parents (bsc#1158981). - CVE-2019-1352: Fixed git on Windows being unaware of NTFS Alternate Data Streams (bnc#1158790). - CVE-2022-24765: Fixed potential command injection via git worktree (bsc#1198234). - CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431). Important SUSE bug 1158790 SUSE bug 1158981 SUSE bug 1198234 SUSE bug 1201431 CVE-2019-1352 CVE-2022-24765 CVE-2022-29187 cpe:/o:opensuse:leap:15.3 Security update for python (Important) openSUSE Leap 15.3 This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 CVE-2021-28861 cpe:/o:opensuse:leap:15.3 Security update for libjpeg-turbo (Moderate) openSUSE Leap 15.3 This update for libjpeg-turbo fixes the following issues: - CVE-2020-35538: Fixed null pointer dereference in jcopy_sample_rows() function (bsc#1202915). Moderate SUSE bug 1202915 CVE-2020-35538 cpe:/o:opensuse:leap:15.3 Security update for slurm (Important) openSUSE Leap 15.3 This update for slurm fixes the following issues: - CVE-2022-31251: Fixed a potential security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to arbitrary unix socket as root (bsc#1199279). Important SUSE bug 1199278 SUSE bug 1199279 SUSE bug 1201674 CVE-2022-29500 CVE-2022-29501 CVE-2022-31251 cpe:/o:opensuse:leap:15.3 Security update for webkit2gtk3 (Important) openSUSE Leap 15.3 This update for webkit2gtk3 fixes the following issues: Updated to version 2.36.8 (bsc#1203530): - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution. Important SUSE bug 1203530 CVE-2022-32886 CVE-2022-32912 cpe:/o:opensuse:leap:15.3 Security update for python3 (Important) openSUSE Leap 15.3 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 CVE-2021-28861 cpe:/o:opensuse:leap:15.3 Security update for ImageMagick (Low) openSUSE Leap 15.3 This update for ImageMagick fixes the following issues: - CVE-2021-3574: Fixed memory leaks with convert command (bsc#1203212). Low SUSE bug 1203212 CVE-2021-3574 cpe:/o:opensuse:leap:15.3 Security update for rubygem-puma (Important) openSUSE Leap 15.3 This update for rubygem-puma fixes the following issues: Updated to version 4.3.12: - CVE-2022-24790: Fixed HTTP request smuggling if proxy is not RFC7230 compliant (bsc#1197818). Important SUSE bug 1197818 CVE-2022-24790 cpe:/o:opensuse:leap:15.3 Security update for qemu (Important) openSUSE Leap 15.3 This update for qemu fixes the following issues: - CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. (bsc#1182282) - CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. (bsc#1198035) - CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap buffer overflow. (bsc#1198037) - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Important SUSE bug 1175144 SUSE bug 1182282 SUSE bug 1192115 SUSE bug 1198035 SUSE bug 1198037 SUSE bug 1198038 CVE-2021-3409 CVE-2021-4206 CVE-2021-4207 CVE-2022-0216 CVE-2022-35414 cpe:/o:opensuse:leap:15.3 Security update for squid (Important) openSUSE Leap 15.3 This update for squid fixes the following issues: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677). - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680). Important SUSE bug 1203677 SUSE bug 1203680 CVE-2022-41317 CVE-2022-41318 cpe:/o:opensuse:leap:15.3 Security update for expat (Important) openSUSE Leap 15.3 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). Important SUSE bug 1203438 CVE-2022-40674 cpe:/o:opensuse:leap:15.3 Security update for exiv2 (Important) openSUSE Leap 15.3 This update for exiv2 fixes the following issues: - CVE-2021-37621: Fixed denial of service due to infinite loop in Image:printIFDStructure (bsc#1189333). - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read() (bsc#1189332). - CVE-2021-37619: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1189331). - CVE-2021-37618: Fixed out-of-bounds read in Exiv2:Jp2Image:printStructure (bsc#1189330). - CVE-2021-32617: Fixed denial of service inside inefficient algorithm (quadratic complexity) (bsc#1186192). - CVE-2021-31292: Fixed integer overflow in CrwMap:encode0x1810 (bsc#1188756). - CVE-2021-31291: Fixed heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service (bsc#1188733). - CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1185447). - CVE-2020-18899: Fixed uncontrolled memory allocation (bsc#1189636). - CVE-2020-18898: Fixed remote denial of service in printIFDStructure function (bsc#1189780). - CVE-2018-8977: Fixed remote denial of service in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (bsc#1086798). - CVE-2018-8976: Fixed remote denial of service in image.cpp Exiv2::Internal::stringFormat via out-of-bounds read (bsc#1086810). - CVE-2018-5772: Fixed segmentation fault caused by uncontrolled recursion inthe Exiv2::Image::printIFDStructure (bsc#1076579). - CVE-2018-18915: Fixed an infinite loop in the Exiv2:Image:printIFDStructure function (bsc#1114690). - CVE-2018-10772: Fixed segmentation fault when the function Exiv2::tEXtToDataBuf() is finished (bsc#1092096). Important SUSE bug 1076579 SUSE bug 1086798 SUSE bug 1086810 SUSE bug 1092096 SUSE bug 1114690 SUSE bug 1185447 SUSE bug 1186192 SUSE bug 1188733 SUSE bug 1188756 SUSE bug 1189330 SUSE bug 1189331 SUSE bug 1189332 SUSE bug 1189333 SUSE bug 1189636 SUSE bug 1189780 CVE-2018-10772 CVE-2018-18915 CVE-2018-5772 CVE-2018-8976 CVE-2018-8977 CVE-2020-18898 CVE-2020-18899 CVE-2021-29470 CVE-2021-31291 CVE-2021-31292 CVE-2021-32617 CVE-2021-37618 CVE-2021-37619 CVE-2021-37620 CVE-2021-37621 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272). - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471) The following non-security bugs were fixed: - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: fix spelling mistakes (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ARM: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes). - ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes). - ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes). - ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: mm: Validate hotplug range before creating linear mapping (git-fixes) - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - asm-generic: sections: refactor memory_intersects (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722). - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720). - blk-iocost: fix weight updates of inner active iocgs (bsc#1202717). - blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722). - blktrace: fix blk_rq_merge documentation (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: m_can: process interrupt only when not runtime suspended (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810). - ceph: do not truncate file in atomic_open (bsc#1202811). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - cgroup: Trace event cgroup id fields should be u64 (git-fixes). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes). - coresight: cti: Correct the parameter for pm_runtime_put (git-fixes). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - ehea: fix error return code in ehea_restart_qps() (git-fixes). - enetc: Fix endianness issues for enetc_qos (git-fixes). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: ioctl: translate ENOSYS (bsc#1203136). - fuse: limit nsec (bsc#1203135). - fuse: Remove the control interface for virtio-fs (bsc#1203137). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: Fix a potential use after free (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - ice: report supported and advertised autoneg using PHY capabilities (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: ssif: initialize ssif_info->client early (git-fixes). - ixgbevf: add correct exception tracing for XDP (git-fixes). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - jfs: fix GPF in diFree (bsc#1203389). - JFS: fix memleak in jfs_mount (git-fixes). - JFS: more checks for invalid superblock (git-fixes). - jfs: prevent NULL deref in diFree (bsc#1203389). - kABI: cgroup: Restore KABI of css_set (bsc#1201610). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kabi/severities: add stmmac driver local sumbols - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kfifo: fix kfifo_to_user() return type (git-fixes). - kfifo: fix ternary sign extension bugs (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes). - KVM: x86: accept userspace interrupt only if no event is injected (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: rc: increase rc-mm tolerance and add debug message (git-fixes). - media: rtl28xxu: add missing sleep before probing slave demod (git-fixes). - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes). - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes). - media: smipcie: fix interrupt handling and IR timeout (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes). - media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes). - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - mmap locking API: add mmap_lock_is_contended() (bsc#1201990). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes). - net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: mt7530: fix VLAN traffic leaks (git-fixes). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: enetc: unmap DMA in enetc_send_cmd() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes). - net: ethernet: ezchip: fix error handling (git-fixes). - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes). - net: ethernet: ezchip: remove redundant check (git-fixes). - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes). - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes). - net: fec_ptp: add clock rate zero check (git-fixes). - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes). - net: ftgmac100: Fix crash when removing driver (git-fixes). - net: hdlc_x25: Return meaningful error code in x25_open (git-fixes). - net: hns: Fix kernel-doc (git-fixes). - net: lantiq: fix memory corruption in RX ring (git-fixes). - net: lapbether: Prevent racing when checking whether the netif is running (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes). - net: netcp: Fix an error message (git-fixes). - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmicro: handle clk_prepare() failure during init (git-fixes). - net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes). - net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes). - net: stmmac: Modify configuration method of EEE timers (git-fixes). - net: stmmac: Use resolved link config in mac_link_up() (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net/mlx5e: Check for needed capability for cvlan matching (git-fixes). - net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Fix second deadlock in nfs4_evict_inode() (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFS: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: fix use-after-free due to delegation race (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - nvmet: Expose max queues to configfs (bsc#1201865). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - ocfs2: drop acl cache for directories too (bsc#1191667). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). - octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: qcom: Fix pipe clock imbalance (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - perf bench: Share some global variables to fix build with gcc 10 (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - pinctrl/rockchip: fix gpio device creation (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes). - powerpc: define get_cycles macro for arch-override (bsc#1065729). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: Staticify functions without prototypes (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - profiling: fix shift too large makes kernel panic (git-fixes). - profiling: fix shift-out-of-bounds bugs (git fixes). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes). - random: remove useless header comment (git fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - regulator: core: Clean up on enable failure (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: fix 2KB pgtable release race (git-fixes). - s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)). - sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - selftests: futex: Use variable MAKE instead of make (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - SUNRPC reverting d03727b248d0 ('NFSv4 fix CLOSE not waiting for direct IO compeletion') (git-fixes). - SUNRPC: Clean up scheduling of autoclose (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix misplaced barrier in call_decode (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tee: optee: Fix incorrect page free bug (git-fixes). - thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)). - tools/thermal: Fix possible path truncations (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - USB: dwc3: add cancelled reasons for dwc3 requests (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: dwc3: ep0: Fix delay status handling (git-fixes). - USB: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes). - USB: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - USB: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes). - USB: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes). - USB: dwc3: gadget: Remove unnecessary checks (git-fixes). - USB: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - USB: dwc3: gadget: Store resource index of start cmd (git-fixes). - USB: dwc3: qcom: fix missing optional irq warnings. - USB: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes). - USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - USB: gadget: u_audio: fix race condition on endpoint stop (git-fixes). - USB: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - USB: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - USB: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - USB: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - USB: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - USB: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - USB: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - USB: otg-fsm: Fix hrtimer list corruption (git-fixes). - USB: renesas: Fix refcount leak bug (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: ch341: name prescaler, divisor registers (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS &lt;0x0b05:0x1932> to IGNORE_UAS (git-fixes). - USB: storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - USB: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - USB: xhci: tegra: Fix error check (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577). - xfs: Fix assert failure in xfs_setattr_size() (git-fixes). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: mark a data structure sick if there are cross-referencing errors (git-fixes). - xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). - xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes). Important SUSE bug 1023051 SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1177471 SUSE bug 1179722 SUSE bug 1179723 SUSE bug 1181862 SUSE bug 1185032 SUSE bug 1191662 SUSE bug 1191667 SUSE bug 1191881 SUSE bug 1192594 SUSE bug 1194023 SUSE bug 1194272 SUSE bug 1194535 SUSE bug 1196444 SUSE bug 1196616 SUSE bug 1196867 SUSE bug 1197158 SUSE bug 1197659 SUSE bug 1197755 SUSE bug 1197756 SUSE bug 1197757 SUSE bug 1197760 SUSE bug 1197763 SUSE bug 1197920 SUSE bug 1198971 SUSE bug 1199255 SUSE bug 1199291 SUSE bug 1200084 SUSE bug 1200313 SUSE bug 1200431 SUSE bug 1200622 SUSE bug 1200845 SUSE bug 1200868 SUSE bug 1200869 SUSE bug 1200870 SUSE bug 1200871 SUSE bug 1200872 SUSE bug 1200873 SUSE bug 1201019 SUSE bug 1201309 SUSE bug 1201310 SUSE bug 1201420 SUSE bug 1201442 SUSE bug 1201489 SUSE bug 1201610 SUSE bug 1201645 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201865 SUSE bug 1201948 SUSE bug 1201990 SUSE bug 1202095 SUSE bug 1202096 SUSE bug 1202097 SUSE bug 1202154 SUSE bug 1202341 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202385 SUSE bug 1202393 SUSE bug 1202396 SUSE bug 1202447 SUSE bug 1202577 SUSE bug 1202636 SUSE bug 1202672 SUSE bug 1202677 SUSE bug 1202701 SUSE bug 1202708 SUSE bug 1202709 SUSE bug 1202710 SUSE bug 1202711 SUSE bug 1202712 SUSE bug 1202713 SUSE bug 1202714 SUSE bug 1202715 SUSE bug 1202716 SUSE bug 1202717 SUSE bug 1202718 SUSE bug 1202720 SUSE bug 1202722 SUSE bug 1202745 SUSE bug 1202756 SUSE bug 1202810 SUSE bug 1202811 SUSE bug 1202860 SUSE bug 1202895 SUSE bug 1202898 SUSE bug 1202960 SUSE bug 1202984 SUSE bug 1203063 SUSE bug 1203098 SUSE bug 1203107 SUSE bug 1203116 SUSE bug 1203117 SUSE bug 1203135 SUSE bug 1203136 SUSE bug 1203137 SUSE bug 1203159 SUSE bug 1203313 SUSE bug 1203389 SUSE bug 1203410 SUSE bug 1203424 SUSE bug 1203552 SUSE bug 1203622 SUSE bug 1203737 SUSE bug 1203769 SUSE bug 1203906 SUSE bug 1203909 SUSE bug 1203933 SUSE bug 1203935 SUSE bug 1203939 SUSE bug 1203987 SUSE bug 1203992 CVE-2016-3695 CVE-2020-16119 CVE-2020-27784 CVE-2020-36516 CVE-2021-4155 CVE-2021-4203 CVE-2022-20368 CVE-2022-20369 CVE-2022-2503 CVE-2022-2586 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-2905 CVE-2022-2977 CVE-2022-3028 CVE-2022-3239 CVE-2022-3303 CVE-2022-36879 CVE-2022-39188 CVE-2022-39190 CVE-2022-41218 CVE-2022-41222 CVE-2022-41848 CVE-2022-41849 cpe:/o:opensuse:leap:15.3 Security update for postgresql-jdbc (Important) openSUSE Leap 15.3 This update for postgresql-jdbc fixes the following issues: - CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170). Important SUSE bug 1202170 CVE-2022-31197 cpe:/o:opensuse:leap:15.3 Security update for nodejs14 (Moderate) openSUSE Leap 15.3 This update for nodejs14 fixes the following issues: Updated to version 14.20.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). Moderate SUSE bug 1201325 SUSE bug 1203832 CVE-2022-32213 CVE-2022-35256 cpe:/o:opensuse:leap:15.3 Security update for nodejs16 (Important) openSUSE Leap 15.3 This update for nodejs16 fixes the following issues: Updated to version 16.17.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding (bsc#1201327). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). - CVE-2022-35255: FIxed weak randomness in WebCrypto keygen (bsc#1203831). Important SUSE bug 1201325 SUSE bug 1201327 SUSE bug 1203831 SUSE bug 1203832 CVE-2022-32213 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 cpe:/o:opensuse:leap:15.3 Security update for nodejs12 (Moderate) openSUSE Leap 15.3 This update for nodejs12 fixes the following issues: - CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832). - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). Moderate SUSE bug 1201325 SUSE bug 1203832 CVE-2022-32213 CVE-2022-35256 cpe:/o:opensuse:leap:15.3 Security update for rubygem-activesupport-5_1 (Moderate) openSUSE Leap 15.3 This update for rubygem-activesupport-5_1 fixes the following issues: - CVE-2022-27777: Fixed cross-site scripting vulnerability in Action View tag helper (bsc#1199060). Moderate SUSE bug 1199060 CVE-2022-27777 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Critical) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). The following security references were added to already fixed issues: - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802). The following non-security bugs were fixed: - ACPI: battery: Add the ThinkPad 'Not Charging' quirk (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ALSA: seq: Set upper limit of processed events (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: wacom: Reset expected and received contact counts at the same time (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176). - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm/etnaviv: limit submit sizes (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/radeon: fix error handling in radeon_driver_open_kms (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267). - floppy: Add max size check for user space request (git-fixes). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: i801: Do not silently correct invalid transfer size (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881). - mac80211: allow non-standard VHT MCS-10/11 (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: do not use stack on USB reads (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464). - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172). - net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447). - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447). - net: bridge: vlan: fix single net device option dumping (bsc#1176447). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353). - netdevsim: set .owner to THIS_MODULE (bsc#1154353). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - phylib: fix potential use-after-free (git-fixes). - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes). - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes). - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)). - sched/numa: Fix is_core_idle() (git fixes (sched/numa)). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062). - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Critical SUSE bug 1154353 SUSE bug 1154488 SUSE bug 1160634 SUSE bug 1176447 SUSE bug 1177599 SUSE bug 1183405 SUSE bug 1185377 SUSE bug 1187428 SUSE bug 1187723 SUSE bug 1188605 SUSE bug 1191881 SUSE bug 1193096 SUSE bug 1193506 SUSE bug 1193767 SUSE bug 1193802 SUSE bug 1193861 SUSE bug 1193864 SUSE bug 1193867 SUSE bug 1194048 SUSE bug 1194227 SUSE bug 1194291 SUSE bug 1194880 SUSE bug 1195009 SUSE bug 1195062 SUSE bug 1195065 SUSE bug 1195073 SUSE bug 1195183 SUSE bug 1195184 SUSE bug 1195254 SUSE bug 1195267 SUSE bug 1195293 SUSE bug 1195371 CVE-2020-28097 CVE-2021-22600 CVE-2021-39648 CVE-2021-39657 CVE-2021-39685 CVE-2021-4159 CVE-2021-44733 CVE-2021-45095 CVE-2022-0286 CVE-2022-0330 CVE-2022-0435 CVE-2022-22942 cpe:/o:opensuse:leap:15.3 Security update for libreoffice (Important) openSUSE Leap 15.3 This update for libreoffice fixes the following issues: Updated to version 7.3.6.2 (jsc#SLE-23447): - CVE-2022-3140: Fixed macro URL arbitrary script execution (bsc#1203209). - CVE-2022-26305: Fixed execution of untrusted Macros due to improper certificate validation (bsc#1201868). - CVE-2022-26307: Fixed weak Master Keys in password storage (bsc#1201872). Important SUSE bug 1201868 SUSE bug 1201872 SUSE bug 1203209 CVE-2022-26305 CVE-2022-26307 CVE-2022-3140 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Critical) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c (bnc#1194087). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4135: Fixed zero-initialize memory inside netdevsim for new map's value in function nsim_bpf_map_alloc (bsc#1193927). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4002: Fixed incorrect TLBs flush in hugetlbfs after huge_pmd_unshare (bsc#1192946). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-28714: Fixed issue with xen/netback to handle rx queue stall detection (XSA-392) (bsc#1193442). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1193731). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device (bsc#1179599). - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162) - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). The following non-security bugs were fixed: - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241 bsc#1195166). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - elfcore: fix building with clang (bsc#1169514). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241 bsc#1195166). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). - kernel-binary.spec.in: add zstd to BuildRequires if used - kernel-binary.spec.in: make sure zstd is supported by kmod if used - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is enabled (jsc#SLE-17288). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). The semantic changed in an incompatible way so invoking the macro now causes a build failure. - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: Using proper atomic helper (bsc#1186222). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193506). - net: mana: Fix spelling mistake 'calledd' -> 'called' (bsc#1193506). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193506). - net: mana: Improve the HWC error handling (bsc#1193506). - net: mana: Support hibernation and kexec (bsc#1193506). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193506). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - post.sh: detect /usr mountpoint too - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306). - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305). - rpm/kernel-source.rpmlintrc: ignore new include/config files. - rpm/kernel-source.spec.in: do some more for vanilla_only. - rpm: Abolish image suffix (bsc#1189841). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. - rpm: Define $certs as rpm macro (bsc#1189841). - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - tty: hvc: replace BUG_ON() with negative return value. - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Critical SUSE bug 1071995 SUSE bug 1124431 SUSE bug 1167162 SUSE bug 1169514 SUSE bug 1172073 SUSE bug 1179599 SUSE bug 1184804 SUSE bug 1185377 SUSE bug 1186207 SUSE bug 1186222 SUSE bug 1187167 SUSE bug 1189305 SUSE bug 1189841 SUSE bug 1190358 SUSE bug 1190428 SUSE bug 1191229 SUSE bug 1191241 SUSE bug 1191384 SUSE bug 1191731 SUSE bug 1192032 SUSE bug 1192267 SUSE bug 1192740 SUSE bug 1192845 SUSE bug 1192847 SUSE bug 1192877 SUSE bug 1192946 SUSE bug 1193306 SUSE bug 1193440 SUSE bug 1193442 SUSE bug 1193575 SUSE bug 1193669 SUSE bug 1193727 SUSE bug 1193731 SUSE bug 1193767 SUSE bug 1193861 SUSE bug 1193864 SUSE bug 1193867 SUSE bug 1193927 SUSE bug 1194001 SUSE bug 1194048 SUSE bug 1194087 SUSE bug 1194227 SUSE bug 1194302 SUSE bug 1194516 SUSE bug 1194529 SUSE bug 1194880 SUSE bug 1194888 SUSE bug 1194985 SUSE bug 1195166 SUSE bug 1195254 CVE-2018-25020 CVE-2019-15126 CVE-2020-27820 CVE-2021-0920 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4002 CVE-2021-4083 CVE-2021-4135 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45486 CVE-2022-0322 CVE-2022-0330 cpe:/o:opensuse:leap:15.3 Security update for qemu (Moderate) openSUSE Leap 15.3 This update for qemu fixes the following issues: - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Moderate SUSE bug 1192115 SUSE bug 1198038 SUSE bug 1201367 CVE-2022-0216 CVE-2022-35414 cpe:/o:opensuse:leap:15.3 Security update for xen (Important) openSUSE Leap 15.3 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in shadow mode (bsc#1201394). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). Bugfixes: - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). - Fixed issue where dom0 fails to boot with constrained vcpus and nodes (bsc#1197081). - Included upstream bugfixes (bsc#1027519). Important SUSE bug 1027519 SUSE bug 1167608 SUSE bug 1185104 SUSE bug 1197081 SUSE bug 1200762 SUSE bug 1201394 SUSE bug 1201631 SUSE bug 1203806 SUSE bug 1203807 CVE-2021-28689 CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33745 CVE-2022-33746 CVE-2022-33748 cpe:/o:opensuse:leap:15.3 Security update for helm (Important) openSUSE Leap 15.3 This update for helm fixes the following issues: helm was updated to version 3.9.4: * CVE-2022-36055: Fixed denial of service through string value parsing (bsc#1203054). * Updating the certificates used for testing * Updating index handling helm was updated to version 3.9.3: - CVE-2022-1996: Updated kube-openapi to fix an issue that could result in a CORS protection bypass (bsc#1200528). * Fix missing array length check on release helm was updated to version 3.9.2: * Update of the circleci image helm was updated to version 3.9.1: * Update to support Kubernetes 1.24.2 * Improve logging and safety of statefulSetReady * Make token caching an opt-in feature * Bump github.com/lib/pq from 1.10.5 to 1.10.6 * Bump github.com/Masterminds/squirrel from 1.5.2 to 1.5.3 helm was updated to version 3.9.0: * Added a --quiet flag to helm lint * Added a --post-renderer-args flag to support arguments being passed to the post renderer * Added more checks during the signing process * Updated to add Kubernetes 1.24 support helm was updated to version 3.8.2: * Bump oras.land/oras-go from 1.1.0 to 1.1.1 * Fixing downloader plugin error handling * Simplify testdata charts * Simplify testdata charts * Add tests for multi-level dependencies. * Fix value precedence * Bumping Kubernetes package versions * Updating vcs to latest version * Dont modify provided transport * Pass http getter as pointer in tests * Add docs block * Add transport option and tests * Reuse http transport * Updating Kubernetes libs to 0.23.4 (latest) * fix: remove deadcode * fix: helm package tests * fix: helm package with dependency update for charts with OCI dependencies * Fix typo Unset the env var before func return in Unit Test * add legal name check * maint: fix syntax error in deploy.sh * linting issue fixed * only apply overwrite if version is canary * overwrite flag added to az storage blob upload-batch * Avoid querying for OCI tags can explicit version provided in chart dependencies * Management of bearer tokens for tag listing * Updating Kubernetes packages to 1.23.3 * refactor: use `os.ReadDir` for lightweight directory reading * Add IngressClass to manifests to be (un)installed * feat(comp): Shell completion for OCI * Fix install memory/goroutine leak Important SUSE bug 1200528 SUSE bug 1203054 CVE-2022-1996 CVE-2022-36055 cpe:/o:opensuse:leap:15.3 Security update for clone-master-clean-up (Moderate) openSUSE Leap 15.3 This update for clone-master-clean-up fixes the following issues: - CVE-2021-32000: Fixed some potentially dangerous file system operations (bsc#1181050). Bugfixes: - Fixed clone-master-clean-up failing to remove btrfs snapshots (bsc#1203651). Moderate SUSE bug 1181050 SUSE bug 1203651 CVE-2021-32000 cpe:/o:opensuse:leap:15.3 Security update for go1.18 (Important) openSUSE Leap 15.3 This update for go1.18 fixes the following issues: Updated to version 1.18.7 (bsc#1193742): - CVE-2022-41715: Fixed memory exhaustion in regexp/syntax (bsc#1204023). - CVE-2022-2879: Fixed unbounded memory consumption when reading headers in archive/tar (bsc#1204024). - CVE-2022-2880: Fixed ReverseProxy forwarding unparseable query parameters (bsc#1204025). Important SUSE bug 1193742 SUSE bug 1204023 SUSE bug 1204024 SUSE bug 1204025 CVE-2022-2879 CVE-2022-2880 CVE-2022-41715 cpe:/o:opensuse:leap:15.3 Security update for go1.19 (Important) openSUSE Leap 15.3 This update for go1.19 fixes the following issues: Updated to version 1.19.2 (bsc#1200441): - CVE-2022-41715: Fixed memory exhaustion in regexp/syntax (bsc#1204023). - CVE-2022-2879: Fixed unbounded memory consumption when reading headers in archive/tar (bsc#1204024). - CVE-2022-2880: Fixed ReverseProxy forwarding unparseable query parameters (bsc#1204025). Important SUSE bug 1200441 SUSE bug 1204023 SUSE bug 1204024 SUSE bug 1204025 CVE-2022-2879 CVE-2022-2880 CVE-2022-41715 cpe:/o:opensuse:leap:15.3 Security update for jasper (Moderate) openSUSE Leap 15.3 This update for jasper fixes the following issues: - CVE-2022-2963: Fixed memory leaks in function cmdopts_parse (bsc#1202642). Moderate SUSE bug 1202642 CVE-2022-2963 cpe:/o:opensuse:leap:15.3 Security update for bind (Important) openSUSE Leap 15.3 This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). Bugfixes: - Changed ownership of /var/lib/named/master from named:named to root:root (bsc#1201247) Important SUSE bug 1201247 SUSE bug 1203614 SUSE bug 1203619 SUSE bug 1203620 CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 cpe:/o:opensuse:leap:15.3 Security update for libksba (Critical) openSUSE Leap 15.3 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). Critical SUSE bug 1204357 CVE-2022-3515 cpe:/o:opensuse:leap:15.3 Security update for tiff (Important) openSUSE Leap 15.3 This update for tiff fixes the following issues: - CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968). - CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973). - CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971). - CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466). - CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467). - CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468). - CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026). Important SUSE bug 1201723 SUSE bug 1201971 SUSE bug 1202026 SUSE bug 1202466 SUSE bug 1202467 SUSE bug 1202468 SUSE bug 1202968 SUSE bug 1202971 SUSE bug 1202973 CVE-2022-0561 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-34266 CVE-2022-34526 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-20008: Fixed local information disclosure due to possibility to read kernel heap memory via mmc_blk_read_single of block.c (bnc#1199564). - CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin and load untrusted and unverified kernel modules and firmware (bnc#1202677). - CVE-2022-32296: Fixed vulnerability where TCP servers were allowed to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bnc#1203987). The following non-security bugs were fixed: - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bnc#1201309, jsc#PED-529). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. Important SUSE bug 1199564 SUSE bug 1200288 SUSE bug 1201309 SUSE bug 1202677 SUSE bug 1202960 SUSE bug 1203552 SUSE bug 1203769 SUSE bug 1203987 CVE-2022-20008 CVE-2022-2503 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-41218 CVE-2022-41848 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Critical) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). The following non-security bugs were fixed: - ACPI: battery: Add the ThinkPad 'Not Charging' quirk (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ALSA: seq: Set upper limit of processed events (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Bluetooth: refactor malicious adv data check (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: wacom: Reset expected and received contact counts at the same time (git-fixes). - IB/cm: Avoid a loop when device has 255 ports (git-fixes) - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/isert: Fix a use after free in isert_connect_request (git-fixes) - IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes) - IB/mlx5: Add missing error code (git-fixes) - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes) - IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes) - IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - Input: wm97xx: Simplify resource management (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176). - RDMA/core: Do not access cm_id after its destruction (git-fixes) - RDMA/core: Do not indicate device ready when device enablement fails (git-fixes) - RDMA/core: Fix corrupted SL on passive side (git-fixes) - RDMA/core: Unify RoCE check and re-factor code (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes) - RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes) - RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix query DCT via DEVX (git-fixes) - RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes) - RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes) - RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes) - RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes) - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176). - RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes) - RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes) - RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes) - RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes) - RDMA/siw: Properly check send and receive CQ pointers (git-fixes) - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: serial: mos7840: fix probe error handling (git-fixes). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481). - blk-mq: introduce blk_mq_set_request_complete (git-fixes). - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm/etnaviv: limit submit sizes (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267). - floppy: Add max size check for user space request (git-fixes). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: i801: Do not silently correct invalid transfer size (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - i40iw: Add support to make destroy QP synchronous (git-fixes) - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881). - mac80211: allow non-standard VHT MCS-10/11 (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: do not use stack on USB reads (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464). - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172). - net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447). - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447). - net: bridge: vlan: fix single net device option dumping (bsc#1176447). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353). - netdevsim: set .owner to THIS_MODULE (bsc#1154353). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes). - nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes). - nvme-tcp: fix data digest pointer calculation (git-fixes). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes). - nvme-tcp: fix memory leak when freeing a queue (git-fixes). - nvme-tcp: fix possible use-after-completion (git-fixes). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes). - nvme: introduce a nvme_host_path_error helper (git-fixes). - nvme: refactor ns->ctrl by request (git-fixes). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - phylib: fix potential use-after-free (git-fixes). - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes). - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)). - sched/numa: Fix is_core_idle() (git fixes (sched/numa)). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - tty: Add support for Brainboxes UC cards (git-fixes). - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - udf: Fix NULL ptr deref when converting from inline format (bsc#1195476). - udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062). - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). Critical SUSE bug 1154353 SUSE bug 1154488 SUSE bug 1156395 SUSE bug 1160634 SUSE bug 1176447 SUSE bug 1177599 SUSE bug 1183405 SUSE bug 1185377 SUSE bug 1187428 SUSE bug 1187723 SUSE bug 1188605 SUSE bug 1191881 SUSE bug 1193096 SUSE bug 1193506 SUSE bug 1193767 SUSE bug 1193802 SUSE bug 1193861 SUSE bug 1193864 SUSE bug 1193867 SUSE bug 1194048 SUSE bug 1194227 SUSE bug 1194291 SUSE bug 1194880 SUSE bug 1195009 SUSE bug 1195062 SUSE bug 1195065 SUSE bug 1195073 SUSE bug 1195183 SUSE bug 1195184 SUSE bug 1195254 SUSE bug 1195267 SUSE bug 1195293 SUSE bug 1195371 SUSE bug 1195476 SUSE bug 1195477 SUSE bug 1195478 SUSE bug 1195479 SUSE bug 1195480 SUSE bug 1195481 SUSE bug 1195482 CVE-2020-28097 CVE-2021-22600 CVE-2021-39648 CVE-2021-39657 CVE-2021-39685 CVE-2021-44733 CVE-2021-45095 CVE-2022-0286 CVE-2022-0330 CVE-2022-0435 CVE-2022-22942 cpe:/o:opensuse:leap:15.3 Security update for multipath-tools (Important) openSUSE Leap 15.3 This update for multipath-tools fixes the following issues: - CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739) - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - multipathd: add 'force_reconfigure' option (bsc#1189551) The command 'multipathd -kreconfigure' changes behavior: instead of reloading every map, it checks map configuration and reloads only modified maps. This speeds up the reconfigure operation substantially. The old behavior can be reinstated by setting 'force_reconfigure yes' in multipath.conf (not recommended). Note: 'force_reconfigure yes' is not supported in SLE15-SP4 and beyond, which provide the command 'multipathd -k'reconfigure all'' - multipathd: avoid stalled clients during reconfigure (bsc#1189551) - multipathd: handle client disconnect correctly (bsc#1189551) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) - multipathd: don't switch to DAEMON_IDLE during startup (bsc#1197570) - multipathd: disallow changing to/from fpin marginal paths on reconfig - multipathd handle fpin events (bsc#1195506,jsc#PED-1448) - multipath: fix exit status of multipath -T (bsc#1191900) Important SUSE bug 1189551 SUSE bug 1191900 SUSE bug 1195506 SUSE bug 1197570 SUSE bug 1202616 SUSE bug 1202739 CVE-2022-41973 CVE-2022-41974 cpe:/o:opensuse:leap:15.3 Security update for multipath-tools (Important) openSUSE Leap 15.3 This update for multipath-tools fixes the following issues: - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) Important SUSE bug 1202616 SUSE bug 1202739 SUSE bug 1204325 CVE-2022-41974 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: - Updated to version 102.4.0 ESR (bsc#1204421) - CVE-2022-42927: Fixed same-origin policy violation that could have leaked cross-origin URLs. - CVE-2022-42928: Fixed memory Corruption in JS Engine. - CVE-2022-42929: Fixed denial of Service via window.print. - CVE-2022-42932: Fixed memory safety bugs. Important SUSE bug 1204421 CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 cpe:/o:opensuse:leap:15.3 Security update for bind (Important) openSUSE Leap 15.3 This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). Important SUSE bug 1203614 SUSE bug 1203619 SUSE bug 1203620 CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 cpe:/o:opensuse:leap:15.3 Security update for python-paramiko (Important) openSUSE Leap 15.3 This update for python-paramiko fixes the following issues: Updated to version 2.4.3: - CVE-2018-1000805: Fixed authentication bypass (bsc#1111151). Bugfixes: - Fixed Ed25519 key handling for certain key comment lengths (bsc#1200603). Important SUSE bug 1111151 SUSE bug 1200603 CVE-2018-1000805 cpe:/o:opensuse:leap:15.3 Security update for python-waitress (Important) openSUSE Leap 15.3 This update for python-waitress fixes the following issues: - CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling. (bsc#1197255) Important SUSE bug 1197255 CVE-2022-24761 cpe:/o:opensuse:leap:15.3 Security update for golang-github-prometheus-node_exporter (Moderate) openSUSE Leap 15.3 This update for golang-github-prometheus-node_exporter fixes the following issues: (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239, jsc#SUMA-114, CVE-2022-21698) Moderate SUSE bug 1196338 CVE-2022-21698 cpe:/o:opensuse:leap:15.3 Security update for wireshark (Moderate) openSUSE Leap 15.3 This update for wireshark fixes the following issues: Update to version 3.6.1: - CVE-2021-4185: RTMPT dissector infinite loop (bsc#1194166) - CVE-2021-4184: BitTorrent DHT dissector infinite loop (bsc#1194167) - CVE-2021-4183: pcapng file parser crash (bsc#1194168) - CVE-2021-4182: RFC 7468 file parser infinite loop (bsc#1194169) - CVE-2021-4181: Sysdig Event dissector crash (bsc#1194170) - CVE-2021-4190: Kafka dissector infinite loop (bsc#1194171) - Support for Shared Memory Communications (SMC) (jsc#SLE-18727) Moderate SUSE bug 1194166 SUSE bug 1194167 SUSE bug 1194168 SUSE bug 1194169 SUSE bug 1194170 SUSE bug 1194171 SUSE bug 1194780 CVE-2021-4181 CVE-2021-4182 CVE-2021-4183 CVE-2021-4184 CVE-2021-4185 CVE-2021-4190 cpe:/o:opensuse:leap:15.3 Security update for SUSE Manager Client Tools (Moderate) openSUSE Leap 15.3 This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1661440542.6cbe0da * Use standard susemanager.conf * Move image services to dracut-saltboot package * Use salt bundle golang-github-lusitaniae-apache_exporter: - Update to upstream release 0.11.0 (jsc#SLE-24791) * Add TLS support * Switch to logger, please check --log.level and --log.format flags - Update to version 0.10.1 * Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data - Update to version 0.10.0 * Add Apache Proxy and other metrics - Update to version 0.8.0 * Change commandline flags * Add metrics: Apache version, request duration total - Adapted to build on Enterprise Linux 8 - Require building with Go 1.15 - Add %license macro for LICENSE file grafana: - Update to version 8.3.10 + Security: * CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535) * CVE-2022-31107: Fixes OAuth account takeover vulnerability (bsc#1201539) - Update to version 8.3.9 + Bug fixes: * Geomap: Display legend * Prometheus: Fix timestamp truncation - Update to version 8.3.7 + Bug fix: * Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted. - Update to version 8.3.6 + Features and enhancements: * Cloud Monitoring: Reduce request size when listing labels. * Explore: Show scalar data result in a table instead of graph. * Snapshots: Updates the default external snapshot server URL. * Table: Makes footer not overlap table content. * Tempo: Add request histogram to service graph datalink. * Tempo: Add time range to tempo search query behind a feature flag. * Tempo: Auto-clear results when changing query type. * Tempo: Display start time in search results as relative time. * CloudMonitoring: Fix resource labels in query editor. * Cursor sync: Apply the settings without saving the dashboard. * LibraryPanels: Fix for Error while cleaning library panels. * Logs Panel: Fix timestamp parsing for string dates without timezone. * Prometheus: Fix some of the alerting queries that use reduce/math operation. * TablePanel: Fix ad-hoc variables not working on default datasources. * Text Panel: Fix alignment of elements. * Variables: Fix for constant variables in self referencing links. - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565) mgr-daemon: - Version 4.3.6-1 * Update translation strings spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) spacewalk-client-tools: - Version 4.3.12-1 * Update translation strings uyuni-common-libs: - Version 4.3.6-1 * Do not allow creating path if nonexistent user or group in fileutils. Moderate SUSE bug 1198903 SUSE bug 1201535 SUSE bug 1201539 CVE-2022-31097 CVE-2022-31107 cpe:/o:opensuse:leap:15.3 Security update for grafana (Important) openSUSE Leap 15.3 This update for grafana fixes the following issues: Updated to version 8.3.10 (jsc#SLE-24565, jsc#SLE-23422, jsc#SLE-23439): - CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535). - CVE-2022-31107: Fixed OAuth account takeover vulnerability (bsc#1201539). - CVE-2022-21702: Fixed XSS through attacker-controlled data source (bsc#1195726). - CVE-2022-21703: Fixed Cross Site Request Forgery (bsc#1195727). - CVE-2022-21713: Fixed Teams API IDOR (bsc#1195728). Important SUSE bug 1195726 SUSE bug 1195727 SUSE bug 1195728 SUSE bug 1201535 SUSE bug 1201539 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 CVE-2022-31097 CVE-2022-31107 cpe:/o:opensuse:leap:15.3 Security update for buildah (Important) openSUSE Leap 15.3 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common@87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master@4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common@7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM Important SUSE bug 1167864 SUSE bug 1181961 SUSE bug 1202812 CVE-2020-10696 CVE-2021-20206 CVE-2022-2990 cpe:/o:opensuse:leap:15.3 Security update for curl (Important) openSUSE Leap 15.3 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). Important SUSE bug 1204383 CVE-2022-32221 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. (bnc#1203514) - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent. (bnc#1203290) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564) - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471) The following non-security bugs were fixed: - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: fix spelling mistakes (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - arm64/mm: Validate hotplug range before creating linear mapping (git-fixes) - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - JFS: fix GPF in diFree (bsc#1203389). - JFS: fix memleak in jfs_mount (git-fixes). - JFS: more checks for invalid superblock (git-fixes). - JFS: prevent NULL deref in diFree (bsc#1203389). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: KEYS: s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvmet: Expose max queues to configfs (bsc#1201865). - of: device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - regulator: core: Clean up on enable failure (git-fixes). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - struct ehci_hcd: hide new member (git-fixes). - struct otg_fsm: hide new boolean member in gap (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix misplaced barrier in call_decode (git-fixes). - SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - USB: otg-fsm: Fix hrtimer list corruption (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: ch341: name prescaler, divisor registers (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS &lt;0x0b05:0x1932> to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). Important SUSE bug 1177471 SUSE bug 1185032 SUSE bug 1194023 SUSE bug 1196444 SUSE bug 1197659 SUSE bug 1199564 SUSE bug 1200313 SUSE bug 1200622 SUSE bug 1201309 SUSE bug 1201310 SUSE bug 1201489 SUSE bug 1201645 SUSE bug 1201865 SUSE bug 1201990 SUSE bug 1202095 SUSE bug 1202341 SUSE bug 1202385 SUSE bug 1202677 SUSE bug 1202960 SUSE bug 1202984 SUSE bug 1203159 SUSE bug 1203290 SUSE bug 1203313 SUSE bug 1203389 SUSE bug 1203410 SUSE bug 1203424 SUSE bug 1203514 SUSE bug 1203552 SUSE bug 1203622 SUSE bug 1203737 SUSE bug 1203769 SUSE bug 1203770 SUSE bug 1203906 SUSE bug 1203909 SUSE bug 1203935 SUSE bug 1203939 SUSE bug 1203987 SUSE bug 1203992 SUSE bug 1204051 SUSE bug 1204059 SUSE bug 1204060 SUSE bug 1204125 SUSE bug 1204289 SUSE bug 1204290 SUSE bug 1204291 SUSE bug 1204292 CVE-2020-16119 CVE-2022-20008 CVE-2022-2503 CVE-2022-2586 CVE-2022-3169 CVE-2022-3239 CVE-2022-3303 CVE-2022-40768 CVE-2022-41218 CVE-2022-41222 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 cpe:/o:opensuse:leap:15.3 Security update for container-suseconnect (Moderate) openSUSE Leap 15.3 This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler. Moderate SUSE bug 1204397 cpe:/o:opensuse:leap:15.3 Security update for libmad (Important) openSUSE Leap 15.3 This update for libmad fixes the following issues: - CVE-2017-8373: Fixed heap-based buffer overflow in mad_layer_III (bsc#1036968). - CVE-2017-8372: Fixed assertion failure in layer3.c (bsc#1036969). Important SUSE bug 1036968 SUSE bug 1036969 CVE-2017-8372 CVE-2017-8373 cpe:/o:opensuse:leap:15.3 Security update for telnet (Important) openSUSE Leap 15.3 This update for telnet fixes the following issues: - CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759). Important SUSE bug 1203759 CVE-2022-39028 cpe:/o:opensuse:leap:15.3 Security update for libtasn1 (Critical) openSUSE Leap 15.3 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) Critical SUSE bug 1204690 CVE-2021-46848 cpe:/o:opensuse:leap:15.3 Security update for python39 (Important) openSUSE Leap 15.3 This update for python39 fixes the following issues: - CVE-2021-29921: Fixed improper input validation of octal string IP addresses (bsc#1185706). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol (bsc#1185588), which means python2 currently. Important SUSE bug 1183858 SUSE bug 1185588 SUSE bug 1185706 CVE-2021-29921 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 102.4.0 (bsc#1204421) * changed: Thunderbird will automatically detect and repair OpenPGP key storage corruption caused by using the profile import tool in Thunderbird 102 * fixed: POP message download into a large folder (~13000 messages) caused Thunderbird to temporarily freeze * fixed: Forwarding messages with special characters in Subject failed on Windows * fixed: Links for FileLink attachments were not added when attachment filename contained Unicode characters * fixed: Address Book display pane continued to show contacts after deletion * fixed: Printing address book did not include all contact details * fixed: CardDAV contacts without a Name property did not save to Google Contacts * fixed: 'Publish Calendar' did not work * fixed: Calendar database storage improvements * fixed: Incorrectly handled error responses from CalDAV servers sometimes caused events to disappear from calendar * fixed: Various visual and UX improvements - Mozilla Thunderbird 102.3.3 * new: Option added to show containing address book for a contact when using `All Address Books` in vertical mode (bmo#1778871) * changed: Thunderbird will try to use POP NTLM authentication even if not advertised by server (bmo#1793349) * changed: Task List and Today Pane sidebars will no longer load when not visible (bmo#1788549) * fixed: Sending a message while a recipient pill was being modified did not save changes (bmo#1779785) * fixed: Nickname column was not available in horizontal view of Address Book (bmo#1778000) * fixed: Multiline organization values were displayed across two columns in horizontal view of Address Book (bmo#1777780) * fixed: Contact vCard fields with multiple values such as Categories were truncated when saved (bmo#1792399) * fixed: ICS calendar files with a `FREEBUSY` property could not be imported (bmo#1783441) * fixed: Thunderbird would hang if calendar event exceeded the year 2035 (bmo#1789999) - Mozilla Thunderbird 102.3.2 * changed: Thunderbird will try to use POP CRAM-MD5 authentication even if not advertised by server (bmo#1789975) * fixed: Checking messages on POP3 accounts caused POP folder to lock if mail server was slow or non-responsive (bmo#1792451) * fixed: Newsgroups named with consecutive dots would not appear when refreshing list of newsgroups (bmo#1787789) * fixed: Sending news articles containing lines starting with dot were sometimes clipped (bmo#1787955) * fixed: CardDAV server sync silently failed if sync token expired (bmo#1791183) * fixed: Contacts from LDAP on macOS address books were not displayed (bmo#1791347) * fixed: Chat account input now accepts URIs for supported chat protocols (bmo#1776706) * fixed: Chat ScreenName field was not migrated to new address book (bmo#1789990) * fixed: Creating a New Event from the Today Pane used the currently selected day from the main calendar instead of from the Today Pane (bmo#1791203) * fixed: `New Event` button in Today Pane was incorrectly disabled sometimes (bmo#1792058) * fixed: Event reminder windows did not close after being dismissed or snoozed (bmo#1791228) * fixed: Improved performance of recurring event date calculation (bmo#1787677) * fixed: Quarterly calendar events on the last day of the month repeated one month early (bmo#1789362) * fixed: Thunderbird would hang if calendar event exceeded the year 2035 (bmo#1789999) * fixed: Whitespace in calendar events was incorrectly handled when upgrading from Thunderbird 91 to 102 (bmo#1790339) * fixed: Various visual and UX improvements (bmo#1755623,bmo#17 83903,bmo#1785851,bmo#1786434,bmo#1787286,bmo#1788151,bmo#178 9728,bmo#1790499) - Mozilla Thunderbird 102.3.1 * changed: Compose window encryption options now only appear for encryption technologies that have already been configured (bmo#1788988) * changed: Number of contacts in currently selected address book now displayed at bottom of Address Book list column (bmo#1745571) * fixed: Password prompt did not include server hostname for POP servers (bmo#1786920) * fixed: `Edit Contact` was missing from Contacts sidebar context menus (bmo#1771795) * fixed: Address Book contact lists cut off display of some characters, the result being unreadable (bmo#1780909) * fixed: Menu items for dark-themed alarm dialog were invisible on Windows 7 (bmo#1791738) * fixed: Various security fixes MFSA 2022-43 (bsc#1204411) * CVE-2022-39249 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators * CVE-2022-39250 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to a device verification attack * CVE-2022-39251 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack * CVE-2022-39236 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue - Mozilla Thunderbird 102.3 * changed: Thunderbird will no longer attempt to import account passwords when importing from another Thunderbird profile in order to prevent profile corruption and permanent data loss. (bmo#1790605) * changed: Devtools performance profile will use Thunderbird presets instead of Web Developer presets (bmo#1785954) * fixed: Thunderbird startup performance improvements (bmo#1785967) * fixed: Saving email source and images failed (bmo#1777323,bmo#1778804) * fixed: Error message was shown repeatedly when temporary disk space was full (bmo#1788580) * fixed: Attaching OpenPGP keys without a set size to non- encrypted messages briefly displayed a size of zero bytes (bmo#1788952) * fixed: Global Search entry box initially contained 'undefined' (bmo#1780963) * fixed: Delete from POP Server mail filter rule intermittently failed to trigger (bmo#1789418) * fixed: Connections to POP3 servers without UIDL support failed (bmo#1789314) * fixed: Pop accounts with 'Fetch headers only' set downloaded complete messages if server did not advertise TOP capability (bmo#1789356) * fixed: 'File -> New -> Address Book Contact' from Compose window did not work (bmo#1782418) * fixed: Attach 'My vCard' option in compose window was not available (bmo#1787614) * fixed: Improved performance of matching a contact to an email address (bmo#1782725) * fixed: Address book only recognized a contact's first two email addresses (bmo#1777156) * fixed: Address book search and autocomplete failed if a contact vCard could not be parsed (bmo#1789793) * fixed: Downloading NNTP messages for offline use failed (bmo#1785773) * fixed: NNTP client became stuck when connecting to Public- Inbox servers (bmo#1786203) * fixed: Various visual and UX improvements (bmo#1782235,bmo#1787448,bmo#1788725,bmo#1790324) * fixed: Various security fixes * unresolved: No dedicated 'Department' field in address book (bmo#1777780) MFSA 2022-42 (bsc#1203477) * CVE-2022-3266 (bmo#1767360) Out of bounds read when decoding H264 * CVE-2022-40959 (bmo#1782211) Bypassing FeaturePolicy restrictions on transient pages * CVE-2022-40960 (bmo#1787633) Data-race when parsing non-UTF-8 URLs in threads * CVE-2022-40958 (bmo#1779993) Bypassing Secure Context restriction for cookies with __Host and __Secure prefix * CVE-2022-40956 (bmo#1770094) Content-Security-Policy base-uri bypass * CVE-2022-40957 (bmo#1777604) Incoherent instruction cache when building WASM on ARM64 * CVE-2022-3155 (bmo#1789061) Attachment files saved to disk on macOS could be executed without warning * CVE-2022-40962 (bmo#1776655, bmo#1777574, bmo#1784835, bmo#1785109, bmo#1786502, bmo#1789440) Memory safety bugs fixed in Thunderbird 102.3 Important SUSE bug 1203477 SUSE bug 1204411 SUSE bug 1204421 CVE-2022-3155 CVE-2022-3266 CVE-2022-39236 CVE-2022-39249 CVE-2022-39250 CVE-2022-39251 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962 cpe:/o:opensuse:leap:15.3 Security update for openjpeg2 (Important) openSUSE Leap 15.3 This update for openjpeg2 fixes the following issues: - CVE-2018-20846: Fixed OOB read in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205). - CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789). - CVE-2020-27814: Fixed heap buffer overflow in lib/openjp2/mqc.c (bsc#1179594), - CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821). - CVE-2020-27841: Fixed buffer over-read in lib/openjp2/pi.c (bsc#1180042). - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043). - CVE-2020-27843: Fixed OOB read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044). - CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046). Important SUSE bug 1140205 SUSE bug 1149789 SUSE bug 1179594 SUSE bug 1179821 SUSE bug 1180042 SUSE bug 1180043 SUSE bug 1180044 SUSE bug 1180046 CVE-2018-20846 CVE-2018-21010 CVE-2020-27814 CVE-2020-27824 CVE-2020-27841 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 cpe:/o:opensuse:leap:15.3 Security update for dbus-1 (Important) openSUSE Leap 15.3 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). Important SUSE bug 1087072 SUSE bug 1204111 SUSE bug 1204112 SUSE bug 1204113 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 cpe:/o:opensuse:leap:15.3 Security update for libconfuse0 (Important) openSUSE Leap 15.3 This update for libconfuse0 fixes the following issues: - CVE-2022-40320: Fixed a heap-based buffer over-read in cfg_tilde_expand in confuse.c (bsc#1203326). Important SUSE bug 1203326 CVE-2022-40320 cpe:/o:opensuse:leap:15.3 Security update for podman (Moderate) openSUSE Leap 15.3 This update for podman fixes the following issues: - CVE-2022-2989: Fixed possible information disclosure and modification (bsc#1202809). Moderate SUSE bug 1202809 CVE-2022-2989 cpe:/o:opensuse:leap:15.3 Security update for hsqldb (Important) openSUSE Leap 15.3 This update for hsqldb fixes the following issues: - CVE-2022-41853: Fixed insufficient input sanitization (bsc#1204521). Important SUSE bug 1204521 CVE-2022-41853 cpe:/o:opensuse:leap:15.3 Security update for hdf5 (Important) openSUSE Leap 15.3 This update for hdf5 fixes the following issues: - CVE-2021-46244: Fixed division by zero leading to DoS (bsc#1195215). - CVE-2018-13867: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1101906). - CVE-2018-16438: Fixed out of bounds read in H5L_extern_query at H5Lexternal.c (bsc#1107069). - CVE-2020-10812: Fixed NULL pointer dereference (bsc#1167400). - CVE-2021-45830: Fixed heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c (bsc#1194375). - CVE-2019-8396: Fixed buffer overflow in function H5O__layout_encode in H5Olayout.c (bsc#1125882). - CVE-2018-11205: Fixed out of bounds read was discovered in H5VM_memcpyvv in H5VM.c (bsc#1093663). - CVE-2021-46242: Fixed heap-use-after free via the component H5AC_unpin_entry (bsc#1195212). - CVE-2021-45833: Fixed stack buffer overflow vulnerability (bsc#1194366). - CVE-2018-14031: Fixed heap-based buffer over-read in the function H5T_copy in H5T.c (bsc#1101475). - CVE-2018-17439: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1111598). Important SUSE bug 1093663 SUSE bug 1101475 SUSE bug 1101906 SUSE bug 1107069 SUSE bug 1111598 SUSE bug 1125882 SUSE bug 1167400 SUSE bug 1194366 SUSE bug 1194375 SUSE bug 1195212 SUSE bug 1195215 CVE-2018-11205 CVE-2018-13867 CVE-2018-14031 CVE-2018-16438 CVE-2018-17439 CVE-2019-8396 CVE-2020-10812 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242 CVE-2021-46244 cpe:/o:opensuse:leap:15.3 Security update for podofo (Moderate) openSUSE Leap 15.3 This update for podofo fixes the following issues: - CVE-2018-12983: Fixed a stack overrun (bsc#1099719). Moderate SUSE bug 1099719 CVE-2018-12983 cpe:/o:opensuse:leap:15.3 Security update for python-Flask-Security (Moderate) openSUSE Leap 15.3 This update for python-Flask-Security fixes the following issues: - CVE-2021-23385: Fixed open redirect (bsc#1202105). Moderate SUSE bug 1202105 CVE-2021-23385 cpe:/o:opensuse:leap:15.3 Security update for nodejs10 (Moderate) openSUSE Leap 15.3 This update for nodejs10 fixes the following issues: - CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832). - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). Moderate SUSE bug 1201325 SUSE bug 1203832 CVE-2022-32213 CVE-2022-35256 cpe:/o:opensuse:leap:15.3 Security update for python-lxml (Moderate) openSUSE Leap 15.3 This update for python-lxml fixes the following issues: - CVE-2021-28957: Fixed XSS due to missing input sanitization for HTML5 attributes (bsc#1184177). - CVE-2020-27783: Fixed XSS due to the use of improper parser (bsc#1179534). Moderate SUSE bug 1179534 SUSE bug 1184177 CVE-2020-27783 CVE-2021-28957 cpe:/o:opensuse:leap:15.3 Security update for gnome-desktop (Moderate) openSUSE Leap 15.3 This update for gnome-desktop fixes the following issues: - CVE-2019-11460: Fixed sandbox issue that allowed bypassing from a compromised thumbnailer (bsc#1133043). Moderate SUSE bug 1133043 CVE-2019-11460 cpe:/o:opensuse:leap:15.3 Security update for xorg-x11-server (Important) openSUSE Leap 15.3 This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Important SUSE bug 1204412 SUSE bug 1204416 CVE-2022-3550 CVE-2022-3551 cpe:/o:opensuse:leap:15.3 Security update for ntfs-3g_ntfsprogs (Important) openSUSE Leap 15.3 This update for ntfs-3g_ntfsprogs fixes the following issues: - CVE-2022-40284: Fixed incorrect validation of some of the NTFS metadata that could cause buffer overflow (bsc#1204734). Important SUSE bug 1204734 CVE-2022-40284 cpe:/o:opensuse:leap:15.3 Security update for python-Flask-Security-Too (Moderate) openSUSE Leap 15.3 This update for python-Flask-Security-Too fixes the following issues: - CVE-2021-23385: Fixed open redirect (bsc#1202105). Moderate SUSE bug 1202105 CVE-2021-23385 cpe:/o:opensuse:leap:15.3 Security update for rubygem-loofah (Moderate) openSUSE Leap 15.3 This update for rubygem-loofah fixes the following issues: - CVE-2019-15587: Fixed issue in sanitization of crafted SVG elements (bsc#1154751). Moderate SUSE bug 1154751 CVE-2019-15587 cpe:/o:opensuse:leap:15.3 Security update for libxml2 (Important) openSUSE Leap 15.3 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). Important SUSE bug 1201978 SUSE bug 1204366 SUSE bug 1204367 CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 cpe:/o:opensuse:leap:15.3 Security update for xmlbeans (Important) openSUSE Leap 15.3 This update for xmlbeans fixes the following issues: - CVE-2021-23926: Fixed XML parsers not protecting from malicious XML input (bsc#1180915). Important SUSE bug 1180915 CVE-2021-23926 cpe:/o:opensuse:leap:15.3 Security update for exiv2 (Moderate) openSUSE Leap 15.3 This update for exiv2 fixes the following issues: - CVE-2019-13111: Fixed nteger overflow in WebPImage:decodeChunks (bsc#1142679). - CVE-2021-29463: Fixed out-of-bounds read (bsc#1185913). - CVE-2021-34334: Fixed a DoS due to integer overflow in loop counter bug (bsc#1189338). Moderate SUSE bug 1142679 SUSE bug 1185913 SUSE bug 1189338 CVE-2019-13111 CVE-2021-29463 CVE-2021-34334 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent (bnc#1203290). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3623: Fixed race condition in follow_page_pte() (mm/gup.c) (bsc#1204575). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck (bnc#1203514). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - acpi: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - acpi: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - acpi: extlog: Handle multiple records (git-fixes). - acpi: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802). - acpi: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - alsa: Use del_timer_sync( before freeing timer (git-fixes). - alsa: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - alsa: aoa: Fix I2S device accounting (git-fixes). - alsa: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - alsa: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - alsa: au88x0: use explicitly signed char (git-fixes). - alsa: dmaengine: increment buffer pointer atomically (git-fixes). - alsa: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - alsa: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - alsa: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - alsa: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - alsa: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - alsa: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - alsa: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - alsa: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - alsa: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - alsa: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - alsa: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - alsa: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - alsa: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - alsa: hda: Fix position reporting on Poulsbo (git-fixes). - alsa: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - alsa: oss: Fix potential deadlock at unregistration (git-fixes). - alsa: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - alsa: rme9652: use explicitly signed char (git-fixes). - alsa: usb-audio: Fix NULL dererence at error path (git-fixes). - alsa: usb-audio: Fix potential memory leaks (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - asoc: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - asoc: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - asoc: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - asoc: nau8824: Fix semaphore unbalance at error paths (git-fixes). - asoc: rsnd: Add check for rsnd_mod_power_on (git-fixes). - asoc: tas2770: Reinit regcache on reset (git-fixes). - asoc: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - asoc: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - asoc: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - bluetooth: L2CAP: Fix user-after-free (git-fixes). - bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hid: hidraw: fix memory leak in hidraw_release() (git-fixes). - hid: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - hid: multitouch: Add memory barriers (git-fixes). - hid: roccat: Fix use-after-free in roccat_read() (git-fixes). - hsi: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - hsi: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - ib/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - ib/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - ib/core: Only update PKEY and GID caches on respective events (git-fixes) - ib/hfi1: Adjust pkey entry in index 0 (git-fixes) - ib/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - ib/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - ib/mlx4: Add support for REJ due to timeout (git-fixes) - ib/mlx4: Use port iterator and validation APIs (git-fixes) - ib/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - ib/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - ib/srpt: Remove redundant assignment to ret (git-fixes) - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - input: i8042 - fix refount leak on sparc (git-fixes). - input: xpad - add supported devices as contributed on github (git-fixes). - input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - kvm: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - kvm: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - kvm: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - kvm: s390: clear kicked_mask before sleeping again (git-fixes). - kvm: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - kvm: s390: pv: do not present the ecall interrupt twice (git-fixes). - kvm: s390: split kvm_s390_real_to_abs (git-fixes). - kvm: s390x: fix SCK locking (git-fixes) - kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: aspeed-video: ignore interrupts that are not enabled (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638). - parisc/sticon: fix reverse colors (bsc#1152489) Backporting notes: * context changes - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - pci: Dynamically map ECAM regions (bsc#1204382). - pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - pm: domains: Fix handling of unavailable/disabled idle states (git-fixes). - pm: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - rdma/bnxt_re: Add missing spin lock initialization (git-fixes) - rdma/bnxt_re: Fix query SRQ failure (git-fixes) - rdma/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - rdma/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - rdma/cma: Fix arguments order in net device validation (git-fixes) - rdma/core: Sanitize WQ state received from the userspace (git-fixes) - rdma/cxgb4: Remove MW support (git-fixes) - rdma/efa: Free IRQ vectors on error flow (git-fixes) - rdma/efa: Remove double QP type assignment (git-fixes) - rdma/efa: Use ib_umem_num_dma_pages() (git-fixes) - rdma/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - rdma/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - rdma/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - rdma/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - rdma/mlx4: Return missed an error if device does not support steering (git-fixes) - rdma/mlx5: Add missing check for return value in get namespace flow (git-fixes) - rdma/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - rdma/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - rdma/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - rdma/mlx5: Set user priority for DCT (git-fixes) - rdma/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - rdma/mthca: Work around -Wenum-conversion warning (git-fixes) - rdma/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - rdma/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - rdma/qedr: Fix reporting QP timeout attribute (git-fixes) - rdma/qib: Remove superfluous fallthrough statements (git-fixes) - rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - rdma/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - rdma/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - rdma/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - rdma/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - rdma/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - rdma/rxe: Fix failure during driver load (git-fixes) - rdma/rxe: Fix over copying in get_srq_wqe (git-fixes) - rdma/rxe: Fix redundant call to ip_send_check (git-fixes) - rdma/rxe: Fix redundant skb_put_zero (git-fixes) - rdma/rxe: Fix rnr retry behavior (git-fixes) - rdma/rxe: Fix the error caused by qp->sk (git-fixes) - rdma/rxe: Fix wrong port_cap_flags (git-fixes) - rdma/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - rdma/rxe: Remove unused pkt->offset (git-fixes) - rdma/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - rdma/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - rdma/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - rdma/siw: Fix a condition race issue in MPA request processing (git-fixes) - rdma/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - rdma/siw: Pass a pointer to virt_to_page() (git-fixes) - rdma/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - rdma: Verify port when creating flow rule (git-fixes) - rdma: remove useless condition in siw_create_cq() (git-fixes) - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - revert 'drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489) - revert 'drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time' (git-fixes). - revert 'usb: add quirks for Lenovo OneLink+ Dock' (git-fixes). - revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - usb: serial: option: add Quectel RM520N (git-fixes). - usb: serial: option: add Quectel RM520N (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). Refresh patches.suse/xfs-repair-malformed-inode-items-during-log-recovery.patch. - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). Important SUSE bug 1032323 SUSE bug 1065729 SUSE bug 1152489 SUSE bug 1196018 SUSE bug 1198702 SUSE bug 1200465 SUSE bug 1200788 SUSE bug 1201725 SUSE bug 1202638 SUSE bug 1202686 SUSE bug 1202700 SUSE bug 1203066 SUSE bug 1203098 SUSE bug 1203290 SUSE bug 1203387 SUSE bug 1203391 SUSE bug 1203496 SUSE bug 1203514 SUSE bug 1203770 SUSE bug 1203802 SUSE bug 1204051 SUSE bug 1204053 SUSE bug 1204059 SUSE bug 1204060 SUSE bug 1204125 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204382 SUSE bug 1204402 SUSE bug 1204415 SUSE bug 1204417 SUSE bug 1204431 SUSE bug 1204439 SUSE bug 1204470 SUSE bug 1204479 SUSE bug 1204574 SUSE bug 1204575 SUSE bug 1204619 SUSE bug 1204635 SUSE bug 1204637 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204653 SUSE bug 1204728 SUSE bug 1204753 SUSE bug 1204754 CVE-2021-4037 CVE-2022-2153 CVE-2022-28748 CVE-2022-2964 CVE-2022-2978 CVE-2022-3169 CVE-2022-3176 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3623 CVE-2022-3625 CVE-2022-3629 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-39189 CVE-2022-40768 CVE-2022-41674 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43750 cpe:/o:opensuse:leap:15.3 Security update for sendmail (Important) openSUSE Leap 15.3 This update for sendmail fixes the following issues: - CVE-2022-31256: Fixed mail to root privilege escalation via sm-client.pre script (bsc#1204696, bsc#1202937). Important SUSE bug 1202937 SUSE bug 1204696 CVE-2022-31256 cpe:/o:opensuse:leap:15.3 Security update for gstreamer-plugins-base (Moderate) openSUSE Leap 15.3 This update for gstreamer-plugins-base fixes the following issues: - CVE-2021-3522: Fixed ID3v2 tag frame size check and potential invalid reads (bsc#1185448). Moderate SUSE bug 1185448 CVE-2021-3522 cpe:/o:opensuse:leap:15.3 Security update for expat (Important) openSUSE Leap 15.3 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). Important SUSE bug 1204708 CVE-2022-43680 cpe:/o:opensuse:leap:15.3 Security update for vsftpd (Moderate) openSUSE Leap 15.3 This update for vsftpd fixes the following issues: Bugfixes: - Removed unsupported systemd hardening options (bsc#1196918). Moderate SUSE bug 1196918 cpe:/o:opensuse:leap:15.3 Security update for kubevirt (Important) openSUSE Leap 15.3 This update rebuilds the kubevirt stack to include recent security updates in its basecontainers. Important cpe:/o:opensuse:leap:15.3 Security update for containerized data importer (Important) openSUSE Leap 15.3 This update of containerized data importer images rebases the containers against the current base images to resolve security issues. Important cpe:/o:opensuse:leap:15.3 Security update for protobuf (Important) openSUSE Leap 15.3 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) Important SUSE bug 1194530 SUSE bug 1203681 SUSE bug 1204256 CVE-2021-22569 CVE-2022-1941 CVE-2022-3171 cpe:/o:opensuse:leap:15.3 Security update for git (Moderate) openSUSE Leap 15.3 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). Moderate SUSE bug 1204455 SUSE bug 1204456 CVE-2022-39253 CVE-2022-39260 cpe:/o:opensuse:leap:15.3 Security update for python-rsa (Moderate) openSUSE Leap 15.3 This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676). Moderate SUSE bug 1178676 CVE-2020-25658 cpe:/o:opensuse:leap:15.3 Security update for libarchive (Moderate) openSUSE Leap 15.3 This update for libarchive fixes the following issues: - CVE-2021-31566: Fixed incorrect usage of file flags (bsc#1192426). - Fixed issues where postprocessing alters symlink targets instead of actual file (bsc#1192427). Moderate SUSE bug 1192426 SUSE bug 1192427 CVE-2021-31566 cpe:/o:opensuse:leap:15.3 Security update for xen (Important) openSUSE Leap 15.3 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806) - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807) - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923) Important SUSE bug 1027519 SUSE bug 1193923 SUSE bug 1203806 SUSE bug 1203807 SUSE bug 1204482 SUSE bug 1204485 SUSE bug 1204487 SUSE bug 1204488 SUSE bug 1204489 SUSE bug 1204490 SUSE bug 1204494 SUSE bug 1204496 CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 cpe:/o:opensuse:leap:15.3 Security update for rustup (Moderate) openSUSE Leap 15.3 This update for rustup fixes the following issues: Updated to version 1.25.1~0: - CVE-2022-24713: Fixed Regex denial of service (bsc#1196972). - CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119). Moderate SUSE bug 1194119 SUSE bug 1196972 CVE-2021-45710 CVE-2022-24713 cpe:/o:opensuse:leap:15.3 Security update for xterm (Moderate) openSUSE Leap 15.3 This update for xterm fixes the following issues: - CVE-2022-24130: Fixed buffer overflow in set_sixel when Sixel support is enabled (bsc#1195387). Moderate SUSE bug 1195387 CVE-2022-24130 cpe:/o:opensuse:leap:15.3 Security update for samba (Important) openSUSE Leap 15.3 This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976). - CVE-2022-32743: Implement validated dnsHostName write rights (bso#14833)(bsc#1202803). Bugfixes: - Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102). Important SUSE bug 1200102 SUSE bug 1202803 SUSE bug 1202976 CVE-2022-1615 CVE-2022-32743 cpe:/o:opensuse:leap:15.3 Security update for python-Mako (Moderate) openSUSE Leap 15.3 This update for python-Mako fixes the following issues: - CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246). Moderate SUSE bug 1203246 CVE-2022-40023 cpe:/o:opensuse:leap:15.3 Security update for bluez (Moderate) openSUSE Leap 15.3 This update for bluez fixes the following issues: - CVE-2021-43400: Fixed use-after-free in gatt-database.c (bsc#1192394). - CVE-2021-3658: Fixed adapter incorrectly restoring discoverable state after powered down (bsc#1188859). Moderate SUSE bug 1188859 SUSE bug 1192394 CVE-2021-3658 CVE-2021-43400 cpe:/o:opensuse:leap:15.3 Security update for freerdp (Moderate) openSUSE Leap 15.3 This update for freerdp fixes the following issues: - CVE-2022-39282: Fix to init data read by `/parallel` command line switch. (bsc#1204258) - CVE-2022-39283: Fix to prevent video channel from reading uninitialized data. (bsc#1204257) Moderate SUSE bug 1204257 SUSE bug 1204258 CVE-2022-39282 CVE-2022-39283 cpe:/o:opensuse:leap:15.3 Security update for libX11 (Moderate) openSUSE Leap 15.3 This update for libX11 fixes the following issues: - CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422). - CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425). Moderate SUSE bug 1204422 SUSE bug 1204425 CVE-2022-3554 CVE-2022-3555 cpe:/o:opensuse:leap:15.3 Security update for LibVNCServer (Moderate) openSUSE Leap 15.3 This update for LibVNCServer fixes the following issues: - CVE-2020-29260: Fixed memory leakage via rfbClientCleanup() (bsc#1203106). Moderate SUSE bug 1203106 CVE-2020-29260 cpe:/o:opensuse:leap:15.3 Security update for dhcp (Moderate) openSUSE Leap 15.3 This update for dhcp fixes the following issues: - CVE-2022-2928: Fixed an option refcount overflow (bsc#1203988). - CVE-2022-2929: Fixed a DHCP memory leak (bsc#1203989). Moderate SUSE bug 1203988 SUSE bug 1203989 CVE-2022-2928 CVE-2022-2929 cpe:/o:opensuse:leap:15.3 Security update for jackson-databind (Important) openSUSE Leap 15.3 This update for jackson-databind fixes the following issues: Update to version 2.13.4.2: - CVE-2022-42003: Fixed missing check in primitive value deserializers to avoid deep wrapper array nesting wrt 'UNWRAP_SINGLE_VALUE_ARRAYS' (bsc#1204370). - CVE-2022-42004: Fixed missing check in 'BeanDeserializer._deserializeFromArray()' to prevent use of deeply nested arrays (bsc#1204369). Important SUSE bug 1204369 SUSE bug 1204370 CVE-2022-42003 CVE-2022-42004 cpe:/o:opensuse:leap:15.3 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container (Important) openSUSE Leap 15.3 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues: - CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. (bsc#1193930) Important SUSE bug 1190587 SUSE bug 1190839 SUSE bug 1193930 CVE-2021-43565 cpe:/o:opensuse:leap:15.3 Security update for jsoup (Moderate) openSUSE Leap 15.3 This update for jsoup fixes the following issues: Updated to version 1.15.3: - CVE-2022-36033: Fixed incorrect sanitization of user input in SafeList.preserveRelativeLinks (bsc#1203459). Moderate SUSE bug 1203459 CVE-2022-36033 cpe:/o:opensuse:leap:15.3 Security update for rubygem-nokogiri (Important) openSUSE Leap 15.3 This update for rubygem-nokogiri fixes the following issues: - CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. (bsc#1198408) - CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. (bsc#1199782) Important SUSE bug 1198408 SUSE bug 1199782 CVE-2022-24836 CVE-2022-29181 cpe:/o:opensuse:leap:15.3 Security update for python-cryptography, python-cryptography-vectors (Important) openSUSE Leap 15.3 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Refresh patches for new version - Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2 * 2.9.2 - 2020-04-22 - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15. * 2.9.1 - 2020-04-21 - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g. * 2.9 - 2020-04-02 - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. - Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f. - Added support for parsing single_extensions in an OCSP response. - NameAttribute values can now be empty strings. - Add openSSL_111d.patch to make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2: * updated vectors for the cryptography 2.9.2 testing Important SUSE bug 1101820 SUSE bug 1149792 SUSE bug 1176785 SUSE bug 1177083 CVE-2018-10903 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - IB/core: Only update PKEY and GID caches on respective events (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/mlx4: Add support for REJ due to timeout (git-fixes) - IB/mlx4: Use port iterator and validation APIs (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB/srpt: Remove redundant assignment to ret (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - KVM: s390: clear kicked_mask before sleeping again (git-fixes). - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - PCI: Dynamically map ECAM regions (bsc#1204382). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/bnxt_re: Add missing spin lock initialization (git-fixes) - RDMA/bnxt_re: Fix query SRQ failure (git-fixes) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/core: Sanitize WQ state received from the userspace (git-fixes) - RDMA/cxgb4: Remove MW support (git-fixes) - RDMA/efa: Free IRQ vectors on error flow (git-fixes) - RDMA/efa: Remove double QP type assignment (git-fixes) - RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - RDMA/mlx5: Set user priority for DCT (git-fixes) - RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix redundant skb_put_zero (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Remove unused pkt->offset (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: Verify port when creating flow rule (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) - Revert 'drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489) - Revert 'drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time' (git-fixes). - Revert 'usb: add quirks for Lenovo OneLink+ Dock' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: aspeed-video: ignore interrupts that are not enabled (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638). - parisc/sticon: fix reverse colors (bsc#1152489) Backporting notes: * context changes - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). Important SUSE bug 1032323 SUSE bug 1065729 SUSE bug 1152489 SUSE bug 1198702 SUSE bug 1200465 SUSE bug 1200788 SUSE bug 1201725 SUSE bug 1202638 SUSE bug 1202686 SUSE bug 1202700 SUSE bug 1203066 SUSE bug 1203098 SUSE bug 1203387 SUSE bug 1203391 SUSE bug 1203496 SUSE bug 1203802 SUSE bug 1204053 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204382 SUSE bug 1204402 SUSE bug 1204415 SUSE bug 1204417 SUSE bug 1204431 SUSE bug 1204439 SUSE bug 1204470 SUSE bug 1204479 SUSE bug 1204574 SUSE bug 1204575 SUSE bug 1204619 SUSE bug 1204635 SUSE bug 1204637 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204653 SUSE bug 1204728 SUSE bug 1204753 SUSE bug 1204754 CVE-2021-4037 CVE-2022-2153 CVE-2022-2964 CVE-2022-2978 CVE-2022-3176 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3625 CVE-2022-3629 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-39189 CVE-2022-42703 CVE-2022-43750 cpe:/o:opensuse:leap:15.3 Security update for go1.19 (Low) openSUSE Leap 15.3 This update for go1.19 fixes the following issues: Update to go 1.19.3 (released 2022-11-01) (bsc#1200441): Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941). Bugfixes: - runtime: lock count' fatal error when cgo is enabled (go#56308). - cmd/compile: libFuzzer instrumentation fakePC overflow on 386 arch (go#56168). - internal/fuzz: array literal initialization causes ICE 'unhandled stmt ASOP' while fuzzing (go#56106). Low SUSE bug 1200441 SUSE bug 1204941 CVE-2022-41716 cpe:/o:opensuse:leap:15.3 Security update for go1.18 (Low) openSUSE Leap 15.3 This update for go1.18 fixes the following issues: Update to go 1.18.8 (released 2022-11-01) (bsc#1193742): Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941). Bugfixes: - runtime: lock count' fatal error when cgo is enabled (go#56308). Low SUSE bug 1193742 SUSE bug 1204941 CVE-2022-41716 cpe:/o:opensuse:leap:15.3 Security update for systemd (Moderate) openSUSE Leap 15.3 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). Moderate SUSE bug 1204179 SUSE bug 1204968 CVE-2022-3821 cpe:/o:opensuse:leap:15.3 Security update for python-Twisted (Low) openSUSE Leap 15.3 This update for python-Twisted fixes the following issues: - CVE-2022-39348: Fixed NameVirtualHost Host header injection (bsc#1204781). Low SUSE bug 1204781 CVE-2022-39348 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 102.5.0 ESR (MFSA 2022-48, bsc#1205270): - CVE-2022-45403: Service Workers might have learned size of cross-origin media files - CVE-2022-45404: Fullscreen notification bypass - CVE-2022-45405: Use-after-free in InputStream implementation - CVE-2022-45406: Use-after-free of a JavaScript Realm - CVE-2022-45408: Fullscreen notification bypass via windowName - CVE-2022-45409: Use-after-free in Garbage Collection - CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy - CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers - CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers - CVE-2022-45416: Keystroke Side-Channel Leakage - CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI - CVE-2022-45420: Iframe contents could be rendered outside the iframe - CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 Important SUSE bug 1205270 CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 cpe:/o:opensuse:leap:15.3 Security update for php7 (Important) openSUSE Leap 15.3 This update for php7 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont() (bsc#1204979). - CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bsc#1204577). - Version update to 7.4.32 (jsc#SLE-23639) - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) Important SUSE bug 1203867 SUSE bug 1203870 SUSE bug 1204577 SUSE bug 1204979 CVE-2017-8923 CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 CVE-2021-21703 CVE-2021-21704 CVE-2021-21705 CVE-2021-21706 CVE-2021-21707 CVE-2021-21708 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628 CVE-2022-31629 CVE-2022-31630 CVE-2022-37454 cpe:/o:opensuse:leap:15.3 Security update for python39 (Important) openSUSE Leap 15.3 This update for python39 fixes the following issues: Security fixes: - CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method (bsc#1204886). - CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244). Other fixes: - Allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). - Update to 3.9.15: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - Update bundled libexpat to 2.4.9 Important SUSE bug 1204886 SUSE bug 1205244 CVE-2022-42919 CVE-2022-45061 cpe:/o:opensuse:leap:15.3 Security update for sccache (Moderate) openSUSE Leap 15.3 This update for sccache fixes the following issues: Updated to version 0.3.0: - CVE-2022-24713: Fixed Regex denial of service (bsc#1196972). - CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119). - Added hardening to systemd service(s) (bsc#1181400). Moderate SUSE bug 1181400 SUSE bug 1194119 SUSE bug 1196972 CVE-2021-45710 CVE-2022-24713 cpe:/o:opensuse:leap:15.3 Security update for sudo (Important) openSUSE Leap 15.3 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986). - Fix wrong information output in the error message (bsc#1190818). - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). Important SUSE bug 1190818 SUSE bug 1203201 SUSE bug 1204986 CVE-2022-43995 cpe:/o:opensuse:leap:15.3 Security update for java-11-openjdk (Moderate) openSUSE Leap 15.3 This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.17+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21626: Key X509 usages (bsc#1204471) - CVE-2022-21618: Wider MultiByte (bsc#1204468) Moderate SUSE bug 1203476 SUSE bug 1204468 SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 SUSE bug 1204480 SUSE bug 1204523 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 cpe:/o:opensuse:leap:15.3 Security update for dpkg (Low) openSUSE Leap 15.3 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). Low SUSE bug 1199944 CVE-2022-1664 cpe:/o:opensuse:leap:15.3 Security update for openjpeg (Important) openSUSE Leap 15.3 This update for openjpeg fixes the following issues: - CVE-2018-20846: Fixed an Out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi. (bsc#1140205) - CVE-2018-21010: Fixed a heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789) - CVE-2020-27824: Fixed an OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821) - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043) - CVE-2020-27843: Fixed an out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044) - CVE-2020-27845: Fixed a heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046) Important SUSE bug 1140205 SUSE bug 1149789 SUSE bug 1179821 SUSE bug 1180043 SUSE bug 1180044 SUSE bug 1180046 CVE-2018-20846 CVE-2018-21010 CVE-2020-27824 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 cpe:/o:opensuse:leap:15.3 Security update for nodejs16 (Important) openSUSE Leap 15.3 This update for nodejs16 fixes the following issues: - Update to LTS versino 16.18.1. - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). - Update to LTS version 16.18.0: * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() * deps: npm updated to 8.19.2 Important SUSE bug 1205119 CVE-2022-43548 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: - Fixed various security issues (MFSA 2022-49, bsc#1205270): * CVE-2022-45403 (bmo#1762078) Service Workers might have learned size of cross-origin media files * CVE-2022-45404 (bmo#1790815) Fullscreen notification bypass * CVE-2022-45405 (bmo#1791314) Use-after-free in InputStream implementation * CVE-2022-45406 (bmo#1791975) Use-after-free of a JavaScript Realm * CVE-2022-45408 (bmo#1793829) Fullscreen notification bypass via windowName * CVE-2022-45409 (bmo#1796901) Use-after-free in Garbage Collection * CVE-2022-45410 (bmo#1658869) ServiceWorker-intercepted requests bypassed SameSite cookie policy * CVE-2022-45411 (bmo#1790311) Cross-Site Tracing was possible via non-standard override headers * CVE-2022-45412 (bmo#1791029) Symlinks may resolve to partially uninitialized buffers * CVE-2022-45416 (bmo#1793676) Keystroke Side-Channel Leakage * CVE-2022-45418 (bmo#1795815) Custom mouse cursor could have been drawn over browser UI * CVE-2022-45420 (bmo#1792643) Iframe contents could be rendered outside the iframe * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061) Memory safety bugs fixed in Thunderbird 102.5 - Fixed various security issues: (MFSA 2022-46, bsc#1204421): * CVE-2022-42927 (bmo#1789128) Same-origin policy violation could have leaked cross-origin URLs * CVE-2022-42928 (bmo#1791520) Memory Corruption in JS Engine * CVE-2022-42929 (bmo#1789439) Denial of Service via window.print * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041) Memory safety bugs fixed in Thunderbird 102.4 - Mozilla Thunderbird 102.5 * changed: `Ctrl+N` shortcut to create new contacts from address book restored (bmo#1751288) * fixed: Account Settings UI did not update to reflect default identity changes (bmo#1782646) * fixed: New POP mail notifications were incorrectly shown for messages marked by filters as read or junk (bmo#1787531) * fixed: Connecting to an IMAP server configured to use `PREAUTH` caused Thunderbird to hang (bmo#1798161) * fixed: Error responses received in greeting header from NNTP servers did not display error message (bmo#1792281) * fixed: News messages sent using 'Send Later' failed to send after going back online (bmo#1794997) * fixed: 'Download/Sync Now...' did not completely sync all newsgroups before going offline (bmo#1795547) * fixed: Username was missing from error dialog on failed login to news server (bmo#1796964) * fixed: Thunderbird can now fetch RSS channel feeds with incomplete channel URL (bmo#1794775) * fixed: Add-on 'Contribute' button in Add-ons Manager did not work (bmo#1795751) * fixed: Help text for `/part` Matrix command was incorrect (bmo#1795578) * fixed: Invite Attendees dialog did not fetch free/busy info for attendees with encoded characters in their name (bmo#1797927) - Mozilla Thunderbird 102.4.2 * changed: 'Address Book' button in Account Central will now create a CardDAV address book instead of a local address book (bmo#1793903) * fixed: Messages fetched from POP server in `Fetch headers only` mode disappeared when moved to different folder by filter action (bmo#1793374) * fixed: Thunderbird re-downloaded locally deleted messages from a POP server when 'Leave messages on server' and 'Until I delete them' were enabled (bmo#1796903) * fixed: Multiple password prompts for the same POP account could be displayed (bmo#1786920) * fixed: IMAP authentication failed on next startup if ImapMail folder was deleted by user (bmo#1793599) * fixed: Retrieving passwords for authenticated NNTP accounts could fail due to obsolete preferences in a users profile on every startup (bmo#1770594) * fixed: `Get Next n Messages` did not consistently fetch all messages requested from NNTP server (bmo#1794185) * fixed: `Get Messages` button unable to fetch messages from NNTP server if root folder not selected (bmo#1792362) * fixed: Thunderbird text branding did not always match locale of localized build (bmo#1786199) * fixed: Thunderbird installer and Thunderbird updater created Windows shortcuts with different names (bmo#1787264) * fixed: LDAP search filters unable to work with non-ASCII characters (bmo#1794306) * fixed: 'Today' highlighting in Calendar Month view did not update after date change at midnight (bmo#1795176) - Mozilla Thunderbird 102.4.1 * new: Thunderbird will now catch and report errors parsing vCards that contain incorrectly formatted dates (bmo#1793415) * fixed: Dynamic language switching did not update interface when switched to right-to-left languages (bmo#1794289) * fixed: Custom header data was discarded after messages were saved as draft and reopened (bmo#195716) * fixed: `-remote` command line argument did not work, affecting integration with various applications such as LibreOffice (bmo#1793323) * fixed: Messages received via some SMS-to-email services could not display images (bmo#1774805) * fixed: VCards with nickname field set could not be edited (bmo#1793877) * fixed: Some recurring events were missing from Agenda on first load (bmo#1771168) * fixed: Download requests for remote ICS calendars incorrectly set 'Accept' header to text/xml (bmo#1793757) * fixed: Monthly events created on the 31st of a month with <30 days placed first occurrence 1-2 days after the beginning of the following month (bmo#1266797) * fixed: Various visual and UX improvements (bmo#1781437,bmo#1785314,bmo#1794139,bmo#1794155,bmo#1794399) * changed: Thunderbird will automatically detect and repair OpenPGP key storage corruption caused by using the profile import tool in Thunderbird 102 (bmo#1790610) * fixed: POP message download into a large folder (~13000 messages) caused Thunderbird to temporarily freeze (bmo#1792675) * fixed: Forwarding messages with special characters in Subject failed on Windows (bmo#1782173) * fixed: Links for FileLink attachments were not added when attachment filename contained Unicode characters (bmo#1789589) * fixed: Address Book display pane continued to show contacts after deletion (bmo#1777808) * fixed: Printing address book did not include all contact details (bmo#1782076) * fixed: CardDAV contacts without a Name property did not save to Google Contacts (bmo#1792101) * fixed: 'Publish Calendar' did not work (bmo#1794471) * fixed: Calendar database storage improvements (bmo#1792124) * fixed: Incorrectly handled error responses from CalDAV servers sometimes caused events to disappear from calendar (bmo#1792923) * fixed: Various visual and UX improvements (bmo#1776093,bmo#17 80040,bmo#1780425,bmo#1792876,bmo#1792872,bmo#1793466,bmo#179 3543) Important SUSE bug 1204421 SUSE bug 1205270 CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 cpe:/o:opensuse:leap:15.3 Security update for 389-ds (Low) openSUSE Leap 15.3 This update for 389-ds fixes the following issues: - CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119). - Update to version 2.0.16~git56.d15a0a7. - Failure to migrate from openldap if pwdPolicyChecker present (bsc#1205146). - Resolve issue with checklist post migration when dds is present (bsc#1204748). - Improve reliability of migrations from openldap when dynamic directory services is configured (bsc#1204493). Low SUSE bug 1194119 SUSE bug 1204493 SUSE bug 1204748 SUSE bug 1205146 CVE-2021-45710 cpe:/o:opensuse:leap:15.3 Security update for frr (Important) openSUSE Leap 15.3 This update for frr fixes the following issues: - CVE-2022-37035: Fixed a possible use-after-free due to a race condition related to bgp_notify_send_with_data() and bgp_process_packet() (bsc#1202085). - CVE-2022-42917: Fixed a privilege escalation from frr to root in frr config creation (bsc#1204124). Important SUSE bug 1202085 SUSE bug 1204124 CVE-2022-37035 CVE-2022-42917 cpe:/o:opensuse:leap:15.3 Security update for binutils (Moderate) openSUSE Leap 15.3 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE=<type> in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) Moderate SUSE bug 1142579 SUSE bug 1185597 SUSE bug 1185712 SUSE bug 1188374 SUSE bug 1191473 SUSE bug 1193929 SUSE bug 1194783 SUSE bug 1197592 SUSE bug 1198237 SUSE bug 1202816 SUSE bug 1202966 SUSE bug 1202967 SUSE bug 1202969 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 cpe:/o:opensuse:leap:15.3 Security update for pixman (Important) openSUSE Leap 15.3 This update for pixman fixes the following issues: - CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033). Important SUSE bug 1205033 CVE-2022-44638 cpe:/o:opensuse:leap:15.3 Security update for strongswan (Moderate) openSUSE Leap 15.3 This update for strongswan fixes the following issues: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service (bsc#1203556) Moderate SUSE bug 1203556 CVE-2022-40617 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.3 This update for java-1_8_0-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471). - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468). - CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473). - CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472). - CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475). - CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480). - CVE-2022-21549: Fixed exponentials issue (bsc#1201685). - CVE-2022-21541: Fixed an improper restriction of MethodHandle.invokeBasic() (bsc#1201692). - CVE-2022-34169; Fixed an integer truncation issue in Xalan (bsc#1201684). - CVE-2022-21540: Fixed a class compilation issue (bsc#1201694). - Update to Java 8.0 Service Refresh 7 Fix Pack 20. * Security: - The IBM ORB Does Not Support Object-Serialisation Data Filtering - Large Allocation In CipherSuite - Avoid Evaluating Sslalgorithmconstraints Twice - Cache The Results Of Constraint Checks - An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation - Disable SHA-1 Signed Jars For Ea - JSSE Performance Improvement - Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption * Java 8/Orb: - Upgrade ibmcfw.jar To Version o2228.02 * Class Libraries: - Crash In Libjsor.So During An Rdma Failover - High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run - Update Timezone Information To The Latest tzdata2022c * Jit Compiler: - Crash During JIT Compilation - Incorrect JIT Optimization Of Java Code - Incorrect Return From Class.isArray() - Unexpected ClassCastException - Performance Regression When Calling VM Helper Code On X86 * X/Os Extentions: - Add RSA-OAEP Cipher Function To IBMJCECCA - Update to Java 8.0 Service Refresh 7 Fix Pack 16 * Java Virtual Machine - Assertion failure at ClassLoaderRememberedSet.cpp - Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set. - GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set. * JIT Compiler: - Incorrect JIT optimization of Java code - JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC * Reliability and Serviceability: - javacore with 'kill -3' SIGQUIT signal freezes Java process Important SUSE bug 1201684 SUSE bug 1201685 SUSE bug 1201692 SUSE bug 1201694 SUSE bug 1202427 SUSE bug 1204468 SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 SUSE bug 1204480 SUSE bug 1205302 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-34169 CVE-2022-39399 cpe:/o:opensuse:leap:15.3 Security update for krb5 (Important) openSUSE Leap 15.3 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Important SUSE bug 1205126 CVE-2022-42898 cpe:/o:opensuse:leap:15.3 Security update for redis (Low) openSUSE Leap 15.3 This update for redis fixes the following issues: - CVE-2022-3647: Fixed crash in sigsegvHandler debug function (bsc#1204633). Low SUSE bug 1204633 CVE-2022-3647 cpe:/o:opensuse:leap:15.3 Security update for colord (Low) openSUSE Leap 15.3 This update for colord fixes the following issues: - CVE-2021-42523: Fixed small memory leak in sqlite3_exec (bsc#1202802). Low SUSE bug 1202802 CVE-2021-42523 cpe:/o:opensuse:leap:15.3 Security update for opensc (Moderate) openSUSE Leap 15.3 This update for opensc fixes the following issues: - CVE-2019-6502: Fixed memory leak in sc_context_create in ctx.c (bsc#1122756). Moderate SUSE bug 1122756 CVE-2019-6502 cpe:/o:opensuse:leap:15.3 Security update for nginx (Important) openSUSE Leap 15.3 This update for nginx fixes the following issues: - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed (bsc#1187685). Important SUSE bug 1187685 CVE-2021-3618 cpe:/o:opensuse:leap:15.3 Security update for libarchive (Low) openSUSE Leap 15.3 This update for libarchive fixes the following issues: - CVE-2022-36227: Fixed potential NULL pointer dereference in __archive_write_allocate_filter() (bsc#1205629). Low SUSE bug 1205629 CVE-2022-36227 cpe:/o:opensuse:leap:15.3 Security update for net-snmp (Moderate) openSUSE Leap 15.3 This update for net-snmp fixes the following issues: Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203): - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access. - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference. - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. Moderate SUSE bug 1201103 CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810 cpe:/o:opensuse:leap:15.3 Security update for libdb-4_8 (Low) openSUSE Leap 15.3 This update for libdb-4_8 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414). Low SUSE bug 1174414 CVE-2019-2708 cpe:/o:opensuse:leap:15.3 Security update for erlang (Important) openSUSE Leap 15.3 This update for erlang fixes the following issues: - CVE-2022-37026: fixed a client authorization bypass vulnerability for SSL, TLS, and DTLS in Erlang/OTP. [bsc#1205318] Important SUSE bug 1205318 CVE-2022-37026 cpe:/o:opensuse:leap:15.3 Security update for grub2 (Important) openSUSE Leap 15.3 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 Important SUSE bug 1205178 SUSE bug 1205182 CVE-2022-2601 CVE-2022-3775 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-openj9 (Important) openSUSE Leap 15.3 This update for java-1_8_0-openj9 fixes the following issues: - Update to OpenJDK 8u352 build 08 with OpenJ9 0.35.0 virtual machine, including Oracle October 2022 CPU changes. - CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473). - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471). - CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475). - CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472). - CVE-2022-3676: Fixed interface than calls can be inlined without a runtime type check (bsc#1204703). Important SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 SUSE bug 1204703 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-3676 cpe:/o:opensuse:leap:15.3 Security update for nodejs12 (Important) openSUSE Leap 15.3 This update for nodejs12 fixes the following issues: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). Important SUSE bug 1205119 CVE-2022-43548 cpe:/o:opensuse:leap:15.3 Security update for nodejs14 (Important) openSUSE Leap 15.3 This update for nodejs14 fixes the following issues: - Update to 14.21.1: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). - Update to 14.21.0: - src: add --openssl-shared-config option Important SUSE bug 1205119 CVE-2022-43548 cpe:/o:opensuse:leap:15.3 Security update for tiff (Important) openSUSE Leap 15.3 This update for tiff fixes the following issues: - CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641). - CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643). - CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644) - CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645). - CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392). Important SUSE bug 1204641 SUSE bug 1204643 SUSE bug 1204644 SUSE bug 1204645 SUSE bug 1205392 CVE-2022-3597 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3970 cpe:/o:opensuse:leap:15.3 Security update for busybox (Important) openSUSE Leap 15.3 This update for busybox fixes the following issues: - CVE-2014-9645: Fixed loading of unwanted module with / in module names (bsc#914660). - Enable switch_root With this change virtme --force-initramfs works as expected. - Enable udhcpc Update to 1.35.0: - awk: fix printf %%, fix read beyond end of buffer - Adjust busybox.config for new features in find, date and cpio - chrt: silence analyzer warning - libarchive: remove duplicate forward declaration - mount: 'mount -o rw ....' should not fall back to RO mount - ps: fix -o pid=PID,args interpreting entire 'PID,args' as header - tar: prevent malicious archives with long name sizes causing OOM - udhcpc6: fix udhcp_find_option to actually find DHCP6 options - xxd: fix -p -r - support for new optoins added to basename, cpio, date, find, mktemp, wget and others - Adjust busybox.config for new features in find, date and cpio Important SUSE bug 1099260 SUSE bug 914660 CVE-2014-9645 CVE-2018-1000517 cpe:/o:opensuse:leap:15.3 Security update for exiv2 (Important) openSUSE Leap 15.3 This update for exiv2 fixes the following issues: - CVE-2019-13110: Fixed an integer-overflow and out-of-bounds read in CiffDirectory:readDirectory leads to denail of service (bsc#1142678). - CVE-2019-13109: Fixed a denial of service in PngImage:readMetadata (bsc#1142677). - CVE-2018-17581: Fixed an excessive stack consumption CiffDirectory:readDirectory() at crwimage_int.cpp (bsc#1110282). - CVE-2017-11591: Fixed a floating point exception in Exiv2::ValueType (bsc#1050257). - CVE-2019-17402: Fixed an improper validation of the total size to the offset and size leads to a crash in Exiv2::getULong in types.cpp (bsc#1153577). - CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337). - CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562). - CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231). - CVE-2018-20098: Fixed a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header (bsc#1119560). - CVE-2018-11531: Fixed a heap-based buffer overflow in getData in preview.cpp (bsc#1095070). - CVE-2018-20099: exiv2: infinite loop in Exiv2::Jp2Image::encodeJp2Header (bsc#1119559). Important SUSE bug 1050257 SUSE bug 1095070 SUSE bug 1110282 SUSE bug 1119559 SUSE bug 1119560 SUSE bug 1119562 SUSE bug 1142677 SUSE bug 1142678 SUSE bug 1153577 SUSE bug 1186231 SUSE bug 1189337 CVE-2017-11591 CVE-2018-11531 CVE-2018-17581 CVE-2018-20097 CVE-2018-20098 CVE-2018-20099 CVE-2019-13109 CVE-2019-13110 CVE-2019-17402 CVE-2021-29473 CVE-2021-32815 cpe:/o:opensuse:leap:15.3 Security update for supportutils (Moderate) openSUSE Leap 15.3 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) Moderate SUSE bug 1184689 SUSE bug 1188086 SUSE bug 1192252 SUSE bug 1192648 SUSE bug 1197428 SUSE bug 1200330 SUSE bug 1202269 SUSE bug 1202337 SUSE bug 1202417 SUSE bug 1203818 cpe:/o:opensuse:leap:15.3 Security update for python3 (Important) openSUSE Leap 15.3 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). Important SUSE bug 1188607 SUSE bug 1203125 SUSE bug 1204577 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2022-37454 cpe:/o:opensuse:leap:15.3 Security update for vim (Important) openSUSE Leap 15.3 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). Important SUSE bug 1192478 SUSE bug 1202962 SUSE bug 1203110 SUSE bug 1203152 SUSE bug 1203155 SUSE bug 1203194 SUSE bug 1203272 SUSE bug 1203508 SUSE bug 1203509 SUSE bug 1203796 SUSE bug 1203797 SUSE bug 1203799 SUSE bug 1203820 SUSE bug 1203924 SUSE bug 1204779 CVE-2021-3928 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 cpe:/o:opensuse:leap:15.3 Security update for webkit2gtk3 (Important) openSUSE Leap 15.3 Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121). - CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122). - CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123). - CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120). - CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124). Update to version 2.38.2: - Fix scrolling issues in some sites having fixed background. - Fix prolonged buffering during progressive live playback. - Fix the build with accessibility disabled. - Fix several crashes and rendering issues. Update to version 2.38.1: - Make xdg-dbus-proxy work if host session bus address is an abstract socket. - Use a single xdg-dbus-proxy process when sandbox is enabled. - Fix high resolution video playback due to unimplemented changeType operation. - Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. - Fix player stucking in buffering (paused) state for progressive streaming. - Do not try to preconnect on link click when link preconnect setting is disabled. - Fix close status code returned when the client closes a WebSocket in some cases. - Fix media player duration calculation. - Fix several crashes and rendering issues. Update to version 2.38.0: - New media controls UI style. - Add new API to set WebView's Content-Security-Policy for web extensions support. - Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var. - MediaSession is enabled by default, allowing remote media control using MPRIS. - Add support for PDF documents using PDF.js. Important SUSE bug 1205120 SUSE bug 1205121 SUSE bug 1205122 SUSE bug 1205123 SUSE bug 1205124 CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 cpe:/o:opensuse:leap:15.3 Security update for freerdp (Moderate) openSUSE Leap 15.3 This update for freerdp fixes the following issues: - CVE-2022-39318: Fixed division by zero in urbdrc (bsc#1205563). - CVE-2022-39319: Fixed missing input buffer length check in urbdrc (bsc#1205564). Moderate SUSE bug 1205563 SUSE bug 1205564 CVE-2022-39318 CVE-2022-39319 cpe:/o:opensuse:leap:15.3 Security update for systemd (Moderate) openSUSE Leap 15.3 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) Moderate SUSE bug 1178561 SUSE bug 1190515 SUSE bug 1194178 CVE-2021-3997 cpe:/o:opensuse:leap:15.3 Security update for nodejs10 (Important) openSUSE Leap 15.3 This update for nodejs10 fixes the following issues: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). Important SUSE bug 1205119 CVE-2022-43548 cpe:/o:opensuse:leap:15.3 Security update for bcel (Moderate) openSUSE Leap 15.3 This update for bcel fixes the following issues: - CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing (bsc#1205125). Moderate SUSE bug 1205125 CVE-2022-42920 cpe:/o:opensuse:leap:15.3 Security update for busybox (Moderate) openSUSE Leap 15.3 This update for busybox fixes the following issues: - CVE-2022-30065: Fixed use-after-free in the AWK applet (bsc#1199744). Moderate SUSE bug 1199744 CVE-2022-30065 cpe:/o:opensuse:leap:15.3 Security update for emacs (Important) openSUSE Leap 15.3 This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822). Important SUSE bug 1205822 CVE-2022-45939 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: Update to version 102.5.1: - CVE-2022-45414: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content (bsc#1205941). Important SUSE bug 1205941 CVE-2022-45414 cpe:/o:opensuse:leap:15.3 Security update for buildah (Important) openSUSE Leap 15.3 This update for buildah fixes the following issues: Version update to 1.28.2. - CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812). - CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864). Important SUSE bug 1167864 SUSE bug 1202812 CVE-2020-10696 CVE-2022-2990 cpe:/o:opensuse:leap:15.3 Security update for rabbitmq-server (Moderate) openSUSE Leap 15.3 This update for rabbitmq-server fixes the following issues: - CVE-2022-31008: Fixed predictable secret seed in URI encryption (bsc#1205267). Moderate SUSE bug 1205267 CVE-2022-31008 cpe:/o:opensuse:leap:15.3 Security update for nautilus (Moderate) openSUSE Leap 15.3 This update for nautilus fixes the following issues: - CVE-2022-37290: Fixed a denial of service caused by pasted ZIP archives (bsc#1205418). Moderate SUSE bug 1205418 CVE-2022-37290 cpe:/o:opensuse:leap:15.3 Security update for samba (Important) openSUSE Leap 15.3 This update for samba fixes the following issues: Version update to 4.15.12. Security issues fixed: - CVE-2022-2031: Fixed AD users that could have bypassed certain restrictions associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed SMB1 code that does not correctly verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths (bsc#1201496). - CVE-2022-32744: Fixed AD users that could have forged password change requests for any user (bsc#1201493). - CVE-2022-32745: Fixed AD users that could have crashed the server process with an LDAP add or modify request (bsc#1201492). - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-3437: Fixed buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - CVE-2022-42898: Fixed Samba buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). Bug fixes: - Install a systemd drop-in file for named service to allow read/write access to the DLZ directory (bsc#1201689). - Possible use after free of connection_struct when iterating smbd_server_connection->connections (bsc#1200102). Important SUSE bug 1200102 SUSE bug 1201490 SUSE bug 1201492 SUSE bug 1201493 SUSE bug 1201495 SUSE bug 1201496 SUSE bug 1201689 SUSE bug 1204254 SUSE bug 1205126 CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-3437 CVE-2022-42898 cpe:/o:opensuse:leap:15.3 Security update for go1.19 (Moderate) openSUSE Leap 15.3 This update for go1.19 fixes the following issues: Update to version 1.19.4, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135). - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134). Moderate SUSE bug 1200441 SUSE bug 1206134 SUSE bug 1206135 CVE-2022-41717 CVE-2022-41720 cpe:/o:opensuse:leap:15.3 Security update for go1.18 (Moderate) openSUSE Leap 15.3 This update for go1.18 fixes the following issues: Update to version 1.18.9, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135) - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134) Moderate SUSE bug 1193742 SUSE bug 1206134 SUSE bug 1206135 CVE-2022-41717 CVE-2022-41720 cpe:/o:opensuse:leap:15.3 Security update for tiff (Important) openSUSE Leap 15.3 This update for tiff fixes the following issues: - CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422). - CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642] Important SUSE bug 1204642 SUSE bug 1205422 CVE-2022-3570 CVE-2022-3598 cpe:/o:opensuse:leap:15.3 Security update for grafana (Important) openSUSE Leap 15.3 This update for grafana fixes the following issues: Version update from 8.3.10 to 8.5.13 (jsc#PED-2145): - Security fixes: * CVE-2022-36062: (bsc#1203596) * CVE-2022-35957: (bsc#1203597) * CVE-2022-31107: (bsc#1201539) * CVE-2022-31097: (bsc#1201535) * CVE-2022-29170: (bsc#1199810) * CVE-2021-43813, CVE-2021-43815: (bsc#1193686) * CVE-2021-43798: (bsc#1193492) * CVE-2021-41244: (bsc#1192763) * CVE-2021-41174: (bsc#1192383) * CVE-2021-3711: (bsc#1189520) * CVE-2021-36222: (bsc#1188571) - Features and enhancements: * AccessControl: Disable user remove and user update roles when they do not have the permissions * AccessControl: Provisioning for teams * Alerting: Add custom grouping to Alert Panel * Alerting: Add safeguard for migrations that might cause dataloss * Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled * Alerting: Grafana uses > instead of >= when checking the For duration * Alerting: Move slow queries in the scheduler to another goroutine * Alerting: Remove disabled flag for data source when migrating alerts * Alerting: Show notification tab of legacy alerting only to editor * Alerting: Update migration to migrate only alerts that belon to existing org\dashboard * Alerting: Use expanded labels in dashboard annotations * Alerting: Use time.Ticker instead of alerting.Ticker in ngalert * Analytics: Add user id tracking to google analytics * Angular: Add AngularJS plugin support deprecation plan to docs site * API: Add usage stats preview endpoint * API: Extract OpenAPI specification from source code using go-swagger * Auth: implement auto_sign_up for auth.jwt * Azure monitor Logs: Optimize data fetching in resource picker * Azure Monitor Logs: Order subscriptions in resource picker by name * Azure Monitor: Include datasource ref when interpolating variables. * AzureMonitor: Add support for not equals and startsWith operators when creating Azure Metrics dimension filters. * AzureMonitor: Do not quote variables when a custom 'All' variable option is used * AzureMonitor: Filter list of resources by resourceType * AzureMonitor: Update allowed namespaces * BarChart: color by field, x time field, bar radius, label skipping * Chore: Implement OpenTelemetry in Grafana * Cloud Monitoring: Adds metric type to Metric drop down options * CloudMonitor: Correctly encode default project response * CloudWatch: Add all ElastiCache Redis Metrics * CloudWatch: Add Data Lifecycle Manager metrics and dimension * CloudWatch: Add Missing Elasticache Host-level metrics * CloudWatch: Add multi-value template variable support for log group names in logs query builder * CloudWatch: Add new AWS/ES metrics. #43034, @sunker * Cloudwatch: Add support for AWS/PrivateLink* metrics and dimensions * Cloudwatch: Add support for new AWS/RDS EBS* metrics * Cloudwatch: Add syntax highlighting and autocomplete for 'Metric Search' * Cloudwatch: Add template variable query function for listing log groups * Configuration: Add ability to customize okta login button name and icon * Elasticsearch: Add deprecation notice for < 7.10 versions. * Explore: Support custom display label for exemplar links for Prometheus datasource * Hotkeys: Make time range absolute/permanent * InfluxDB: Use backend for influxDB by default via feature toggle * Legend: Use correct unit for percent and count calculations * Logs: Escape windows newline into single newline * Loki: Add unpack to autocomplete suggestions * Loki: Use millisecond steps in Grafana 8.5.x. * Playlists: Enable sharing direct links to playlists * Plugins: Allow using both Function and Class components for app plugins * Plugins: Expose emotion/react to plugins to prevent load failures * Plugins: Introduce HTTP 207 Multi Status response to api/ds/query * Rendering: Add support for renderer token * Setting: Support configuring feature toggles with bools instead of just passing an array * SQLStore: Prevent concurrent migrations * SSE: Add Mode to drop NaN/Inf/Null in Reduction operations * Tempo: Switch out Select with AsyncSelect component to get loading state in Tempo Search * TimeSeries: Add migration for Graph panel's transform series override * TimeSeries: Add support for negative Y and constant transform * TimeSeries: Preserve null/undefined values when performing negative y transform * Traces: Filter by service/span name and operation in Tempo and Jaeger * Transformations: Add 'JSON' field type to ConvertFieldTypeTransformer * Transformations: Add an All Unique Values Reducer * Transformers: avoid error when the ExtractFields source field is missing - Breaking changes: * For a data source query made via /api/ds/query: + If the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is now '207 Multi Status' instead of '400 Bad gateway' + If the DatasourceQueryMultiStatus feature is not enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is '400 BadRequest' (no breaking change) * For a proxied request, e.g. Grafana's datasource or plugin proxy: + If the request is cancelled, e.g. from the browser/by the client, the HTTP status code is now '499 Client closed' request instead of 502 Bad gateway If the request times out, e.g. takes longer time than allowed, the HTTP status code is now '504 Gateway timeout' instead of '502 Bad gateway'. + The change in behavior is that negative-valued series are now stacked downwards from 0 (in their own stacks), rather than downwards from the top of the positive stacks. We now automatically group stacks by Draw style, Line interpolation, and Bar alignment, making it impossible to stack bars on top of lines, or smooth lines on top of stepped lines + The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards + The Tooltip component provided by @grafana/ui is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new interactive property to true. - Deprecations: * /api/tsdb/query API has been deprecated, please use /api/ds/query instead * AngularJS plugin support is now in a deprecated state. The documentation site has an article with more details on why, when, and how - Bug fixes: * Alerting: Add contact points provisioning API * Alerting: add field for custom slack endpoint * Alerting: Add resolved count to notification title when both firing and resolved present * Alerting: Alert rule should wait For duration when execution error state is Alerting * Alerting: Allow disabling override timings for notification policies * Alerting: Allow serving images from custom url path * Alerting: Apply Custom Headers to datasource queries * Alerting: Classic conditions can now display multiple values * Alerting: correctly show all alerts in a folder * Alerting: Display query from grafana-managed alert rules on /api/v1/rules * Alerting: Do not overwrite existing alert rule condition * Alerting: Enhance support for arbitrary group names in managed alerts * Alerting: Fix access to alerts for viewer with editor permissions when RBAC is disabled * Alerting: Fix anonymous access to alerting * Alerting: Fix migrations by making send_alerts_to field nullable * Alerting: Fix RBAC actions for notification policies * Alerting: Fix use of > instead of >= when checking the For duration * Alerting: Remove double quotes from matchers * API: Include userId, orgId, uname in request logging middleware * Auth: Guarantee consistency of signed SigV4 headers * Azure Monitor : Adding json formatting of error messages in Panel Header Corner and Inspect Error Tab * Azure Monitor: Add 2 more Curated Dashboards for VM Insights * Azure Monitor: Bug Fix for incorrect variable cascading for template variables * Azure Monitor: Fix space character encoding for metrics query link to Azure Portal * Azure Monitor: Fixes broken log queries that use workspace * Azure Monitor: Small bug fixes for Resource Picker * AzureAd Oauth: Fix strictMode to reject users without an assigned role * AzureMonitor: Fixes metric definition for Azure Storage queue/file/blob/table resources * Cloudwatch : Fixed reseting metric name when changing namespace in Metric Query * CloudWatch: Added missing MemoryDB Namespace metrics * CloudWatch: Fix MetricName resetting on Namespace change. * Cloudwatch: Fix template variables in variable queries. * CloudWatch: Fix variable query tag migration * CloudWatch: Handle new error codes for MetricInsights * CloudWatch: List all metrics properly in SQL autocomplete * CloudWatch: Prevent log groups from being removed on query change * CloudWatch: Remove error message when using multi-valued template vars in region field * CloudWatch: Run query on blur in logs query field * CloudWatch: Use default http client from aws-sdk-go * Dashboard: Fix dashboard update permission check * Dashboard: Fixes random scrolling on time range change * Dashboard: Template variables are now correctly persisted when clicking breadcrumb links * DashboardExport: Fix exporting and importing dashboards where query data source ended up as incorrect * DashboardPage: Remember scroll position when coming back panel edit / view panel * Dashboards: Fixes repeating by row and no refresh * Dashboards: Show changes in save dialog * DataSource: Default data source is no longer a persisted state but just the default data source for new panels * DataSourcePlugin API: Allow queries import when changing data source type * Elasticsearch: Respect maxConcurrentShardRequests datasource setting * Explore: Allow users to save Explore state to a new panel in a new dashboard * Explore: Avoid locking timepicker when range is inverted. * Explore: Fix closing split pane when logs panel is used * Explore: Prevent direct access to explore if disabled via feature toggle * Explore: Remove return to panel button * FileUpload: clicking the Upload file button now opens their modal correctly * Gauge: Fixes blank viz when data link exists and orientation was horizontal * GrafanaUI: Fix color of links in error Tooltips in light theme * Histogram Panel: Take decimal into consideration * InfluxDB: Fixes invalid no data alerts. #48295, @yesoreyeram * Instrumentation: Fix HTTP request instrumentation of authentication failures * Instrumentation: Make backend plugin metrics endpoints available with optional authentication * Instrumentation: Proxy status code correction and various improvements * LibraryPanels: Fix library panels not connecting properly in imported dashboards * LibraryPanels: Prevent long descriptions and names from obscuring the delete button * Logger: Use specified format for file logger * Logging: Introduce feature toggle to activate gokit/log format * Logs: Handle missing fields in dataframes better * Loki: Improve unpack parser handling * ManageDashboards: Fix error when deleting all dashboards from folder view * Middleware: Fix IPv6 host parsing in CSRF check * Navigation: Prevent navbar briefly showing on login * NewsPanel: Add support for Atom feeds. #45390, @kaydelaney * OAuth: Fix parsing of ID token if header contains non-string value * Panel Edit: Options search now works correctly when a logarithmic scale option is set * Panel Edit: Visualization search now works correctly with special characters * Plugins Catalog: Fix styling of hyperlinks * Plugins: Add deprecation notice for /api/tsdb/query endpoint * Plugins: Adding support for traceID field to accept variables * Plugins: Ensure catching all appropriate 4xx api/ds/query scenarios * Postgres: Return tables with hyphenated schemes * PostgreSQL: __unixEpochGroup to support arithmetic expression as argument * Profile/Help: Expose option to disable profile section and help menu * Prometheus: Enable new visual query builder by default * Provisioning: Fix duplicate validation when multiple organizations have been configured inserted * RBAC: Fix Anonymous Editors missing dashboard controls * RolePicker: Fix menu position on smaller screens * SAML: Allow disabling of SAML signups * Search: Sort results correctly when using postgres * Security: Fixes minor code scanning security warnings in old vendored javascript libs * Table panel: Fix horizontal scrolling when pagination is enabled * Table panel: Show datalinks for cell display modes JSON View and Gauge derivates * Table: Fix filter crashes table * Table: New pagination option * TablePanel: Add cell inspect option * TablePanel: Do not prefix columns with frame name if multipleframes and override active * TagsInput: Fix tags remove button accessibility issues * Tempo / Trace Viewer: Support Span Links in Trace Viewer * Tempo: Download span references in data inspector * Tempo: Separate trace to logs and loki search datasource config * TextPanel: Sanitize after markdown has been rendered to html * TimeRange: Fixes updating time range from url and browser history * TimeSeries: Fix detection & rendering of sparse datapoints * Timeseries: Fix outside range stale state * TimeSeries: Properly stack series with missing datapoints * TimeSeries: Sort tooltip values based on raw values * Tooltip: Fix links not legible in Tooltips when using light theme * Tooltip: Sort decimals using standard numeric compare * Trace View: Show number of child spans * Transformations: Support escaped characters in key-value pair parsing * Transforms: Labels to fields, fix label picker layout * Variables: Ensure variables in query params are correctly recognised * Variables: Fix crash when changing query variable datasource * Variables: Fixes issue with data source variables not updating queries with variable * Visualizations: Stack negative-valued series downwards - Plugin development fixes: * Card: Increase clickable area when meta items are present. * ClipboardButton: Use a fallback when the Clipboard API is unavailable * Loki: Fix operator description propup from being shortened. * OAuth: Add setting to skip org assignment for external users * Tooltips: Make tooltips non interactive by default * Tracing: Add option to map tag names to log label names in trace to logs settings Important SUSE bug 1188571 SUSE bug 1189520 SUSE bug 1192383 SUSE bug 1192763 SUSE bug 1193492 SUSE bug 1193686 SUSE bug 1199810 SUSE bug 1201535 SUSE bug 1201539 SUSE bug 1203596 SUSE bug 1203597 CVE-2021-36222 CVE-2021-3711 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-29170 CVE-2022-31097 CVE-2022-31107 CVE-2022-35957 CVE-2022-36062 cpe:/o:opensuse:leap:15.3 Security update for SUSE Manager Client Tools (Important) openSUSE Leap 15.3 This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1665997480.587fa10 * Add dependencies on xz and gzip to support compressed images golang-github-boynux-squid_exporter: - Exclude s390 architecture - Enhanced to build on Enterprise Linux 8. grafana: - Version update from 8.3.10 to 8.5.13 (jsc#PED-2145) - Security fixes: * CVE-2022-36062: (bsc#1203596) * CVE-2022-35957: (bsc#1203597) * CVE-2022-31107: (bsc#1201539) * CVE-2022-31097: (bsc#1201535) * CVE-2022-29170: (bsc#1199810) * CVE-2021-43813, CVE-2021-43815: (bsc#1193686) * CVE-2021-43798: (bsc#1193492) * CVE-2021-41244: (bsc#1192763) * CVE-2021-41174: (bsc#1192383) * CVE-2021-3711: (bsc#1189520) * CVE-2021-36222: (bsc#1188571) - Features and enhancements: * AccessControl: Disable user remove and user update roles when they do not have the permissions * AccessControl: Provisioning for teams * Alerting: Add custom grouping to Alert Panel * Alerting: Add safeguard for migrations that might cause dataloss * Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled * Alerting: Grafana uses > instead of >= when checking the For duration * Alerting: Move slow queries in the scheduler to another goroutine * Alerting: Remove disabled flag for data source when migrating alerts * Alerting: Show notification tab of legacy alerting only to editor * Alerting: Update migration to migrate only alerts that belon to existing org\dashboard * Alerting: Use expanded labels in dashboard annotations * Alerting: Use time.Ticker instead of alerting.Ticker in ngalert * Analytics: Add user id tracking to google analytics * Angular: Add AngularJS plugin support deprecation plan to docs site * API: Add usage stats preview endpoint * API: Extract OpenAPI specification from source code using go-swagger * Auth: implement auto_sign_up for auth.jwt * Azure monitor Logs: Optimize data fetching in resource picker * Azure Monitor Logs: Order subscriptions in resource picker by name * Azure Monitor: Include datasource ref when interpolating variables. * AzureMonitor: Add support for not equals and startsWith operators when creating Azure Metrics dimension filters. * AzureMonitor: Do not quote variables when a custom 'All' variable option is used * AzureMonitor: Filter list of resources by resourceType * AzureMonitor: Update allowed namespaces * BarChart: color by field, x time field, bar radius, label skipping * Chore: Implement OpenTelemetry in Grafana * Cloud Monitoring: Adds metric type to Metric drop down options * CloudMonitor: Correctly encode default project response * CloudWatch: Add all ElastiCache Redis Metrics * CloudWatch: Add Data Lifecycle Manager metrics and dimension * CloudWatch: Add Missing Elasticache Host-level metrics * CloudWatch: Add multi-value template variable support for log group names in logs query builder * CloudWatch: Add new AWS/ES metrics. #43034, @sunker * Cloudwatch: Add support for AWS/PrivateLink* metrics and dimensions * Cloudwatch: Add support for new AWS/RDS EBS* metrics * Cloudwatch: Add syntax highlighting and autocomplete for 'Metric Search' * Cloudwatch: Add template variable query function for listing log groups * Configuration: Add ability to customize okta login button name and icon * Elasticsearch: Add deprecation notice for < 7.10 versions. * Explore: Support custom display label for exemplar links for Prometheus datasource * Hotkeys: Make time range absolute/permanent * InfluxDB: Use backend for influxDB by default via feature toggle * Legend: Use correct unit for percent and count calculations * Logs: Escape windows newline into single newline * Loki: Add unpack to autocomplete suggestions * Loki: Use millisecond steps in Grafana 8.5.x. * Playlists: Enable sharing direct links to playlists * Plugins: Allow using both Function and Class components for app plugins * Plugins: Expose emotion/react to plugins to prevent load failures * Plugins: Introduce HTTP 207 Multi Status response to api/ds/query * Rendering: Add support for renderer token * Setting: Support configuring feature toggles with bools instead of just passing an array * SQLStore: Prevent concurrent migrations * SSE: Add Mode to drop NaN/Inf/Null in Reduction operations * Tempo: Switch out Select with AsyncSelect component to get loading state in Tempo Search * TimeSeries: Add migration for Graph panel's transform series override * TimeSeries: Add support for negative Y and constant transform * TimeSeries: Preserve null/undefined values when performing negative y transform * Traces: Filter by service/span name and operation in Tempo and Jaeger * Transformations: Add 'JSON' field type to ConvertFieldTypeTransformer * Transformations: Add an All Unique Values Reducer * Transformers: avoid error when the ExtractFields source field is missing - Breaking changes: * For a data source query made via /api/ds/query: + If the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is now '207 Multi Status' instead of '400 Bad gateway' + If the DatasourceQueryMultiStatus feature is not enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is '400 BadRequest' (no breaking change) * For a proxied request, e.g. Grafana's datasource or plugin proxy: + If the request is cancelled, e.g. from the browser/by the client, the HTTP status code is now '499 Client closed' request instead of 502 Bad gateway If the request times out, e.g. takes longer time than allowed, the HTTP status code is now '504 Gateway timeout' instead of '502 Bad gateway'. + The change in behavior is that negative-valued series are now stacked downwards from 0 (in their own stacks), rather than downwards from the top of the positive stacks. We now automatically group stacks by Draw style, Line interpolation, and Bar alignment, making it impossible to stack bars on top of lines, or smooth lines on top of stepped lines + The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards + The Tooltip component provided by @grafana/ui is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new interactive property to true. - Deprecations: * /api/tsdb/query API has been deprecated, please use /api/ds/query instead * AngularJS plugin support is now in a deprecated state. The documentation site has an article with more details on why, when, and how - Bug fixes: * Alerting: Add contact points provisioning API * Alerting: add field for custom slack endpoint * Alerting: Add resolved count to notification title when both firing and resolved present * Alerting: Alert rule should wait For duration when execution error state is Alerting * Alerting: Allow disabling override timings for notification policies * Alerting: Allow serving images from custom url path * Alerting: Apply Custom Headers to datasource queries * Alerting: Classic conditions can now display multiple values * Alerting: correctly show all alerts in a folder * Alerting: Display query from grafana-managed alert rules on /api/v1/rules * Alerting: Do not overwrite existing alert rule condition * Alerting: Enhance support for arbitrary group names in managed alerts * Alerting: Fix access to alerts for viewer with editor permissions when RBAC is disabled * Alerting: Fix anonymous access to alerting * Alerting: Fix migrations by making send_alerts_to field nullable * Alerting: Fix RBAC actions for notification policies * Alerting: Fix use of > instead of >= when checking the For duration * Alerting: Remove double quotes from matchers * API: Include userId, orgId, uname in request logging middleware * Auth: Guarantee consistency of signed SigV4 headers * Azure Monitor : Adding json formatting of error messages in Panel Header Corner and Inspect Error Tab * Azure Monitor: Add 2 more Curated Dashboards for VM Insights * Azure Monitor: Bug Fix for incorrect variable cascading for template variables * Azure Monitor: Fix space character encoding for metrics query link to Azure Portal * Azure Monitor: Fixes broken log queries that use workspace * Azure Monitor: Small bug fixes for Resource Picker * AzureAd Oauth: Fix strictMode to reject users without an assigned role * AzureMonitor: Fixes metric definition for Azure Storage queue/file/blob/table resources * Cloudwatch : Fixed reseting metric name when changing namespace in Metric Query * CloudWatch: Added missing MemoryDB Namespace metrics * CloudWatch: Fix MetricName resetting on Namespace change. * Cloudwatch: Fix template variables in variable queries. * CloudWatch: Fix variable query tag migration * CloudWatch: Handle new error codes for MetricInsights * CloudWatch: List all metrics properly in SQL autocomplete * CloudWatch: Prevent log groups from being removed on query change * CloudWatch: Remove error message when using multi-valued template vars in region field * CloudWatch: Run query on blur in logs query field * CloudWatch: Use default http client from aws-sdk-go * Dashboard: Fix dashboard update permission check * Dashboard: Fixes random scrolling on time range change * Dashboard: Template variables are now correctly persisted when clicking breadcrumb links * DashboardExport: Fix exporting and importing dashboards where query data source ended up as incorrect * DashboardPage: Remember scroll position when coming back panel edit / view panel * Dashboards: Fixes repeating by row and no refresh * Dashboards: Show changes in save dialog * DataSource: Default data source is no longer a persisted state but just the default data source for new panels * DataSourcePlugin API: Allow queries import when changing data source type * Elasticsearch: Respect maxConcurrentShardRequests datasource setting * Explore: Allow users to save Explore state to a new panel in a new dashboard * Explore: Avoid locking timepicker when range is inverted. * Explore: Fix closing split pane when logs panel is used * Explore: Prevent direct access to explore if disabled via feature toggle * Explore: Remove return to panel button * FileUpload: clicking the Upload file button now opens their modal correctly * Gauge: Fixes blank viz when data link exists and orientation was horizontal * GrafanaUI: Fix color of links in error Tooltips in light theme * Histogram Panel: Take decimal into consideration * InfluxDB: Fixes invalid no data alerts. #48295, @yesoreyeram * Instrumentation: Fix HTTP request instrumentation of authentication failures * Instrumentation: Make backend plugin metrics endpoints available with optional authentication * Instrumentation: Proxy status code correction and various improvements * LibraryPanels: Fix library panels not connecting properly in imported dashboards * LibraryPanels: Prevent long descriptions and names from obscuring the delete button * Logger: Use specified format for file logger * Logging: Introduce feature toggle to activate gokit/log format * Logs: Handle missing fields in dataframes better * Loki: Improve unpack parser handling * ManageDashboards: Fix error when deleting all dashboards from folder view * Middleware: Fix IPv6 host parsing in CSRF check * Navigation: Prevent navbar briefly showing on login * NewsPanel: Add support for Atom feeds. #45390, @kaydelaney * OAuth: Fix parsing of ID token if header contains non-string value * Panel Edit: Options search now works correctly when a logarithmic scale option is set * Panel Edit: Visualization search now works correctly with special characters * Plugins Catalog: Fix styling of hyperlinks * Plugins: Add deprecation notice for /api/tsdb/query endpoint * Plugins: Adding support for traceID field to accept variables * Plugins: Ensure catching all appropriate 4xx api/ds/query scenarios * Postgres: Return tables with hyphenated schemes * PostgreSQL: __unixEpochGroup to support arithmetic expression as argument * Profile/Help: Expose option to disable profile section and help menu * Prometheus: Enable new visual query builder by default * Provisioning: Fix duplicate validation when multiple organizations have been configured inserted * RBAC: Fix Anonymous Editors missing dashboard controls * RolePicker: Fix menu position on smaller screens * SAML: Allow disabling of SAML signups * Search: Sort results correctly when using postgres * Security: Fixes minor code scanning security warnings in old vendored javascript libs * Table panel: Fix horizontal scrolling when pagination is enabled * Table panel: Show datalinks for cell display modes JSON View and Gauge derivates * Table: Fix filter crashes table * Table: New pagination option * TablePanel: Add cell inspect option * TablePanel: Do not prefix columns with frame name if multipleframes and override active * TagsInput: Fix tags remove button accessibility issues * Tempo / Trace Viewer: Support Span Links in Trace Viewer * Tempo: Download span references in data inspector * Tempo: Separate trace to logs and loki search datasource config * TextPanel: Sanitize after markdown has been rendered to html * TimeRange: Fixes updating time range from url and browser history * TimeSeries: Fix detection & rendering of sparse datapoints * Timeseries: Fix outside range stale state * TimeSeries: Properly stack series with missing datapoints * TimeSeries: Sort tooltip values based on raw values * Tooltip: Fix links not legible in Tooltips when using light theme * Tooltip: Sort decimals using standard numeric compare * Trace View: Show number of child spans * Transformations: Support escaped characters in key-value pair parsing * Transforms: Labels to fields, fix label picker layout * Variables: Ensure variables in query params are correctly recognised * Variables: Fix crash when changing query variable datasource * Variables: Fixes issue with data source variables not updating queries with variable * Visualizations: Stack negative-valued series downwards - Plugin development fixes: * Card: Increase clickable area when meta items are present. * ClipboardButton: Use a fallback when the Clipboard API is unavailable * Loki: Fix operator description propup from being shortened. * OAuth: Add setting to skip org assignment for external users * Tooltips: Make tooltips non interactive by default * Tracing: Add option to map tag names to log label names in trace to logs settings prometheus-blackbox_exporter: - Add requirement for go1.18 (bsc#1203599) spacecmd: - Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove 'Undefined return code' from debug messages (bsc#1203283) spacewalk-client-tools: - Version 4.3.13-1 * Update translation strings uyuni-proxy-systemd-services: - Version 4.3.7-1 * Expose /etc/sysconfig/proxy variables to container services (bsc#1202945) Important SUSE bug 1188571 SUSE bug 1189520 SUSE bug 1192383 SUSE bug 1192763 SUSE bug 1193492 SUSE bug 1193686 SUSE bug 1199810 SUSE bug 1201535 SUSE bug 1201539 SUSE bug 1202945 SUSE bug 1203283 SUSE bug 1203596 SUSE bug 1203597 SUSE bug 1203599 CVE-2021-36222 CVE-2021-3711 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-29170 CVE-2022-31097 CVE-2022-31107 CVE-2022-35957 CVE-2022-36062 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-openjdk (Moderate) openSUSE Leap 15.3 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u352 (icedtea-3.25.0): - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475). - CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471). - CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472). Moderate SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 cpe:/o:opensuse:leap:15.3 Security update for wireshark (Important) openSUSE Leap 15.3 This update for wireshark fixes the following issues: Update to version 3.6.10: - CVE-2022-3725: OPUS dissector crash (bsc#1204822). - Multiple dissector infinite loops (bsc#1206189). - Kafka dissector memory exhaustion (bsc#1206190). Important SUSE bug 1204822 SUSE bug 1206189 SUSE bug 1206190 CVE-2022-3725 cpe:/o:opensuse:leap:15.3 Security update for libtpms (Moderate) openSUSE Leap 15.3 This update for libtpms fixes the following issues: - CVE-2021-3623: Fixed out-of-bounds access when trying to resume the state of the vTPM (bsc#1187767) Moderate SUSE bug 1187767 SUSE bug 1204556 CVE-2021-3623 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 102.6.0 ESR (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 Important SUSE bug 1206242 CVE-2022-46872 CVE-2022-46874 CVE-2022-46875 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 cpe:/o:opensuse:leap:15.3 Security update for containerd (Important) openSUSE Leap 15.3 This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). Important SUSE bug 1197284 SUSE bug 1206065 SUSE bug 1206235 CVE-2022-23471 CVE-2022-27191 cpe:/o:opensuse:leap:15.3 Security update for xorg-x11-server (Important) openSUSE Leap 15.3 This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Important SUSE bug 1205874 SUSE bug 1205875 SUSE bug 1205876 SUSE bug 1205877 SUSE bug 1205878 SUSE bug 1205879 SUSE bug 1206017 CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 cpe:/o:opensuse:leap:15.3 Security update for apache2-mod_wsgi (Moderate) openSUSE Leap 15.3 This update for apache2-mod_wsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634) Moderate SUSE bug 1201634 CVE-2022-2255 cpe:/o:opensuse:leap:15.3 Security update for ceph (Important) openSUSE Leap 15.3 This update for ceph fixes the following issues: ceph was updated to the Pacific release (16.2.9-536-g41a9f9a5573): + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979) + (bsc#1200064,) Remove last vestiges of docker.io image paths + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit + (jsc#SES-2515) High-availability NFS export + (bsc#1194875) [SES7P] include/buffer: include <memory> + cephadm: update image paths to registry.suse.com + cephadm: use snmp-notifier image from registry.suse.de + cephadm: infer the default container image during pull + mgr/cephadm: try to get FQDN for inventory address + (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12 + (bsc#1196938) cephadm: preserve authorized_keys file during upgrade + Update Prometheus Container image paths (pr #459) + mgr/dashboard: Fix documentation URL (pr #456) + mgr/dashboard: Adapt downstream branded navigation page (pr #454) + Update prometheus-server version + (bsc#1194353) Downstream branding breaks dashboard npm build + (bsc#1178073) mgr/dashboard: fix downstream NFS doc links Important SUSE bug 1178073 SUSE bug 1194131 SUSE bug 1194353 SUSE bug 1194875 SUSE bug 1195359 SUSE bug 1196044 SUSE bug 1196785 SUSE bug 1196938 SUSE bug 1200064 SUSE bug 1200553 CVE-2021-3979 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c of the component IPsec (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() of the component IPv6 Handler (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes). - ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use 'unsigned long' for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using &lt; 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1156395 SUSE bug 1184350 SUSE bug 1189297 SUSE bug 1192761 SUSE bug 1200845 SUSE bug 1201455 SUSE bug 1203144 SUSE bug 1203746 SUSE bug 1203960 SUSE bug 1204017 SUSE bug 1204142 SUSE bug 1204215 SUSE bug 1204228 SUSE bug 1204241 SUSE bug 1204328 SUSE bug 1204446 SUSE bug 1204636 SUSE bug 1204693 SUSE bug 1204780 SUSE bug 1204791 SUSE bug 1204810 SUSE bug 1204827 SUSE bug 1204850 SUSE bug 1204868 SUSE bug 1204934 SUSE bug 1204957 SUSE bug 1204963 SUSE bug 1204967 SUSE bug 1205220 SUSE bug 1205264 SUSE bug 1205329 SUSE bug 1205330 SUSE bug 1205428 SUSE bug 1205514 SUSE bug 1205567 SUSE bug 1205617 SUSE bug 1205671 SUSE bug 1205700 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205753 SUSE bug 1205984 SUSE bug 1205985 SUSE bug 1205986 SUSE bug 1205987 SUSE bug 1205988 SUSE bug 1205989 SUSE bug 1206207 CVE-2022-2602 CVE-2022-28693 CVE-2022-3567 CVE-2022-3628 CVE-2022-3635 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3545: Fixed a use-after-free vulnerability is area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in KVM when attempting to set a SynIC IRQ (bsc#1200788). The following non-security bugs were fixed: - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017). - hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017). - hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017). - hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017). - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017). - hv_netvsc: Sync offloading features to VF NIC (git-fixes). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017, bsc#1205617). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: hv: Support for create interrupt v3 (git-fixes). - PCI: hv: Use struct_size() helper (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - Revert 'scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()' (bsc#1204017). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - sunrpc: Re-purpose trace_svc_process (bsc#1205006). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to 'Hyper-V' (git-fixes). Important SUSE bug 1198702 SUSE bug 1199365 SUSE bug 1200788 SUSE bug 1200845 SUSE bug 1201455 SUSE bug 1202686 SUSE bug 1203008 SUSE bug 1203183 SUSE bug 1203290 SUSE bug 1203322 SUSE bug 1203514 SUSE bug 1203860 SUSE bug 1203960 SUSE bug 1204017 SUSE bug 1204166 SUSE bug 1204170 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204402 SUSE bug 1204414 SUSE bug 1204415 SUSE bug 1204424 SUSE bug 1204431 SUSE bug 1204432 SUSE bug 1204439 SUSE bug 1204446 SUSE bug 1204479 SUSE bug 1204574 SUSE bug 1204576 SUSE bug 1204631 SUSE bug 1204635 SUSE bug 1204636 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204653 SUSE bug 1204850 SUSE bug 1204868 SUSE bug 1205006 SUSE bug 1205128 SUSE bug 1205220 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205617 SUSE bug 1205671 SUSE bug 1205796 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206207 CVE-2021-4037 CVE-2022-2153 CVE-2022-28693 CVE-2022-2964 CVE-2022-3169 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3567 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-3903 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42703 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: Update to version 102.6 (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6 Important SUSE bug 1206242 CVE-2022-46872 CVE-2022-46874 CVE-2022-46875 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 cpe:/o:opensuse:leap:15.3 Security update for cni (Important) openSUSE Leap 15.3 This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Important SUSE bug 1181961 CVE-2021-20206 cpe:/o:opensuse:leap:15.3 Security update for cni-plugins (Important) openSUSE Leap 15.3 This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Important SUSE bug 1181961 CVE-2021-20206 cpe:/o:opensuse:leap:15.3 Security update for helm (Moderate) openSUSE Leap 15.3 This update for helm fixes the following issues: Update to version 3.10.3: - CVE-2022-23524: Fixed a denial of service in the string value parsing (bsc#1206467). - CVE-2022-23525: Fixed a denial of service with the repository index file (bsc#1206469). - CVE-2022-23526: Fixed a denial of service in the schema file handling (bsc#1206471). Moderate SUSE bug 1181419 SUSE bug 1206467 SUSE bug 1206469 SUSE bug 1206471 CVE-2021-21272 CVE-2022-1996 CVE-2022-23524 CVE-2022-23525 CVE-2022-23526 cpe:/o:opensuse:leap:15.3 Security update for conmon (Moderate) openSUSE Leap 15.3 This update for conmon fixes the following issues: conmon was updated to version 2.1.5: * don't leak syslog_identifier * logging: do not read more that the buf size * logging: fix error handling * Makefile: Fix install for FreeBSD * signal: Track changes to get_signal_descriptor in the FreeBSD version * Packit: initial enablement Update to version 2.1.4: * Fix a bug where conmon crashed when it got a SIGCHLD update to 2.1.3: * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285) * journald: print tag and name if both are specified * drop some logs to debug level Update to version 2.1.0 * logging: buffer partial messages to journald * exit: close all fds >= 3 * fix: cgroup: Free memory_cgroup_file_path if open fails. Update to version 2.0.32 * Fix: Avoid mainfd_std{in,out} sharing the same file descriptor. * exit_command: Fix: unset subreaper attribute before running exit command Update to version 2.0.31 * logging: new mode -l passthrough * ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald * conmon: Fix: free userdata files before exec cleanup Moderate SUSE bug 1200285 CVE-2022-1708 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes). - ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use 'unsigned long' for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using &lt; 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1156395 SUSE bug 1184350 SUSE bug 1189297 SUSE bug 1192761 SUSE bug 1200845 SUSE bug 1201455 SUSE bug 1203144 SUSE bug 1203746 SUSE bug 1204017 SUSE bug 1204142 SUSE bug 1204215 SUSE bug 1204241 SUSE bug 1204328 SUSE bug 1204446 SUSE bug 1204631 SUSE bug 1204636 SUSE bug 1204693 SUSE bug 1204780 SUSE bug 1204791 SUSE bug 1204810 SUSE bug 1204827 SUSE bug 1204850 SUSE bug 1204868 SUSE bug 1204934 SUSE bug 1204957 SUSE bug 1204963 SUSE bug 1204967 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205186 SUSE bug 1205220 SUSE bug 1205329 SUSE bug 1205330 SUSE bug 1205428 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205617 SUSE bug 1205671 SUSE bug 1205700 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205753 SUSE bug 1205796 SUSE bug 1205984 SUSE bug 1205985 SUSE bug 1205986 SUSE bug 1205987 SUSE bug 1205988 SUSE bug 1205989 SUSE bug 1206032 SUSE bug 1206037 SUSE bug 1206207 CVE-2022-2602 CVE-2022-28693 CVE-2022-3567 CVE-2022-3628 CVE-2022-3635 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes). - ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use 'unsigned long' for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using &lt; 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1156395 SUSE bug 1184350 SUSE bug 1189297 SUSE bug 1192761 SUSE bug 1199657 SUSE bug 1200845 SUSE bug 1201455 SUSE bug 1201469 SUSE bug 1203144 SUSE bug 1203746 SUSE bug 1203960 SUSE bug 1204017 SUSE bug 1204142 SUSE bug 1204215 SUSE bug 1204228 SUSE bug 1204241 SUSE bug 1204328 SUSE bug 1204414 SUSE bug 1204446 SUSE bug 1204636 SUSE bug 1204693 SUSE bug 1204780 SUSE bug 1204791 SUSE bug 1204810 SUSE bug 1204827 SUSE bug 1204850 SUSE bug 1204868 SUSE bug 1204934 SUSE bug 1204957 SUSE bug 1204963 SUSE bug 1204967 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205220 SUSE bug 1205264 SUSE bug 1205329 SUSE bug 1205330 SUSE bug 1205428 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205567 SUSE bug 1205617 SUSE bug 1205671 SUSE bug 1205700 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205753 SUSE bug 1205796 SUSE bug 1205984 SUSE bug 1205985 SUSE bug 1205986 SUSE bug 1205987 SUSE bug 1205988 SUSE bug 1205989 SUSE bug 1206032 SUSE bug 1206037 SUSE bug 1206207 CVE-2022-2602 CVE-2022-28693 CVE-2022-29900 CVE-2022-29901 CVE-2022-3567 CVE-2022-3628 CVE-2022-3635 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 cpe:/o:opensuse:leap:15.3 Security update for freeradius-server (Important) openSUSE Leap 15.3 This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixes an information leakage in EAP-PWD (bsc#1206204). - CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM (bsc#1206205). - CVE-2022-41861: Fixes a crash on invalid abinary data (bsc#1206206). Important SUSE bug 1206204 SUSE bug 1206205 SUSE bug 1206206 CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 cpe:/o:opensuse:leap:15.3 Security update for sqlite3 (Moderate) openSUSE Leap 15.3 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). Moderate SUSE bug 1206337 CVE-2022-46908 cpe:/o:opensuse:leap:15.3 Security update for systemd (Important) openSUSE Leap 15.3 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). Important SUSE bug 1200723 SUSE bug 1203857 SUSE bug 1204423 SUSE bug 1205000 CVE-2022-4415 cpe:/o:opensuse:leap:15.3 Security update for vim (Important) openSUSE Leap 15.3 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). Important SUSE bug 1204779 SUSE bug 1205797 SUSE bug 1206028 SUSE bug 1206071 SUSE bug 1206072 SUSE bug 1206075 SUSE bug 1206077 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 cpe:/o:opensuse:leap:15.3 Security update for curl (Moderate) openSUSE Leap 15.3 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). Moderate SUSE bug 1206309 CVE-2022-43552 cpe:/o:opensuse:leap:15.3 Security update for virglrenderer (Important) openSUSE Leap 15.3 This update for virglrenderer fixes the following issues: - CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389). Important SUSE bug 1195389 CVE-2022-0135 cpe:/o:opensuse:leap:15.3 Security update for tiff (Important) openSUSE Leap 15.3 This update for tiff fixes the following issues: - CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031). - CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365). - CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). - CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539). Important SUSE bug 1071031 SUSE bug 1154365 SUSE bug 1182808 SUSE bug 1182809 SUSE bug 1182811 SUSE bug 1182812 SUSE bug 1190312 SUSE bug 1194539 CVE-2017-17095 CVE-2019-17546 CVE-2020-19131 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 CVE-2022-22844 cpe:/o:opensuse:leap:15.3 Security update for rust (Moderate) openSUSE Leap 15.3 This update for rust fixes the following issues: - CVE-2022-21658: Fixed race condition in std::fs::remove_dir_all (bsc#1194767). Moderate SUSE bug 1194767 CVE-2022-21658 cpe:/o:opensuse:leap:15.3 Security update for strongswan (Important) openSUSE Leap 15.3 This update for strongswan fixes the following issues: - CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471) Important SUSE bug 1194471 CVE-2021-45079 cpe:/o:opensuse:leap:15.3 Security update for clamav (Important) openSUSE Leap 15.3 This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) Important SUSE bug 1194731 CVE-2022-20698 cpe:/o:opensuse:leap:15.3 Security update for expat (Important) openSUSE Leap 15.3 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Important SUSE bug 1195054 SUSE bug 1195217 CVE-2022-23852 CVE-2022-23990 cpe:/o:opensuse:leap:15.3 Security update for python-Twisted (Important) openSUSE Leap 15.3 This update for python-Twisted fixes the following issues: - CVE-2022-21712: Fixed secret exposure in cross-origin redirects by properly removing sensitive headers when redirecting to a different origin (bsc#1195667). Important SUSE bug 1195667 CVE-2022-21712 cpe:/o:opensuse:leap:15.3 Security update for net-snmp (Important) openSUSE Leap 15.3 This update for net-snmp fixes the following issues: - CVE-2020-15862: Make extended MIB read-only (bsc#1174961) - CVE-2018-18065: Fix remote DoS in agent/helpers/table.c (bsc#1111122) Important SUSE bug 1027353 SUSE bug 1081164 SUSE bug 1102775 SUSE bug 1108471 SUSE bug 1111122 SUSE bug 1116807 SUSE bug 1140341 SUSE bug 1145864 SUSE bug 1152968 SUSE bug 1174961 SUSE bug 1178021 SUSE bug 1178351 SUSE bug 1179009 SUSE bug 1179699 SUSE bug 1181591 CVE-2018-18065 CVE-2020-15862 cpe:/o:opensuse:leap:15.3 Security update for xerces-j2 (Important) openSUSE Leap 15.3 This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). Important SUSE bug 1195108 CVE-2022-23437 cpe:/o:opensuse:leap:15.3 Security update for xerces-j2 (Important) openSUSE Leap 15.3 This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). Important SUSE bug 1195108 CVE-2022-23437 cpe:/o:opensuse:leap:15.3 Security update for libsndfile (Important) openSUSE Leap 15.3 This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). Important SUSE bug 1194006 CVE-2021-4156 cpe:/o:opensuse:leap:15.3 Security update for polkit (Moderate) openSUSE Leap 15.3 This update for polkit fixes the following issues: - CVE-2021-4115: Fixed a denial of service via file descriptor leak (bsc#1195542). Moderate SUSE bug 1195542 CVE-2021-4115 cpe:/o:opensuse:leap:15.3 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Moderate) openSUSE Leap 15.3 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: - Update to version 0.49.0 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v0.49.0 - Drop kubevirt-psp-caasp.yaml - Install curl and lsscsi (needed for testing) - Symlink UEFI firmware with AMD SEV support - Install tar package to enable kubectl cp ... - Make a 'fixed appliance' for libguestfs - Explicitly install libguestfs{,-devel} and supermin Moderate CVE-2021-43565 cpe:/o:opensuse:leap:15.3 Security update for systemd (Moderate) openSUSE Leap 15.3 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) Moderate SUSE bug 1191826 SUSE bug 1192637 SUSE bug 1194178 CVE-2021-3997 cpe:/o:opensuse:leap:15.3 Security update for ImageMagick (Moderate) openSUSE Leap 15.3 This update for ImageMagick fixes the following issues: - CVE-2022-0284: Fixed heap buffer overread in GetPixelAlpha() in MagickCore/pixel-accessor.h (bsc#1195563). Moderate SUSE bug 1195563 CVE-2022-0284 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 91.6.1 / MFSA 2022-07 (bsc#1196072) * CVE-2022-0566 (bmo#1753094) Crafted email could trigger an out-of-bounds write - Mozilla Thunderbird 91.6 / MFSA 2022-06 (bsc#1195682) * CVE-2022-22753 (bmo#1732435) Privilege Escalation to SYSTEM on Windows via Maintenance Service * CVE-2022-22754 (bmo#1750565) Extensions could have bypassed permission confirmation during update * CVE-2022-22756 (bmo#1317873) Drag and dropping an image could have resulted in the dropped object being an executable * CVE-2022-22759 (bmo#1739957) Sandboxed iframes could have executed script if the parent appended elements * CVE-2022-22760 (bmo#1740985, bmo#1748503) Cross-Origin responses could be distinguished between script and non-script content-types * CVE-2022-22761 (bmo#1745566) frame-ancestors Content Security Policy directive was not enforced for framed extension pages * CVE-2022-22763 (bmo#1740534) Script Execution during invalid object state * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545, bmo#1748210, bmo#1748279) Memory safety bugs fixed in Thunderbird 91.6 Important SUSE bug 1195682 SUSE bug 1196072 CVE-2022-0566 CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094) - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bnc#1194087). - CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990) - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2020-24504: Fixed an uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers that may have allowed an authenticated user to potentially enable denial of service via local access. (bnc#1182404) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bnc#1179599) - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bnc#1192877) The following non-security bugs were fixed: - ACPI: battery: Accept charges over the design capacity as full (git-fixes). - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes). - ACPICA: Avoid evaluating methods too early during system resume (git-fixes). - ALSA: ctxfi: Fix out-of-range access (git-fixes). - ALSA: gus: fix null pointer dereference on pointer block (git-fixes). - ALSA: hda: hdac_ext_stream: fix potential locking issues (git-fixes). - ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes). - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes). - ALSA: ISA: not for M68K (git-fixes). - ALSA: synth: missing check for possible NULL after the call to kstrdup (git-fixes). - ALSA: timer: Fix use-after-free problem (git-fixes). - ALSA: timer: Unconditionally unlink slave instances, too (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes). - ARM: 8970/1: decompressor: increase tag size (git-fixes). - ARM: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes) - ARM: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes) - ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes) - ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes) - ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes) - ARM: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes) - ARM: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes) - ARM: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes) - ARM: 9091/1: Revert 'mm: qsd8x50: Fix incorrect permission faults' (git-fixes) - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes) - ARM: 9134/1: remove duplicate memcpy() definition (git-fixes) - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes) - ARM: 9141/1: only warn about XIP address when not compile testing (git-fixes) - ARM: 9155/1: fix early early_iounmap() (git-fixes) - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes) - ARM: at91: pm: of_node_put() after its usage (git-fixes) - ARM: at91: pm: use proper master clock register offset (git-fixes) - ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes) - ARM: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes) - ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes) - ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes) - ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes) - ARM: dts: am437x-l4: fix typo in can@0 node (git-fixes) - ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes) - ARM: dts: armada388-helios4: assign pinctrl to each fan (git-fixes) - ARM: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes) - ARM: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes) - ARM: dts: aspeed: tiogapass: Remove vuart (git-fixes) - ARM: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes) - ARM: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes) - ARM: dts: at91: at91sam9rl: fix ADC triggers (git-fixes) - ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes) - ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes) - ARM: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes) - ARM: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes) - ARM: dts: at91: sama5d2: map securam as device (git-fixes) - ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes) - ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes) - ARM: dts: at91: sama5d4: fix pinctrl muxing (git-fixes) - ARM: dts: at91: tse850: the emaclt;->phy interface is rmii (git-fixes) - ARM: dts: bcm: HR2: Fix PPI interrupt types (git-fixes) - ARM: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes) - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes) - ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes) - ARM: dts: BCM5301X: Fixed QSPI compatible string (git-fixes) - ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes) - ARM: dts: Configure missing thermal interrupt for 4430 (git-fixes) - ARM: dts: dra76x: Fix mmc3 max-frequency (git-fixes) - ARM: dts: dra76x: m_can: fix order of clocks (git-fixes) - ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes) - ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes) - ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes) - ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes) - ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes) - ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes) - ARM: dts: Fix dcan driver probe failed on am437x platform (git-fixes) - ARM: dts: Fix duovero smsc interrupt for suspend (git-fixes) - ARM: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes) - ARM: dts: gose: Fix ports node name for adv7180 (git-fixes) - ARM: dts: gose: Fix ports node name for adv7612 (git-fixes) - ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes) - ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes) - ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes) - ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes) - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes) - ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes) - ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes) - ARM: dts: imx6: phycore-som: fix emmc supply (git-fixes) - ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes) - ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes). - ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes) - ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes) - ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes) - ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes) - ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes) - ARM: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes) - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes) - ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes) - ARM: dts: imx6qdl-gw551x: fix audio SSI (git-fixes) - ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes) - ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes) - ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes) - ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes) - ARM: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes) - ARM: dts: imx6sl: fix rng node (git-fixes) - ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes) - ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes) - ARM: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes) - ARM: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes) - ARM: dts: imx6sx: Improve UART pins macro defines (git-fixes) - ARM: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes) - ARM: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes) - ARM: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes) - ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes) - ARM: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes) - ARM: dts: imx7d: Correct speed grading fuse settings (git-fixes) - ARM: dts: imx7d: fix opp-supported-hw (git-fixes) - ARM: dts: imx7ulp: Correct gpio ranges (git-fixes) - ARM: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes) - ARM: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes) - ARM: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes) - ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes) - ARM: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes) - ARM: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes) - ARM: dts: meson: fix PHY deassert timing requirements (git-fixes) - ARM: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes) - ARM: dts: meson8: Use a higher default GPU clock frequency (git-fixes) - ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: mt7623: add missing pause for switchport (git-fixes) - ARM: dts: N900: fix onenand timings (git-fixes). - ARM: dts: NSP: Correct FA2 mailbox node (git-fixes) - ARM: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes) - ARM: dts: NSP: Fixed QSPI compatible string (git-fixes) - ARM: dts: omap3-gta04a4: accelerometer irq fix (git-fixes) - ARM: dts: omap3430-sdp: Fix NAND device node (git-fixes) - ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes) - ARM: dts: oxnas: Fix clear-mask property (git-fixes) - ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes) - ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes) - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes) - ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes) - ARM: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes) - ARM: dts: r8a7740: Add missing extal2 to CPG node (git-fixes) - ARM: dts: r8a7779, marzen: Fix DU clock names (git-fixes) - ARM: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes) - ARM: dts: renesas: Fix IOMMU device node names (git-fixes) - ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes) - ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes) - ARM: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes) - ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes) - ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes) - ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes) - ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes) - ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes) - ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes) - ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes) - ARM: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes) - ARM: dts: sun8i: v3s: fix GIC node memory range (git-fixes) - ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes) - ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes) - ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sunxi: Fix DE2 clocks register range (git-fixes) - ARM: dts: turris-omnia: add comphy handle to eth2 (git-fixes) - ARM: dts: turris-omnia: add SFP node (git-fixes) - ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes) - ARM: dts: turris-omnia: describe switch interrupt (git-fixes) - ARM: dts: turris-omnia: enable HW buffer management (git-fixes) - ARM: dts: turris-omnia: fix hardware buffer management (git-fixes) - ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes) - ARM: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes). - ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes) - ARM: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes) - ARM: exynos: add missing of_node_put for loop iteration (git-fixes) - ARM: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes) - ARM: footbridge: fix PCI interrupt mapping (git-fixes) - ARM: imx: add missing clk_disable_unprepare() (git-fixes) - ARM: imx: add missing iounmap() (git-fixes) - ARM: imx: build suspend-imx6.S with arm instruction set (git-fixes) - ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes) - ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes) - ARM: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes) - ARM: mvebu: drop pointless check for coherency_base (git-fixes) - ARM: OMAP2+: Fix legacy mode dss_reset (git-fixes) - ARM: OMAP2+: omap_device: fix idling of devices during probe (git-fixes) - ARM: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes) - ARM: p2v: fix handling of LPAE translation in BE mode (git-fixes) - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes) - ARM: s3c24xx: fix missing system reset (git-fixes) - ARM: s3c24xx: fix mmc gpio lookup tables (git-fixes) - ARM: samsung: do not build plat/pm-common for Exynos (git-fixes) - ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes) - ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes) - ASoC: DAPM: Cover regression by kctl change notification fix (git-fixes). - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes). - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes). - ASoC: SOF: Intel: hda-dai: fix potential locking issue (git-fixes). - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes). - ath10k: fix invalid dma_addr_t token assignment (git-fixes). - ath10k: high latency fixes for beacon buffer (git-fixes). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - block: Fix use-after-free issue accessing struct io_cq (bsc#1193042). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - Bluetooth: Add additional Bluetooth part for Realtek 8852AE (bsc#1193655). - Bluetooth: btrtl: Refine the ic_id_table for clearer and more regular (bsc#1193655). - Bluetooth: btusb: Add another Bluetooth part for Realtek 8852AE (bsc#1193655). - Bluetooth: btusb: Add the more support IDs for Realtek RTL8822CE (bsc#1193655). - Bluetooth: btusb: Add the new support ID for Realtek RTL8852A (bsc#1193655). - Bluetooth: btusb: btrtl: Add support for RTL8852A (bsc#1193655). - Bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes). - bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275). - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes). - bpf, arm: Fix register clobbering in div/mod implementation (git-fixes) - bpf, s390: Fix potential memory leak about jit_data (git-fixes). - bpf, x86: Fix 'no previous prototype' warning (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes). - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002). - btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002). - btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998). - btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998). - btrfs: make checksum item extension more efficient (bsc#1193002). - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes). - cifs: add a debug macro that prints \\server\share for errors (bsc#1164565). - cifs: add a function to get a cached dir based on its dentry (bsc#1192606). - cifs: add a helper to find an existing readable handle to a file (bsc#1154355). - cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606). - cifs: add an smb3_fs_context to cifs_sb (bsc#1192606). - cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606). - cifs: add files to host new mount api (bsc#1192606). - cifs: add fs_context param to parsing helpers (bsc#1192606). - cifs: Add get_security_type_str function to return sec type (bsc#1192606). - cifs: add initial reconfigure support (bsc#1192606). - cifs: add missing mount option to /proc/mounts (bsc#1164565). - cifs: add missing parsing of backupuid (bsc#1192606). - cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606). - cifs: add mount parameter tcpnodelay (bsc#1192606). - cifs: add multichannel mount options and data structs (bsc#1192606). - cifs: add new debugging macro cifs_server_dbg (bsc#1164565). - cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1192606). - cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1192606). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: add passthrough for smb2 setinfo (bsc#1164565). - cifs: add server param (bsc#1192606). - cifs: add shutdown support (bsc#1192606). - cifs: add smb2 POSIX info level (bsc#1164565). - cifs: add SMB2_open() arg to return POSIX data (bsc#1164565). - cifs: add SMB3 change notification support (bsc#1164565). - cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565). - cifs: add support for flock (bsc#1164565). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1164565). - cifs: Add tracepoints for errors on flush or fsync (bsc#1164565). - cifs: Add witness information to debug data dump (bsc#1192606). - cifs: add witness mount option and data structs (bsc#1192606). - cifs: added WARN_ON for all the count decrements (bsc#1192606). - cifs: Adjust indentation in smb2_open_file (bsc#1164565). - cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606). - cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606). - cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606). - cifs: Allocate encryption header through kmalloc (bsc#1192606). - cifs: allow chmod to set mode bits using special sid (bsc#1164565). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: allow unlock flock and OFD lock across fork (bsc#1192606). - cifs: Always update signing key of first channel (bsc#1192606). - cifs: ask for more credit on async read/write code paths (bsc#1192606). - cifs: Assign boolean values to a bool variable (bsc#1192606). - cifs: Avoid doing network I/O while holding cache lock (bsc#1164565). - cifs: Avoid error pointer dereference (bsc#1192606). - cifs: avoid extra calls in posix_info_parse (bsc#1192606). - cifs: Avoid field over-reading memcpy() (bsc#1192606). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: avoid using MID 0xFFFF (bnc#1151927 5.3.8). - cifs: call wake_up(server->response_q) inside of cifs_reconnect() (bsc#1164565). - cifs: change confusing field serverName (to ip_addr) (bsc#1192606). - cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: check new file size when extending file by fallocate (bsc#1192606). - cifs: check pointer before freeing (bsc#1183534). - cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606). - cifs: cifs_md4 convert to SPDX identifier (bsc#1192606). - cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606). - cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565). - cifs: clarify comment about timestamp granularity for old servers (bsc#1192606). - cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606). - cifs: Clarify SMB1 code for delete (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Create (bsc#1192606). - cifs: Clarify SMB1 code for POSIX delete file (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Lock (bsc#1192606). - cifs: Clarify SMB1 code for rename open file (bsc#1192606). - cifs: Clarify SMB1 code for SetFileSize (bsc#1192606). - cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606). - cifs: Clean up DFS referral cache (bsc#1164565). - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606). - cifs: cleanup misc.c (bsc#1192606). - cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606). - cifs: Close cached root handle only if it had a lease (bsc#1164565). - cifs: Close open handle after interrupted close (bsc#1164565). - cifs: close the shared root handle on tree disconnect (bsc#1164565). - cifs: compute full_path already in cifs_readdir() (bsc#1192606). - cifs: connect individual channel servers to primary channel server (bsc#1192606). - cifs: connect: style: Simplify bool comparison (bsc#1192606). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: constify path argument of ->make_node() (bsc#1192606). - cifs: constify pathname arguments in a bunch of helpers (bsc#1192606). - cifs: Constify static struct genl_ops (bsc#1192606). - cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042). - cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606). - cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606). - cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606). - cifs: convert to use be32_add_cpu() (bsc#1192606). - cifs: Convert to use the fallthrough macro (bsc#1192606). - cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606). - cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606). - cifs: create a helper function to parse the query-directory response buffer (bsc#1164565). - cifs: create a helper to find a writeable handle by path name (bsc#1154355). - cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606). - cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606). - cifs: create sd context must be a multiple of 8 (bsc#1192606). - cifs: Deal with some warnings from W=1 (bsc#1192606). - cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606). - cifs: delete duplicated words in header files (bsc#1192606). - cifs: detect dead connections only when echoes are enabled (bsc#1192606). - cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606). - cifs: do d_move in rename (bsc#1164565). - cifs: do not allow changing posix_paths during remount (bsc#1192606). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606). - cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606). - cifs: Do not display RDMA transport on reconnect (bsc#1164565). - cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: do not ignore the SYNC flags in getattr (bsc#1164565). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606). - cifs: Do not miss cancelled OPEN responses (bsc#1164565). - cifs: do not negotiate session if session already exists (bsc#1192606). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not set ->i_mode of something we had not created (bsc#1192606). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565). - cifs: Do not use iov_iter::type directly (bsc#1192606). - cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: dump channel info in DebugData (bsc#1192606). - cifs: dump Security Type info in DebugData (bsc#1192606). - cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606). - cifs: enable change notification for SMB2.1 dialect (bsc#1164565). - cifs: enable extended stats by default (bsc#1192606). - cifs: Enable sticky bit with cifsacl mount option (bsc#1192606). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: escape spaces in share names (bsc#1192606). - cifs: export supported mount options via new mount_params /proc file (bsc#1192606). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1192606). - cifs: fix a comment for the timeouts when sending echos (bsc#1164565). - cifs: fix a memleak with modefromsid (bsc#1192606). - cifs: fix a sign extension bug (bsc#1192606). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1164565). - cifs: fix allocation size on newly created files (bsc#1192606). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: Fix atime update check vs mtime (bsc#1164565). - cifs: Fix bug which the return value by asynchronous read is error (bsc#1192606). - cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606). - cifs: fix channel signing (bsc#1192606). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606). - cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606). - cifs: Fix cifsacl ACE mask for group and others (bsc#1192606). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10). - cifs: fix credit accounting for extra channel (bsc#1192606). - cifs: Fix data inconsistent when punch hole (bsc#1176544). - cifs: Fix data inconsistent when zero file range (bsc#1176536). - cifs: fix dereference on ses before it is null checked (bsc#1164565). - cifs: fix dfs domain referrals (bsc#1192606). - cifs: fix DFS failover (bsc#1192606). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix dfs-links (bsc#1192606). - cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606). - cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: fix double-put on late allocation failure (bsc#1192606). - cifs: Fix fall-through warnings for Clang (bsc#1192606). - cifs: fix fallocate when trying to allocate a hole (bsc#1192606). - cifs: fix gcc warning in sid_to_id (bsc#1192606). - cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606). - cifs: Fix in error types returned for out-of-credit situations (bsc#1192606). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: Fix inconsistent indenting (bsc#1192606). - cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606). - cifs: fix incorrect kernel doc comments (bsc#1192606). - cifs: fix interrupted close commands (git-fixes). - cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606). - cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565). - cifs: Fix lookup of SMB connections on multichannel (bsc#1192606). - cifs: fix max ea value size (bnc#1151927 5.3.4). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606). - cifs: fix minor typos in comments and log messages (bsc#1192606). - cifs: Fix missed free operations (bnc#1151927 5.3.8). - cifs: fix missing null session check in mount (bsc#1192606). - cifs: fix missing spinlock around update to ses->status (bsc#1192606). - cifs: fix misspellings using codespell tool (bsc#1192606). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565). - cifs: Fix mode output in debugging statements (bsc#1164565). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: Fix mount options set in automount (bsc#1164565). - cifs: fix mounts to subdirectories of target (bsc#1192606). - cifs: fix nodfs mount option (bsc#1181710). - cifs: fix NULL dereference in match_prepath (bsc#1164565). - cifs: fix NULL dereference in smb2_check_message() (bsc#1192606). - cifs: Fix null pointer check in cifs_read (bsc#1192606). - cifs: Fix NULL pointer dereference in mid callback (bsc#1164565). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16). - cifs: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4). - cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: fix possible uninitialized access and race on iface_list (bsc#1192606). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565). - cifs: fix potential mismatch of UNC paths (bsc#1164565). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565). - cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: Fix preauth hash corruption (git-fixes). - cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042). - cifs: fix reference leak for tlink (bsc#1192606). - cifs: fix regression when mounting shares with prefix paths (bsc#1192606). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565). - cifs: Fix resource leak (bsc#1192606). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565). - cifs: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10). - cifs: Fix return value in __update_cache_entry (bsc#1164565). - cifs: fix rsize/wsize to be negotiated values (bsc#1192606). - cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606). - cifs: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: Fix some error pointers handling detected by static checker (bsc#1192606). - cifs: Fix spelling of 'security' (bsc#1192606). - cifs: fix string declarations and assignments in tracepoints (bsc#1192606). - cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606). - cifs: Fix task struct use-after-free on reconnect (bsc#1164565). - cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606). - cifs: Fix the target file was deleted when rename failed (bsc#1192606). - cifs: fix trivial typo (bsc#1192606). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565). - cifs: Fix unix perm bits to cifsacl conversion for 'other' bits (bsc#1192606). - cifs: fix unneeded null check (bsc#1192606). - cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606). - cifs: Fix use after free of file info structures (bnc#1151927 5.3.8). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606). - cifs: for compound requests, use open handle if possible (bsc#1192606). - cifs: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7). - cifs: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7). - cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606). - cifs: get mode bits from special sid on stat (bsc#1164565). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: get rid of cifs_sb->mountdata (bsc#1192606). - cifs: Get rid of kstrdup_const()'d paths (bsc#1164565). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606). - cifs: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7). - cifs: handle -EINTR in cifs_setattr (bsc#1192606). - cifs: handle 'guest' mount parameter (bsc#1192606). - cifs: handle 'nolease' option for vers=1.0 (bsc#1192606). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle ERRBaduid for SMB1 (bsc#1192606). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle prefix paths in reconnect (bsc#1164565). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: Handle witness client move notification (bsc#1192606). - cifs: have ->mkdir() handle race with another client sanely (bsc#1192606). - cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606). - cifs: Identify a connection by a conn_id (bsc#1192606). - cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606). - cifs: ignore auto and noauto options if given (bsc#1192606). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: improve fallocate emulation (bsc#1192606). - cifs: improve read performance for page size 64KB cache=strict vers=2.1+ (bsc#1192606). - cifs: In the new mount api we get the full devname as source= (bsc#1192606). - cifs: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606). - cifs: Initialize filesystem timestamp ranges (bsc#1164565). - cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: Introduce helpers for finding TCP connection (bsc#1164565). - cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: log mount errors using cifs_errorf() (bsc#1192606). - cifs: log warning message (once) if out of disk space (bsc#1164565). - cifs: make build_path_from_dentry() return const char * (bsc#1192606). - cifs: make const array static, makes object smaller (bsc#1192606). - cifs: Make extract_hostname function public (bsc#1192606). - cifs: Make extract_sharename function public (bsc#1192606). - cifs: make fs_context error logging wrapper (bsc#1192606). - cifs: make locking consistent around the server session status (bsc#1192606). - cifs: make multichannel warning more visible (bsc#1192606). - cifs: Make SMB2_notify_init static (bsc#1164565). - cifs: make sure we do not overflow the max EA buffer size (bsc#1164565). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565). - cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565). - cifs: minor fix to two debug messages (bsc#1192606). - cifs: minor kernel style fixes for comments (bsc#1192606). - cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606). - cifs: minor updates to Kconfig (bsc#1192606). - cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606). - cifs: missed ref-counting smb session in find (bsc#1192606). - cifs: missing null check for newinode pointer (bsc#1192606). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: modefromsid: make room for 4 ACE (bsc#1164565). - cifs: modefromsid: write mode ACE first (bsc#1164565). - cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606). - cifs: move cache mount options to fs_context.ch (bsc#1192606). - cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606). - cifs: move cifs_parse_devname to fs_context.c (bsc#1192606). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355). - cifs: move debug print out of spinlock (bsc#1192606). - cifs: Move more definitions into the shared area (bsc#1192606). - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606). - cifs: move security mount options into fs_context.ch (bsc#1192606). - cifs: move SMB FSCTL definitions to common code (bsc#1192606). - cifs: move smb version mount options into fs_context.c (bsc#1192606). - cifs: Move SMB2_Create definitions to the shared area (bsc#1192606). - cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606). - cifs: move the check for nohandlecache into open_shroot (bsc#1192606). - cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606). - cifs: move update of flags into a separate function (bsc#1192606). - cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606). - cifs: multichannel: move channel selection above transport layer (bsc#1192606). - cifs: multichannel: move channel selection in function (bsc#1192606). - cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606). - cifs: multichannel: use pointer for binding channel (bsc#1192606). - cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9). - cifs: New optype for session operations (bsc#1181507). - cifs: nosharesock should be set on new server (bsc#1192606). - cifs: nosharesock should not share socket with future sessions (bsc#1192606). - cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606). - cifs: Optimize readdir on reparse points (bsc#1164565). - cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606). - cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606). - cifs: plumb smb2 POSIX dir enumeration (bsc#1164565). - cifs: populate server_hostname for extra channels (bsc#1192606). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606). - cifs: print warning mounting with vers=1.0 (bsc#1164565). - cifs: properly invalidate cached root handle when closing it (bsc#1192606). - cifs: Properly process SMB3 lease breaks (bsc#1164565). - cifs: protect session channel fields with chan_lock (bsc#1192606). - cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606). - cifs: protect updating server->dstaddr with a spinlock (bsc#1192606). - cifs: Re-indent cifs_swn_reconnect() (bsc#1192606). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: reduce stack use in smb2_compound_op (bsc#1192606). - cifs: refactor cifs_get_inode_info() (bsc#1164565). - cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606). - cifs: Reformat DebugData and index connections by conn_id (bsc#1192606). - cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset. - cifs: release lock earlier in dequeue_mid error case (bsc#1192606). - cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606). - cifs: remove actimeo from cifs_sb (bsc#1192606). - cifs: remove bogus debug code (bsc#1179427). - cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606). - cifs: remove duplicated prototype (bsc#1192606). - cifs: remove old dead code (bsc#1192606). - cifs: remove pathname for file from SPDX header (bsc#1192606). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565). - cifs: remove redundant assignment to variable rc (bsc#1164565). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: Remove repeated struct declaration (bsc#1192606). - cifs: Remove set but not used variable 'capabilities' (bsc#1164565). - cifs: remove set but not used variable 'server' (bsc#1164565). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565). - cifs: remove set but not used variables (bsc#1164565). - cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606). - cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606). - cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606). - cifs: Remove the superfluous break (bsc#1192606). - cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606). - cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606). - cifs: Remove unnecessary struct declaration (bsc#1192606). - cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: remove unused variable 'server' (bsc#1192606). - cifs: remove unused variable 'sid_user' (bsc#1164565). - cifs: remove unused variable (bsc#1164565). - cifs: Remove useless variable (bsc#1192606). - cifs: remove various function description warnings (bsc#1192606). - cifs: rename a variable in SendReceive() (bsc#1164565). - cifs: rename cifs_common to smbfs_common (bsc#1192606). - cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606). - cifs: rename posix create rsp (bsc#1164565). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606). - cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565). - cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606). - cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606). - cifs: return cached_fid from open_shroot (bsc#1192606). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - cifs: returning mount parm processing errors correctly (bsc#1192606). - cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606). - cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606). - cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606). - cifs: send workstation name during ntlmssp session setup (bsc#1192606). - cifs: set a minimum of 120s for next dns resolution (bsc#1192606). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565). - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606). - cifs: Silently ignore unknown oplock break handle (bsc#1192606). - cifs: Simplify bool comparison (bsc#1192606). - cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606). - cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606). - cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606). - cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565). - cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606). - cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606). - cifs: smbd: Check send queue size before posting a send (bsc#1192606). - cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565). - cifs: smbd: Merge code to track pending packets (bsc#1192606). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565). - cifs: smbd: Properly process errors on ib_post_send (bsc#1192606). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565). - cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606). - cifs: sort interface list by speed (bsc#1192606). - cifs: Spelling s/EACCESS/EACCES/ (bsc#1192606). - cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: Standardize logging output (bsc#1192606). - cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606). - cifs: style: replace one-element array with flexible-array (bsc#1192606). - cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042). - cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042). - cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606). - cifs: switch servers depending on binding state (bsc#1192606). - cifs: switch to new mount api (bsc#1192606). - cifs: To match file servers, make sure the server hostname matches (bsc#1192606). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cifs: try harder to open new channels (bsc#1192606). - cifs: try opening channels after mounting (bsc#1192606). - cifs: uncomplicate printing the iocharset parameter (bsc#1192606). - cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606). - cifs: update ctime and mtime during truncate (bsc#1192606). - cifs: update FSCTL definitions (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update mnt_cifs_flags during reconfigure (bsc#1192606). - cifs: update new ACE pointer after populate_new_aces (bsc#1192606). - cifs: update super_operations to show_devname (bsc#1192606). - cifs: Use #define in cifs_dbg (bsc#1164565). - cifs: use %pd instead of messing with ->d_name (bsc#1192606). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565). - cifs: use compounding for open and first query-dir for readdir() (bsc#1164565). - cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606). - cifs: use echo_interval even when connection not ready (bsc#1192606). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355). - cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1164565). - cifs: use mod_delayed_work() for server->reconnect if already queued (bsc#1164565). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565). - cifs: use SPDX-Licence-Identifier (bsc#1192606). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606). - cifs: use true,false for bool variable (bsc#1164565). - cifs: use true,false for bool variable (bsc#1164565). - cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606). - cifs: Warn less noisily on default mount (bsc#1192606). - cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606). - clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes). - clk: ingenic: Fix bugs with divided dividers (git-fixes). - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes). - crypto: pcrypt - Delay write to padata->info (git-fixes). - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes). - cxgb4: fix eeprom len when diagnostics not implemented (git-fixes). - dm: fix deadlock when swapping to encrypted device (bsc#1186332). - dm: remove unnecessary discard limits for raid0 and raid10 (bsc#1192320). - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes). - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes). - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes). - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes). - drm/amd/display: Set plane update flags for all planes in reset (git-fixes). - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes). - drm/msm: Do hw_init() before capturing GPU state (git-fixes). - drm/msm/a6xx: Allocate enough space for GMU registers (git-fixes). - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes). - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (git-fixes). - drm/nouveau/svm: Fix refcount leak bug and missing check against null bug (git-fixes). - drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes). - drm/pl111: Actually fix CONFIG_VEXPRESS_CONFIG depends (git-fixes). - drm/plane-helper: fix uninitialized variable reference (git-fixes). - drm/vc4: fix error code in vc4_create_object() (git-fixes). - e1000e: Separate TGP board type from SPT (bsc#1192874). - EDAC/amd64: Handle three rank interleaving mode (bsc#1152489). - elfcore: correct reference to CONFIG_UML (git-fixes). - elfcore: fix building with clang (bsc#1169514). - ethtool: fix ethtool msg len calculation for pause stats (jsc#SLE-15075). - firmware: qcom_scm: Mark string array const (git-fixes). - fuse: release pipe buf after last use (bsc#1193318). - gve: Add netif_set_xps_queue call (bsc#1176940). - gve: Add rx buffer pagecnt bias (bsc#1176940). - gve: Allow pageflips on larger pages (bsc#1176940). - gve: Do lazy cleanup in TX path (git-fixes). - gve: DQO: avoid unused variable warnings (bsc#1176940). - gve: Switch to use napi_complete_done (git-fixes). - gve: Track RX buffer allocation failures (bsc#1176940). - hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for yellow carp (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for Zen3 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Create common functions and macros for Zen CPU families (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Do not show Tdie for all Zen/Zen2/Zen3 CPU/APU (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) make some symbols static (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove residues of current and voltage (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Reorganize and simplify temperature support detection (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Rework the temperature offset calculation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) support Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Swap Tdie and Tctl on Family 17h CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update documentation and add temp2_input info (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update driver documentation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - i2c: cbus-gpio: set atomic transfer callback (git-fixes). - i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes). - i2c: stm32f7: recover the bus on access timeout (git-fixes). - i2c: stm32f7: stop dma transfer in case of NACK (git-fixes). - i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes). - i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes). - i40e: Fix correct max_pkt_size on VF RX queue (git-fixes). - i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes). - i40e: Fix display error code in dmesg (git-fixes). - i40e: Fix failed opcode appearing if handling messages from VF (git-fixes). - i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes). - i40e: Fix ping is lost after configuring ADq on VF (git-fixes). - i40e: Fix pre-set max number of queues for VF (git-fixes). - i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes). - iavf: check for null in iavf_fix_features (git-fixes). - iavf: do not clear a lock we do not hold (git-fixes). - iavf: Fix failure to exit out from last all-multicast mode (git-fixes). - iavf: Fix for setting queues to 0 (jsc#SLE-12877). - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes). - iavf: Fix reporting when setting descriptor count (git-fixes). - iavf: Fix return of set the new channel count (jsc#SLE-12877). - iavf: free q_vectors before queues in iavf_disable_vf (git-fixes). - iavf: prevent accidental free of filter structure (git-fixes). - iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes). - iavf: Restore VLAN filters after link down (git-fixes). - iavf: validate pointers (git-fixes). - ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568). - ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: Delete always true check of PF pointer (git-fixes). - ice: Fix not stopping Tx queues for VFs (jsc#SLE-7926). - ice: Fix VF true promiscuous mode (jsc#SLE-12878). - ice: fix vsi->txq_map sizing (jsc#SLE-7926). - ice: ignore dropped packets during init (git-fixes). - ice: Remove toggling of antispoof for VF trusted promiscuous mode (jsc#SLE-12878). - igb: fix netpoll exit with traffic (git-fixes). - igc: Remove _I_PHY_ID checking (bsc#1193169). - igc: Remove phy->type checking (bsc#1193169). - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes). - Input: iforce - fix control-message timeout (git-fixes). - iommu: Check if group is NULL before remove device (git-fixes). - iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes). - iommu/amd: Remove iommu_init_ga() (git-fixes). - iommu/mediatek: Fix out-of-range warning with clang (git-fixes). - iommu/vt-d: Consolidate duplicate cache invaliation code (git-fixes). - iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() (git-fixes). - iommu/vt-d: Update the virtual command related registers (git-fixes). - ipmi: Disable some operations during a panic (git-fixes). - kABI: dm: fix deadlock when swapping to encrypted device (bsc#1186332). - kabi: hide changes to struct uv_info (git-fixes). - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes). - lib/xz: Validate the value before assigning it to an enum variable (git-fixes). - libata: fix checking of DMA state (git-fixes). - linux/parser.h: add include guards (bsc#1192606). - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - md: add md_submit_discard_bio() for submitting discard bio (bsc#1192320). - md: extend r10bio devs to raid disks (bsc#1192320). - md: fix a lock order reversal in md_alloc (git-fixes). - md: improve discard request for far layout (bsc#1192320). - md: improve raid10 discard request (bsc#1192320). - md: initialize r10_bio->read_slot before use (bsc#1192320). - md: pull the code that wait for blocked dev into one function (bsc#1192320). - md: Remove unnecessary rcu_dereference in raid10_handle_discard (bsc#1192320). - mdio: aspeed: Fix 'Link is Down' issue (bsc#1176447). - media: imx: set a media_device bus_info string (git-fixes). - media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes). - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes). - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes). - media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes). - media: mt9p031: Fix corrupted frame after restarting stream (git-fixes). - media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes). - media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes). - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes). - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes). - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes). - media: uvcvideo: Return -EIO for control errors (git-fixes). - media: uvcvideo: Set capability in s_param (git-fixes). - media: uvcvideo: Set unique vdev name based in type (git-fixes). - memstick: r592: Fix a UAF bug when removing the driver (git-fixes). - MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876). - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes). - mmc: winbond: do not build on M68K (git-fixes). - mtd: core: do not remove debugfs directory if device is in use (git-fixes). - mwifiex: Properly initialize private structure on interface type changes (git-fixes). - mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes). - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes). - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes). - net: asix: fix uninit value bugs (git-fixes). - net: bnx2x: fix variable dereferenced before check (git-fixes). - net: bridge: fix under estimation in br_get_linkxstats_size() (bsc#1176447). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - net: delete redundant function declaration (git-fixes). - net: hns3: change affinity_mask to numa node range (bsc#1154353). - net: hns3: fix misuse vf id and vport id in some logs (bsc#1154353). - net: hns3: remove check VF uc mac exist when set by PF (bsc#1154353). - net: hso: fix control-request directions (git-fixes). - net: hso: fix muxed tty registration (git-fixes). - net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726). - net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726). - net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185726). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726). - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes). - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes). - net: stmmac: add EHL 2.5Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL PSE0 PSE1 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL RGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add TGL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: create dwmac-intel.c to contain all Intel platform (bsc#1192691). - net: stmmac: pci: Add HAPS support using GMAC5 (bsc#1192691). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes). - net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes). - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes). - net/mlx5: E-Switch, return error if encap isn't supported (jsc#SLE-15172). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes). - net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1176774). - netfilter: ctnetlink: do not erase error code with EINVAL (bsc#1176447). - netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY (bsc#1176447). - netfilter: flowtable: fix IPv6 tunnel addr match (bsc#1176447). - NFC: add NCI_UNREG flag to eliminate the race (git-fixes). - NFC: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes). - NFC: reorder the logic in nfc_{un,}register_device (git-fixes). - NFC: reorganize the functions in nci_request (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - NFS: do not alloc under spinlock in rpc_parse_scope_id (git-fixes). - NFS: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes). - NFS: do not take i_rwsem for swap IO (bsc#1191876). - NFS: Fix a regression in nfs_set_open_stateid_locked() (git-fixes). - NFS: Fix deadlocks in nfs_scan_commit_list() (git-fixes). - NFS: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes). - NFS: Fix up commit deadlocks (git-fixes). - NFS: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes). - NFS: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876). - nvme: add NO APST quirk for Kioxia device (git-fixes). - nvme: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - Pass consistent param->type to fs_parse() (bsc#1192606). [ ematsumiya: - drop the case fs_param_is_fd - leave .has_value in fs_parse_result so it does not break kabi - still set .has_value in fs_parse() for real kabi compatibility ] - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). - PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes). - PCI/MSI: Deal with devices lying about their MSI mask capability (git-fixes). - perf: Correctly handle failed perf_get_aux_event() (git-fixes). - perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT (git-fixes). - perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes). - perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes). - perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes). - perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes). - perf/x86/vlbr: Add c->flags to vlbr event constraints (git-fixes). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: wmi: do not fail if disabling fails (git-fixes). - PM: hibernate: Get block device exclusively in swsusp_check() (git-fixes). - PM: hibernate: use correct mode for swsusp_close() (git-fixes). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes). - powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes). - powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (git-fixes). - powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes). - powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes). - powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 (jsc#SLE-13513 git-fixes). - powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes). - powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129). - powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129). - powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - qede: validate non LSO skb length (git-fixes). - r8152: limit the RX buffer size of RTL8153A for USB 2.0 (git-fixes). - r8169: Add device 10ec:8162 to driver r8169 (git-fixes). - RDMA/bnxt_re: Update statistics counter name (jsc#SLE-16649). - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - reset: socfpga: add empty driver allowing consumers to probe (git-fixes). - ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960). - rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files. - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-lt;version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well. - rt2x00: do not mark device gone on EPROTO errors during start (git-fixes). - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9). - s390: mm: Fix secure storage access exception handling (git-fixes). - s390/bpf: Fix branch shortening during codegen pass (bsc#1193993). - s390/uv: fully validate the VMA before calling follow_page() (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Add additional debugfs support for CMF (bsc#1194266). - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc#1194266). - scsi: lpfc: Cap CMF read bytes to MBPI (bsc#1194266). - scsi: lpfc: Change return code on I/Os received during link bounce (bsc#1194266). - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc#1194266). - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc#1194266). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: lpfc: Fix NPIV port deletion crash (bsc#1194266). - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc#1194266). - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc#1194266). - scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (git-fixes). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: mpt3sas: Fix system going into read-only mode (git-fixes). - scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (git-fixes). - scsi: qla2xxx: edif: Fix app start delay (git-fixes). - scsi: qla2xxx: edif: Fix app start fail (git-fixes). - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes). - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes). - scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes). - scsi: qla2xxx: edif: Increase ELS payload (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes). - scsi: qla2xxx: Format log strings only if needed (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes). - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes). - serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes). - serial: 8250: Fix RTS modem control while in rs485 mode (git-fixes). - serial: core: fix transmit-buffer reset and memleak (git-fixes). - smb2: clarify rc initialization in smb2_reconnect (bsc#1192606). - smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606). - smb3: add additional null check in SMB2_ioctl (bsc#1192606). - smb3: add additional null check in SMB2_open (bsc#1192606). - smb3: add additional null check in SMB2_tcon (bsc#1192606). - smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606). - smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606). - smb3: add debug messages for closing unmatched open (bsc#1164565). - smb3: add defines for new crypto algorithms (bsc#1192606). - smb3: Add defines for new information level, FileIdInformation (bsc#1164565). - smb3: add defines for new signing negotiate context (bsc#1192606). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: add dynamic trace points for socket connection (bsc#1192606). - smb3: add dynamic tracepoints for flush and close (bsc#1164565). - smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606). - smb3: add missing flag definitions (bsc#1164565). - smb3: Add missing reparse tags (bsc#1164565). - smb3: add missing worker function for SMB3 change notify (bsc#1164565). - smb3: add mount option to allow forced caching of read only share (bsc#1164565). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565). - smb3: Add new compression flags (bsc#1192606). - smb3: Add new info level for query directory (bsc#1192606). - smb3: add new module load parm enable_gcm_256 (bsc#1192606). - smb3: add new module load parm require_gcm_256 (bsc#1192606). - smb3: Add new parm 'nodelete' (bsc#1192606). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565). - smb3: add rasize mount parameter to improve readahead performance (bsc#1192606). - smb3: add some missing definitions from MS-FSCC (bsc#1192606). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565). - smb3: Add support for getting and setting SACLs (bsc#1192606). - smb3: Add support for lookup with posix extensions query info (bsc#1192606). - smb3: Add support for negotiating signing algorithm (bsc#1192606). - smb3: Add support for query info using posix extensions (level 100) (bsc#1192606). - smb3: add support for recognizing WSL reparse tags (bsc#1192606). - smb3: Add support for SMB311 query info (non-compounded) (bsc#1192606). - smb3: add support for stat of WSL reparse points for special file types (bsc#1192606). - smb3: add support for using info level for posix extensions query (bsc#1192606). - smb3: Add tracepoints for new compound posix query info (bsc#1192606). - smb3: Additional compression structures (bsc#1192606). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565). - smb3: allow disabling requesting leases (bnc#1151927 5.3.4). - smb3: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606). - smb3: allow dumping keys for multiuser mounts (bsc#1192606). - smb3: allow parallelizing decryption of reads (bsc#1164565). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565). - smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606). - smb3: avoid confusing warning message on mount to Azure (bsc#1192606). - smb3: Avoid Mid pending list corruption (bsc#1192606). - smb3: Backup intent flag missing from some more ops (bsc#1164565). - smb3: Call cifs reconnect from demultiplex thread (bsc#1192606). - smb3: change noisy error message to FYI (bsc#1192606). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565). - smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606). - smb3: correct smb3 ACL security descriptor (bsc#1192606). - smb3: default to minimum of two channels when multichannel specified (bsc#1192606). - smb3: display max smb3 requests in flight at any one time (bsc#1164565). - smb3: do not attempt multichannel to server which does not support it (bsc#1192606). - smb3: do not error on fsync when readonly (bsc#1192606). - smb3: do not fail if no encryption required but server does not support it (bsc#1192606). - smb3: do not log warning message if server does not populate salt (bsc#1192606). - smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606). - smb3: do not try to cache root directory if dir leases not supported (bsc#1192606). - smb3: dump in_send and num_waiters stats counters by default (bsc#1164565). - smb3: enable negotiating stronger encryption by default (bsc#1192606). - smb3: enable offload of decryption of large reads via mount option (bsc#1164565). - smb3: enable swap on SMB3 mounts (bsc#1192606). - smb3: extend fscache mount volume coherency check (bsc#1192606). - smb3: fix access denied on change notify request to some servers (bsc#1192606). - smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565). - smb3: Fix ids returned in POSIX query dir (bsc#1192606). - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606). - smb3: fix leak in 'open on server' perf counter (bnc#1151927 5.3.4). - smb3: Fix mkdir when idsfromsid configured on mount (bsc#1192606). - smb3: fix mode passed in on create for modetosid mount option (bsc#1164565). - smb3: fix mount failure to some servers when compression enabled (bsc#1192606). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - smb3: fix performance regression with setting mtime (bsc#1164565). - smb3: Fix persistent handles reconnect (bnc#1151927 5.3.11). - smb3: fix posix extensions mount option (bsc#1192606). - smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606). - smb3: fix potential null dereference in decrypt offload (bsc#1164565). - smb3: fix problem with null cifs super block with previous patch (bsc#1164565). - smb3: fix readpage for large swap cache (bsc#1192606). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565). - smb3: Fix regression in time handling (bsc#1164565). - smb3: fix signing verification of large reads (bsc#1154355). - smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606). - smb3: fix typo in compression flag (bsc#1192606). - smb3: fix typo in header file (bsc#1192606). - smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606). - smb3: fix uninitialized value for port in witness protocol move (bsc#1192606). - smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4). - smb3: fix unneeded error message on change notify (bsc#1192606). - smb3: Handle error case during offload read path (bsc#1192606). - smb3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - smb3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - smb3: Honor lease disabling for multiuser mounts (git-fixes). - smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - smb3: if max_channels set to more than one channel request multichannel (bsc#1192606). - smb3: improve check for when we send the security descriptor context on create (bsc#1164565). - smb3: improve handling of share deleted (and share recreated) (bsc#1154355). - smb3: incorrect file id in requests compounded with open (bsc#1192606). - smb3: Incorrect size for netname negotiate context (bsc#1154355). - smb3: limit noisy error (bsc#1192606). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565). - smb3: Minor cleanup of protocol definitions (bsc#1192606). - smb3: minor update to compression header definitions (bsc#1192606). - smb3: missing ACL related flags (bsc#1164565). - smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606). - smb3: only offload decryption of read responses if multiple requests (bsc#1164565). - smb3: pass mode bits into create calls (bsc#1164565). - smb3: prevent races updating CurrentMid (bsc#1192606). - smb3: print warning if server does not support requested encryption type (bsc#1192606). - smb3: print warning once if posix context returned on open (bsc#1164565). - smb3: query attributes on file close (bsc#1164565). - smb3: rc uninitialized in one fallocate path (bsc#1192606). - smb3: remind users that witness protocol is experimental (bsc#1192606). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1164565). - smb3: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606). - smb3: remove dead code for non compounded posix query info (bsc#1192606). - smb3: remove noisy debug message and minor cleanup (bsc#1164565). - smb3: remove overly noisy debug line in signing errors (bsc#1192606). - smb3: remove static checker warning (bsc#1192606). - smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042). - smb3: remove two unused variables (bsc#1192606). - smb3: remove unused flag passed into close functions (bsc#1164565). - smb3: rename nonces used for GCM and CCM encryption (bsc#1192606). - smb3: Resolve data corruption of TCP server info fields (bsc#1192606). - smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606). - smb3: set gcm256 when requested (bsc#1192606). - smb3: smbdirect support can be configured by default (bsc#1192606). - smb3: update comments clarifying SPNEGO info in negprot response (bsc#1192606). - smb3: update protocol header definitions based to include new flags (bsc#1192606). - smb3: update structures for new compression protocol definitions (bsc#1192606). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606). - smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606). - smbdirect: missing rc checks while waiting for rdma events (bsc#1192606). - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes). - soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes). - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes). - spi: spl022: fix Microwire full duplex mode (git-fixes). - SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876). - SUNRPC: remove scheduling boost for 'SWAPPER' tasks (bsc#1191876). - supported.conf: add pwm-rockchip References: jsc#SLE-22615 - swiotlb-xen: avoid double free (git-fixes). - swiotlb: Fix the type of index (git-fixes). - TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1192606). - tlb: mmu_gather: add tlb_flush_*_range APIs - tracing: Add length protection to histogram string copies (git-fixes). - tracing: Change STR_VAR_MAX_LEN (git-fixes). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tracing: use %ps format string to print symbols (git-fixes). - tracing/histogram: Do not copy the fixed-size char array field over the field size (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes). - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes). - update structure definitions from updated protocol documentation (bsc#1192606). - usb: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes). - usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes). - usb: serial: option: add Fibocom FM101-GL variants (git-fixes). - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes). - vfs: do not parse forbidden flags (bsc#1192606). - wireguard: allowedips: add missing __rcu annotation to satisfy sparse (git-fixes). - wireguard: device: reset peer src endpoint when netns exits (git-fixes). - wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() (git-fixes). - wireguard: receive: drop handshakes if queue lock is contended (git-fixes). - wireguard: receive: use ring buffer for incoming handshakes (git-fixes). - wireguard: selftests: actually test for routing loops (git-fixes). - wireguard: selftests: increase default dmesg log size (git-fixes). - x86/amd_nb: Add AMD family 19h model 50h PCI ids (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489). - x86/efi: Restore Firmware IDT before calling ExitBootServices() (git-fixes). - x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (bsc#1178134). - x86/mpx: Disable MPX for 32-bit userland (bsc#1193139). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489). - x86/pvh: add prototype for xen_pvh_init() (git-fixes). - x86/sev: Allow #VC exceptions on the VC2 stack (git-fixes). - x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword (bsc#1178134). - x86/sev: Fix stack type check in vc_switch_off_ist() (git-fixes). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489). - x86/Xen: swap NX determination and GDT setup on BSP (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen/privcmd: fix error handling in mmap-resource processing (git-fixes). - xen/pvh: add missing prototype to header (git-fixes). - xen/x86: fix PV trap handling on secondary processors (git-fixes). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes). - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes). - zram: fix return value on writeback_store (git-fixes). - zram: off by one in read_block_state() (git-fixes). Important SUSE bug 1139944 SUSE bug 1151927 SUSE bug 1152489 SUSE bug 1153275 SUSE bug 1154353 SUSE bug 1154355 SUSE bug 1161907 SUSE bug 1164565 SUSE bug 1166780 SUSE bug 1169514 SUSE bug 1176242 SUSE bug 1176447 SUSE bug 1176536 SUSE bug 1176544 SUSE bug 1176545 SUSE bug 1176546 SUSE bug 1176548 SUSE bug 1176558 SUSE bug 1176559 SUSE bug 1176774 SUSE bug 1176940 SUSE bug 1176956 SUSE bug 1177440 SUSE bug 1178134 SUSE bug 1178270 SUSE bug 1179211 SUSE bug 1179424 SUSE bug 1179426 SUSE bug 1179427 SUSE bug 1179599 SUSE bug 1181148 SUSE bug 1181507 SUSE bug 1181710 SUSE bug 1182404 SUSE bug 1183534 SUSE bug 1183540 SUSE bug 1183897 SUSE bug 1184318 SUSE bug 1185726 SUSE bug 1185902 SUSE bug 1186332 SUSE bug 1187541 SUSE bug 1189126 SUSE bug 1189158 SUSE bug 1191793 SUSE bug 1191876 SUSE bug 1192267 SUSE bug 1192320 SUSE bug 1192507 SUSE bug 1192511 SUSE bug 1192569 SUSE bug 1192606 SUSE bug 1192691 SUSE bug 1192845 SUSE bug 1192847 SUSE bug 1192874 SUSE bug 1192877 SUSE bug 1192946 SUSE bug 1192969 SUSE bug 1192987 SUSE bug 1192990 SUSE bug 1192998 SUSE bug 1193002 SUSE bug 1193042 SUSE bug 1193139 SUSE bug 1193169 SUSE bug 1193306 SUSE bug 1193318 SUSE bug 1193349 SUSE bug 1193440 SUSE bug 1193442 SUSE bug 1193655 SUSE bug 1193993 SUSE bug 1194087 SUSE bug 1194094 SUSE bug 1194266 CVE-2020-24504 CVE-2020-27820 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-4001 CVE-2021-4002 CVE-2021-43975 CVE-2021-43976 CVE-2021-45485 CVE-2021-45486 cpe:/o:opensuse:leap:15.3 Security update for jasper (Moderate) openSUSE Leap 15.3 This update for jasper fixes the following issues: - CVE-2021-27845: Fixed divide-by-zery issue in cp_create() (bsc#1188437). Moderate SUSE bug 1188437 CVE-2021-27845 cpe:/o:opensuse:leap:15.3 Security update for ucode-intel (Important) openSUSE Leap 15.3 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html) Important SUSE bug 1192615 SUSE bug 1195779 SUSE bug 1195780 SUSE bug 1195781 CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 91.4.1 - CVE-2021-4126: OpenPGP signature status doesn't consider additional message content. (bsc#1194215) - CVE-2021-44538: Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow. (bsc#1194020) Important SUSE bug 1194020 SUSE bug 1194215 CVE-2021-4126 CVE-2021-44538 cpe:/o:opensuse:leap:15.3 Security update for openexr (Important) openSUSE Leap 15.3 This update for openexr fixes the following issues: - CVE-2021-45942: Fixed heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute. (bsc#1194333) Important SUSE bug 1194333 CVE-2021-45942 cpe:/o:opensuse:leap:15.3 Security update for python39-pip (Moderate) openSUSE Leap 15.3 This update for python39-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819). Moderate SUSE bug 1186819 CVE-2021-3572 cpe:/o:opensuse:leap:15.3 Security update for nodejs12 (Important) openSUSE Leap 15.3 This update for nodejs12 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). Important SUSE bug 1191962 SUSE bug 1191963 SUSE bug 1192153 SUSE bug 1192154 SUSE bug 1192696 CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 cpe:/o:opensuse:leap:15.3 Security update for mysql-connector-java (Moderate) openSUSE Leap 15.3 This update for mysql-connector-java fixes the following issues: - CVE-2021-2471: Fixed unauthorized access to critical data or complete access to all MySQL Connectors (bsc#1195557). Moderate SUSE bug 1195557 CVE-2021-2471 cpe:/o:opensuse:leap:15.3 Security update for ldns (Moderate) openSUSE Leap 15.3 This update for ldns fixes the following issues: - CVE-2020-19860: Fixed heap-based out of bounds read when verifying a zone file (bsc#1195057). - CVE-2020-19861: Fixed heap-based out of bounds read in ldns_nsec3_salt_data() (bsc#1195058). Moderate SUSE bug 1195057 SUSE bug 1195058 CVE-2020-19860 CVE-2020-19861 cpe:/o:opensuse:leap:15.3 Security update for libmspack (Low) openSUSE Leap 15.3 This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti '../' and leading slash protection (bsc#1113040). Low SUSE bug 1113040 CVE-2018-18586 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682) - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry Important SUSE bug 1195230 SUSE bug 1195682 CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 cpe:/o:opensuse:leap:15.3 Security update for php7 (Moderate) openSUSE Leap 15.3 This update for php7 fixes the following issues: - CVE-2017-8923: Fixed denial of service (application crash) when using .= with a long string (zend_string_extend func in Zend/zend_string.h) (bsc#1038980). Moderate SUSE bug 1038980 CVE-2017-8923 cpe:/o:opensuse:leap:15.3 Security update for nodejs8 (Important) openSUSE Leap 15.3 This update for nodejs8 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). Important SUSE bug 1191962 SUSE bug 1191963 SUSE bug 1192153 SUSE bug 1192154 SUSE bug 1192696 CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 cpe:/o:opensuse:leap:15.3 Security update for webkit2gtk3 (Important) openSUSE Leap 15.3 This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 (bsc#1196133): - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Update to version 2.34.5 (bsc#1195735): - CVE-2022-22589: A validation issue was addressed with improved input sanitization. - CVE-2022-22590: A use after free issue was addressed with improved memory management. - CVE-2022-22592: A logic issue was addressed with improved state management. Update to version 2.34.4 (bsc#1195064): - CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling. - CVE-2021-30936: A use after free issue was addressed with improved memory management. - CVE-2021-30951: A use after free issue was addressed with improved memory management. - CVE-2021-30952: An integer overflow was addressed with improved input validation. - CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking. - CVE-2021-30954: A type confusion issue was addressed with improved memory handling. - CVE-2021-30984: A race condition was addressed with improved state handling. - CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation. The following CVEs were addressed in a previous update: - CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create. - CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild. - CVE-2021-45483: A use-after-free in WebCore::Frame::page. Important SUSE bug 1195064 SUSE bug 1195735 SUSE bug 1196133 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22620 cpe:/o:opensuse:leap:15.3 Security update for flatpak (Important) openSUSE Leap 15.3 This update for flatpak fixes the following issues: Update to flatpak 1.10.7: - CVE-2022-21682: Introduce new option --nofilesystem=host:reset to support flatpak-builder 1.2.2 (bsc#1194611). - CVE-2021-43860: A malicious repository could hav sent invalid application metadata in a way that hides some of the app permissions displayed during installation (bsc#1194610). Important SUSE bug 1194610 SUSE bug 1194611 CVE-2021-43860 CVE-2022-21682 cpe:/o:opensuse:leap:15.3 Security update for expat (Important) openSUSE Leap 15.3 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Important SUSE bug 1196025 SUSE bug 1196026 SUSE bug 1196168 SUSE bug 1196169 SUSE bug 1196171 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 cpe:/o:opensuse:leap:15.3 Security update for nodejs14 (Important) openSUSE Leap 15.3 This update for nodejs14 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). Important SUSE bug 1191962 SUSE bug 1191963 SUSE bug 1192153 SUSE bug 1192154 SUSE bug 1192696 CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 cpe:/o:opensuse:leap:15.3 Security update for wpa_supplicant (Important) openSUSE Leap 15.3 This update for wpa_supplicant fixes the following issues: - CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732). - CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733). Important SUSE bug 1194732 SUSE bug 1194733 CVE-2022-23303 CVE-2022-23304 cpe:/o:opensuse:leap:15.3 Security update for gnutls (Moderate) openSUSE Leap 15.3 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). Moderate SUSE bug 1196167 CVE-2021-4209 cpe:/o:opensuse:leap:15.3 Security update for containerd (Moderate) openSUSE Leap 15.3 This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). Moderate SUSE bug 1196441 CVE-2022-23648 cpe:/o:opensuse:leap:15.3 Security update for wireshark (Important) openSUSE Leap 15.3 This update for wireshark fixes the following issues: Update to Wireshark 3.6.2: - CVE-2022-0586: RTMPT dissector infinite loop (bsc#1195866) - CVE-2022-0585: Large loops in multiple dissectors (bsc#1195867) - CVE-2022-0583: PVFS dissector crash (bsc#1195868) - CVE-2022-0582: CSN.1 dissector crash (bsc#1195869) - CVE-2022-0581: CMS dissector crash (bsc#1195870) Important SUSE bug 1195866 SUSE bug 1195867 SUSE bug 1195868 SUSE bug 1195869 SUSE bug 1195870 CVE-2022-0581 CVE-2022-0582 CVE-2022-0583 CVE-2022-0585 CVE-2022-0586 cpe:/o:opensuse:leap:15.3 Security update for go1.17 (Important) openSUSE Leap 15.3 This update for go1.17 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838). - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835). - CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834). The following non-security bugs were fixed: - go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements - go#50701 math/big: Rat.SetString may consume large amount of RAM and crash - go#50687 cmd/go: do not treat branches with semantic-version names as releases - go#50942 cmd/asm: 'compile: loop' compiler bug? - go#50867 cmd/compile: incorrect use of CMN on arm64 - go#50812 cmd/go: remove bitbucket VCS probing - go#50781 runtime: incorrect frame information in traceback traversal may hang the process. - go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error - go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg - go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch - go#50297 cmd/link: does not set section type of .init_array correctly - go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of 'plugin' Package Important SUSE bug 1190649 SUSE bug 1195834 SUSE bug 1195835 SUSE bug 1195838 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 cpe:/o:opensuse:leap:15.3 Security update for go1.16 (Important) openSUSE Leap 15.3 This update for go1.16 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838). - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835). - CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834). The following non-security bugs were fixed: - go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements - go#50700 math/big: Rat.SetString may consume large amount of RAM and crash - go#50686 cmd/go: do not treat branches with semantic-version names as releases - go#50866 cmd/compile: incorrect use of CMN on arm64 - go#50832 runtime/race: NoRaceMutexPureHappensBefore failures - go#50811 cmd/go: remove bitbucket VCS probing - go#50780 runtime: incorrect frame information in traceback traversal may hang the process. - go#50721 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error - go#50682 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg - go#50645 testing: surprising interaction of subtests with TempDir - go#50585 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch - go#50245 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of 'plugin' Package Important SUSE bug 1182345 SUSE bug 1195834 SUSE bug 1195835 SUSE bug 1195838 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 cpe:/o:opensuse:leap:15.3 Security update for libeconf, shadow and util-linux (Moderate) openSUSE Leap 15.3 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) Moderate SUSE bug 1188507 SUSE bug 1192954 SUSE bug 1193632 SUSE bug 1194976 CVE-2021-3995 CVE-2021-3996 cpe:/o:opensuse:leap:15.3 Security update for mariadb (Important) openSUSE Leap 15.3 This update for mariadb fixes the following issues: - Update to 10.5.15 (bsc#1196016): * 10.5.15: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 * 10.5.14: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2021-46658, bsc#1195334 CVE-2021-46657, bsc#1195325 Important SUSE bug 1195325 SUSE bug 1195334 SUSE bug 1195339 SUSE bug 1196016 CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 cpe:/o:opensuse:leap:15.3 Security update for zsh (Important) openSUSE Leap 15.3 This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion (bsc#1196435). - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option (bsc#1163882). Important SUSE bug 1163882 SUSE bug 1196435 CVE-2019-20044 CVE-2021-45444 cpe:/o:opensuse:leap:15.3 Security update for vim (Important) openSUSE Leap 15.3 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). Important SUSE bug 1190533 SUSE bug 1190570 SUSE bug 1191893 SUSE bug 1192478 SUSE bug 1192481 SUSE bug 1193294 SUSE bug 1193298 SUSE bug 1194216 SUSE bug 1194556 SUSE bug 1195004 SUSE bug 1195066 SUSE bug 1195126 SUSE bug 1195202 SUSE bug 1195356 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3927 CVE-2021-3928 CVE-2021-3984 CVE-2021-4019 CVE-2021-4193 CVE-2021-46059 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0361 CVE-2022-0413 cpe:/o:opensuse:leap:15.3 Security update for cyrus-sasl (Important) openSUSE Leap 15.3 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). Important SUSE bug 1194265 SUSE bug 1196036 CVE-2022-24407 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ASoC: Revert 'ASoC: mediatek: Check for error clk pointer' (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). - Bluetooth: refactor malicious adv data check (git-fixes). - EDAC/xgene: Fix deferred probing (bsc#1178134). - HID:Add support for UGTABLET WP5540 (git-fixes). - IB/cm: Avoid a loop when device has 255 ports (git-fixes) - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/isert: Fix a use after free in isert_connect_request (git-fixes) - IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes) - IB/mlx5: Add missing error code (git-fixes) - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes) - IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes) - IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - Input: wm97xx: Simplify resource management (git-fixes). - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). - RDMA/core: Always release restrack object (git-fixes) - RDMA/core: Do not access cm_id after its destruction (git-fixes) - RDMA/core: Do not indicate device ready when device enablement fails (git-fixes) - RDMA/core: Fix corrupted SL on passive side (git-fixes) - RDMA/core: Unify RoCE check and re-factor code (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes) - RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes) - RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix query DCT via DEVX (git-fixes) - RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes) - RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes) - RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes) - RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes) - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes) - RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes) - RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes) - RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes) - RDMA/siw: Properly check send and receive CQ pointers (git-fixes) - RDMA/siw: Release xarray entry (git-fixes) - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: mos7840: fix probe error handling (git-fixes). - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). - blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). - blk-mq: introduce blk_mq_set_request_complete (git-fixes). - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). - blk-tag: Hide spin_lock (bsc#1193787). - block: avoid double io accounting for flush request (bsc#1193787). - block: do not send a rezise udev event for hidden block device (bsc#1193096). - block: mark flush request as IDLE when it is really finished (bsc#1193787). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Adjust BTF log size limit (git-fixes). - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes). - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - btrfs: check worker before need_preemptive_reclaim (bsc#1196195). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195). - btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). - btrfs: only clamp the first time we have to start flushing (bsc#1196195). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195). - ceph: properly put ceph_string reference after async create attempt (bsc#1195798). - ceph: set pool_ns in new inode layout for async creates (bsc#1195799). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: Fix off by one in gve_tx_timeout() (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Recover from queue stall due to missed IRQ (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - i40iw: Add support to make destroy QP synchronous (git-fixes) - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: Make function integrity_add_key() static (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - integrity: double check iint_cache was initialized (git-fixes). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes). - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674). - kABI: Fix kABI for AMD IOMMU driver (git-fixes). - kabi: Hide changes to s390/AP structures (jsc#SLE-20807). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - md/raid5: fix oops during stripe resizing (bsc#1181588). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - nfp: flower: fix ida_idx not being released (bsc#1154353). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes). - nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes). - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes). - nvme-multipath: fix ANA state updates when a namespace is not present (git-fixes). - nvme-tcp: fix data digest pointer calculation (git-fixes). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes). - nvme-tcp: fix memory leak when freeing a queue (git-fixes). - nvme-tcp: fix possible use-after-completion (git-fixes). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes). - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes). - nvme: introduce a nvme_host_path_error helper (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - nvme: refactor ns->ctrl by request (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). - s390/bpf: Fix optimizing out zero-extensions (git-fixes). - s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549). - s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes). - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506). - scsi: core: Add limitless cmd retry support (bsc#1195506). - scsi: core: No retries on abort success (bsc#1195506). - scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506). - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add marginal path handling support (bsc#1195506). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506). - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - staging/fbtft: Fix backlight (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - tty: Add support for Brainboxes UC cards (git-fixes). - udf: Fix NULL ptr deref when converting from inline format (bsc#1195476). - udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: s3c: remove unused 'udc' variable (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). Important SUSE bug 1089644 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1157038 SUSE bug 1157923 SUSE bug 1176447 SUSE bug 1176940 SUSE bug 1178134 SUSE bug 1181147 SUSE bug 1181588 SUSE bug 1183872 SUSE bug 1187716 SUSE bug 1188404 SUSE bug 1189126 SUSE bug 1190812 SUSE bug 1190972 SUSE bug 1191580 SUSE bug 1191655 SUSE bug 1191741 SUSE bug 1192210 SUSE bug 1192483 SUSE bug 1193096 SUSE bug 1193233 SUSE bug 1193243 SUSE bug 1193787 SUSE bug 1194163 SUSE bug 1194967 SUSE bug 1195012 SUSE bug 1195081 SUSE bug 1195142 SUSE bug 1195352 SUSE bug 1195378 SUSE bug 1195476 SUSE bug 1195477 SUSE bug 1195478 SUSE bug 1195479 SUSE bug 1195480 SUSE bug 1195481 SUSE bug 1195482 SUSE bug 1195506 SUSE bug 1195516 SUSE bug 1195543 SUSE bug 1195668 SUSE bug 1195701 SUSE bug 1195798 SUSE bug 1195799 SUSE bug 1195823 SUSE bug 1195908 SUSE bug 1195928 SUSE bug 1195947 SUSE bug 1195957 SUSE bug 1195995 SUSE bug 1196195 SUSE bug 1196235 SUSE bug 1196339 SUSE bug 1196400 SUSE bug 1196403 SUSE bug 1196516 SUSE bug 1196584 SUSE bug 1196601 SUSE bug 1196612 SUSE bug 1196776 CVE-2022-0001 CVE-2022-0002 CVE-2022-0492 CVE-2022-0516 CVE-2022-0847 CVE-2022-25375 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ASoC: Revert 'ASoC: mediatek: Check for error clk pointer' (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). - Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352) - EDAC/xgene: Fix deferred probing (bsc#1178134). - HID:Add support for UGTABLET WP5540 (git-fixes). - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). - RDMA/core: Always release restrack object (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/siw: Release xarray entry (git-fixes) - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). - blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). - blk-tag: Hide spin_lock (bsc#1193787). - block: avoid double io accounting for flush request (bsc#1193787). - block: do not send a rezise udev event for hidden block device (bsc#1193096). - block: mark flush request as IDLE when it is really finished (bsc#1193787). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Adjust BTF log size limit (git-fixes). - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes). - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - btrfs: check worker before need_preemptive_reclaim (bsc#1196195). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195). - btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). - btrfs: only clamp the first time we have to start flushing (bsc#1196195). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195). - ceph: properly put ceph_string reference after async create attempt (bsc#1195798). - ceph: set pool_ns in new inode layout for async creates (bsc#1195799). - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: Fix off by one in gve_tx_timeout() (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Recover from queue stall due to missed IRQ (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: Make function integrity_add_key() static (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - integrity: double check iint_cache was initialized (git-fixes). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes). - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674). - kABI: Fix kABI for AMD IOMMU driver (git-fixes). - kabi: Hide changes to s390/AP structures (jsc#SLE-20807). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - md/raid5: fix oops during stripe resizing (bsc#1181588). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - nfp: flower: fix ida_idx not being released (bsc#1154353). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). - s390/bpf: Fix optimizing out zero-extensions (git-fixes). - s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549). - s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506). - scsi: core: Add limitless cmd retry support (bsc#1195506). - scsi: core: No retries on abort success (bsc#1195506). - scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506). - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add marginal path handling support (bsc#1195506). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506). - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). - staging/fbtft: Fix backlight (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: s3c: remove unused 'udc' variable (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). Important SUSE bug 1089644 SUSE bug 1154353 SUSE bug 1157038 SUSE bug 1157923 SUSE bug 1176447 SUSE bug 1176940 SUSE bug 1178134 SUSE bug 1181147 SUSE bug 1181588 SUSE bug 1183872 SUSE bug 1187716 SUSE bug 1188404 SUSE bug 1189126 SUSE bug 1190812 SUSE bug 1190972 SUSE bug 1191580 SUSE bug 1191655 SUSE bug 1191741 SUSE bug 1192210 SUSE bug 1192483 SUSE bug 1193096 SUSE bug 1193233 SUSE bug 1193243 SUSE bug 1193787 SUSE bug 1194163 SUSE bug 1194967 SUSE bug 1195012 SUSE bug 1195081 SUSE bug 1195286 SUSE bug 1195352 SUSE bug 1195378 SUSE bug 1195506 SUSE bug 1195516 SUSE bug 1195543 SUSE bug 1195668 SUSE bug 1195701 SUSE bug 1195798 SUSE bug 1195799 SUSE bug 1195823 SUSE bug 1195908 SUSE bug 1195928 SUSE bug 1195947 SUSE bug 1195957 SUSE bug 1195995 SUSE bug 1196195 SUSE bug 1196235 SUSE bug 1196339 SUSE bug 1196373 SUSE bug 1196400 SUSE bug 1196403 SUSE bug 1196516 SUSE bug 1196584 SUSE bug 1196585 SUSE bug 1196601 SUSE bug 1196612 SUSE bug 1196776 CVE-2022-0001 CVE-2022-0002 CVE-2022-0492 CVE-2022-0516 CVE-2022-0847 CVE-2022-25375 cpe:/o:opensuse:leap:15.3 Security update for the Linux Kernel (Important) openSUSE Leap 15.3 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). Important SUSE bug 1185973 SUSE bug 1191580 SUSE bug 1194516 SUSE bug 1195536 SUSE bug 1195543 SUSE bug 1195612 SUSE bug 1195840 SUSE bug 1195897 SUSE bug 1195908 SUSE bug 1195949 SUSE bug 1195987 SUSE bug 1196079 SUSE bug 1196155 SUSE bug 1196584 SUSE bug 1196612 CVE-2021-44879 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-0847 CVE-2022-24448 CVE-2022-24959 cpe:/o:opensuse:leap:15.3 Security update for libcaca (Important) openSUSE Leap 15.3 This update for libcaca fixes the following issues: - CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no data is written and space is allocated for the header only, not taking into account that sprintf appends a NUL byte (bsc#1184751, bsc#1184752). Important SUSE bug 1184751 SUSE bug 1184752 CVE-2021-30498 CVE-2021-30499 cpe:/o:opensuse:leap:15.3 Security update for buildah (Moderate) openSUSE Leap 15.3 This update for buildah fixes the following issues: buildah was updated to version 1.23.1: Update to version 1.22.3: * Update dependencies * Post-branch commit * Accept repositories on login/logout Update to version 1.22.0: * c/image, c/storage, c/common vendor before Podman 3.3 release * Proposed patch for 3399 (shadowutils) * Fix handling of --restore shadow-utils * runtime-flag (debug) test: handle old & new runc * Allow dst and destination for target in secret mounts * Multi-arch: Always push updated version-tagged img * imagebuildah.stageExecutor.prepare(): remove pseudonym check * refine dangling filter * Chown with environment variables not set should fail * Just restore protections of shadow-utils * Remove specific kernel version number requirement from install.md * Multi-arch image workflow: Make steps generic * chroot: fix environment value leakage to intermediate processes * Update nix pin with `make nixpkgs` * buildah source - create and manage source images * Update cirrus-cron notification GH workflow * Reuse code from containers/common/pkg/parse * Cirrus: Freshen VM images * Fix excludes exception begining with / or ./ * Fix syntax for --manifest example * vendor containers/common@main * Cirrus: Drop dependence on fedora-minimal * Adjust conformance-test error-message regex * Workaround appearance of differing debug messages * Cirrus: Install docker from package cache * Switch rusagelogfile to use options.Out * Turn stdio back to blocking when command finishes * Add support for default network creation * Cirrus: Updates for master->main rename * Change references from master to main * Add `--env` and `--workingdir` flags to run command * [CI:DOCS] buildah bud: spelling --ignore-file requires parameter * [CI:DOCS] push/pull: clarify supported transports * Remove unused function arguments * Create mountOptions for mount command flags * Extract version command implementation to function * Add --json flags to `mount` and `version` commands * copier.Put(): set xattrs after ownership * buildah add/copy: spelling * buildah copy and buildah add should support .containerignore * Remove unused util.StartsWithValidTransport * Fix documentation of the --format option of buildah push * Don't use alltransports.ParseImageName with known transports * man pages: clarify `rmi` removes dangling parents * [CI:DOCS] Fix links to c/image master branch * imagebuildah: use the specified logger for logging preprocessing warnings * Fix copy into workdir for a single file * Fix docs links due to branch rename * Update nix pin with `make nixpkgs` * fix(docs): typo * Move to v1.22.0-dev * Fix handling of auth.json file while in a user namespace * Add rusage-logfile flag to optionally send rusage to a file * imagebuildah: redo step logging * Add volumes to make running buildah within a container easier * Add and use a 'copy' helper instead of podman load/save * Bump github.com/containers/common from 0.38.4 to 0.39.0 * containerImageRef/containerImageSource: don't buffer uncompressed layers * containerImageRef(): squashed images have no parent images * Sync. workflow across skopeo, buildah, and podman * Bump github.com/containers/storage from 1.31.1 to 1.31.2 * Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95 * Bump to v1.21.1-dev [NO TESTS NEEDED] Moderate SUSE bug 1187812 SUSE bug 1192999 CVE-2019-10214 CVE-2020-10696 CVE-2021-20206 cpe:/o:opensuse:leap:15.3 Security update for tcpdump (Moderate) openSUSE Leap 15.3 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). Moderate SUSE bug 1195825 CVE-2018-16301 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework Important SUSE bug 1196809 CVE-2022-26485 CVE-2022-26486 cpe:/o:opensuse:leap:15.3 Security update for python-libxml2-python (Important) openSUSE Leap 15.3 This update for python-libxml2-python fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). Important SUSE bug 1196490 CVE-2022-23308 cpe:/o:opensuse:leap:15.3 Security update for python-lxml (Important) openSUSE Leap 15.3 This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088). - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177). - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752). - CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534). Important SUSE bug 1118088 SUSE bug 1179534 SUSE bug 1184177 SUSE bug 1193752 CVE-2018-19787 CVE-2020-27783 CVE-2021-28957 CVE-2021-43818 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 91.6.2 (bsc#1196809): - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework Important SUSE bug 1196809 CVE-2022-26485 CVE-2022-26486 cpe:/o:opensuse:leap:15.3 Security update for flac (Moderate) openSUSE Leap 15.3 This update for flac fixes the following issues: - CVE-2021-0561: Fixed out of bound write in append_to_verify_fifo_interleaved_ (bsc#1196660). Moderate SUSE bug 1196660 CVE-2021-0561 cpe:/o:opensuse:leap:15.3 Security update for java-11-openjdk (Moderate) openSUSE Leap 15.3 This update for java-11-openjdk fixes the following issues: - CVE-2022-21248: Fixed incomplete deserialization class filtering in ObjectInputStream. (bnc#1194926) - CVE-2022-21277: Fixed incorrect reading of TIFF files in TIFFNullDecompressor. (bnc#1194930) - CVE-2022-21282: Fixed Insufficient URI checks in the XSLT TransformerImpl. (bnc#1194933) - CVE-2022-21283: Fixed unexpected exception thrown in regex Pattern. (bnc#1194937) - CVE-2022-21291: Fixed Incorrect marking of writeable fields. (bnc#1194925) - CVE-2022-21293: Fixed Incomplete checks of StringBuffer and StringBuilder during deserialization. (bnc#1194935) - CVE-2022-21294: Fixed Incorrect IdentityHashMap size checks during deserialization. (bnc#1194934) - CVE-2022-21296: Fixed Incorrect access checks in XMLEntityManager. (bnc#1194932) - CVE-2022-21299: Fixed Infinite loop related to incorrect handling of newlines in XMLEntityScanner. (bnc#1194931) - CVE-2022-21305: Fixed Array indexing issues in LIRGenerator. (bnc#1194939) - CVE-2022-21340: Fixed Excessive resource use when reading JAR manifest attributes. (bnc#1194940) - CVE-2022-21341: Fixed OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream. (bnc#1194941) - CVE-2022-21360: Fixed Excessive memory allocation in BMPImageReader. (bnc#1194929) - CVE-2022-21365: Fixed Integer overflow in BMPImageReader. (bnc#1194928) - CVE-2022-21366: Fixed Excessive memory allocation in TIFF*Decompressor. (bnc#1194927) Moderate SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 cpe:/o:opensuse:leap:15.3 Security update for xstream (Moderate) openSUSE Leap 15.3 This update for xstream fixes the following issues: - CVE-2021-43859: Fixed a denial of service when unmarshalling highly recursive collections or maps (bsc#1195458). Moderate SUSE bug 1195458 CVE-2021-43859 cpe:/o:opensuse:leap:15.3 Security update for tomcat (Important) openSUSE Leap 15.3 This update for tomcat fixes the following issues: Security issues fixed: - CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255) - Remove log4j (bsc#1196137) Important SUSE bug 1195255 SUSE bug 1196137 CVE-2022-23181 cpe:/o:opensuse:leap:15.3 Security update for MozillaFirefox (Important) openSUSE Leap 15.3 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR (bsc#1196900): - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures - CVE-2022-26381: Use-after-free in text reflows - CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users Important SUSE bug 1196900 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 cpe:/o:opensuse:leap:15.3 Security update for protobuf (Moderate) openSUSE Leap 15.3 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). Moderate SUSE bug 1195258 CVE-2021-22570 cpe:/o:opensuse:leap:15.3 Security update for libqt5-qtbase (Important) openSUSE Leap 15.3 This update for libqt5-qtbase fixes the following issues: - CVE-2022-23853, CVE-2022-25255: Avoid unintentionally using binaries from CWD (bsc#1195386, bsc#1196501). Important SUSE bug 1195386 SUSE bug 1196501 CVE-2022-23853 CVE-2022-25255 cpe:/o:opensuse:leap:15.3 Security update for rust, rust1.58, rust1.59 (Moderate) openSUSE Leap 15.3 This update for rust, rust1.58, rust1.59 fixes the following issues: This update provides both rust1.58 and rust1.59. Changes in rust1.58: - Add recommends for GCC for installs to be able to link. - Add suggests for lld/clang which are faster than gcc for linking to allow users choice on what they use. - CVE-2022-21658: Resolve race condition in std::fs::remove_dir_all (bsc#1194767) Version 1.58.0 (2022-01-13) ========================== Language -------- - [Format strings can now capture arguments simply by writing `{ident}` in the string.][90473] This works in all macros accepting format strings. Support for this in `panic!` (`panic!('{ident}')`) requires the 2021 edition; panic invocations in previous editions that appear to be trying to use this will result in a warning lint about not having the intended effect. - [`*const T` pointers can now be dereferenced in const contexts.][89551] - [The rules for when a generic struct implements `Unsize` have been relaxed.][90417] Compiler -------- - [Add LLVM CFI support to the Rust compiler][89652] - [Stabilize -Z strip as -C strip][90058]. Note that while release builds already don't add debug symbols for the code you compile, the compiled standard library that ships with Rust includes debug symbols, so you may want to use the `strip` option to remove these symbols to produce smaller release binaries. Note that this release only includes support in rustc, not directly in cargo. - [Add support for LLVM coverage mapping format versions 5 and 6][91207] - [Emit LLVM optimization remarks when enabled with `-Cremark`][90833] - [Update the minimum external LLVM to 12][90175] - [Add `x86_64-unknown-none` at Tier 3*][89062] - [Build musl dist artifacts with debuginfo enabled][90733]. When building release binaries using musl, you may want to use the newly stabilized strip option to remove these debug symbols, reducing the size of your binaries. - [Don't abort compilation after giving a lint error][87337] - [Error messages point at the source of trait bound obligations in more places][89580] \* Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - [All remaining functions in the standard library have `#[must_use]` annotations where appropriate][89692], producing a warning when ignoring their return value. This helps catch mistakes such as expecting a function to mutate a value in place rather than return a new value. - [Paths are automatically canonicalized on Windows for operations that support it][89174] - [Re-enable debug checks for `copy` and `copy_nonoverlapping`][90041] - [Implement `RefUnwindSafe` for `Rc<T>`][87467] - [Make RSplit<T, P>: Clone not require T: Clone][90117] - [Implement `Termination` for `Result<Infallible, E>`][88601]. This allows writing `fn main() -> Result<Infallible, ErrorType>`, for a program whose successful exits never involve returning from `main` (for instance, a program that calls `exit`, or that uses `exec` to run another program). Stabilized APIs --------------- - [`Metadata::is_symlink`] - [`Path::is_symlink`] - [`{integer}::saturating_div`] - [`Option::unwrap_unchecked`] - [`Result::unwrap_unchecked`] - [`Result::unwrap_err_unchecked`] - [`NonZero{unsigned}::is_power_of_two`] - [`File::options`] These APIs are now usable in const contexts: - [`Duration::new`] - [`Duration::checked_add`] - [`Duration::saturating_add`] - [`Duration::checked_sub`] - [`Duration::saturating_sub`] - [`Duration::checked_mul`] - [`Duration::saturating_mul`] - [`Duration::checked_div`] - [`MaybeUninit::as_ptr`] - [`MaybeUninit::as_mut_ptr`] - [`MaybeUninit::assume_init`] - [`MaybeUninit::assume_init_ref`] Cargo ----- - [Add --message-format for install command][cargo/10107] - [Warn when alias shadows external subcommand][cargo/10082] Rustdoc ------- - [Show all Deref implementations recursively in rustdoc][90183] - [Use computed visibility in rustdoc][88447] Compatibility Notes ------------------- - [Try all stable method candidates first before trying unstable ones][90329]. This change ensures that adding new nightly-only methods to the Rust standard library will not break code invoking methods of the same name from traits outside the standard library. - Windows: [`std::process::Command` will no longer search the current directory for executables.][87704] - [All proc-macro backward-compatibility lints are now deny-by-default.][88041] - [proc_macro: Append .0 to unsuffixed float if it would otherwise become int token][90297] - [Refactor weak symbols in std::sys::unix][90846]. This optimizes accesses to glibc functions, by avoiding the use of dlopen. This does not increase the [minimum expected version of glibc](https://doc.rust-lang.org/nightly/rustc/platform-support.html). However, software distributions that use symbol versions to detect library dependencies, and which take weak symbols into account in that analysis, may detect rust binaries as requiring newer versions of glibc. - [rustdoc now rejects some unexpected semicolons in doctests][91026] Version 1.59.0 (2022-02-24) ========================== Language -------- - [Stabilize default arguments for const generics][90207] - [Stabilize destructuring assignment][90521] - [Relax private in public lint on generic bounds and where clauses of trait impls][90586] - [Stabilize asm! and global_asm! for x86, x86_64, ARM, Aarch64, and RISC-V][91728] Compiler -------- - [Stabilize new symbol mangling format, leaving it opt-in (-Csymbol-mangling-version=v0)][90128] - [Emit LLVM optimization remarks when enabled with `-Cremark`][90833] - [Fix sparc64 ABI for aggregates with floating point members][91003] - [Warn when a `#[test]`-like built-in attribute macro is present multiple times.][91172] - [Add support for riscv64gc-unknown-freebsd][91284] - [Stabilize `-Z emit-future-incompat` as `--json future-incompat`][91535] Libraries --------- - [Remove unnecessary bounds for some Hash{Map,Set} methods][91593] Stabilized APIs --------------- - [`std::thread::available_parallelism`][available_parallelism] - [`Result::copied`][result-copied] - [`Result::cloned`][result-cloned] - [`arch::asm!`][asm] - [`arch::global_asm!`][global_asm] - [`ops::ControlFlow::is_break`][is_break] - [`ops::ControlFlow::is_continue`][is_continue] - [`TryFrom<char> for u8`][try_from_char_u8] - [`char::TryFromCharError`][try_from_char_err] implementing `Clone`, `Debug`, `Display`, `PartialEq`, `Copy`, `Eq`, `Error` - [`iter::zip`][zip] - [`NonZeroU8::is_power_of_two`][is_power_of_two8] - [`NonZeroU16::is_power_of_two`][is_power_of_two16] - [`NonZeroU32::is_power_of_two`][is_power_of_two32] - [`NonZeroU64::is_power_of_two`][is_power_of_two64] - [`NonZeroU128::is_power_of_two`][is_power_of_two128] - [`DoubleEndedIterator for ToLowercase`][lowercase] - [`DoubleEndedIterator for ToUppercase`][uppercase] - [`TryFrom<&mut [T]> for [T; N]`][tryfrom_ref_arr] - [`UnwindSafe for Once`][unwindsafe_once] - [`RefUnwindSafe for Once`][refunwindsafe_once] - [armv8 neon intrinsics for aarch64][stdarch/1266] Const-stable: - [`mem::MaybeUninit::as_ptr`][muninit_ptr] - [`mem::MaybeUninit::assume_init`][muninit_init] - [`mem::MaybeUninit::assume_init_ref`][muninit_init_ref] - [`ffi::CStr::from_bytes_with_nul_unchecked`][cstr_from_bytes] Cargo ----- - [Stabilize the `strip` profile option][cargo/10088] - [Stabilize future-incompat-report][cargo/10165] - [Support abbreviating `--release` as `-r`][cargo/10133] - [Support `term.quiet` configuration][cargo/10152] - [Remove `--host` from cargo {publish,search,login}][cargo/10145] Compatibility Notes ------------------- - [Refactor weak symbols in std::sys::unix][90846] This may add new, versioned, symbols when building with a newer glibc, as the standard library uses weak linkage rather than dynamically attempting to load certain symbols at runtime. - [Deprecate crate_type and crate_name nested inside `#![cfg_attr]`][83744] This adds a future compatibility lint to supporting the use of cfg_attr wrapping either crate_type or crate_name specification within Rust files; it is recommended that users migrate to setting the equivalent command line flags. - [Remove effect of `#[no_link]` attribute on name resolution][92034] This may expose new names, leading to conflicts with preexisting names in a given namespace and a compilation failure. - [Cargo will document libraries before binaries.][cargo/10172] - [Respect doc=false in dependencies, not just the root crate][cargo/10201] - [Weaken guarantee around advancing underlying iterators in zip][83791] - [Make split_inclusive() on an empty slice yield an empty output][89825] - [Update std::env::temp_dir to use GetTempPath2 on Windows when available.][89999] Changes in rust wrapper package: - Update to version 1.59.0 - for details see the rust1.59 package - Update package description to help users choose what tooling to install. - Provide rust+cargo by cargo: all cargo<n> package provide this symbol too. Having the meta package provide it allows OBS to have a generic prefernece on the meta package for all packages 'just' requiring rust+cargo. - Update to version 1.58.0 Moderate SUSE bug 1194767 CVE-2022-21658 cpe:/o:opensuse:leap:15.3 Security update for expat (Important) openSUSE Leap 15.3 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Important SUSE bug 1196025 SUSE bug 1196784 CVE-2022-25236 cpe:/o:opensuse:leap:15.3 Security update for chrony (Moderate) openSUSE Leap 15.3 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don’t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don’t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv@.service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step Moderate SUSE bug 1099272 SUSE bug 1115529 SUSE bug 1128846 SUSE bug 1162964 SUSE bug 1172113 SUSE bug 1173277 SUSE bug 1174075 SUSE bug 1174911 SUSE bug 1180689 SUSE bug 1181826 SUSE bug 1187906 SUSE bug 1190926 SUSE bug 1194229 CVE-2020-14367 cpe:/o:opensuse:leap:15.3 Security update for php7 (Important) openSUSE Leap 15.3 This update for php7 fixes the following issues: - CVE-2021-21708: Fixed a memory corruption issue when processing integers from an untrusted source (bsc#1196252). Important SUSE bug 1196252 CVE-2021-21708 cpe:/o:opensuse:leap:15.3 Security update for openssl-1_0_0 (Important) openSUSE Leap 15.3 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Important SUSE bug 1196877 CVE-2022-0778 cpe:/o:opensuse:leap:15.3 Security update for openssl-1_1 (Important) openSUSE Leap 15.3 This update for openssl-1_1 fixes the following issues: openssl-1_1: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 Important SUSE bug 1182959 SUSE bug 1195149 SUSE bug 1195792 SUSE bug 1195856 SUSE bug 1196877 CVE-2022-0778 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-openj9 (Important) openSUSE Leap 15.3 This update for java-1_8_0-openj9 fixes the following issues: Update to OpenJDK 8u322 build 04 with OpenJ9 0.30.0: - Fixing the following vulnerabilities: CVE-2022-21248 (bsc#1194926), CVE-2022-21277 (bsc#1194930), CVE-2022-21282 (bsc#1194933), CVE-2022-21291 (bsc#1194925), CVE-2022-21293 (bsc#1194935), CVE-2022-21294 (bsc#1194934), CVE-2022-21296 (bsc#1194932), CVE-2022-21299 (bsc#1194931), CVE-2022-21305 (bsc#1194939), CVE-2022-21340 (bsc#1194940), CVE-2022-21341 (bsc#1194941), CVE-2022-21360 (bsc#1194929), CVE-2022-21365 (bsc#1194928), CVE-2022-21366 (bsc#1194927). Important SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 cpe:/o:opensuse:leap:15.3 Security update for stunnel (Important) openSUSE Leap 15.3 This update for stunnel fixes the following issues: Update to 5.62 including new features and bugfixes: * Security bugfixes - The 'redirect' option was fixed to properly handle unauthenticated requests (bsc#1182529). - Fixed a double free with OpenSSL older than 1.1.0. - Added hardening to systemd service (bsc#1181400). * New features - Added new 'protocol = capwin' and 'protocol = capwinctrl' configuration file options. - Added support for the new SSL_set_options() values. - Added a bash completion script. - New 'sessionResume' service-level option to allow or disallow session resumption - Download fresh ca-certs.pem for each new release. - New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers. This feature can be used to impersonate other software (e.g. web browsers). - 'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value. - Initial FIPS 3.0 support. - Client-side 'protocol = ldap' support * Bugfixes - Fixed a transfer() loop bug. - Fixed reloading configuration with 'systemctl reload stunnel.service'. - Fixed incorrect messages logged for OpenSSL errors. - Fixed 'redirect' with 'protocol'. This combination is not supported by 'smtp', 'pop3' and 'imap' protocols. - X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates. - Fixed a tiny memory leak in configuration file reload error handling. - Fixed engine initialization. - FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available. - Fix configuration reload when compression is used - Fix test suite fixed not to require external connectivity Important SUSE bug 1181400 SUSE bug 1182529 cpe:/o:opensuse:leap:15.3 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 15.3 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u322 (icedtea-3.22.0) Including the following security fixes: - CVE-2022-21248, bsc#1194926: Enhance cross VM serialization - CVE-2022-21283, bsc#1194937: Better String matching - CVE-2022-21293, bsc#1194935: Improve String constructions - CVE-2022-21294, bsc#1194934: Enhance construction of Identity maps - CVE-2022-21282, bsc#1194933: Better resolution of URIs - CVE-2022-21296, bsc#1194932: Improve SAX Parser configuration management - CVE-2022-21299, bsc#1194931: Improved scanning of XML entities - CVE-2022-21305, bsc#1194939: Better array indexing - CVE-2022-21340, bsc#1194940: Verify Jar Verification - CVE-2022-21341, bsc#1194941: Improve serial forms for transport - CVE-2022-21349: Improve Solaris font rendering - CVE-2022-21360, bsc#1194929: Enhance BMP image support - CVE-2022-21365, bsc#1194928: Enhanced BMP processing Important SUSE bug 1193314 SUSE bug 1193444 SUSE bug 1193491 SUSE bug 1194926 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1195163 CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 cpe:/o:opensuse:leap:15.3 Security update for ghostscript (Moderate) openSUSE Leap 15.3 This update for ghostscript fixes the following issues: - CVE-2021-45944: Fixed use-after-free in sampled_data_sample (bsc#1194303) - CVE-2021-45949: Fixed heap-based buffer overflow in sampled_data_finish (bsc#1194304) Moderate SUSE bug 1194303 SUSE bug 1194304 CVE-2021-45944 CVE-2021-45949 cpe:/o:opensuse:leap:15.3 Security update for libreoffice (Moderate) openSUSE Leap 15.3 This update for libreoffice fixes the following issues: Update to version 7.2.5.1 (jsc#SLE-18214): - CVE-2021-25636: Fixed an incorrect vadidation of digitally signed documents (bsc#1196456). Moderate SUSE bug 1196456 CVE-2021-25636 cpe:/o:opensuse:leap:15.3 Security update for frr (Important) openSUSE Leap 15.3 This update for frr fixes the following issues: - CVE-2022-26125, CVE-2022-26126: Fixed buffer overflows in unpack_tlv_router_cap() (bsc#1196505, bsc#1196506). - CVE-2022-26127: Fixed heap buffer overflow in babel_packet_examin() (bsc#1196503). - CVE-2022-26128: Fixed buffer overflows in babel_packet_examin() (bsc#1196507). - CVE-2022-26129: Fixed buffer overflows in parse_hello_subtlv(), parse_ihu_subtlv() and parse_update_subtlv() (bsc#1196504). Important SUSE bug 1180217 SUSE bug 1196503 SUSE bug 1196504 SUSE bug 1196505 SUSE bug 1196506 SUSE bug 1196507 CVE-2022-26125 CVE-2022-26126 CVE-2022-26127 CVE-2022-26128 CVE-2022-26129 cpe:/o:opensuse:leap:15.3 Security update for MozillaThunderbird (Important) openSUSE Leap 15.3 This update for MozillaThunderbird fixes the following issues: Updated to version 91.7 (bsc#1196900): - CVE-2022-26381: Fixed an invalid memory access due to text reflow when SVG objects were present. - CVE-2022-26383: Fixed an issue where, when resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. - CVE-2022-26384: Fixed an iframe XSS sandbox bypass when allow-popups was used on the iframe. - CVE-2022-26386: Fixed an issue where downloadable temporary files were accessible to other local users. - CVE-2022-26387: Fixed a potential add-on signature verification bypass due to a race condition. Important SUSE bug 1196900 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 cpe:/o:opensuse:leap:15.3 Security update for apache2 (Important) openSUSE Leap 15.3 This update for apache2 fixes the following issues: Apache2 was updated to the current stable version 2.4.51 (jsc#SLE-22733 jsc#SLE-22849) It fixes all CVEs and selected bugs represented by patches found between 2.4.23 and 2.4.51. See https://downloads.apache.org/httpd/CHANGES_2.4 for a complete change log. Also fixed: - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations (bsc#1193943) - CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua (bsc#1193942) Important SUSE bug 1193942 SUSE bug 1193943 CVE-2021-44224 CVE-2021-44790 cpe:/o:opensuse:leap:15.3 Security update for lapack (Moderate) openSUSE Leap 15.3 This update for lapack fixes the following issues: - CVE-2021-4048: Fixed an out of bounds read when user input was not validated properly (bsc#1193562). Moderate SUSE bug 1193562 CVE-2021-4048 cpe:/o:opensuse:leap:15.3 Test update for SUSE:SLE-15-SP4:Update (security) (Important) openSUSE Leap 15.3 This is a security test update for SUSE:SLE-15-SP4:Update Important SUSE bug 1194507 cpe:/o:opensuse:leap:15.3 Security update for qemu (Important) openSUSE Leap 15.3 This update for qemu fixes the following issues: - CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd (bsc#1195161). - CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device (bsc#1192525). Non-security fixes: - Fixed a kernel data corruption via a long kernel boot cmdline (bsc#1196737). - Included vmxcap in the qemu-tools package (bsc#1193364). - Fixed package dependencies (bsc#1196087). - Fixed an issue were PowerPC firmwares would not be built for non-PowerPC builds (bsc#1193545). - Fixed multiple issues in I/O (bsc#1178049 bsc#1194938). Important SUSE bug 1178049 SUSE bug 1192525 SUSE bug 1193364 SUSE bug 1193545 SUSE bug 1194938 SUSE bug 1195161 SUSE bug 1196087 SUSE bug 1196737 CVE-2021-3930 CVE-2022-0358 cpe:/o:opensuse:leap:15.3 Security update for xen (Important) openSUSE Leap 15.3 This update for xen fixes the following issues: Update Xen to version 4.14.4 (bsc#1027519) Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. Security issues fixed: - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: BHB speculation issues (bsc#1196915). Non-security issues fixed: - Fixed issue around xl and virsh operation - virsh list not giving any output (bsc#1191668). Important SUSE bug 1027519 SUSE bug 1191668 SUSE bug 1194267 SUSE bug 1196915 CVE-2021-26401 CVE-2022-0001 CVE-2022-0002 cpe:/o:opensuse:leap:15.3 Security update for python3 (Moderate) openSUSE Leap 15.3 This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). Moderate SUSE bug 1186819 CVE-2021-3572 cpe:/o:opensuse:leap:15.3 Security update for slirp4netns (Moderate) openSUSE Leap 15.3 This update for slirp4netns fixes the following issues: - CVE-2020-29130: Fixed an invalid memory access while processing ARP packets (bsc#1179467). Moderate SUSE bug 1179467 CVE-2020-29130 cpe:/o:opensuse:leap:15.3 Security update for libarchive (Moderate) openSUSE Leap 15.3 This update for libarchive fixes the following issues: - CVE-2021-36976: Fixed an invalid memory access that could cause data corruption (bsc#1188572). Non-security updates: - Updated references for CVE-2017-5601, which was already fixed in a previous version (bsc#1022528 bsc#1189528). Moderate SUSE bug 1022528 SUSE bug 1188572 SUSE bug 1189528 CVE-2017-5601 CVE-2021-36976 cpe:/o:opensuse:leap:15.3 Security update for bind (Important) openSUSE Leap 15.3 This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). Important SUSE bug 1197135 CVE-2021-25220 cpe:/o:opensuse:leap:15.3 Security update for bind (Important) openSUSE Leap 15.3 This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). Important SUSE bug 1197135 CVE-2021-25220 cpe:/o:opensuse:leap:15.3 Security update for perl-DBD-SQLite (Moderate) openSUSE Leap 15.3 This update for perl-DBD-SQLite fixes the following issues: - updated to 1.66 - Use external sqlite3 library rather than internal code. (bsc#1195771) Moderate SUSE bug 1195771 cpe:/o:opensuse:leap:15.3 Security update for wavpack (Moderate) openSUSE Leap 15.3 This update for wavpack fixes the following issues: - CVE-2021-44269: Fixed out of bounds read in processing .wav files (bsc#1197020). Moderate SUSE bug 1197020 CVE-2021-44269 cpe:/o:opensuse:leap:15.3 Security update for rmt-server (Important) openSUSE Leap 15.3 This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support (bsc#1205089) - Update the `last_seen_at` column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode (bsc#1204769) - CVE-2022-31254: Fixed a local privilege escalation related to the packaging of rmt-server (bsc#1204285). Important SUSE bug 1204285 SUSE bug 1204769 SUSE bug 1205089 CVE-2022-31254 cpe:/o:opensuse:leap:15.3 Security update for tcl (Important) openSUSE Leap 15.3 This update for tcl fixes the following issues: - Fixed a race condition in test socket-13.1. - Removed the SQLite extension and use the packaged sqlite3 instead (bsc#1195773). Important SUSE bug 1195773 cpe:/o:opensuse:leap:15.3 Security update for saphanabootstrap-formula (Important) openSUSE Leap 15.3 This update for saphanabootstrap-formula fixes the following issues: - Version bump 0.13.1 * revert changes to spec file to re-enable SLES RPM builds * CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/ha_cluster.sls (bsc#1205990) - Version bump 0.13.0 * pass sid to sudoers in a SLES12 compatible way * add location constraint to gcp_stonith - Version bump 0.12.1 * moved templates dir into hana dir in repository to be gitfs compatible - Version bump 0.12.0 * add SAPHanaSR takeover blocker - Version bump 0.11.0 * use check_cmd instead of tmp sudoers file * make sudoers rules more secure * migrate sudoers to template file - Version bump 0.10.1 * fix hook removal conditions * fix majority_maker code on case grain is empty - Version bump 0.10.0 * allow to disable shared HANA basepath and rework add_hosts code (enables HANA scale-out on AWS) * do not edit global.ini directly (if not needed) - Version bump 0.9.1 * fix majority_maker code on case grain is empty - Version bump 0.9.0 * define vip_mechanism for every provider and reorder resources (same schema for all SAP related formulas) - Version bump 0.8.1 * use multi-target Hook on HANA scale-out - Version bump 0.8.0 * add HANA scale-out support * add idempotence to not affect a running HANA and cluster - Version bump 0.7.2 * add native fencing for microsoft-azure - fixes a not working import of dbapi in SUSE/ha-sap-terraform-deployments#703 - removes the installation and extraction of all hdbcli files in the /hana/shared/srHook directory - fixes execution order of srTakeover/srCostOptMemConfig hook - renames and updates hook srTakeover to srCostOptMemConfig - Changing exporter stickiness to => 0 and adjusting the colocation score from +inf to -inf and changing the colocation from Master to Slave. This change fix the impact of a failed exporter in regards to the HANA DB. - Document extra_parameters in pillar.example (bsc#1185643) - Change hanadb_exporter default timeout value to 30 seconds - Set correct stickiness for the azure-lb resource The azure-lb resource receives an stickiness=0 to not influence on transitions calculations as the HANA resources have more priority Important SUSE bug 1185643 SUSE bug 1205990 CVE-2022-45153 cpe:/o:opensuse:leap:15.3 ImageMagick ImageMagick-config-7-SUSE libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI6 libMagickWand-7_Q16HDRI6 openSUSE-release Mesa Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 Mesa-libva libgbm1 libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2 MozillaFirefox MozillaFirefox-translations-common MozillaFirefox-translations-other MozillaThunderbird MozillaThunderbird-translations-common MozillaThunderbird-translations-other NetworkManager NetworkManager-lang libnm0 typelib-1_0-NM-1_0 NetworkManager-applet NetworkManager-applet-lang NetworkManager-connection-editor libnma0 nma-data typelib-1_0-NMA-1_0 NetworkManager-vpnc NetworkManager-vpnc-gnome NetworkManager-vpnc-lang PackageKit PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module PackageKit-lang libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 accountsservice accountsservice-lang libaccountsservice0 typelib-1_0-AccountsService-1_0 apache2 apache2-doc apache2-example-pages apache2-prefork apache2-utils apache2-mod_php7 php7 php7-ctype php7-dom php7-iconv php7-json php7-mysql php7-pdo php7-pgsql php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang perl-apparmor python3-apparmor argyllcms ark ark-lang libkerfuffle20 augeas augeas-lenses libaugeas0 autofs autoyast2 autoyast2-installation avahi avahi-lang libavahi-client3 libavahi-client3-32bit libavahi-common3 libavahi-common3-32bit libavahi-core7 bash bash-doc bash-lang libreadline7 readline-doc bind bind-chrootenv bind-utils libbind9-1600 libdns1605 libirs1601 libisc1606 libisccc1600 libisccfg1600 libns1604 python3-bind binutils libctf-nobfd0 libctf0 blktrace bluez libbluetooth3 btrfsmaintenance bubblewrap bzip2 libbz2-1 libbz2-1-32bit chromium chrony chrony-pool-openSUSE cifs-utils colord-gtk-lang libcolord-gtk1 coreutils coreutils-doc coreutils-lang cpio cpio-lang cpio-mt cpp7 libgfortran4 cracklib libcrack2 libcrack2-32bit cron cronie cryptsetup cryptsetup-lang libcryptsetup12 cups cups-client cups-config libcups2 libcups2-32bit libcupscgi1 libcupsimage2 libcupsmime1 libcupsppdc1 cups-filters cups-pk-helper cups-pk-helper-lang curl libcurl4 libcurl4-32bit cyrus-sasl cyrus-sasl-32bit cyrus-sasl-crammd5 cyrus-sasl-crammd5-32bit cyrus-sasl-digestmd5 cyrus-sasl-digestmd5-32bit cyrus-sasl-gssapi cyrus-sasl-gssapi-32bit cyrus-sasl-plain cyrus-sasl-plain-32bit libsasl2-3 libsasl2-3-32bit dbus-1 dbus-1-x11 libdbus-1-3 libdbus-1-3-32bit dbus-1-glib dbus-1-glib-32bit dbus-1-glib-tool dhcp dhcp-client dirmngr gpg2 gpg2-lang dnsmasq dracut e2fsprogs libcom_err2 libcom_err2-32bit libext2fs2 elfutils elfutils-lang libasm1 libdw1 libdw1-32bit libebl-plugins libebl-plugins-32bit libelf1 libelf1-32bit emacs emacs-info emacs-nox etags eog eog-lang evince evince-lang evince-plugin-pdfdocument libevdocument3-4 libevview3-3 nautilus-evince typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0 evolution evolution-lang evolution-data-server evolution-data-server-lang libcamel-1_2-62 libebackend-1_2-10 libebook-1_2-20 libebook-contacts-1_2-3 libecal-2_0-1 libedata-book-1_2-26 libedata-cal-2_0-1 libedataserver-1_2-24 libedataserverui-1_2-2 expat libexpat1 libexpat1-32bit file file-magic libmagic1 libmagic1-32bit file-roller file-roller-lang firewall-macros firewalld firewalld-lang python3-firewall flatpak libflatpak0 system-user-flatpak freerdp libfreerdp2 libwinpr2 fuse libfuse2 fwupd fwupd-lang libfwupd2 libfwupdplugin1 libjcat1 typelib-1_0-Fwupd-2_0 gcab gcab-lang libgcab-1_0-0 gdb gdk-pixbuf-lang gdk-pixbuf-query-loaders gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 gdk-pixbuf-loader-rsvg librsvg-2-2 librsvg-lang rsvg-thumbnailer typelib-1_0-Rsvg-2_0 gdm gdm-lang gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 gegl-0_4 gegl-0_4-lang libgegl-0_4-0 ghostscript ghostscript-x11 gimp gimp-lang gimp-plugin-aa gimp-plugins-python libgimp-2_0-0 libgimpui-2_0-0 glib2-lang glib2-tools libgio-2_0-0 libgio-2_0-0-32bit libglib-2_0-0 libglib-2_0-0-32bit libgmodule-2_0-0 libgmodule-2_0-0-32bit libgobject-2_0-0 libgobject-2_0-0-32bit libgthread-2_0-0 glibc glibc-32bit glibc-extra glibc-lang glibc-locale glibc-locale-base glibc-locale-base-32bit nscd glibc-locale-32bit gnome-desktop-lang gnome-version libgnome-desktop-3-18 libgnome-desktop-3_0-common typelib-1_0-GnomeDesktop-3_0 gnome-photos gnome-photos-lang gnome-shell-search-provider-gnome-photos gtk2-data gtk2-immodule-amharic gtk2-immodule-inuktitut gtk2-immodule-thai gtk2-immodule-tigrigna gtk2-immodule-vietnamese gtk2-immodule-xim gtk2-lang gtk2-tools libgtk-2_0-0 gnome-settings-daemon gnome-settings-daemon-lang gnome-shell gnome-shell-calendar gnome-shell-lang gnome-shell-search-provider-nautilus libnautilus-extension1 nautilus nautilus-lang gnuchess gnutls libgnutls30 libgnutls30-32bit graphviz graphviz-gd graphviz-gnome graphviz-plugins-core libgraphviz6 grep grep-lang groff groff-full gxditview grub2 grub2-arm64-efi grub2-i386-pc grub2-powerpc-ieee1275 grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi gstreamer gstreamer-lang gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 gstreamer-plugins-bad gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 gstreamer-plugins-base gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 gstreamer-plugins-good gstreamer-plugins-good-gtk gstreamer-plugins-good-lang gstreamer-plugins-ugly gstreamer-plugins-ugly-lang gtk-vnc-lang libgtk-vnc-2_0-0 libgvnc-1_0-0 typelib-1_0-GVnc-1_0 typelib-1_0-GtkVnc-2_0 gvfs gvfs-backend-afc gvfs-backend-samba gvfs-backends gvfs-fuse gvfs-lang hplip-hpijs hplip-sane ibus ibus-dict-emoji ibus-gtk ibus-gtk3 ibus-lang libibus-1_0-5 typelib-1_0-IBus-1_0 ibus-chewing ibus-pinyin iscsiuio libopeniscsiusr0_2_0 open-iscsi java-11-openjdk java-11-openjdk-headless jq libjq1 kconf_update5 libKF5ConfigCore5 libKF5ConfigCore5-lang libKF5ConfigGui5 kcoreaddons kcoreaddons-lang libKF5CoreAddons5 kdump kernel-64kb kernel-64kb-extra kernel-64kb-optional kernel-default kernel-default-extra kernel-default-optional kernel-kvmsmall kernel-preempt kernel-preempt-extra kernel-preempt-optional kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd kinit kinit-lang kio-extras5 kio-extras5-lang libkioarchive5 konversation konversation-lang krb5 krb5-32bit kscreenlocker kscreenlocker-lang libKScreenLocker5 ktexteditor ktexteditor-lang less libBasicUsageEnvironment1 libUsageEnvironment3 libgroupsock8 libliveMedia66 libFLAC8 libFLAC8-32bit libHX28 libICE6 libIlmImf-2_2-23 libKF5Auth5 libKF5Auth5-lang libKF5AuthCore5 libKF5Codecs5 libKF5Codecs5-lang libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3 libSDL-1_2-0 libSDL2-2_0-0 libSoundTouch0 libX11-6 libX11-data libX11-xcb1 libXRes1 libXcursor1 libXdmcp6 libXext6 libXfixes3 libXfont1 libXfont2-2 libXi6 libXinerama1 libXrandr2 libXrender1 libXt6 libXtst6 libXv1 libXvMC1 libXvnc1 tigervnc xorg-x11-Xvnc xorg-x11-Xvnc-module libXxf86vm1 libapr-util1 libarchive13 libass9 libaudit1 libaudit1-32bit libauparse0 libavcodec57 libavformat57 libavutil55 libswresample2 libswscale4 libavcodec58_134 libavdevice58_13 libavfilter7_110 libavformat58_76 libavresample4_0 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9 libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid1 libuuid1-32bit util-linux util-linux-lang util-linux-systemd libbsd0 libcaca0 libcacard0 libcairo-gobject2 libcairo2 libcares2 libcdio16 libcdio19 libcfitsio6 libcroco-0_6-3 libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr1 libndr1-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0-python3 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba samba-client samba-client-32bit samba-libs samba-libs-32bit samba-libs-python3 samba-python3 samba-winbind samba-winbind-32bit libdjvulibre21 libdmx1 libebml5 libekmfweb1 s390-tools libevent-2_1-8 libexempi3 libexif12 libexiv2-26 libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss mozilla-nss-certs libfreetype6 libfreetype6-32bit libgadu3 libgc1 libgcc_s1 libgcc_s1-32bit libgomp1 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-pp-gcc10 libstdc++6-pp-gcc10-32bit libgcrypt20 libgcrypt20-32bit libgd3 libgif7 libgit2-28 libgme0 libgnome-autoar-0-0 libgnome-autoar-gtk-0-0 libgraphite2-3 libgxps2 libhdf5-103 libhogweed4 libhogweed4-32bit libnettle6 libnettle6-32bit libhunspell-1_6-0 libical-glib3 libical3 libicu60_2 libicu60_2-ledata libidn11 libidn2-0 libidn2-0-32bit libidn2-lang libimobiledevice6 libusbmuxd4 libixml11 libupnp17 libjansson4 libjansson4-32bit libjasper4 libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles libjbig2 libjpeg8 libjson-c3 libksba8 liblcms2-2 libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client libldb2 libldb2-32bit python3-ldb liblouis-data liblouis19 python3-louis liblua5_3-5 liblua5_3-5-32bit lua53 liblz4-1 liblz4-1-32bit liblzo2-2 libmad0 libmariadb3 libmarkdown2 libminiupnpc16 libminizip1 libz1 libz1-32bit libmms0 libmp3lame0 libmpfr6 libmpg123-0 mpg123-openal mpg123-pulse libmspack0 libmwaw-0_3-3 libmysqld19 libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen libndp0 libnetpbm11 netpbm libnewt0_52 libnghttp2-14 libnghttp2-14-32bit libntfs-3g87 ntfs-3g ntfsprogs libopencv3_3 libopenjp2-7 libopenjpeg1 libopenmpt0 libopenssl1_1 libopenssl1_1-32bit openssl-1_1 libopus0 libosinfo libosinfo-1_0-0 libosinfo-lang typelib-1_0-Libosinfo-1_0 libpango-1_0-0 typelib-1_0-Pango-1_0 libpano13-3 libpcap1 libpcre1 libpcre1-32bit libpcre2-16-0 libpcre2-8-0 libpcsclite1 pcsc-lite libplist3 libpng16-16 libpng16-16-32bit libpolkit0 polkit typelib-1_0-Polkit-1_0 libpoppler-cpp0 libpoppler-glib8 libpoppler-qt5-1 libpoppler89 poppler-tools libpotrace0 libpq5 libprocps7 procps libproxy1 libproxy1-config-gnome3 libproxy1-config-kde libproxy1-networkmanager libproxy1-pacrunner-webkit libpskc0 libpurple libpurple-lang libpurple-tcl pidgin libpython2_7-1_0 python python-base libpython3_6m1_0 python3 python3-base python3-curses python3-dbm libqpdf26 libqt5-qtwebengine libquicktime0 librados2 librbd1 libraptor2-0 libraw16 libreoffice libreoffice-base libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-ar libreoffice-l10n-bg libreoffice-l10n-bs libreoffice-l10n-ca libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-eo libreoffice-l10n-es libreoffice-l10n-et libreoffice-l10n-fa libreoffice-l10n-fi libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-id libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-ko libreoffice-l10n-lt libreoffice-l10n-nb libreoffice-l10n-nl libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-sk libreoffice-l10n-sl libreoffice-l10n-sv libreoffice-l10n-uk libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit libreoffice-gtk2 libruby2_5-2_5 ruby2.5 ruby2.5-stdlib libseccomp2 libserf-1-1 libslirp0 libsndfile1 libsndfile1-32bit libsnmp30 net-snmp perl-SNMP snmp-mibs libsolv-tools python3-solv ruby-solv libsoup-2_4-1 libsoup-lang typelib-1_0-Soup-2_4 libspice-client-glib-2_0-8 libspice-client-glib-helper libspice-client-gtk-3_0-5 typelib-1_0-SpiceClientGlib-2_0 typelib-1_0-SpiceClientGtk-3_0 libspice-server1 libsqlite3-0 sqlite3 libsrt1 libsrtp2-1 libssh2-1 libssh4 libssh4-32bit libstaroffice-0_0-0 libsystemd0 libsystemd0-32bit libudev1 libudev1-32bit systemd systemd-32bit systemd-container systemd-doc systemd-lang systemd-sysvinit udev libtag1 libtag_c0 libtasn1 libtasn1-6 libtasn1-6-32bit libthai-data libthai0 libtiff5 libtirpc-netconfig libtirpc3 libtirpc3-32bit libtpms0 libtss2-esys0 libtss2-mu0 libtss2-sys0 libudisks2-0 libudisks2-0_btrfs udisks2 udisks2-lang libunwind libupsclient1 nut nut-cgi libvdpau1 libvirglrenderer0 libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-qemu libvirt-libs libvlc5 libvlccore9 vlc vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau libvmtools0 open-vm-tools open-vm-tools-desktop libvncclient0 libvorbis0 libvorbis0-32bit libvorbisenc2 libvorbisenc2-32bit libvorbisfile3 libvpx4 libwavpack1 libwebp7 libwebpdemux2 libwebpmux3 libwmf-0_2-7 libwpd-0_10-10 libxapian30 libxerces-c-3_2 libxkbcommon-x11-0 libxkbcommon0 libxml2-2 libxml2-2-32bit libxml2-tools python3-libxml2-python libxslt-tools libxslt1 libyaml-0-2 libyaml-cpp0_6 libzip5 libzstd1 libzstd1-32bit libzypp login_defs shadow logrotate mailx mariadb mariadb-client mariadb-errormessages messagelib messagelib-lang mozilla-nspr nfs-client nfs-kernel-server okular okular-lang openconnect openconnect-lang openslp openslp-32bit openssh openssh-clients openssh-common openssh-server openssl openvpn ovmf qemu-ovmf-x86_64 qemu-uefi-aarch64 p7zip p7zip-full pam pam-32bit pam-doc perl perl-base perl-base-32bit perl-core-DB_File perl-Archive-Zip perl-HTML-Parser perl-LWP-Protocol-https perl-XML-LibXML perl-XML-Twig permissions plasma5-desktop plasma5-desktop-emojier plasma5-desktop-lang powerpc-utils ppc64-diag ppp procmail python3-cryptography python3-cupshelpers system-config-printer system-config-printer-applet system-config-printer-common system-config-printer-common-lang system-config-printer-dbus-service udev-configure-printer python3-numpy python3-pip python3-requests python3-setuptools python3-urllib3 qemu qemu-arm qemu-audio-spice qemu-block-curl qemu-block-rbd qemu-block-ssh qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-microvm qemu-ppc qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86 rpcbind rpm rpm-32bit rsync rsyslog rtkit ruby2.5-rubygem-nokogiri sane-backends sane-backends-autoconfig screen sddm sddm-branding-openSUSE sharutils sharutils-lang shim spice-vdagent squashfs sudo sudo-plugin-python swtpm tar tar-lang tar-rmt telepathy-idle texlive-lm-fonts tmux tnftp transmission-common transmission-gtk transmission-gtk-lang trousers u-boot-rpiarm64 u-boot-rpiarm64-doc ucode-intel unixODBC unzip unzip-doc update-alternatives vim vim-data vim-data-common virt-install virt-manager virt-manager-common virtualbox-guest-tools virtualbox-guest-x11 virtualbox-kmp-default vorbis-tools vorbis-tools-lang vsftpd w3m wget wget-lang wicked wicked-service wpa_supplicant xdg-utils xen-libs xinetd xorg-x11-essentials xrdb xorg-x11-server xorg-x11-server-extra xorg-x11-server-wayland xscreensaver xscreensaver-data xscreensaver-lang yast2-security yast2-users zypper zypper-log zypper-needs-restarting libgroupsock30 libliveMedia94 live555 live555-devel gstreamer-plugins-bad-32bit gstreamer-plugins-bad-64bit gstreamer-plugins-bad-chromaprint gstreamer-plugins-bad-chromaprint-32bit gstreamer-plugins-bad-chromaprint-64bit gstreamer-plugins-bad-devel gstreamer-plugins-bad-doc gstreamer-plugins-bad-fluidsynth gstreamer-plugins-bad-fluidsynth-32bit gstreamer-plugins-bad-fluidsynth-64bit libgstadaptivedemux-1_0-0-32bit libgstadaptivedemux-1_0-0-64bit libgstbadaudio-1_0-0-32bit libgstbadaudio-1_0-0-64bit libgstbasecamerabinsrc-1_0-0-32bit libgstbasecamerabinsrc-1_0-0-64bit libgstcodecparsers-1_0-0-32bit libgstcodecparsers-1_0-0-64bit libgstinsertbin-1_0-0 libgstinsertbin-1_0-0-32bit libgstinsertbin-1_0-0-64bit libgstisoff-1_0-0-32bit libgstisoff-1_0-0-64bit libgstmpegts-1_0-0-32bit libgstmpegts-1_0-0-64bit libgstphotography-1_0-0-32bit libgstphotography-1_0-0-64bit libgstplayer-1_0-0 libgstplayer-1_0-0-32bit libgstplayer-1_0-0-64bit libgstsctp-1_0-0-32bit libgstsctp-1_0-0-64bit libgsturidownloader-1_0-0-32bit libgsturidownloader-1_0-0-64bit libgstwayland-1_0-0-32bit libgstwayland-1_0-0-64bit libgstwebrtc-1_0-0-32bit libgstwebrtc-1_0-0-64bit typelib-1_0-GstInsertBin-1_0 typelib-1_0-GstMpegts-1_0 typelib-1_0-GstPlayer-1_0 typelib-1_0-GstWebRTC-1_0 solo-udev claws-mail claws-mail-devel claws-mail-lang fossil nextcloud nextcloud-apache icinga2 icinga2-bin icinga2-common icinga2-doc icinga2-ido-mysql icinga2-ido-pgsql nano-icinga2 vim-icinga2 chromedriver python3-virtualbox virtualbox virtualbox-devel virtualbox-guest-desktop-icons virtualbox-guest-source virtualbox-host-source virtualbox-kmp-preempt virtualbox-qt virtualbox-vnc virtualbox-websrv balsa balsa-lang opera aria2 aria2-devel aria2-lang libaria2-0 seamonkey seamonkey-dom-inspector seamonkey-irc prosody bgzip htsfile libhts-devel libhts-devel-64bit libhts3 libhts3-64bit tabix libspf2-2 libspf2-devel libspf2-tools cacti cacti-spine tor gifsicle fail2ban monitoring-plugins-fail2ban haserl php-composer transfig mupdf mupdf-devel-static libmbedcrypto3 libmbedcrypto3-32bit libmbedcrypto3-64bit libmbedtls12 libmbedtls12-32bit libmbedtls12-64bit libmbedx509-0 libmbedx509-0-32bit libmbedx509-0-64bit mbedtls-devel ssh-audit hylafax+ hylafax+-client libfaxutil7_0_4 permissions-zypp-plugin singularity hiredis hiredis-devel libhiredis0_13 barrier netdata kafka-kit kafka-source c-toxcore c-toxcore-daemon c-toxcore-devel libtoxcore2 postsrsd privoxy privoxy-doc upx inn inn-devel mininews htmldoc libxls-devel libxls-tools libxlsreader8 abcm2ps pcmanfm pcmanfm-devel pcmanfm-lang bazel-skylib1.0.3-source bazel3.7 libiomp5 libiomp5-gnu-hpc libiomp5-gnu-openmpi2-hpc libtensorflow2 libtensorflow2-gnu-hpc libtensorflow2-gnu-openmpi2-hpc libtensorflow_cc2 libtensorflow_cc2-gnu-hpc libtensorflow_cc2-gnu-openmpi2-hpc libtensorflow_framework2 libtensorflow_framework2-gnu-hpc libtensorflow_framework2-gnu-openmpi2-hpc tensorflow2 tensorflow2-devel tensorflow2-doc tensorflow2-gnu-hpc tensorflow2-gnu-openmpi2-hpc tensorflow2-lite tensorflow2-lite-devel tensorflow2_2_6_0-gnu-hpc tensorflow2_2_6_0-gnu-hpc-devel tensorflow2_2_6_0-gnu-hpc-doc tensorflow2_2_6_0-gnu-openmpi2-hpc tensorflow2_2_6_0-gnu-openmpi2-hpc-devel tensorflow2_2_6_0-gnu-openmpi2-hpc-doc firejail atheme atheme-devel libathemecore1 chafa chafa-devel chafa-doc libchafa0 bbswitch bbswitch-kmp-default bbswitch-kmp-preempt mhvtl mhvtl-kmp-64kb mhvtl-kmp-default mhvtl-kmp-preempt openafs openafs-authlibs openafs-authlibs-devel openafs-client openafs-devel openafs-fuse_client openafs-kernel-source openafs-kmp-64kb openafs-kmp-default openafs-kmp-preempt openafs-server pcfclock pcfclock-kmp-64kb pcfclock-kmp-default pcfclock-kmp-preempt rtl8812au rtl8812au-kmp-64kb rtl8812au-kmp-default rtl8812au-kmp-preempt rtw89-firmware rtw89-kmp-64kb rtw89-kmp-default rtw89-kmp-preempt rtw89-ueficert v4l2loopback-autoload v4l2loopback-kmp-64kb v4l2loopback-kmp-default v4l2loopback-kmp-preempt v4l2loopback-utils vhba-kmp-64kb vhba-kmp-default vhba-kmp-preempt xtables-addons xtables-addons-kmp-64kb xtables-addons-kmp-default xtables-addons-kmp-preempt python3-ipython python3-ipython-iptest phpPgAdmin phpPgAdmin-apache canna canna-devel canna-libs canna-libs-32bit canna-libs-64bit trivy nim freeciv freeciv-gtk3 freeciv-lang freeciv-qt python2-treq python3-treq lighttpd lighttpd-mod_authn_gssapi lighttpd-mod_authn_ldap lighttpd-mod_authn_pam lighttpd-mod_authn_sasl lighttpd-mod_magnet lighttpd-mod_maxminddb lighttpd-mod_rrdtool lighttpd-mod_vhostdb_dbi lighttpd-mod_vhostdb_ldap lighttpd-mod_vhostdb_mysql lighttpd-mod_vhostdb_pgsql lighttpd-mod_webdav connman connman-client connman-devel connman-doc connman-nmcompat connman-plugin-hh2serial-gps connman-plugin-iospm connman-plugin-l2tp connman-plugin-openvpn connman-plugin-polkit connman-plugin-pptp connman-plugin-tist connman-plugin-vpnc connman-plugin-wireguard connman-test pngcheck gdcm gdcm-applications gdcm-devel gdcm-examples libgdcm3_0 libsocketxx1_2 orthanc orthanc-devel orthanc-doc orthanc-gdcm orthanc-source orthanc-webviewer python3-gdcm roundcubemail jhead EternalTerminal deluge deluge-lang exim eximon eximstats-html autotrace autotrace-devel libautotrace3 libtumbler-1-0 tumbler tumbler-devel tumbler-doc tumbler-folder-thumbnailer tumbler-lang tumbler-webp-thumbnailer libpano-devel libpano-utils Botan Botan-doc libbotan-2-10 libbotan-2-10-32bit libbotan-2-10-64bit libbotan-devel libbotan-devel-32bit libbotan-devel-64bit python3-botan python3-joblib rxvt-unicode python3-slixmpp vlc-devel vlc-jack vlc-opencv pdns pdns-backend-geoip pdns-backend-godbc pdns-backend-ldap pdns-backend-lua pdns-backend-mysql pdns-backend-postgresql pdns-backend-remote pdns-backend-sqlite3 pdns-recursor jawn-ast jawn-json4s jawn-parser jawn-util dxflib-devel libdxflib-3_17_0-1 civetweb civetweb-devel libcivetweb-cpp1_15_0 libcivetweb1_15_0 librecad librecad-parts libvarnishapi3 varnish varnish-devel libredwg-devel libredwg-tools libredwg0 python3-watchman watchman stb-devel zabbix-agent zabbix-java-gateway zabbix-phpfrontend zabbix-proxy zabbix-proxy-mysql zabbix-proxy-postgresql zabbix-proxy-sqlite zabbix-server zabbix-server-mysql zabbix-server-postgresql libsphinxclient-0_0_1 libsphinxclient-devel sphinx mc mc-lang cobbler cobbler-tests cobbler-web envoy-proxy envoy-proxy-source libdxfrw-devel libdxfrw-tools libdxfrw1 libshp-devel libshp2 shapelib nodejs-electron nodejs-electron-devel bitcoin-qt5 bitcoin-test bitcoin-utils bitcoind libbitcoinconsensus-devel libbitcoinconsensus0 perl-App-cpanminus minidlna ansible ansible-doc ansible-test weechat weechat-devel weechat-lang weechat-lua weechat-perl weechat-python weechat-ruby weechat-spell weechat-tcl openSUSE-build-key fish3 fish3-devel icingacli icingaweb2 icingaweb2-common icingaweb2-vendor-HTMLPurifier icingaweb2-vendor-JShrink icingaweb2-vendor-Parsedown icingaweb2-vendor-dompdf icingaweb2-vendor-lessphp icingaweb2-vendor-zf1 php-Icinga minetest minetest-data minetest-lang minetestserver libasn1-8 libgssapi3 libhcrypto4 libhdb9 libheimbase1 libheimdal-devel libheimedit0 libheimntlm0 libhx509-5 libkadm5clnt7 libkadm5srv8 libkafs0 libkdc2 libkrb5-26 libotp0 libroken18 libsl0 libwind0 multimon-ng libpkgconf-devel libpkgconf3 pkgconf python3-Django djvulibre djvulibre-doc libdjvulibre-devel graphviz-devel graphviz-doc graphviz-guile graphviz-gvedit graphviz-java graphviz-lua graphviz-perl graphviz-php graphviz-python graphviz-ruby graphviz-smyrna graphviz-tcl fribidi fribidi-devel libfribidi0 libfribidi0-32bit libass-devel libass9-32bit java-1_8_0-openj9 java-1_8_0-openj9-accessibility java-1_8_0-openj9-demo java-1_8_0-openj9-devel java-1_8_0-openj9-headless java-1_8_0-openj9-javadoc java-1_8_0-openj9-src libu2f-host-devel libu2f-host-doc libu2f-host0 u2f-host ruby2.5-rubygem-actionpack-5_1 ruby2.5-rubygem-actionpack-doc-5_1 hivex hivex-devel hivex-lang libhivex0 ocaml-hivex ocaml-hivex-devel perl-Win-Hivex python-hivex curl-mini libcurl-devel libcurl-devel-32bit libcurl-mini-devel libcurl4-mini postgresql13 postgresql13-contrib postgresql13-devel postgresql13-docs postgresql13-llvmjit postgresql13-plperl postgresql13-plpython postgresql13-pltcl postgresql13-server postgresql13-server-devel postgresql13-test python2-httplib2 python3-httplib2 nginx nginx-source vim-plugin-nginx gstreamer-32bit gstreamer-devel gstreamer-doc gstreamer-plugins-base-32bit gstreamer-plugins-base-devel gstreamer-plugins-base-devel-32bit gstreamer-plugins-base-doc gstreamer-plugins-good-32bit gstreamer-plugins-good-doc gstreamer-plugins-good-extra gstreamer-plugins-good-extra-32bit gstreamer-plugins-good-jack gstreamer-plugins-good-jack-32bit gstreamer-plugins-good-qtqml gstreamer-plugins-ugly-32bit gstreamer-plugins-ugly-doc libgstallocators-1_0-0-32bit libgstapp-1_0-0-32bit libgstaudio-1_0-0-32bit libgstfft-1_0-0-32bit libgstgl-1_0-0-32bit libgstpbutils-1_0-0-32bit libgstreamer-1_0-0-32bit libgstriff-1_0-0-32bit libgstrtp-1_0-0-32bit libgstrtsp-1_0-0-32bit libgstsdp-1_0-0-32bit libgsttag-1_0-0-32bit libgstvideo-1_0-0-32bit typelib-1_0-GstAllocators-1_0 typelib-1_0-GstApp-1_0 typelib-1_0-GstGL-1_0 typelib-1_0-GstRtp-1_0 typelib-1_0-GstRtsp-1_0 typelib-1_0-GstSdp-1_0 liblz4-devel lz4 bind-devel bind-doc libirs-devel ceph ceph-base ceph-common ceph-fuse ceph-grafana-dashboards ceph-immutable-object-cache ceph-mds ceph-mgr ceph-mgr-cephadm ceph-mgr-dashboard ceph-mgr-diskprediction-cloud ceph-mgr-diskprediction-local ceph-mgr-k8sevents ceph-mgr-modules-core ceph-mgr-rook ceph-mon ceph-osd ceph-prometheus-alerts ceph-radosgw ceph-test cephadm cephfs-shell libcephfs-devel libcephfs2 librados-devel libradospp-devel librbd-devel librgw-devel librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw rados-objclass-devel rbd-fuse rbd-mirror rbd-nbd xstream xstream-benchmark xstream-javadoc xstream-parent dhcp-devel dhcp-doc dhcp-relay dhcp-server libpolkit0-32bit polkit-devel polkit-doc python-avahi python-avahi-gtk python2-py python3-py libwebp6 libwebp6-32bit libwebpdecoder2 libwebpdecoder2-32bit libwebpextras0 libwebpextras0-32bit libwebpmux2 libwebpmux2-32bit umoci snakeyaml snakeyaml-javadoc MozillaFirefox-branding-upstream MozillaFirefox-buildsymbols MozillaFirefox-devel pam_radius pam_radius-32bit libX11-6-32bit libX11-devel libX11-devel-32bit libX11-xcb1-32bit libmodplug-devel libmodplug1 libmodplug1-32bit libopenmpt-devel libopenmpt0-32bit libopenmpt_modplug1 libopenmpt_modplug1-32bit openmpt123 libxml2-devel libxml2-devel-32bit libxml2-doc python2-libxml2-python qemu-audio-alsa qemu-audio-pa qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-chardev-baum qemu-extra qemu-hw-s390x-virtio-gpu-ccw qemu-ivshmem-tools qemu-kvm qemu-lang qemu-s390x qemu-skiboot qemu-vhost-user-gpu python3-salt salt salt-api salt-bash-completion salt-cloud salt-doc salt-fish-completion salt-master salt-minion salt-proxy salt-ssh salt-standalone-formulas-configuration salt-syndic salt-transactional-update salt-zsh-completion containerd containerd-ctr docker docker-bash-completion docker-fish-completion docker-zsh-completion runc libjpeg-turbo libjpeg62 libjpeg62-32bit libjpeg62-devel libjpeg62-devel-32bit libjpeg62-turbo libjpeg8-32bit libjpeg8-devel libjpeg8-devel-32bit libturbojpeg0 libturbojpeg0-32bit squid postgresql10 postgresql10-contrib postgresql10-devel postgresql10-docs postgresql10-plperl postgresql10-plpython postgresql10-pltcl postgresql10-server postgresql10-test cluster-md-kmp-azure dlm-kmp-azure gfs2-kmp-azure kernel-azure kernel-azure-devel kernel-azure-extra kernel-azure-livepatch-devel kernel-azure-optional kernel-devel-azure kernel-source-azure kernel-syms-azure kselftests-kmp-azure ocfs2-kmp-azure reiserfs-kmp-azure cluster-md-kmp-64kb cluster-md-kmp-default cluster-md-kmp-preempt dlm-kmp-64kb dlm-kmp-default dlm-kmp-preempt gfs2-kmp-64kb gfs2-kmp-default gfs2-kmp-preempt kernel-64kb-devel kernel-64kb-livepatch-devel kernel-debug kernel-debug-devel kernel-debug-livepatch-devel kernel-default-base kernel-default-base-rebuild kernel-default-devel kernel-default-livepatch kernel-default-livepatch-devel kernel-devel kernel-docs kernel-docs-html kernel-kvmsmall-devel kernel-kvmsmall-livepatch-devel kernel-macros kernel-obs-build kernel-obs-qa kernel-preempt-devel kernel-preempt-livepatch-devel kernel-source kernel-source-vanilla kernel-syms kernel-zfcpdump kselftests-kmp-64kb kselftests-kmp-default kselftests-kmp-preempt ocfs2-kmp-64kb ocfs2-kmp-default ocfs2-kmp-preempt reiserfs-kmp-64kb reiserfs-kmp-default reiserfs-kmp-preempt java-1_8_0-openjdk java-1_8_0-openjdk-accessibility java-1_8_0-openjdk-demo java-1_8_0-openjdk-devel java-1_8_0-openjdk-headless java-1_8_0-openjdk-javadoc java-1_8_0-openjdk-src postgresql12 postgresql12-contrib postgresql12-devel postgresql12-docs postgresql12-llvmjit postgresql12-plperl postgresql12-plpython postgresql12-pltcl postgresql12-server postgresql12-server-devel postgresql12-test tpm2.0-tools jetty-annotations jetty-client jetty-continuation jetty-http jetty-io jetty-jaas jetty-javax-websocket-client-impl jetty-javax-websocket-server-impl jetty-jmx jetty-jndi jetty-jsp jetty-minimal-javadoc jetty-openid jetty-plus jetty-proxy jetty-security jetty-server jetty-servlet jetty-util jetty-util-ajax jetty-webapp jetty-websocket-api jetty-websocket-client jetty-websocket-common jetty-websocket-javadoc jetty-websocket-server jetty-websocket-servlet jetty-xml python2-rsa python3-rsa xterm xterm-bin python2-distro python3-distro ovmf-tools qemu-ovmf-ia32 qemu-ovmf-x86_64-debug qemu-uefi-aarch32 dovecot23 dovecot23-backend-mysql dovecot23-backend-pgsql dovecot23-backend-sqlite dovecot23-devel dovecot23-fts dovecot23-fts-lucene dovecot23-fts-solr dovecot23-fts-squat libsbc1 libsbc1-32bit libwireshark14 libwiretap11 libwsutil12 sbc sbc-devel wireshark wireshark-devel wireshark-ui-qt apache2-devel apache2-event apache2-worker cryptctl libnettle-devel libnettle-devel-32bit nettle freeradius-server freeradius-server-devel freeradius-server-doc freeradius-server-krb5 freeradius-server-ldap freeradius-server-libs freeradius-server-mysql freeradius-server-perl freeradius-server-postgresql freeradius-server-python3 freeradius-server-sqlite freeradius-server-utils libgupnp-1_2-0 libgupnp-1_2-0-32bit libgupnp-devel typelib-1_0-GUPnP-1_0 libgcrypt-cavs libgcrypt-devel libgcrypt-devel-32bit libgcrypt20-hmac libgcrypt20-hmac-32bit libIlmImf-2_2-23-32bit libIlmImfUtil-2_2-23 libIlmImfUtil-2_2-23-32bit openexr openexr-devel openexr-doc bouncycastle bouncycastle-javadoc bouncycastle-mail bouncycastle-pg bouncycastle-pkix bouncycastle-tls arpwatch arpwatch-ethercodes-build go1.16 go1.16-doc go1.16-race lua53-devel lua53-doc go1.15 go1.15-doc go1.15-race kubevirt-container-disk kubevirt-manifests kubevirt-tests kubevirt-virt-api kubevirt-virt-controller kubevirt-virt-handler kubevirt-virt-launcher kubevirt-virt-operator kubevirt-virtctl bluez-auto-enable-devices bluez-cups bluez-deprecated bluez-devel bluez-devel-32bit bluez-test libbluetooth3-32bit dbus-1-devel dbus-1-devel-32bit dbus-1-devel-doc jdom2 jdom2-javadoc redis libsqlite3-0-32bit sqlite3-devel sqlite3-doc ffmpeg ffmpeg-private-devel libavcodec-devel libavcodec57-32bit libavdevice-devel libavdevice57 libavdevice57-32bit libavfilter-devel libavfilter6 libavfilter6-32bit libavformat-devel libavformat57-32bit libavresample-devel libavresample3 libavresample3-32bit libavutil-devel libavutil55-32bit libpostproc-devel libpostproc54 libpostproc54-32bit libswresample-devel libswresample2-32bit libswscale-devel libswscale4-32bit nodejs12 nodejs12-devel nodejs12-docs npm12 nodejs10 nodejs10-devel nodejs10-docs npm10 nodejs14 nodejs14-devel nodejs14-docs npm14 systemd-bash-completion libudev-devel libudev-devel-32bit nss-myhostname nss-myhostname-32bit nss-mymachines nss-mymachines-32bit nss-resolve nss-systemd systemd-coredump systemd-devel systemd-journal-remote systemd-logger systemd-network caribou caribou-common caribou-devel caribou-gtk-module-common caribou-gtk2-module caribou-gtk3-module caribou-lang libcaribou0 typelib-1_0-Caribou-1_0 kernel-debug-base kernel-default-man kernel-kvmsmall-base kernel-vanilla kernel-vanilla-base kernel-vanilla-devel kernel-vanilla-livepatch-devel kernel-zfcpdump-man crmsh crmsh-scripts crmsh-test qemu-s390 git git-arch git-core git-credential-gnome-keyring git-credential-libsecret git-cvs git-daemon git-doc git-email git-gui git-p4 git-svn git-web gitk perl-Git fastjar php7-pear-Archive_Tar php7-wddx qemu-audio-oss libjavascriptcoregtk-4_0-18-32bit libwebkit2gtk-4_0-37-32bit typelib-1_0-WebKit2WebExtension-4_0 webkit-jsc-4 webkit2gtk3-devel webkit2gtk3-minibrowser libmariadbd-devel libmariadbd19 mariadb-bench mariadb-rpm-macros mariadb-test mariadb-tools apache-commons-compress apache-commons-compress-javadoc mariadb-galera libmysqld-devel nodejs8 nodejs8-devel nodejs8-docs npm8 mysql-connector-java php7-bcmath php7-bz2 php7-calendar php7-curl php7-dba php7-devel php7-embed php7-enchant php7-exif php7-fastcgi php7-fileinfo php7-firebird php7-fpm php7-ftp php7-gd php7-gettext php7-gmp php7-intl php7-ldap php7-mbstring php7-odbc php7-opcache php7-openssl php7-pcntl php7-phar php7-posix php7-readline php7-shmop php7-snmp php7-soap php7-sockets php7-sodium php7-sysvmsg php7-sysvsem php7-sysvshm php7-tidy php7-xmlrpc php7-xsl php7-zip php7-zlib python2-reportlab python3-reportlab grafana golang-github-prometheus-prometheus dracut-saltboot mgr-cfg mgr-cfg-actions mgr-cfg-client mgr-cfg-management mgr-custom-info mgr-osa-dispatcher mgr-osad mgr-push mgr-virtualization-host python2-mgr-cfg python2-mgr-cfg-actions python2-mgr-cfg-client python2-mgr-cfg-management python2-mgr-osa-common python2-mgr-osa-dispatcher python2-mgr-osad python2-mgr-push python2-mgr-virtualization-common python2-mgr-virtualization-host python2-rhnlib python2-spacewalk-check python2-spacewalk-client-setup python2-spacewalk-client-tools python2-spacewalk-koan python2-spacewalk-oscap python2-suseRegisterInfo python2-uyuni-common-libs python3-mgr-cfg python3-mgr-cfg-actions python3-mgr-cfg-client python3-mgr-cfg-management python3-mgr-osa-common python3-mgr-osa-dispatcher python3-mgr-osad python3-mgr-push python3-mgr-virtualization-common python3-mgr-virtualization-host python3-rhnlib python3-spacewalk-check python3-spacewalk-client-setup python3-spacewalk-client-tools python3-spacewalk-koan python3-spacewalk-oscap python3-suseRegisterInfo python3-uyuni-common-libs spacecmd spacewalk-check spacewalk-client-setup spacewalk-client-tools spacewalk-koan spacewalk-oscap suseRegisterInfo python2-rpm python3-rpm rpm-build rpm-devel rpm-ndb rpm-ndb-32bit hawkey-man libdnf-devel libdnf-repo-config-zypp libdnf2 python3-hawkey python3-libdnf dtb-al dtb-allwinner dtb-altera dtb-amd dtb-amlogic dtb-apm dtb-arm dtb-broadcom dtb-cavium dtb-exynos dtb-freescale dtb-hisilicon dtb-lg dtb-marvell dtb-mediatek dtb-nvidia dtb-qcom dtb-renesas dtb-rockchip dtb-socionext dtb-sprd dtb-xilinx dtb-zte c-ares-devel c-ares-utils libcares2-32bit libsndfile-devel libsndfile-progs haproxy fetchmail fetchmailconf aspell aspell-devel aspell-ispell aspell-spell libaspell15 libaspell15-32bit libpspell15 libpspell15-32bit krb5-client krb5-devel krb5-devel-32bit krb5-mini krb5-mini-devel krb5-plugin-kdb-ldap krb5-plugin-preauth-otp krb5-plugin-preauth-pkinit krb5-server 389-ds 389-ds-devel 389-ds-snmp lib389 libsvrcore0 libmspack-devel libmspack0-32bit mspack-tools libvirt libvirt-admin libvirt-daemon-config-nwfilter libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-storage-gluster libvirt-daemon-hooks libvirt-daemon-lxc libvirt-daemon-xen libvirt-devel libvirt-devel-32bit libvirt-doc libvirt-lock-sanlock libvirt-nss wireshark-plugin-libvirt aws-cli python2-asn1crypto python2-boto3 python2-botocore python2-cffi python2-cryptography python2-pyasn1 python2-pycparser python2-urllib3 python3-asn1crypto python3-boto3 python3-botocore python3-cffi python3-pyasn1 python3-pycparser libopenssl-1_0_0-devel libopenssl-1_0_0-devel-32bit libopenssl10 libopenssl1_0_0 libopenssl1_0_0-32bit libopenssl1_0_0-hmac libopenssl1_0_0-hmac-32bit libopenssl1_0_0-steam libopenssl1_0_0-steam-32bit openssl-1_0_0 openssl-1_0_0-cavs openssl-1_0_0-doc libopenssl-1_1-devel libopenssl-1_1-devel-32bit libopenssl1_1-hmac libopenssl1_1-hmac-32bit openssl-1_1-doc spectre-meltdown-checker xen xen-devel xen-doc-html xen-libs-32bit xen-tools xen-tools-domU xen-tools-xendomains-wait-disk libesmtp libesmtp-devel libipa_hbac-devel libipa_hbac0 libnfsidmap-sss libsss_certmap-devel libsss_certmap0 libsss_idmap-devel libsss_idmap0 libsss_nss_idmap-devel libsss_nss_idmap0 libsss_simpleifp-devel libsss_simpleifp0 python3-ipa_hbac python3-sss-murmur python3-sss_nss_idmap python3-sssd-config sssd sssd-ad sssd-common sssd-dbus sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools sssd-wbclient sssd-wbclient-devel sssd-winbind-idmap java-11-openjdk-accessibility java-11-openjdk-demo java-11-openjdk-devel java-11-openjdk-javadoc java-11-openjdk-jmods java-11-openjdk-src libxerces-c-3_1 libxerces-c-3_1-32bit libntfs-3g-devel ntfsprogs-extra libtpms-devel aom-tools libaom-devel libaom-devel-doc libaom0 libaom0-32bit php7-pear php7-pecl apache2-mod_auth_openidc ghostscript-devel libspectre-devel libspectre1 libcroco libcroco-0_6-3-32bit libcroco-devel grafana-piechart-panel ctdb ctdb-pcp-pmda ctdb-tests libdcerpc-devel libdcerpc-samr-devel libdcerpc-samr0 libdcerpc-samr0-32bit libndr-devel libndr-krb5pac-devel libndr-nbt-devel libndr-standard-devel libnetapi-devel libnetapi-devel-32bit libsamba-credentials-devel libsamba-errors-devel libsamba-hostconfig-devel libsamba-passdb-devel libsamba-policy-devel libsamba-policy-python3-devel libsamba-policy0-python3-32bit libsamba-util-devel libsamdb-devel libsmbclient-devel libsmbclient0-32bit libsmbconf-devel libsmbldap-devel libtevent-util-devel libwbclient-devel samba-ad-dc samba-ad-dc-32bit samba-ceph samba-core-devel samba-doc samba-dsdb-modules samba-libs-python3-32bit samba-test grilo-devel grilo-lang grilo-tools libgrilo-0_3-0 libgrlnet-0_3-0 libgrlpls-0_3-0 typelib-1_0-Grl-0_3 typelib-1_0-GrlNet-0_3 typelib-1_0-GrlPls-0_3 linuxptp gd gd-devel libgd3-32bit libshibsp-lite8 libshibsp9 shibboleth-sp shibboleth-sp-devel libecpg6 libecpg6-32bit libpq5-32bit glibc-devel glibc-devel-32bit glibc-devel-static glibc-devel-static-32bit glibc-html glibc-i18ndata glibc-info glibc-profile glibc-profile-32bit glibc-utils glibc-utils-32bit libcryptopp-devel libcryptopp5_6_5 libcryptopp5_6_5-32bit erlang-rabbitmq-client rabbitmq-server rabbitmq-server-plugins rust-cbindgen libQt5Svg5 libQt5Svg5-32bit libqt5-qtsvg-devel libqt5-qtsvg-devel-32bit libqt5-qtsvg-examples libqt5-qtsvg-private-headers-devel kmod-compat MozillaFirefox-branding-SLE strongswan strongswan-doc strongswan-hmac strongswan-ipsec strongswan-libs0 strongswan-mysql strongswan-nm strongswan-sqlite flatpak-devel flatpak-zsh-completion typelib-1_0-Flatpak-1_0 libblkid-devel libblkid-devel-32bit libblkid-devel-static libfdisk-devel libfdisk-devel-32bit libfdisk-devel-static libfdisk1-32bit libmount-devel libmount-devel-32bit libmount-devel-static libsmartcols-devel libsmartcols-devel-32bit libsmartcols-devel-static libsmartcols1-32bit libuuid-devel libuuid-devel-32bit libuuid-devel-static python3-libmount uuidd go1.17 go1.17-doc go1.17-race libpython2_7-1_0-32bit python-32bit python-base-32bit python-curses python-demo python-devel python-doc python-doc-pdf python-gdbm python-idle python-tk python-xml libncurses5 libncurses5-32bit libncurses6-32bit ncurses-devel ncurses-devel-32bit ncurses5-devel ncurses5-devel-32bit tack docker-kubic docker-kubic-bash-completion docker-kubic-fish-completion docker-kubic-kubeadm-criconfig docker-kubic-zsh-completion wireguard-tools libpcre16-0 libpcre16-0-32bit libpcrecpp0 libpcrecpp0-32bit libpcreposix0 libpcreposix0-32bit pcre-devel pcre-devel-static pcre-doc pcre-tools dnsmasq-utils busybox busybox-static qemu-linux-user qemu-testsuite binutils-devel binutils-devel-32bit binutils-gold bpftrace bpftrace-tools cross-aarch64-binutils cross-arm-binutils cross-avr-binutils cross-epiphany-binutils cross-hppa-binutils cross-hppa64-binutils cross-i386-binutils cross-ia64-binutils cross-m68k-binutils cross-mips-binutils cross-ppc-binutils cross-ppc64-binutils cross-ppc64le-binutils cross-riscv64-binutils cross-rx-binutils cross-s390-binutils cross-s390x-binutils cross-sparc-binutils cross-sparc64-binutils cross-spu-binutils cross-x86_64-binutils ruby2.5-rubygem-activerecord-5_1 libtinyxml0 tinyxml-devel tinyxml-docs ldb-tools libdcerpc-binding0-64bit libdcerpc-samr0-64bit libdcerpc0-64bit libldb-devel libndr-krb5pac0-64bit libndr-nbt0-64bit libndr-standard0-64bit libndr1-64bit libnetapi-devel-64bit libnetapi0-64bit libsamba-credentials0-64bit libsamba-errors0-64bit libsamba-hostconfig0-64bit libsamba-passdb0-64bit libsamba-policy0-python3-64bit libsamba-util0-64bit libsamdb0-64bit libsmbclient0-64bit libsmbconf0-64bit libsmbldap2-64bit libtevent-util0-64bit libwbclient0-64bit python3-ldb-32bit python3-ldb-devel samba-ad-dc-64bit samba-client-64bit samba-gpupdate samba-ldb-ldap samba-libs-64bit samba-libs-python3-64bit samba-winbind-64bit libndr0 libndr0-32bit drbd-utils tomcat tomcat-admin-webapps tomcat-docs-webapp tomcat-el-3_0-api tomcat-embed tomcat-javadoc tomcat-jsp-2_3-api tomcat-jsvc tomcat-lib tomcat-servlet-4_0-api tomcat-webapps libsamba-policy-python-devel libsamba-policy0 libsamba-policy0-32bit samba-libs-python samba-libs-python-32bit samba-python postgresql14 postgresql14-contrib postgresql14-devel postgresql14-devel-mini postgresql14-docs postgresql14-llvmjit postgresql14-plperl postgresql14-plpython postgresql14-pltcl postgresql14-server postgresql14-server-devel postgresql14-test bind-devel-32bit libbind9-1600-32bit libdns1605-32bit libirs1601-32bit libisc1606-32bit libisccc1600-32bit libisccfg1600-32bit libns1604-32bit libnetcdf13 libnetcdf13-32bit libnetcdf13-openmpi libnetcdf13-openmpi-32bit netcdf-openmpi netcdf-openmpi-devel netcdf-openmpi-devel-data netcdf-openmpi-devel-static libnetcdf_4_7_3-gnu-hpc libnetcdf_4_7_3-gnu-mpich-hpc libnetcdf_4_7_3-gnu-mvapich2-hpc libnetcdf_4_7_3-gnu-openmpi2-hpc libnetcdf_4_7_3-gnu-openmpi3-hpc netcdf_4_7_3-gnu-hpc netcdf_4_7_3-gnu-hpc-devel netcdf_4_7_3-gnu-hpc-devel-static netcdf_4_7_3-gnu-mpich-hpc netcdf_4_7_3-gnu-mpich-hpc-devel netcdf_4_7_3-gnu-mpich-hpc-devel-static netcdf_4_7_3-gnu-mvapich2-hpc netcdf_4_7_3-gnu-mvapich2-hpc-devel netcdf_4_7_3-gnu-mvapich2-hpc-devel-static netcdf_4_7_3-gnu-openmpi2-hpc netcdf_4_7_3-gnu-openmpi2-hpc-devel netcdf_4_7_3-gnu-openmpi2-hpc-devel-static netcdf_4_7_3-gnu-openmpi3-hpc netcdf_4_7_3-gnu-openmpi3-hpc-devel netcdf_4_7_3-gnu-openmpi3-hpc-devel-static libnetcdf-gnu-openmpi1-hpc libnetcdf_4_6_1-gnu-hpc libnetcdf_4_6_1-gnu-mpich-hpc libnetcdf_4_6_1-gnu-mvapich2-hpc libnetcdf_4_6_1-gnu-openmpi1-hpc libnetcdf_4_6_1-gnu-openmpi2-hpc netcdf-gnu-openmpi1-hpc netcdf-gnu-openmpi1-hpc-devel netcdf_4_6_1-gnu-hpc netcdf_4_6_1-gnu-hpc-devel netcdf_4_6_1-gnu-hpc-devel-data netcdf_4_6_1-gnu-hpc-devel-static netcdf_4_6_1-gnu-mpich-hpc netcdf_4_6_1-gnu-mpich-hpc-devel netcdf_4_6_1-gnu-mpich-hpc-devel-static netcdf_4_6_1-gnu-mvapich2-hpc netcdf_4_6_1-gnu-mvapich2-hpc-devel netcdf_4_6_1-gnu-mvapich2-hpc-devel-static netcdf_4_6_1-gnu-openmpi1-hpc netcdf_4_6_1-gnu-openmpi1-hpc-devel netcdf_4_6_1-gnu-openmpi1-hpc-devel-static netcdf_4_6_1-gnu-openmpi2-hpc netcdf_4_6_1-gnu-openmpi2-hpc-devel netcdf_4_6_1-gnu-openmpi2-hpc-devel-static ruby2.5-devel ruby2.5-devel-extra ruby2.5-doc ruby2.5-doc-ri python3-Pygments python2-Pygments libpoppler73 libpoppler73-32bit python3-sqlparse libspeex1 libspeex1-32bit speex speex-devel libnetcdf-gnu-hpc libnetcdf-gnu-mpich-hpc libnetcdf-gnu-mvapich2-hpc libnetcdf-gnu-openmpi2-hpc libnetcdf-gnu-openmpi3-hpc libnetcdf-gnu-openmpi4-hpc libnetcdf18 libnetcdf18-32bit libnetcdf18-openmpi2 libnetcdf18-openmpi2-32bit libnetcdf18-openmpi3 libnetcdf18-openmpi3-32bit libnetcdf18-openmpi4 libnetcdf18-openmpi4-32bit libnetcdf_4_7_4-gnu-hpc libnetcdf_4_7_4-gnu-mpich-hpc libnetcdf_4_7_4-gnu-mvapich2-hpc libnetcdf_4_7_4-gnu-openmpi2-hpc libnetcdf_4_7_4-gnu-openmpi3-hpc libnetcdf_4_7_4-gnu-openmpi4-hpc netcdf netcdf-devel netcdf-devel-data netcdf-devel-static netcdf-gnu-hpc netcdf-gnu-hpc-devel netcdf-gnu-mpich-hpc netcdf-gnu-mpich-hpc-devel netcdf-gnu-mvapich2-hpc netcdf-gnu-mvapich2-hpc-devel netcdf-gnu-openmpi2-hpc netcdf-gnu-openmpi2-hpc-devel netcdf-gnu-openmpi3-hpc netcdf-gnu-openmpi3-hpc-devel netcdf-gnu-openmpi4-hpc netcdf-gnu-openmpi4-hpc-devel netcdf-openmpi2 netcdf-openmpi2-devel netcdf-openmpi2-devel-static netcdf-openmpi3 netcdf-openmpi3-devel netcdf-openmpi3-devel-static netcdf-openmpi4 netcdf-openmpi4-devel netcdf-openmpi4-devel-static netcdf_4_7_4-gnu-hpc netcdf_4_7_4-gnu-hpc-devel netcdf_4_7_4-gnu-hpc-devel-static netcdf_4_7_4-gnu-mpich-hpc netcdf_4_7_4-gnu-mpich-hpc-devel netcdf_4_7_4-gnu-mpich-hpc-devel-static netcdf_4_7_4-gnu-mvapich2-hpc netcdf_4_7_4-gnu-mvapich2-hpc-devel netcdf_4_7_4-gnu-mvapich2-hpc-devel-static netcdf_4_7_4-gnu-openmpi2-hpc netcdf_4_7_4-gnu-openmpi2-hpc-devel netcdf_4_7_4-gnu-openmpi2-hpc-devel-static netcdf_4_7_4-gnu-openmpi3-hpc netcdf_4_7_4-gnu-openmpi3-hpc-devel netcdf_4_7_4-gnu-openmpi3-hpc-devel-static netcdf_4_7_4-gnu-openmpi4-hpc netcdf_4_7_4-gnu-openmpi4-hpc-devel netcdf_4_7_4-gnu-openmpi4-hpc-devel-static aaa_base aaa_base-extras aaa_base-malloccheck aaa_base-wsl libfreebl3-32bit libfreebl3-hmac-32bit libsoftokn3-32bit libsoftokn3-hmac-32bit mozilla-nss-32bit mozilla-nss-certs-32bit mozilla-nss-devel mozilla-nss-sysinit mozilla-nss-sysinit-32bit mozilla-nss-tools brotli libbrotli-devel libbrotlicommon1 libbrotlicommon1-32bit libbrotlidec1 libbrotlidec1-32bit libbrotlienc1 libbrotlienc1-32bit php7-test glib-networking glib-networking-32bit glib-networking-lang python-Babel-doc python2-Babel python3-Babel python3-Babel-doc gmp-devel gmp-devel-32bit libgmp10 libgmp10-32bit libgmpxx4 libgmpxx4-32bit clamav clamav-devel libclamav9 libfreshclam2 openssh-askpass-gnome openssh-cavs openssh-fips openssh-helpers ImageMagick-config-7-upstream ImageMagick-devel ImageMagick-devel-32bit ImageMagick-doc ImageMagick-extra libMagick++-7_Q16HDRI4-32bit libMagick++-devel libMagick++-devel-32bit libMagickCore-7_Q16HDRI6-32bit libMagickWand-7_Q16HDRI6-32bit perl-PerlMagick log4j log4j-javadoc log4j-jcl log4j-slf4j python2-pip python2-pip-wheel python3-pip-wheel icu.691 icu.691-devel icu.691-doc libicu69 libicu69-bedata libicu69-ledata xorg-x11-server-sdk xorg-x11-server-source libpython3_6m1_0-32bit python3-devel python3-doc python3-doc-devhelp python3-idle python3-testsuite python3-tk python3-tools disruptor disruptor-javadoc jakarta-servlet jakarta-servlet-javadoc logback logback-access logback-examples logback-javadoc log4j-manual log4j12 log4j12-javadoc log4j12-manual libp11-kit0 libp11-kit0-32bit p11-kit p11-kit-32bit p11-kit-devel p11-kit-nss-trust p11-kit-nss-trust-32bit p11-kit-tools gegl gegl-devel gegl-doc libgegl-0_4-0-32bit typelib-1_0-Gegl-0_4 gegl-0_3 gegl-0_3-lang libgegl-0_3-0 typelib-1_0-Gegl-0_3 java-1_8_0-ibm java-1_8_0-ibm-32bit java-1_8_0-ibm-alsa java-1_8_0-ibm-demo java-1_8_0-ibm-devel java-1_8_0-ibm-devel-32bit java-1_8_0-ibm-plugin java-1_8_0-ibm-src openvpn-auth-pam-plugin openvpn-devel openvpn-down-root-plugin libSDL2-2_0-0-32bit libSDL2-devel libSDL2-devel-32bit libprotobuf-lite20 libprotobuf-lite20-32bit libprotobuf20 libprotobuf20-32bit libprotoc20 libprotoc20-32bit protobuf-devel protobuf-java protobuf-source python2-protobuf python3-protobuf libminizip1-32bit minizip-devel zlib-devel zlib-devel-32bit zlib-devel-static zlib-devel-static-32bit python2-numpy python2-numpy-devel python2-numpy-gnu-hpc python2-numpy-gnu-hpc-devel python2-numpy_1_16_5-gnu-hpc python2-numpy_1_16_5-gnu-hpc-devel kernel-firmware yaml-cpp-devel virglrenderer-devel virglrenderer-test-server libexif-devel libexif-devel-32bit libexif12-32bit opensc opensc-32bit libsolv-demo libsolv-devel libzypp-devel libzypp-devel-doc perl-solv python-solv zypper-aptitude liblzma5 liblzma5-32bit xz xz-devel xz-devel-32bit xz-lang xz-static-devel libsvn_auth_gnome_keyring-1-0 libsvn_auth_kwallet-1-0 subversion subversion-bash-completion subversion-devel subversion-perl subversion-python subversion-python-ctypes subversion-ruby subversion-server subversion-tools libopenjp2-7-32bit openjpeg2 openjpeg2-devel icedtea-web icedtea-web-javadoc jsoup jsoup-javadoc jsr-305 jsr-305-javadoc netty netty-javadoc netty-poms libSDL-1_2-0-32bit libSDL-devel libSDL-devel-32bit GraphicsMagick GraphicsMagick-devel libGraphicsMagick++-Q16-12 libGraphicsMagick++-devel libGraphicsMagick-Q16-3 libGraphicsMagick3-config libGraphicsMagickWand-Q16-2 perl-GraphicsMagick nbd dcraw dcraw-lang libopenjpeg1-32bit openjpeg openjpeg-devel openjpeg-devel-32bit swtpm-devel libinput-devel libinput-tools libinput-udev libinput10 libinput10-32bit libpodofo-devel libpodofo0_9_6 podofo python3-numpy-devel python3-numpy-gnu-hpc python3-numpy-gnu-hpc-devel python3-numpy_1_17_3-gnu-hpc python3-numpy_1_17_3-gnu-hpc-devel mutt mutt-doc mutt-lang prometheus-postgres_exporter go1.18 go1.18-doc go1.18-race ant ant-antlr ant-apache-bcel ant-apache-bsf ant-apache-log4j ant-apache-oro ant-apache-regexp ant-apache-resolver ant-apache-xalan2 ant-commons-logging ant-commons-net ant-imageio ant-javamail ant-jdepend ant-jmf ant-jsch ant-junit ant-junit5 ant-manual ant-scripts ant-swing ant-testutil ant-xz cifs-utils-devel pam_cifscreds firewall-applet firewall-config buildah libcryptsetup-devel libcryptsetup12-32bit libcryptsetup12-hmac libcryptsetup12-hmac-32bit python-paramiko-doc python2-paramiko python3-paramiko gio-branding-upstream glib2-devel glib2-devel-32bit glib2-devel-static glib2-tests glib2-tools-32bit libgio-fam libgio-fam-32bit libgthread-2_0-0-32bit libslirp-devel caca-utils libcaca-devel libcaca-ruby libcaca0-32bit libcaca0-plugins libcaca0-plugins-32bit python3-caca python-Twisted-doc python2-Twisted python3-Twisted jasper libjasper-devel libjasper4-32bit libpython3_9-1_0 libpython3_9-1_0-32bit python39 python39-32bit python39-base python39-base-32bit python39-curses python39-dbm python39-devel python39-doc python39-doc-devhelp python39-idle python39-testsuite python39-tk python39-tools cargo1.56 rust1.56 aide aide-test pcp-pmda-kvm pcp-pmda-postgresql python-pcp amazon-ssm-agent ruby2.5-rubygem-puma ruby2.5-rubygem-puma-doc libwmf-0_2-7-32bit libwmf-devel libwmf-gnome libwmf-gnome-32bit libwmf-tools apache2-mod_auth_mellon apache2-mod_auth_mellon-diagnostics apache2-mod_auth_mellon-doc pgadmin4 pgadmin4-doc pgadmin4-web pgadmin4-web-uwsgi tar-backup-scripts tar-doc tar-tests giflib-devel giflib-devel-32bit giflib-progs libgif7-32bit libZXing1 zxing-cpp-devel rsyslog-diag-tools rsyslog-doc rsyslog-module-dbi rsyslog-module-elasticsearch rsyslog-module-gcrypt rsyslog-module-gssapi rsyslog-module-gtls rsyslog-module-mmnormalize rsyslog-module-mysql rsyslog-module-omamqp1 rsyslog-module-omhttpfs rsyslog-module-omtcl rsyslog-module-ossl rsyslog-module-pgsql rsyslog-module-relp rsyslog-module-snmp rsyslog-module-udpspoof gzip finch finch-devel libpurple-branding-upstream libpurple-devel libpurple-plugin-sametime pidgin-devel libnss_slurm2 libpmi0 libslurm36 perl-slurm slurm slurm-auth-none slurm-config slurm-config-man slurm-cray slurm-devel slurm-doc slurm-hdf5 slurm-lua slurm-munge slurm-node slurm-openlava slurm-pam_slurm slurm-plugins slurm-rest slurm-seff slurm-sjstat slurm-slurmdbd slurm-sql slurm-sview slurm-torque slurm-webdoc openldap2 openldap2-back-meta openldap2-back-perl openldap2-back-sock openldap2-back-sql openldap2-contrib openldap2-devel openldap2-devel-32bit openldap2-devel-static openldap2-doc openldap2-ppolicy-check-password jackson-annotations jackson-annotations-javadoc jackson-bom jackson-core jackson-core-javadoc jackson-databind jackson-databind-javadoc jackson-dataformat-cbor jackson-dataformat-smile jackson-dataformats-binary jackson-dataformats-binary-javadoc e2fsprogs-devel libcom_err-devel libcom_err-devel-32bit libcom_err-devel-static libext2fs-devel libext2fs-devel-32bit libext2fs-devel-static libext2fs2-32bit cargo1.55 rust1.55 cargo1.57 rust1.57 libunbound2 unbound unbound-anchor unbound-devel unbound-munin unbound-python libexpat-devel libexpat-devel-32bit bsdtar libarchive-devel libarchive13-32bit libnss_slurm2_20_11 libpmi0_20_11 perl-slurm_20_11 slurm_20_11 slurm_20_11-auth-none slurm_20_11-config slurm_20_11-config-man slurm_20_11-cray slurm_20_11-devel slurm_20_11-doc slurm_20_11-hdf5 slurm_20_11-lua slurm_20_11-munge slurm_20_11-node slurm_20_11-openlava slurm_20_11-pam_slurm slurm_20_11-plugins slurm_20_11-rest slurm_20_11-seff slurm_20_11-sjstat slurm_20_11-slurmdbd slurm_20_11-sql slurm_20_11-sview slurm_20_11-torque slurm_20_11-webdoc libjson-c-devel libjson-c-doc libjson-c3-32bit cups-ddk cups-devel cups-devel-32bit libcupscgi1-32bit libcupsimage2-32bit libcupsmime1-32bit libcupsppdc1-32bit libtiff-devel libtiff-devel-32bit libtiff5-32bit tiff libpcre2-16-0-32bit libpcre2-32-0 libpcre2-32-0-32bit libpcre2-8-0-32bit libpcre2-posix2 libpcre2-posix2-32bit pcre2-devel pcre2-devel-static pcre2-doc pcre2-tools helm-mirror dpdk dpdk-devel dpdk-doc dpdk-examples dpdk-kmp-default dpdk-kmp-preempt dpdk-thunderx dpdk-thunderx-devel dpdk-thunderx-doc dpdk-thunderx-examples dpdk-thunderx-kmp-default dpdk-thunderx-kmp-preempt dpdk-thunderx-tools dpdk-tools libdpdk-20_0 hdf5-gnu-hpc hdf5-gnu-hpc-devel hdf5-gnu-mpich-hpc hdf5-gnu-mpich-hpc-devel hdf5-gnu-mvapich2-hpc hdf5-gnu-mvapich2-hpc-devel hdf5-gnu-openmpi3-hpc hdf5-gnu-openmpi3-hpc-devel hdf5-gnu-openmpi4-hpc hdf5-gnu-openmpi4-hpc-devel hdf5-hpc-examples hdf5_1_10_8-gnu-hpc hdf5_1_10_8-gnu-hpc-devel hdf5_1_10_8-gnu-hpc-devel-static hdf5_1_10_8-gnu-hpc-module hdf5_1_10_8-gnu-mpich-hpc hdf5_1_10_8-gnu-mpich-hpc-devel hdf5_1_10_8-gnu-mpich-hpc-devel-static hdf5_1_10_8-gnu-mpich-hpc-module hdf5_1_10_8-gnu-mvapich2-hpc hdf5_1_10_8-gnu-mvapich2-hpc-devel hdf5_1_10_8-gnu-mvapich2-hpc-devel-static hdf5_1_10_8-gnu-mvapich2-hpc-module hdf5_1_10_8-gnu-openmpi3-hpc hdf5_1_10_8-gnu-openmpi3-hpc-devel hdf5_1_10_8-gnu-openmpi3-hpc-devel-static hdf5_1_10_8-gnu-openmpi3-hpc-module hdf5_1_10_8-gnu-openmpi4-hpc hdf5_1_10_8-gnu-openmpi4-hpc-devel hdf5_1_10_8-gnu-openmpi4-hpc-devel-static hdf5_1_10_8-gnu-openmpi4-hpc-module hdf5_1_10_8-hpc-examples libhdf5-gnu-hpc libhdf5-gnu-mpich-hpc libhdf5-gnu-mvapich2-hpc libhdf5-gnu-openmpi3-hpc libhdf5-gnu-openmpi4-hpc libhdf5_1_10_8-gnu-hpc libhdf5_1_10_8-gnu-mpich-hpc libhdf5_1_10_8-gnu-mvapich2-hpc libhdf5_1_10_8-gnu-openmpi3-hpc libhdf5_1_10_8-gnu-openmpi4-hpc libhdf5_cpp-gnu-hpc libhdf5_cpp-gnu-mpich-hpc libhdf5_cpp-gnu-mvapich2-hpc libhdf5_cpp-gnu-openmpi3-hpc libhdf5_cpp-gnu-openmpi4-hpc libhdf5_cpp_1_10_8-gnu-hpc libhdf5_cpp_1_10_8-gnu-mpich-hpc libhdf5_cpp_1_10_8-gnu-mvapich2-hpc libhdf5_cpp_1_10_8-gnu-openmpi3-hpc libhdf5_cpp_1_10_8-gnu-openmpi4-hpc libhdf5_fortran-gnu-hpc libhdf5_fortran-gnu-mpich-hpc libhdf5_fortran-gnu-mvapich2-hpc libhdf5_fortran-gnu-openmpi3-hpc libhdf5_fortran-gnu-openmpi4-hpc libhdf5_fortran_1_10_8-gnu-hpc libhdf5_fortran_1_10_8-gnu-mpich-hpc libhdf5_fortran_1_10_8-gnu-mvapich2-hpc libhdf5_fortran_1_10_8-gnu-openmpi3-hpc libhdf5_fortran_1_10_8-gnu-openmpi4-hpc libhdf5_hl-gnu-hpc libhdf5_hl-gnu-mpich-hpc libhdf5_hl-gnu-mvapich2-hpc libhdf5_hl-gnu-openmpi3-hpc libhdf5_hl-gnu-openmpi4-hpc libhdf5_hl_1_10_8-gnu-hpc libhdf5_hl_1_10_8-gnu-mpich-hpc libhdf5_hl_1_10_8-gnu-mvapich2-hpc libhdf5_hl_1_10_8-gnu-openmpi3-hpc libhdf5_hl_1_10_8-gnu-openmpi4-hpc libhdf5_hl_cpp-gnu-hpc libhdf5_hl_cpp-gnu-mpich-hpc libhdf5_hl_cpp-gnu-mvapich2-hpc libhdf5_hl_cpp-gnu-openmpi3-hpc libhdf5_hl_cpp-gnu-openmpi4-hpc libhdf5_hl_cpp_1_10_8-gnu-hpc libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc libhdf5_hl_fortran-gnu-hpc libhdf5_hl_fortran-gnu-mpich-hpc libhdf5_hl_fortran-gnu-mvapich2-hpc libhdf5_hl_fortran-gnu-openmpi3-hpc libhdf5_hl_fortran-gnu-openmpi4-hpc libhdf5hl_fortran_1_10_8-gnu-hpc libhdf5hl_fortran_1_10_8-gnu-mpich-hpc libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc patch google-gson google-gson-javadoc netty3 netty3-javadoc u-boot-avnetultra96rev1 u-boot-avnetultra96rev1-doc u-boot-bananapim64 u-boot-bananapim64-doc u-boot-dragonboard410c u-boot-dragonboard410c-doc u-boot-dragonboard820c u-boot-dragonboard820c-doc u-boot-evb-rk3399 u-boot-evb-rk3399-doc u-boot-firefly-rk3399 u-boot-firefly-rk3399-doc u-boot-geekbox u-boot-geekbox-doc u-boot-hikey u-boot-hikey-doc u-boot-khadas-vim u-boot-khadas-vim-doc u-boot-khadas-vim2 u-boot-khadas-vim2-doc u-boot-libretech-ac u-boot-libretech-ac-doc u-boot-libretech-cc u-boot-libretech-cc-doc u-boot-ls1012afrdmqspi u-boot-ls1012afrdmqspi-doc u-boot-mvebudb-88f3720 u-boot-mvebudb-88f3720-doc u-boot-mvebudbarmada8k u-boot-mvebudbarmada8k-doc u-boot-mvebuespressobin-88f3720 u-boot-mvebuespressobin-88f3720-doc u-boot-mvebumcbin-88f8040 u-boot-mvebumcbin-88f8040-doc u-boot-nanopia64 u-boot-nanopia64-doc u-boot-odroid-c2 u-boot-odroid-c2-doc u-boot-odroid-c4 u-boot-odroid-c4-doc u-boot-odroid-n2 u-boot-odroid-n2-doc u-boot-orangepipc2 u-boot-orangepipc2-doc u-boot-p2371-2180 u-boot-p2371-2180-doc u-boot-p2771-0000-500 u-boot-p2771-0000-500-doc u-boot-p3450-0000 u-boot-p3450-0000-doc u-boot-pine64plus u-boot-pine64plus-doc u-boot-pinebook u-boot-pinebook-doc u-boot-pinebook-pro-rk3399 u-boot-pinebook-pro-rk3399-doc u-boot-pineh64 u-boot-pineh64-doc u-boot-pinephone u-boot-pinephone-doc u-boot-poplar u-boot-poplar-doc u-boot-rock-pi-4-rk3399 u-boot-rock-pi-4-rk3399-doc u-boot-rock64-rk3328 u-boot-rock64-rk3328-doc u-boot-rock960-rk3399 u-boot-rock960-rk3399-doc u-boot-rockpro64-rk3399 u-boot-rockpro64-rk3399-doc u-boot-rpi3 u-boot-rpi3-doc u-boot-rpi4 u-boot-rpi4-doc u-boot-tools u-boot-xilinxzynqmpvirt u-boot-xilinxzynqmpvirt-doc u-boot-xilinxzynqmpzcu102rev10 u-boot-xilinxzynqmpzcu102rev10-doc u-boot-xilinxzynqmpgeneric u-boot-xilinxzynqmpgeneric-doc gimp-devel libgimp-2_0-0-32bit libgimpui-2_0-0-32bit grub2-arm64-efi-debug grub2-branding-upstream grub2-i386-pc-debug grub2-powerpc-ieee1275-debug grub2-s390x-emu grub2-s390x-emu-debug grub2-x86_64-efi-debug grub2-x86_64-xen gvim vim-small ruby2.5-rubygem-activesupport-5_1 ruby2.5-rubygem-activesupport-doc-5_1 golang-github-prometheus-alertmanager golang-github-prometheus-node_exporter drbd drbd-kmp-64kb drbd-kmp-default drbd-kmp-preempt drbd-kmp-rt liblouis-devel liblouis-doc liblouis-tools ruby2.5-rubygem-rack ruby2.5-rubygem-rack-doc ruby2.5-rubygem-rack-testsuite liblouis14 qemu-SLOF libdpdk-18_11 conmon libcontainers-common libseccomp-devel libseccomp-tools libseccomp2-32bit podman podman-cni-config libekmfweb1-devel osasnmpd s390-tools-hmcdrvfs s390-tools-zdsfs dfu-tool fwupd-devel fwupdtpmevlog typelib-1_0-FwupdPlugin-1_0 ldirectord monitoring-plugins-metadata resource-agents fwupdate fwupdate-devel fwupdate-efi libfwup1 libnbd libnbd-bash-completion libnbd-devel libnbd0 nbdfuse crash crash-devel crash-doc crash-eppic crash-gcore crash-kmp-64kb crash-kmp-default crash-kmp-preempt freerdp-devel freerdp-proxy freerdp-server freerdp-wayland libuwac0-0 uwac0-0-devel winpr2-devel oracleasm-kmp-64kb oracleasm-kmp-default oracleasm-kmp-preempt oracleasm-kmp-rt python2-PyJWT python3-PyJWT mozilla-nspr-32bit mozilla-nspr-devel nodejs16 nodejs16-devel nodejs16-docs npm16 python-M2Crypto-doc python2-M2Crypto python3-M2Crypto aws-iam-authenticator samba-ad-dc-libs samba-ad-dc-libs-32bit samba-client-libs samba-client-libs-32bit samba-devel samba-devel-32bit samba-tool samba-winbind-libs samba-winbind-libs-32bit ruby2.5-rubygem-tzinfo ruby2.5-rubygem-tzinfo-doc ruby2.5-rubygem-tzinfo-testsuite booth booth-test dwarves libasm-devel libasm1-32bit libdw-devel libdwarves-devel libdwarves-devel-32bit libdwarves1 libdwarves1-32bit libebl-devel libelf-devel libelf-devel-32bit mokutil xscreensaver-data-extra harfbuzz-devel harfbuzz-tools libharfbuzz-gobject0 libharfbuzz-gobject0-32bit libharfbuzz-icu0 libharfbuzz-icu0-32bit libharfbuzz-subset0 libharfbuzz-subset0-32bit libharfbuzz0 libharfbuzz0-32bit typelib-1_0-HarfBuzz-0_0 libqpdf21 python2-ujson python3-ujson libwavpack1-32bit wavpack wavpack-devel python2-codecov python3-codecov update-test-security apache2-mod_apparmor krb5-plugin-preauth-spake libapparmor-devel libapparmor1 libapparmor1-32bit libtalloc-devel libtalloc2 libtalloc2-32bit libtdb-devel libtdb1 libtdb1-32bit libtevent-devel libtevent0 libtevent0-32bit pam_apparmor pam_apparmor-32bit python3-talloc python3-talloc-32bit python3-talloc-devel python3-tdb python3-tdb-32bit python3-tevent python3-tevent-32bit ruby-apparmor talloc-man tdb-tools tevent-man python-atomicwrites-doc python2-apipkg python2-atomicwrites python2-coverage python2-pycodestyle python2-pyflakes python3-apipkg python3-atomicwrites python3-coverage python3-pycodestyle python3-pyflakes systemd-presets-common-SUSE ruby2.5-rubygem-rails-html-sanitizer ruby2.5-rubygem-rails-html-sanitizer-doc ruby2.5-rubygem-rails-html-sanitizer-testsuite perl-HTTP-Daemon gfbgraph-devel libgfbgraph-0_2-0 typelib-1_0-GFBGraph-0_2 libspice-server-devel gnutls-guile libgnutls-devel libgnutls-devel-32bit libgnutls30-hmac libgnutls30-hmac-32bit libgnutlsxx-devel libgnutlsxx28 libraptor-devel libraptor2-0-32bit raptor python2-lxml python2-lxml-devel python3-lxml python3-lxml-devel libyang-cpp-devel libyang-cpp1 libyang-devel libyang-doc libyang-extentions libyang1 python3-yang yang-tools keepalived libvmtools-devel open-vm-tools-sdmp gdk-pixbuf-devel gdk-pixbuf-devel-32bit gdk-pixbuf-query-loaders-32bit libgdk_pixbuf-2_0-0-32bit typelib-1_0-GdkPixdata-2_0 python3-Flask-Security-Too libopenvswitch-2_13-0 libovn-20_03-0 python-bottle-doc python2-bottle python3-bottle libopenvswitch-2_14-0 libovn-20_06-0 openvswitch openvswitch-devel openvswitch-doc openvswitch-ipsec openvswitch-pki openvswitch-test openvswitch-vtep ovn ovn-central ovn-devel ovn-doc ovn-docker ovn-host ovn-vtep python3-ovs libicu60_2-32bit libicu60_2-bedata icu libicu-devel libicu-devel-32bit libicu-doc libicu-suse65_1 libicu-suse65_1-32bit libicu65_1-bedata libicu65_1-ledata libudisks2-0-devel libudisks2-0_bcache libudisks2-0_lsm libudisks2-0_lvm2 libudisks2-0_zram typelib-1_0-UDisks-2_0 libyajl-devel libyajl-devel-32bit libyajl-devel-static libyajl2 libyajl2-32bit yajl golang-github-QubitProducts-exporter_exporter python2-hwdata python3-hwdata libEMF-devel libEMF-utils libEMF1 frr frr-devel libfrr0 libfrr_pb0 libfrrcares0 libfrrfpm_pb0 libfrrgrpc_pb0 libfrrospfapiclient0 libfrrsnmp0 libfrrzmq0 libmlag_pb0 freetype2-devel freetype2-devel-32bit freetype2-profile-tti35 ft2demos ftbench ftdiff ftdump ftgamma ftgrid ftinspect ftlint ftmulti ftstring ftvalid ftview ruby2.5-rubygem-kramdown ruby2.5-rubygem-kramdown-doc ruby2.5-rubygem-kramdown-testsuite libzapojit-0_0-0 libzapojit-devel typelib-1_0-Zpj-0_0 perl-32bit perl-core-DB_File-32bit perl-doc libtirpc-devel sqlite3-tcl libwireshark15 libwiretap12 libwsutil13 obs-service-kubevirt_containers_meta go1.19 go1.19-doc go1.19-race libonig4 oniguruma-devel containerized-data-importer-api containerized-data-importer-cloner containerized-data-importer-controller containerized-data-importer-importer containerized-data-importer-manifests containerized-data-importer-operator containerized-data-importer-uploadproxy containerized-data-importer-uploadserver obs-service-cdi_containers_meta cargo1.62 rust1.62 libostree libostree-1-1 libostree-devel libostree-grub2 typelib-1_0-OSTree-1_0 libpmi0_18_08 perl-slurm_18_08 slurm_18_08 slurm_18_08-auth-none slurm_18_08-config slurm_18_08-config-man slurm_18_08-cray slurm_18_08-devel slurm_18_08-doc slurm_18_08-hdf5 slurm_18_08-lua slurm_18_08-munge slurm_18_08-node slurm_18_08-openlava slurm_18_08-pam_slurm slurm_18_08-plugins slurm_18_08-seff slurm_18_08-sjstat slurm_18_08-slurmdbd slurm_18_08-sql slurm_18_08-sview slurm_18_08-torque slurm_18_08-webdoc libslurm33 libslurm35 libnss_slurm2_20_02 libpmi0_20_02 perl-slurm_20_02 slurm_20_02 slurm_20_02-auth-none slurm_20_02-config slurm_20_02-config-man slurm_20_02-cray slurm_20_02-devel slurm_20_02-doc slurm_20_02-hdf5 slurm_20_02-lua slurm_20_02-munge slurm_20_02-node slurm_20_02-openlava slurm_20_02-pam_slurm slurm_20_02-plugins slurm_20_02-rest slurm_20_02-seff slurm_20_02-sjstat slurm_20_02-slurmdbd slurm_20_02-sql slurm_20_02-sview slurm_20_02-torque slurm_20_02-webdoc libgit2-28-32bit libgit2-devel libgit2-26 libgit2-26-32bit libslurm32 exiv2 exiv2-lang libexiv2-26-32bit libexiv2-devel libexiv2-doc postgresql-jdbc postgresql-jdbc-javadoc libreoffice-base-drivers-postgresql libreoffice-calc-extensions libreoffice-gdb-pretty-printers libreoffice-glade libreoffice-l10n-af libreoffice-l10n-am libreoffice-l10n-as libreoffice-l10n-ast libreoffice-l10n-be libreoffice-l10n-bn libreoffice-l10n-bn_IN libreoffice-l10n-bo libreoffice-l10n-br libreoffice-l10n-brx libreoffice-l10n-ca_valencia libreoffice-l10n-ckb libreoffice-l10n-cy libreoffice-l10n-dgo libreoffice-l10n-dsb libreoffice-l10n-dz libreoffice-l10n-en_ZA libreoffice-l10n-eu libreoffice-l10n-fur libreoffice-l10n-fy libreoffice-l10n-ga libreoffice-l10n-gd libreoffice-l10n-gl libreoffice-l10n-gu libreoffice-l10n-gug libreoffice-l10n-he libreoffice-l10n-hi libreoffice-l10n-hr libreoffice-l10n-hsb libreoffice-l10n-is libreoffice-l10n-ka libreoffice-l10n-kab libreoffice-l10n-kk libreoffice-l10n-km libreoffice-l10n-kmr_Latn libreoffice-l10n-kn libreoffice-l10n-kok libreoffice-l10n-ks libreoffice-l10n-lb libreoffice-l10n-lo libreoffice-l10n-lv libreoffice-l10n-mai libreoffice-l10n-mk libreoffice-l10n-ml libreoffice-l10n-mn libreoffice-l10n-mni libreoffice-l10n-mr libreoffice-l10n-my libreoffice-l10n-ne libreoffice-l10n-nn libreoffice-l10n-nr libreoffice-l10n-nso libreoffice-l10n-oc libreoffice-l10n-om libreoffice-l10n-or libreoffice-l10n-pa libreoffice-l10n-pt_PT libreoffice-l10n-ro libreoffice-l10n-rw libreoffice-l10n-sa_IN libreoffice-l10n-sat libreoffice-l10n-sd libreoffice-l10n-si libreoffice-l10n-sid libreoffice-l10n-sq libreoffice-l10n-sr libreoffice-l10n-ss libreoffice-l10n-st libreoffice-l10n-sw_TZ libreoffice-l10n-szl libreoffice-l10n-ta libreoffice-l10n-te libreoffice-l10n-tg libreoffice-l10n-th libreoffice-l10n-tn libreoffice-l10n-tr libreoffice-l10n-ts libreoffice-l10n-tt libreoffice-l10n-ug libreoffice-l10n-uz libreoffice-l10n-ve libreoffice-l10n-vec libreoffice-l10n-vi libreoffice-l10n-xh libreoffice-l10n-zu libreoffice-librelogo libreoffice-officebean libreoffice-sdk libreoffice-sdk-doc libreoffice-writer-extensions libreofficekit-devel helm helm-bash-completion helm-fish-completion helm-zsh-completion clone-master-clean-up libksba-devel kpartx libdmmp-devel libdmmp0_2_0 libmpath0 multipath-tools multipath-tools-devel libdmmp0_1_0 multipath-tools-rbd python2-waitress python3-waitress golang-github-lusitaniae-apache_exporter libgpg-error-devel libgpg-error-devel-32bit libgpg-error0 libgpg-error0-32bit container-suseconnect libmad-devel libmad0-32bit telnet telnet-server libtasn1-devel libtasn1-devel-32bit libconfuse-devel libconfuse0 libconfuse0-lang hsqldb hsqldb-demo hsqldb-javadoc hsqldb-manual python2-Flask-Security python3-Flask-Security python2-lxml-doc python3-lxml-doc libgnome-desktop-3-12 libgnome-desktop-3-12-32bit ruby2.5-rubygem-loofah ruby2.5-rubygem-loofah-doc ruby2.5-rubygem-loofah-testsuite xmlbeans xmlbeans-scripts libmilter-doc libmilter1_0 rmail sendmail sendmail-devel sendmail-starttls rustup python2-Mako python3-Mako LibVNCServer-devel libvncserver0 ruby2.5-rubygem-nokogiri-doc ruby2.5-rubygem-nokogiri-testsuite python2-cryptography-vectors python3-cryptography-vectors sccache sudo-devel sudo-test dpkg dpkg-devel dpkg-lang libpixman-1-0 libpixman-1-0-32bit libpixman-1-0-devel colord colord-color-profiles colord-lang libcolord-devel libcolord2 libcolord2-32bit libcolorhug2 typelib-1_0-Colord-1_0 typelib-1_0-Colorhug-1_0 libsnmp40 libsnmp40-32bit net-snmp-devel net-snmp-devel-32bit python2-net-snmp python3-net-snmp db48-doc db48-utils libdb-4_8 libdb-4_8-32bit libdb-4_8-devel libdb-4_8-devel-32bit libdb_java-4_8 libdb_java-4_8-devel erlang erlang-debugger erlang-debugger-src erlang-dialyzer erlang-dialyzer-src erlang-diameter erlang-diameter-src erlang-doc erlang-epmd erlang-et erlang-et-src erlang-jinterface erlang-jinterface-src erlang-observer erlang-observer-src erlang-reltool erlang-reltool-src erlang-src erlang-wx erlang-wx-src supportutils bcel emacs-el emacs-x11 libnautilus-extension1-32bit nautilus-devel typelib-1_0-Nautilus-3_0 golang-github-boynux-squid_exporter golang-github-prometheus-promu apache2-mod_wsgi apache2-mod_wsgi-python3 libfmt8 cni cni-plugins cluster-md-kmp-rt dlm-kmp-rt gfs2-kmp-rt kernel-devel-rt kernel-rt kernel-rt-devel kernel-rt_debug-devel kernel-source-rt kernel-syms-rt ocfs2-kmp-rt cargo-doc rust-analysis rust-doc rust-src libsnmp30-32bit xerces-j2-scripts xerces-j2-xml-apis xerces-j2-xml-resolver xerces-j2 xerces-j2-demo xerces-j2-javadoc python39-pip ldns ldns-devel libldns2 perl-DNS-LDNS python3-ldns wpa_supplicant-gui libeconf-devel libeconf0 libeconf0-32bit zsh zsh-htmldoc cyrus-sasl-bdb cyrus-sasl-bdb-crammd5 cyrus-sasl-bdb-devel cyrus-sasl-bdb-digestmd5 cyrus-sasl-bdb-gs2 cyrus-sasl-bdb-gssapi cyrus-sasl-bdb-ntlm cyrus-sasl-bdb-otp cyrus-sasl-bdb-plain cyrus-sasl-bdb-scram cyrus-sasl-devel cyrus-sasl-devel-32bit cyrus-sasl-gs2 cyrus-sasl-ldap-auxprop cyrus-sasl-ldap-auxprop-32bit cyrus-sasl-ldap-auxprop-bdb cyrus-sasl-ntlm cyrus-sasl-otp cyrus-sasl-otp-32bit cyrus-sasl-saslauthd cyrus-sasl-saslauthd-bdb cyrus-sasl-scram cyrus-sasl-sqlauxprop cyrus-sasl-sqlauxprop-32bit cyrus-sasl-sqlauxprop-bdb tcpdump flac flac-devel flac-devel-32bit flac-doc libFLAC++6 libFLAC++6-32bit libprotobuf-lite15 libprotobuf-lite15-32bit libprotobuf15 libprotobuf15-32bit libprotoc15 libprotoc15-32bit libQt5Bootstrap-devel-static libQt5Bootstrap-devel-static-32bit libQt5Concurrent-devel libQt5Concurrent-devel-32bit libQt5Concurrent5-32bit libQt5Core-devel libQt5Core-devel-32bit libQt5Core-private-headers-devel libQt5Core5-32bit libQt5DBus-devel libQt5DBus-devel-32bit libQt5DBus-private-headers-devel libQt5DBus5-32bit libQt5Gui-devel libQt5Gui-devel-32bit libQt5Gui-private-headers-devel libQt5Gui5-32bit libQt5KmsSupport-devel-static libQt5KmsSupport-private-headers-devel libQt5Network-devel libQt5Network-devel-32bit libQt5Network-private-headers-devel libQt5Network5-32bit libQt5OpenGL-devel libQt5OpenGL-devel-32bit libQt5OpenGL-private-headers-devel libQt5OpenGL5-32bit libQt5OpenGLExtensions-devel-static libQt5OpenGLExtensions-devel-static-32bit libQt5PlatformHeaders-devel libQt5PlatformSupport-devel-static libQt5PlatformSupport-devel-static-32bit libQt5PlatformSupport-private-headers-devel libQt5PrintSupport-devel libQt5PrintSupport-devel-32bit libQt5PrintSupport-private-headers-devel libQt5PrintSupport5-32bit libQt5Sql-devel libQt5Sql-devel-32bit libQt5Sql-private-headers-devel libQt5Sql5-32bit libQt5Sql5-mysql-32bit libQt5Sql5-postgresql libQt5Sql5-postgresql-32bit libQt5Sql5-sqlite-32bit libQt5Sql5-unixODBC libQt5Sql5-unixODBC-32bit libQt5Test-devel libQt5Test-devel-32bit libQt5Test-private-headers-devel libQt5Test5-32bit libQt5Widgets-devel libQt5Widgets-devel-32bit libQt5Widgets-private-headers-devel libQt5Widgets5-32bit libQt5Xml-devel libQt5Xml-devel-32bit libQt5Xml5-32bit libqt5-qtbase-common-devel libqt5-qtbase-devel libqt5-qtbase-examples libqt5-qtbase-examples-32bit libqt5-qtbase-platformtheme-xdgdesktopportal libqt5-qtbase-private-headers-devel cargo cargo1.58 cargo1.59 rust rust1.58 rust1.59 augeas-devel augeas-devel-32bit augeas-lense-tests chrony-pool-empty chrony-pool-suse libaugeas0-32bit libcrypt1 libcrypt1-32bit libxcrypt-devel libxcrypt-devel-32bit libxcrypt-devel-static linux-glibc-devel stunnel stunnel-doc blas-devel blas-devel-32bit blas-devel-static blas-man lapack-devel lapack-devel-32bit lapack-devel-static lapack-man lapacke-devel lapacke-devel-32bit lapacke-devel-static libblas3 libblas3-32bit liblapack3 liblapack3-32bit liblapacke3 liblapacke3-32bit slirp4netns perl-DBD-SQLite rmt-server rmt-server-config rmt-server-pubcloud tcl tcl-32bit tcl-devel saphanabootstrap-formula 0:7.0.7.34-10.15.1 15.3 0:20.2.4-57.13 0:20.2.4-57.12 0:1.0.0-57.12 0:78.10.0-8.38.1 0:78.10.0-bp153.1.1 0:1.22.10-3.7.1 0:1.8.24-5.2 0:1.2.6-lp153.1.31 0:1.1.13-4.20.1 0:0.6.55-3.14 0:2.4.43-3.17.1 0:7.4.6-3.17.1 0:2.13.6-1.31 0:1.9.2-2.27 0:20.04.2-bp153.2.25 0:1.10.1-1.11 0:5.1.3-7.6.1 0:4.3.77-1.1 0:0.7-3.9.1 0:4.4-17.83 0:7.0-17.83 0:9.16.6-20.39 0:2.35.1-7.18.1 0:1.1.0+git.20170126-3.3.28 0:5.55-1.57 0:0.4.2-1.11 0:0.4.1-1.16 0:1.0.6-5.11.1 0:90.0.4430.212-bp153.1.1 0:3.2-9.21.1 0:6.9-5.12.1 0:0.1.26-1.48 0:8.32-1.2 0:2.12-3.3.1 0:7.5.0+r278197-4.25.1 0:2.9.7-11.3.1 0:4.2-6.12.2 0:1.5.1-6.12.2 0:2.3.4-1.34 0:2.2.7-3.26.1 0:1.25.0-3.3.1 0:0.2.6-1.36 0:7.66.0-4.14.1 0:2.1.27-2.2 0:1.12.2-8.3.1 0:0.108-1.29 0:4.3.5-6.6.1 0:2.2.27-1.2 0:2.78-7.8.1 0:049.1+suse.188.gbf445638-3.30.1 0:1.43.8-4.26.1 0:0.168-4.5.3 0:25.3-3.6.51 0:3.34.2-1.46 0:3.34.2-1.115 0:3.34.4-1.49 0:3.34.4-3.3.1 0:2.2.5-3.6.1 0:5.32-7.11.2 0:3.32.5-1.8 0:0.9.3-1.1 0:1.10.2-4.6.1 0:2.1.2-bp153.1.35 0:2.9.7-3.3.1 0:1.5.8-1.13 0:0.1.3-1.38 0:1.1-1.15 0:10.1-8.24.1 0:2.40.0-3.3.1 0:2.46.5-3.3.1 0:3.34.1-8.18.1 0:0.4.16-1.99 0:9.52-3.32.1 0:2.10.12-7.25 0:2.10.12-3.3.7 0:2.62.6-3.6.1 0:2.31-7.30 0:2.31-7.20 0:2.26-13.8.1 0:3.34.7-3.3.2 0:3.34.1-1.62 0:2.24.32+67-2.28 0:3.34.2+0-4.3.1 0:3.34.5-8.1 0:3.34.3-4.3.1 0:6.2.6-bp153.1.16 0:3.6.7-14.10.2 0:2.40.1-6.6.4 0:2.40.1-6.6.8 0:3.1-4.3.12 0:1.22.3-5.3.1 0:2.04-20.4 0:1.16.2-1.53 0:1.16.2-lp153.2.114 0:1.16.2-2.12 0:1.16.2-1.85 0:1.16.2-1.75 0:1.0.0-2.35 0:1.42.2-4.24 0:3.20.11-2.1 0:1.5.23-1.56 0:1.6.1-1.53 0:1.5.0-4.37 0:0.7.8.6-30.1 0:2.1.4-30.1 0:11.0.11.0-3.56.1 0:1.6-3.3.1 0:5.76.0-bp153.1.16 0:0.9.0-16.1 0:5.3.18-57.3 0:20210208-2.4 0:5.76.0-bp153.1.15 0:20.04.2-bp153.2.12 0:1.7.5-bp153.1.25 0:1.16.3-3.18.1 0:5.18.5-bp153.1.28 0:5.76.0-bp153.1.14 0:530-1.6 0:2019.06.28-bp153.1.20 0:1.3.2-3.6.1 0:3.22-1.26 0:1.0.9-1.25 0:2.2.1-3.27.1 0:5.12.7-4.12.2 0:1.2.15-3.12.73 0:2.0.8-9.63 0:1.8.0-3.11.1 0:1.6.5-3.15.1 0:1.2.0-1.18 0:1.1.15-1.18 0:1.1.2-1.23 0:1.3.3-1.30 0:5.0.3-1.24 0:1.5.4-1.17 0:2.0.3-1.17 0:1.7.9-3.2.1 0:1.1.3-1.22 0:1.5.1-2.17 0:0.9.10-1.30 0:1.1.5-2.24 0:1.2.3-1.24 0:1.0.11-1.23 0:1.0.10-1.23 0:1.9.0-19.9.1 0:1.1.4-1.23 0:1.6.1-16.43 0:3.4.2-2.24 0:0.14.0-3.3.1 0:2.8.5-3.43 0:3.4.2-9.2 0:4.4-bp153.1.1 0:2.36.2-2.29 0:2.36.2-2.1 0:0.8.7-3.3.17 0:0.99.beta19.git20171003-9.28 0:2.5.3-1.27 0:1.16.0-1.55 0:1.17.0-3.11.1 0:0.94-6.9.2 0:2.1.0-1.27 0:3.440-bp153.1.24 0:0.6.13-1.26 0:4.13.4+git.187.5ad4708741a-1.34 0:3.5.27-9.28 0:1.1.3-1.23 0:1.4.2-bp153.1.1 0:2.15.1-6.7 0:2.1.8-2.23 0:2.4.5-3.3.2 0:0.6.22-5.6.1 0:0.26-6.8.1 0:3.53.1-3.51.1 0:2.10.1-4.8.1 0:1.12.2-bp153.1.20 0:7.6.4-1.16 0:10.2.1+git583-1.3.4 0:1.8.2-8.36.1 0:2.2.5-9.1 0:5.1.4-4.3.1 0:0.28.4-1.28 0:0.6.2-1.17 0:0.2.3-3.3.1 0:1.3.11-2.12 0:0.3.0-4.3.29 0:1.10.7-bp153.3.43 0:3.4.1-4.15.1 0:1.6.2-3.3.7 0:3.0.6-4.3.1 0:60.2-3.9.1 0:1.34-3.2.2 0:2.2.0-3.6.1 0:1.2.0+git20180427.26373b3-1.40 0:1.0.10-3.23 0:1.14.0-bp153.1.19 0:2.9-1.24 0:2.0.14-3.19.1 0:2.32.0-3.15.1 0:2.1-1.31 0:8.1.2-5.15.7 0:0.13-1.19 0:1.3.5-2.14 0:2.9-3.3.1 0:2.4.46-9.53.1 0:2.2.1-1.1 0:3.11.0-1.42 0:5.3.4-3.3.2 0:1.9.2-1.40 0:2.10-2.22 0:0.15.1b-3.16 0:3.1.12-3.25.1 0:2.2.4-1.41 0:2.0.20171102-bp153.1.39 0:1.2.11-3.21.1 0:0.6.4-1.24 0:3.100-1.33 0:4.0.2-3.3.1 0:1.26.4-1.15 0:0.6-3.8.19 0:0.3.17-4.9.2 0:10.2.37-3.37.1 0:6.1-5.6.2 0:1.6-1.26 0:10.80.1-3.11.1 0:0.52.20-5.35 0:1.40.0-3.5.1 0:2016.2.22-3.5.1 0:3.3.1-6.6.1 0:2.3.0-1.25 0:1.5.2-2.28 0:0.3.19-2.10.1 0:1.1.1d-11.23.1 0:1.3.1-3.6.1 0:1.7.1-1.52 0:1.44.7+11-1.25 0:2.9.19-bp153.2.1 0:1.9.1-1.33 0:8.41-4.20 0:10.31-1.14 0:1.8.24-1.14 0:2.0.0-1.31 0:1.6.34-3.9.1 0:0.116-1.51 0:0.79.0-3.3.1 0:1.15-3.19 0:13.2-5.6.1 0:3.3.15-7.19.1 0:0.4.15-12.41 0:0.4.15-12.72 0:2.6.2-1.15 0:2.13.0-10.105 0:2.7.18-7.55.1 0:3.6.13-3.81.1 0:3.6.13-3.81.2 0:9.0.2-1.36 0:5.15.3-bp153.1.1 0:1.2.4+git20180804.fff99cd-1.19 0:15.2.11.83+g8a15f484c2-3.22.1 0:2.0.15-9.3.1 0:0.18.9-bp153.2.25 0:7.1.2.2-2.3 0:6.2.7.1-8.10.1 0:2.5.9-4.17.1 0:2.4.1-3.3.1 0:1.3.9-2.31 0:4.3.1-1.51 0:1.0.28-5.5.1 0:5.7.3-8.24 0:0.7.19-3.23.1 0:2.68.3-2.32 0:0.38-1.59 0:0.14.3-1.48 0:3.28.0-3.9.2 0:1.3.4-1.45 0:2.2.0-1.34 0:1.9.0-4.13.1 0:0.8.7-10.12.1 0:0.0.7-7.3.2 0:246.13-5.1 0:1.11.1-4.9.1 0:4.13-4.5.1 0:0.1.27-1.16 0:4.0.9-5.30.28 0:1.2.6-1.131 0:0.8.2-1.1 0:2.4.5-1.11 0:2.8.1-1.39 0:1.5.0-4.5.1 0:2.7.4-4.72 0:1.1.1-1.28 0:0.6.0-4.3.1 0:7.1.0-4.1 0:3.0.13-bp153.1.1 0:11.2.5-1.17 0:0.9.10-bp153.2.18 0:1.3.6-4.3.1 0:1.6.1-6.6.8 0:5.4.0-4.9.1 0:1.0.3-1.62 0:0.2.8.4-bp153.1.32 0:0.10.2-3.3.1 0:1.4.17-bp153.1.19 0:3.2.3-1.28 0:0.8.2-3.3.1 0:2.9.7-3.31.1 0:1.1.32-3.8.24 0:0.1.7-1.17 0:0.6.1-4.2.1 0:1.5.1-1.9 0:1.4.4-1.6.1 0:17.25.10-3.36.1 0:4.8.1-2.43 0:3.13.0-4.3.9 0:12.5-1.87 0:10.5.8-1.5 0:20.04.2-bp153.1.29 0:4.25.1-3.17.1 0:2.1.1-10.12.1 0:20.04.2-bp153.1.31 0:7.08-6.9.1 0:2.0.0-6.15.1 0:8.4p1-1.30 0:1.1.1d-1.46 0:2.4.3-5.7.1 0:202008-8.1 0:16.02-14.5.1 0:1.3.0-6.29.1 0:5.26.1-15.87 0:1.60-3.3.1 0:3.72-1.26 0:6.06-1.24 0:2.0132-1.20 0:3.52-3.3.1 0:20181225-23.6.1 0:5.18.6-bp153.2.1 0:1.3.8-7.1 0:2.7.6-3.3.1 0:2.4.7-5.3.1 0:3.22-2.34 0:2.8-3.6.1 0:1.5.7-6.27 0:1.17.3-7.1 0:20.0.2-6.12.1 0:2.24.0-1.24 0:40.5.0-6.3.1 0:1.25.10-2.18 0:5.2.0-9.18 0:1.0.0+-9.18 0:1.14.0_0_g155821a-9.18 0:8-9.18 0:0.2.3-5.9.2 0:4.14.1-29.46 0:3.1.3-4.3.1 0:8.39.0-4.10.1 0:0.11+git.20130926-1.34 0:1.8.5-3.6.1 0:1.0.32-6.6.2 0:4.6.2-5.3.1 0:0.18.0-lp153.1.31 0:4.15.2-2.21 0:15.4-2.1 0:0.20.0-1.51 0:4.4-1.1 0:1.9.5p2-1.5 0:0.5.2-1.20 0:1.30-3.6.1 0:0.2.0-bp153.1.14 0:2017.137.2.004svn28119-7.6.4 0:3.1c-bp153.1.16 0:20151004-bp153.1.16 0:2.94-bp153.1.20 0:0.3.14-6.6.2 0:2021.01-5.1 0:20210216-2.19.1 0:2.3.6-3.2.1 0:6.00-4.8.13 0:1.19.0.4-2.48 0:8.0.1568-5.14.1 0:3.2.0-5.1 0:6.1.20-lp153.1.8 0:6.1.20_k5.3.18_57-lp153.1.2 0:1.4.0-1.53 0:3.0.3-7.16.1 0:0.5.3+git20180125-1.17 0:1.20.3-3.9.2 0:0.6.65-2.1 0:2.9-4.29.1 0:1.1.3+20190413-1.24 0:4.14.1_16-1.6 0:2.3.15.4-bp153.1.16 0:7.6_1-1.22 0:1.1.0-3.4.1 0:1.20.3-22.5.30.1 0:5.44-5.3.1 0:4.3.16-1.1 0:4.3.10-1.41 0:1.14.43-3.20.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.05.22-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.16.3-lp153.3.3.1 (x86_64) 0:1.16.3-lp153.3.3.1 (aarch64_ilp32) 0:1.16.3-lp153.3.3.1 (noarch) 0:1.16.3-lp153.3.3.1 (noarch) 0:4.1.2-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.18.0-bp153.2.3.1 (noarch) 0:3.18.0-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.16-bp153.2.3.1 (noarch) 0:20.0.11-bp153.2.3.1 (aarch64|ppc64le|x86_64) 0:2.12.4-bp153.2.3.1 (aarch64|x86_64) 0:91.0.4472.164-bp153.2.16.1 (aarch64|ppc64le|x86_64) 0:2.12.5-bp153.2.5.1 (x86_64) 0:6.1.24-lp153.2.6.1 (noarch) 0:6.1.24-lp153.2.6.1 (x86_64) 0:6.1.24_k5.3.18_59.16-lp153.2.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.1-bp153.2.3.1 (noarch) 0:2.6.1-bp153.2.3.1 (x86_64) 0:77.0.4054.277-lp153.2.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.0-bp153.2.3.1 (noarch) 0:1.35.0-bp153.2.3.1 (x86_64) 0:2.53.8.1-6.1 (aarch64|x86_64) 0:92.0.4515.131-bp153.2.19.1 (aarch64|ppc64le|s390x|x86_64) 0:0.11.10-bp153.2.6.2 (aarch64|ppc64le|s390x|x86_64) 0:1.10.2-bp153.2.5.1 (aarch64_ilp32) 0:1.10.2-bp153.2.5.1 (aarch64|x86_64) 0:92.0.4515.159-bp153.2.25.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.10-bp153.5.1 (noarch) 0:1.2.18-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.18-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.6.7-bp153.2.6.1 (x86_64) 0:78.0.4093.147-lp153.2.12.1 (x86_64) 0:78.0.4093.184-lp153.2.15.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.93-bp153.2.3.1 (noarch) 0:20.0.12-bp153.2.6.1 (noarch) 0:0.11.2-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.9.36-bp153.2.3.1 (noarch) 0:1.10.22-bp153.2.3.1 (aarch64|x86_64) 0:93.0.4577.82-bp153.2.28.1 (x86_64) 0:79.0.4143.22-lp153.2.18.1 (aarch64|i586|ppc64le|s390x) 0:3.2.8a-bp153.3.3.2 (x86_64) 0:79.0.4143.50-lp153.2.21.1 (aarch64|x86_64) 0:94.0.4606.71-bp153.2.31.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.12.0-bp153.2.3.1 (x86_64) 0:80.0.4170.16-lp153.2.24.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.16.9-bp153.2.5.1 (x86_64) 0:2.16.9-bp153.2.5.1 (aarch64_ilp32) 0:2.16.9-bp153.2.5.1 (noarch) 0:2.5.0-bp153.2.3.1 (aarch64|x86_64) 0:95.0.4638.54-bp153.2.37.1 (x86_64) 0:6.1.28-lp153.2.12.1 (noarch) 0:6.1.28-lp153.2.12.1 (x86_64) 0:6.1.28_k5.3.18_59.27-lp153.2.12.1 (x86_64) 0:80.0.4170.63-lp153.2.27.1 (aarch64|x86_64) 0:95.0.4638.69-bp153.2.40.3 (aarch64|i586|ppc64le|s390x) 0:3.2.8b-bp153.3.6.3 (x86_64) 0:81.0.4196.31-lp153.2.30.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:7.0.4-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.4.6.8-bp153.2.9.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:20200127-lp153.24.3.1 (noarch) 0:20200127-lp153.24.3.1 (aarch64|i586|s390x|x86_64) 0:3.8.5-bp153.2.10.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.13.3-bp153.2.3.1 (x86_64) 0:96.0.4664.93-bp153.2.45.2 (aarch64|i586|x86_64) 0:2.53.10.1-bp153.10.1 (aarch64|i586|ppc64le|x86_64) 0:2.4.0-bp153.2.3.1 (x86_64) 0:96.0.4664.110-bp153.2.48.1 (noarch) 0:20.0.14-bp153.2.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.31.0-bp153.2.3.1 (x86_64) 0:2.1.0-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.1.0-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.2.13-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.11-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.0.33-bp153.2.3.1 (noarch) 0:3.0.33-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.96-bp153.2.3.1 (x86_64) 0:76.0.4017.154-lp153.2.3.1 (x86_64) 0:91.0.4472.77-bp153.2.3.1 (aarch64|x86_64) 0:91.0.4472.114-bp153.2.13.1 (x86_64) 0:77.0.4054.146-lp153.2.6.1 (x86_64) 0:6.1.22-lp153.2.3.2 (noarch) 0:6.1.22-lp153.2.3.2 (x86_64) 0:6.1.22_k5.3.18_59.5-lp153.2.3.2 (aarch64|ppc64le|s390x|x86_64) 0:2.6.2-bp153.3.3.1 (aarch64|s390x|x86_64) 0:3.7.4-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.12-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.5.9-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.11.9-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.2-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:8.14.13-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.2-bp153.2.3.1 (noarch) 0:1.3.2-bp153.2.3.1 (aarch64|x86_64) 0:102.0.5005.115-bp153.2.101.1 (noarch) 0:1.0.3-bp153.2.1 (aarch64|ppc64le|x86_64) 0:3.7.2-bp153.4.1 (x86_64) 0:2.6.0-bp153.2.3.1 (aarch64|x86_64) 0:2.6.0-bp153.2.3.1 (aarch64|s390x|x86_64) 0:2.6.0-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.9.70-bp153.2.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:7.2.12-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.4.7.8-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.4.1-bp153.2.3.1 (noarch) 0:1.4.1-bp153.2.3.1 (x86_64) 0:0.8-lp153.3.2.1 (x86_64) 0:0.8_k5.3.18_150300.59.76-lp153.3.2.1 (aarch64|ppc64le|s390x|x86_64) 0:1.62-lp153.3.2.1 (aarch64) 0:1.62_k5.3.18_150300.59.76-lp153.3.2.1 (aarch64|ppc64le|s390x|x86_64) 0:1.62_k5.3.18_150300.59.76-lp153.3.2.1 (aarch64|x86_64) 0:1.62_k5.3.18_150300.59.76-lp153.3.2.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.7-lp153.2.2.1 (aarch64) 0:1.8.7_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|s390x|x86_64) 0:1.8.7_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|x86_64) 0:1.8.7_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|ppc64le|x86_64) 0:0.44-lp153.2.2.1 (aarch64) 0:0.44_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|ppc64le|x86_64) 0:0.44_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|x86_64) 0:0.44_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|ppc64le|x86_64) 0:5.9.3.2+git20210427.6ef5d8f-lp153.2.2.1 (aarch64) 0:5.9.3.2+git20210427.6ef5d8f_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|ppc64le|x86_64) 0:5.9.3.2+git20210427.6ef5d8f_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|x86_64) 0:5.9.3.2+git20210427.6ef5d8f_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|ppc64le|x86_64) 0:5.16~3.g38316db-lp153.4.1 (aarch64) 0:5.16~3.g38316db_k5.3.18_150300.59.76-lp153.4.1 (aarch64|ppc64le|x86_64) 0:5.16~3.g38316db_k5.3.18_150300.59.76-lp153.4.1 (aarch64|x86_64) 0:5.16~3.g38316db_k5.3.18_150300.59.76-lp153.4.1 (noarch) 0:0.12.5-lp153.2.2.1 (aarch64) 0:0.12.5_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|x86_64) 0:0.12.5_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64) 0:20200106_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|ppc64le|s390x|x86_64) 0:20200106_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|x86_64) 0:20200106_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|ppc64le|s390x|x86_64) 0:3.18-lp153.2.2.1 (aarch64) 0:3.18_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|ppc64le|s390x|x86_64) 0:3.18_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|x86_64) 0:3.18_k5.3.18_150300.59.76-lp153.2.2.1 (aarch64|x86_64) 0:103.0.5060.53-bp153.2.104.1 (noarch) 0:7.13.0-bp153.2.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.4.1-bp153.2.8.1 (noarch) 0:1.4.1-bp153.2.8.1 (aarch64|x86_64) 0:103.0.5060.114-bp154.2.14.1 (x86_64) 0:88.0.4412.74-lp154.2.11.1 (noarch) 0:7.13.0-bp154.2.3.1 (aarch64|x86_64) 0:103.0.5060.134-bp154.2.17.2 (aarch64|x86_64) 0:2.53.13-lp153.17.11.3 (x86_64) 0:89.0.4447.71-lp153.2.54.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.7p3-bp153.2.3.1 (x86_64) 0:3.7p3-bp153.2.3.1 (aarch64_ilp32) 0:3.7p3-bp153.2.3.1 (aarch64|x86_64) 0:104.0.5112.79-bp153.2.113.1 (aarch64|i586|s390x|x86_64) 0:0.30.4-bp153.8.1 (aarch64|ppc64le|x86_64) 0:1.6.6-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.0.3-bp153.2.3.1 (noarch) 0:20.3.0-bp153.2.3.1 (aarch64|x86_64) 0:104.0.5112.101-bp154.2.23.1 (x86_64) 0:90.0.4480.54-lp153.2.57.1 (x86_64) 0:90.0.4480.84-lp153.2.60.1 (aarch64|x86_64) 0:105.0.5195.102-bp153.2.119.1 (x86_64) 0:6.1.36-lp153.2.33.2 (noarch) 0:6.1.36-lp153.2.33.2 (x86_64) 0:6.1.36_k5.3.18_150300.59.90-lp153.2.33.2 (aarch64|x86_64) 0:105.0.5195.127-bp154.2.29.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.12.0-bp153.2.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:20200127-lp153.24.12.1 (noarch) 0:20200127-lp153.24.12.1 (x86_64) 0:6.1.38-lp153.2.36.1 (noarch) 0:6.1.38-lp153.2.36.1 (x86_64) 0:6.1.38_k5.3.18_150300.59.93-lp153.2.36.1 (x86_64) 0:91.0.4516.20-lp153.2.63.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.4.66-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.41-bp153.2.6.1 (aarch64|i586|s390x|x86_64) 0:1.41-bp153.2.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.41-bp153.2.6.1 (aarch64|x86_64) 0:106.0.5249.91-bp153.2.125.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.4.67-bp154.2.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.0.3-bp153.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.19-bp153.2.8.1 (aarch64|ppc64le|x86_64) 0:1.11.2-bp153.2.13.1 (noarch) 0:1.11.2-bp153.2.13.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5-bp153.2.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.8-bp153.2.3.1 (noarch) 0:1.5.3-bp154.2.3.1 (aarch64|i586|x86_64) 0:2.53.14-lp153.17.14.1 (aarch64|x86_64) 0:106.0.5249.119-bp153.2.128.1 (noarch) 0:0.12.5-lp153.2.5.1 (aarch64) 0:0.12.5_k5.3.18_150300.59.93-lp153.2.5.1 (aarch64|x86_64) 0:0.12.5_k5.3.18_150300.59.93-lp153.2.5.1 (noarch) 0:1.2.22-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.2.22-bp154.2.3.1 (aarch64|x86_64) 0:107.0.5304.87-bp153.2.133.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.00-bp153.3.3.1 (x86_64) 0:92.0.4561.21-lp153.2.66.1 (aarch64|x86_64) 0:6.2.1-bp153.2.3.1 (noarch) 0:2.1.1-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.94.2-bp153.5.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.31.1-bp153.2.6.1 (aarch64|x86_64) 0:107.0.5304.110-bp154.2.43.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.00-bp153.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.16.1-bp153.2.3.1 (noarch) 0:4.16.1-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.9.19-bp153.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.4.7.11-bp154.2.9.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.10.0-bp153.3.3.1 (noarch) 0:2.10.0-bp153.3.3.1 (x86_64) 0:2.10.0-bp153.3.3.1 (aarch64_ilp32) 0:2.10.0-bp153.3.3.1 (noarch) 0:0.16.0-bp153.2.3.1 (x86_64) 0:93.0.4585.11-lp153.2.69.1 (aarch64|x86_64) 0:107.0.5304.121-bp154.2.46.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:9.26-bp154.2.3.1 (aarch64|x86_64) 0:108.0.5359.71-bp154.2.49.1 (aarch64|x86_64) 0:108.0.5359.94-bp154.2.52.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.4.2-bp153.2.3.1 (aarch64|x86_64) 0:108.0.5359.124-bp153.2.148.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.16.9-bp153.2.8.1 (x86_64) 0:2.16.9-bp153.2.8.1 (aarch64_ilp32) 0:2.16.9-bp153.2.8.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.18-bp153.2.6.1 (noarch) 0:3.0.18-bp153.2.6.1 (x86_64) 0:85.0.4341.28-lp153.2.42.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.1-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.5-bp153.2.3.1 (i586|x86_64) 0:2.53.11.1-lp153.17.5.1 (noarch) 0:0.14.1-bp153.2.3.1 (aarch64|x86_64) 0:100.0.4896.88-bp153.2.82.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.9.12-bp153.2.9.1 (aarch64|x86_64) 0:100.0.4896.127-bp153.2.85.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.11.12-bp153.2.12.1 (x86_64) 0:86.0.4363.23-lp153.2.45.1 (aarch64|x86_64) 0:101.0.4951.54-bp153.2.88.1 (noarch) 0:1.10.26-bp153.2.6.1 (aarch64|x86_64) 0:101.0.4951.64-bp153.2.91.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.17.0-bp153.2.3.1 (x86_64) 0:6.1.34-lp153.2.27.2 (noarch) 0:6.1.34-lp153.2.27.2 (x86_64) 0:6.1.34_k5.3.18_150300.59.63-lp153.2.27.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.15-lp153.2.3.1 (aarch64|x86_64) 0:97.0.4692.71-bp153.2.54.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.31.1-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.6.2-bp153.2.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.0~rc3-bp153.2.9.1 (noarch) 0:2.2.0~rc3-bp153.2.9.1 (noarch) 0:1.2.20-bp153.2.9.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.2.20-bp153.2.9.1 (x86_64) 0:87.0.4390.25-lp153.2.48.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:7.1.0-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.12.5-bp153.2.3.1 (i586|s390x|x86_64) 0:2.53.12-lp153.17.8.2 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.9.12-bp153.2.15.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.4.0-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.9.0-bp153.2.3.1 (noarch) 0:2.32.1549563867.59e9702-bp153.2.3.1 (aarch64|x86_64) 0:97.0.4692.99-bp153.2.57.1 (x86_64) 0:6.1.32-lp153.2.21.1 (noarch) 0:6.1.32-lp153.2.21.1 (x86_64) 0:6.1.32_k5.3.18_59.40-lp153.2.21.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.4.64-bp153.2.3.1 (aarch64|x86_64) 0:98.0.4758.80-bp153.2.60.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.0.37-lp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.9.68-bp153.2.3.1 (x86_64) 0:2.1.0-bp153.2.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.1.0-bp153.2.6.1 (aarch64|x86_64) 0:98.0.4758.102-bp153.2.63.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.9.12-bp153.2.6.1 (x86_64) 0:83.0.4254.27-lp153.2.33.1 (x86_64) 0:84.0.4316.14-lp153.2.36.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.2.11-lp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.41-bp153.2.3.1 (aarch64|i586|s390x|x86_64) 0:1.41-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.41-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.0.38-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.8.27-bp153.2.3.1 (noarch) 0:4.8.27-bp153.2.3.1 (noarch) 0:3.1.2-bp153.2.3.1 (aarch64|ppc64le|x86_64) 0:1.14.6-bp153.3.4.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.0.1+git.20220109-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.0~rc3-bp153.2.3.1 (noarch) 0:2.2.0~rc3-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.5.0-bp153.2.3.1 (x86_64) 0:16.0.9-bp153.2.1 (aarch64|ppc64le|s390x|x86_64) 0:0.21.2-bp153.2.3.1 (noarch) 0:1.7045-bp153.2.3.1 (aarch64|x86_64) 0:99.0.4844.51-bp153.2.66.1 (x86_64) 0:84.0.4316.21-lp153.2.39.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.3.1-bp153.2.3.1 (noarch) 0:2.9.21-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.2.1-bp153.2.3.1 (noarch) 0:3.2.1-bp153.2.3.1 (aarch64|x86_64) 0:99.0.4844.74-bp153.2.69.1 (aarch64|x86_64) 0:99.0.4844.84-bp153.2.75.1 (noarch) 0:1.0-lp153.4.8.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.3.1-bp153.2.10.1 (noarch) 0:2.8.6-bp153.2.3.1 (noarch) 0:21.0.9-bp153.2.12.1 (aarch64|ppc64le|s390x|x86_64) 0:5.6.0-bp154.2.3.5 (noarch) 0:5.6.0-bp154.2.3.5 (aarch64|i586|ppc64le|s390x|x86_64) 0:7.8.0-bp153.2.4.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.4.7.13-bp153.2.24.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.2.0-bp153.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.5.3-bp153.2.3.1 (noarch) 0:2.2.28-bp153.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.27-11.3.1 (noarch) 0:3.5.27-11.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.40.1-6.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.5-3.3.1 (x86_64) 0:1.0.5-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.14.0-3.6.1 (x86_64) 0:0.14.0-3.6.1 (ppc64le|s390x|x86_64) 0:1.8.0.292-3.14.1 (noarch) 0:1.8.0.292-3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.10-3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.4-3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.14-5.3.1 (noarch) 0:1.3.14-5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.66.0-4.17.1 (x86_64) 0:7.66.0-4.17.1 (aarch64|ppc64le|s390x|x86_64) 0:13.3-5.10.1 (noarch) 0:13.3-5.10.1 (noarch) 0:0.19.0-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.8-3.3.1 (noarch) 0:1.19.8-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.3-3.3.1 (x86_64) 0:1.16.3-3.3.1 (noarch) 0:1.16.3-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.3-4.3.1 (x86_64) 0:1.16.3-4.3.1 (noarch) 0:1.16.3-4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.2-3.3.1 (x86_64) 0:1.9.2-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:9.16.6-22.7.1 (noarch) 0:9.16.6-22.7.1 (aarch64|ppc64le|s390x|x86_64) 0:15.2.12.83+g528da226523-3.25.1 (noarch) 0:15.2.12.83+g528da226523-3.25.1 (x86_64) 0:15.2.12.83+g528da226523-3.25.1 (noarch) 0:1.4.16-3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.6.P1-6.11.1 (aarch64|ppc64le|s390x|x86_64) 0:0.116-3.3.1 (x86_64) 0:0.116-3.3.1 (noarch) 0:0.116-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6.32-5.13.1 (aarch64|ppc64le|s390x|x86_64) 0:78.10.2-8.27.1 (noarch) 0:1.8.1-5.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.0-3.5.1 (x86_64) 0:0.5.0-3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.7-3.12.1 (noarch) 0:1.28-3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:78.11.0-8.43.1 (x86_64) 0:78.11.0-8.43.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.0-3.3.1 (x86_64) 0:1.4.0-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.5-3.21.1 (x86_64) 0:1.6.5-3.21.1 (noarch) 0:1.6.5-3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:0.3.28-2.13.1 (x86_64) 0:0.3.28-2.13.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-3.37.1 (x86_64) 0:2.9.7-3.37.1 (noarch) 0:2.9.7-3.37.1 (x86_64) 0:20210525-7.1 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-17.1 (noarch) 0:1.0.0+-17.1 (s390x|x86_64) 0:5.2.0-17.1 (noarch) 0:5.2.0-17.1 (noarch) 0:1.14.0_0_g155821a-17.1 (noarch) 0:8-17.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.27-11.6.1 (noarch) 0:3.5.27-11.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3002.2-8.41.8.1 (noarch) 0:3002.2-8.41.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.4-5.32.1 (aarch64|ppc64le|s390x|x86_64) 0:20.10.6_ce-6.49.3 (noarch) 0:20.10.6_ce-6.49.3 (aarch64|ppc64le|s390x|x86_64) 0:1.0.0~rc93-1.14.2 (aarch64|ppc64le|s390x|x86_64) 0:1.5.3-5.18.1 (aarch64|ppc64le|s390x|x86_64) 0:62.2.0-5.18.1 (x86_64) 0:62.2.0-5.18.1 (aarch64|ppc64le|s390x|x86_64) 0:8.1.2-5.18.1 (x86_64) 0:8.1.2-5.18.1 (aarch64|ppc64le|s390x|x86_64) 0:4.15-5.26.1 (aarch64|ppc64le|s390x|x86_64) 0:10.17-8.35.1 (noarch) 0:10.17-8.35.1 (x86_64) 0:5.3.18-38.3.1 (noarch) 0:5.3.18-38.3.1 (aarch64) 0:5.3.18-59.5.2 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.5.2 (aarch64|x86_64) 0:5.3.18-59.5.2 (ppc64le|x86_64) 0:5.3.18-59.5.2 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.5.2.18.2.2 (noarch) 0:5.3.18-59.5.2 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.5.1 (s390x) 0:5.3.18-59.5.2 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.292-3.52.1 (noarch) 0:1.8.0.292-3.52.1 (aarch64|ppc64le|s390x|x86_64) 0:12.7-8.20.1 (noarch) 0:12.7-8.20.1 (noarch) 0:1.4.17-3.11.2 (aarch64|ppc64le|s390x|x86_64) 0:4.3.0-4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:78.11.0-8.30.1 (noarch) 0:9.4.42-3.9.1 (noarch) 0:3.4.2-3.4.1 (aarch64|ppc64le|s390x|x86_64) 0:330-11.3.1 (noarch) 0:1.25.10-4.3.1 (noarch) 0:1.5.0-3.5.1 (aarch64|x86_64) 0:202008-10.8.1 (noarch) 0:202008-10.8.1 (x86_64) 0:202008-10.8.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.11.3-55.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3-3.2.1 (x86_64) 0:1.3-3.2.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.5-3.53.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.43-3.22.1 (noarch) 0:2.4.43-3.22.1 (ppc64le|x86_64) 0:2.4-4.5.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.1-4.18.1 (x86_64) 0:3.4.1-4.18.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.21-3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.2-3.3.1 (x86_64) 0:1.2.2-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.2-8.39.1 (x86_64) 0:1.8.2-8.39.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.1-3.32.1 (x86_64) 0:2.2.1-3.32.1 (noarch) 0:1.64-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1a15-5.12.1 (aarch64) 0:5.3.18-59.10.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.10.1 (aarch64|x86_64) 0:5.3.18-59.10.1 (ppc64le|x86_64) 0:5.3.18-59.10.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.10.1.18.4.2 (noarch) 0:5.3.18-59.10.1 (s390x) 0:5.3.18-59.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.5-1.17.1 (aarch64|x86_64) 0:1.16.5-1.17.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.6-3.6.1 (x86_64) 0:5.3.6-3.6.1 (noarch) 0:5.3.6-3.6.1 (x86_64) 0:5.3.18-38.8.1 (noarch) 0:5.3.18-38.8.1 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-20.1 (noarch) 0:1.0.0+-20.1 (s390x|x86_64) 0:5.2.0-20.1 (noarch) 0:5.2.0-20.1 (noarch) 0:1.14.0_0_g155821a-20.1 (noarch) 0:8-20.1 (aarch64|ppc64le|s390x|x86_64) 0:1.15.13-1.33.1 (aarch64|x86_64) 0:1.15.13-1.33.1 (x86_64) 0:0.40.0-5.11.2 (aarch64|ppc64le|s390x|x86_64) 0:5.55-3.3.1 (noarch) 0:5.55-3.3.1 (x86_64) 0:5.55-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.2-8.6.1 (x86_64) 0:1.12.2-8.6.1 (noarch) 0:1.12.2-8.6.1 (noarch) 0:2.0.6-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:6.0.14-6.5.1 (x86_64) 0:5.3.18-38.11.1 (noarch) 0:5.3.18-38.11.1 (aarch64|ppc64le|s390x|x86_64) 0:3.36.0-3.12.1 (x86_64) 0:3.36.0-3.12.1 (noarch) 0:3.36.0-3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-11.3.1 (x86_64) 0:3.4.2-11.3.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.2-4.16.1 (noarch) 0:12.22.2-4.16.1 (aarch64) 0:5.3.18-59.13.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.13.1 (aarch64|x86_64) 0:5.3.18-59.13.1 (ppc64le|x86_64) 0:5.3.18-59.13.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.13.1.18.6.1 (noarch) 0:5.3.18-59.13.1 (s390x) 0:5.3.18-59.13.1 (aarch64|ppc64le|s390x|x86_64) 0:10.24.1-1.36.1 (noarch) 0:10.24.1-1.36.1 (aarch64|ppc64le|s390x|x86_64) 0:14.17.2-5.12.1 (noarch) 0:14.17.2-5.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.6-1.20.1 (aarch64|x86_64) 0:1.16.6-1.20.1 (aarch64|ppc64le|s390x|x86_64) 0:78.12.0-8.46.1 (x86_64) 0:78.12.0-8.46.1 (aarch64|ppc64le|s390x|x86_64) 0:1.15.14-1.36.1 (aarch64|x86_64) 0:1.15.14-1.36.1 (noarch) 0:234-24.90.1 (x86_64) 0:5.3.18-38.14.1 (noarch) 0:5.3.18-38.14.1 (aarch64|ppc64le|s390x|x86_64) 0:246.13-7.8.1 (x86_64) 0:246.13-7.8.1 (noarch) 0:246.13-7.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.4-5.36.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.21-12.5.1 (noarch) 0:0.4.21-12.5.1 (aarch64) 0:5.3.18-59.16.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.16.1 (aarch64|x86_64) 0:5.3.18-59.16.1 (ppc64le|x86_64) 0:5.3.18-59.16.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.16.1.18.8.1 (noarch) 0:5.3.18-59.16.1 (s390x) 0:5.3.18-59.16.1 (ppc64le|x86_64) 0:4.12.14-197.99.1 (s390x) 0:4.12.14-197.99.1 (x86_64) 0:4.12.14-197.99.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-197.99.1 (noarch) 0:4.3.1+20210702.4e0ee8fb-5.59.1 (aarch64|ppc64le|s390x|x86_64) 0:7.66.0-4.22.1 (x86_64) 0:7.66.0-4.22.1 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-23.1 (noarch) 0:1.0.0+-23.1 (s390x|x86_64) 0:5.2.0-23.1 (noarch) 0:5.2.0-23.1 (noarch) 0:1.14.0_0_g155821a-23.1 (noarch) 0:8-23.1 (aarch64|ppc64le|s390x|x86_64) 0:3.2.8a-4.12.2 (aarch64|ppc64le|s390x|x86_64) 0:3.4.6-3.56.1 (aarch64|ppc64le|s390x|x86_64) 0:78.12.0-8.33.1 (aarch64|ppc64le|s390x|x86_64) 0:5.55-3.6.1 (noarch) 0:5.55-3.6.1 (x86_64) 0:5.55-3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.1-11.25.2 (aarch64|ppc64le|s390x|x86_64) 0:2.31.1-10.3.1 (noarch) 0:2.31.1-10.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.98-3.6.2 (noarch) 0:7.2.5-4.76.5 (aarch64|ppc64le|s390x|x86_64) 0:7.2.5-4.76.5 (x86_64) 0:3.1.1.1-9.30.2 (aarch64|ppc64le|s390x|x86_64) 0:2.32.3-9.1 (x86_64) 0:2.32.3-9.1 (noarch) 0:2.32.3-9.1 (aarch64|ppc64le|s390x|x86_64) 0:10.5.11-3.3.1 (noarch) 0:10.5.11-3.3.1 (noarch) 0:1.21-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.21.0-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:10.4.20-3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:10.2.39-3.40.1 (aarch64|ppc64le|s390x|x86_64) 0:8.17.0-10.12.2 (noarch) 0:8.17.0-10.12.2 (aarch64|ppc64le|s390x|x86_64) 0:3.5.27-11.11.1 (noarch) 0:3.5.27-11.11.1 (noarch) 0:5.1.47-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.6-3.22.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.0-3.6.1 (x86_64) 0:5.3.18-38.17.1 (noarch) 0:5.3.18-38.17.1 (aarch64|ppc64le|s390x|x86_64) 0:7.5.7-3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.27.1-3.8.1 (noarch) 0:2.9.21-1.5.1 (noarch) 0:0.1.1627546504.96a0b3e-1.27.1 (noarch) 0:4.2.3-1.18.1 (noarch) 0:4.2.2-1.12.1 (noarch) 0:4.2.6-1.30.1 (noarch) 0:4.2.3-1.12.1 (noarch) 0:4.2.2-1.20.1 (noarch) 0:4.2.4-3.28.1 (noarch) 0:4.2.12-3.44.1 (noarch) 0:4.2.4-3.21.1 (noarch) 0:4.2.2-3.12.1 (noarch) 0:4.2.4-3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.5-1.15.1 (noarch) 0:4.2.11-3.62.1 (aarch64|ppc64le|s390x|x86_64) 0:4.14.3-37.2 (x86_64) 0:4.14.3-37.2 (noarch) 0:0.62.0-5.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.62.0-5.3.1 (aarch64) 0:5.3.18-59.19.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.19.1 (aarch64|x86_64) 0:5.3.18-59.19.1 (ppc64le|x86_64) 0:5.3.18-59.19.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.19.1.18.10.1 (noarch) 0:5.3.18-59.19.1 (s390x) 0:5.3.18-59.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.17.1+20200724-3.14.1 (x86_64) 0:1.17.1+20200724-3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.28-5.12.1 (x86_64) 0:1.0.28-5.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.14-11.7.1 (aarch64|ppc64le|s390x|x86_64) 0:78.13.0-8.49.1 (x86_64) 0:78.13.0-8.49.1 (aarch64|ppc64le|s390x|x86_64) 0:1.15.15-1.39.1 (aarch64|x86_64) 0:1.15.15-1.39.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.7-1.23.1 (aarch64|x86_64) 0:1.16.7-1.23.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.1-11.28.1 (aarch64|ppc64le|s390x|x86_64) 0:6.3.26-20.14.1 (aarch64|ppc64le|s390x|x86_64) 0:0.14.0-3.9.1 (x86_64) 0:0.14.0-3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.1-3.35.1 (x86_64) 0:2.2.1-3.35.1 (aarch64|ppc64le|s390x|x86_64) 0:0.60.8-3.3.1 (x86_64) 0:0.60.8-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.5-4.79.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.302-3.55.2 (noarch) 0:1.8.0.302-3.55.2 (aarch64|ppc64le|s390x|x86_64) 0:1.16.3-3.21.1 (x86_64) 0:1.16.3-3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.4.16~git16.c1926dfc6-3.4.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6-3.11.1 (x86_64) 0:0.6-3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:246.15-7.11.1 (x86_64) 0:246.15-7.11.1 (noarch) 0:246.15-7.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.2-8.11.2 (x86_64) 0:1.12.2-8.11.2 (noarch) 0:1.12.2-8.11.2 (aarch64|ppc64le|s390x|x86_64) 0:1.12.2-8.11.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0-6.5.1 (noarch) 0:7.1.0-6.5.1 (x86_64) 0:7.1.0-6.5.1 (aarch64|x86_64) 0:7.1.0-6.5.1 (noarch) 0:1.19.9-26.1 (noarch) 0:0.24.0-3.2.1 (noarch) 0:1.17.9-19.1 (noarch) 0:1.20.9-33.1 (aarch64|ppc64le|s390x|x86_64) 0:1.13.2-3.2.5 (aarch64|ppc64le|s390x|x86_64) 0:2.8-10.1 (noarch) 0:0.4.2-3.2.1 (noarch) 0:2.17-3.2.1 (noarch) 0:1.25.10-9.14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-3.40.2 (x86_64) 0:1.0.2p-3.40.2 (noarch) 0:1.0.2p-3.40.2 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1d-11.27.1 (x86_64) 0:1.1.1d-11.27.1 (noarch) 0:1.1.1d-11.27.1 (aarch64|ppc64le|s390x|x86_64) 0:10.2.40-3.43.1 (aarch64|ppc64le|s390x|x86_64) 0:10.4.21-3.14.1 (noarch) 0:9.4.43-3.12.2 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-103.2 (noarch) 0:1.0.0+-103.2 (s390x|x86_64) 0:5.2.0-103.2 (noarch) 0:5.2.0-103.2 (noarch) 0:1.14.0_0_g155821a-103.2 (noarch) 0:8-103.2 (x86_64) 0:0.44-3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.5-4.82.1 (aarch64|ppc64le|s390x|x86_64) 0:78.13.0-8.36.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.5-4.19.1 (noarch) 0:12.22.5-4.19.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.15-58.3 (aarch64|ppc64le|s390x|x86_64) 0:1.16.3-3.6.1 (x86_64) 0:1.16.3-3.6.1 (noarch) 0:1.16.3-3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-11.8.2 (x86_64) 0:3.4.2-11.8.2 (aarch64|x86_64) 0:4.14.2_04-3.9.1 (x86_64) 0:4.14.2_04-3.9.1 (noarch) 0:4.14.2_04-3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.6-150.4.1 (aarch64|ppc64le|s390x|x86_64) 0:10.5.12-3.6.1 (noarch) 0:10.5.12-3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.1-23.11.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.12.0-3.59.1 (noarch) 0:11.0.12.0-3.59.1 (aarch64|ppc64le|s390x|x86_64) 0:10.24.1-1.39.2 (noarch) 0:10.24.1-1.39.2 (aarch64|ppc64le|s390x|x86_64) 0:2.4.43-3.25.1 (noarch) 0:2.4.43-3.25.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.4-10.3.1 (x86_64) 0:3.1.4-10.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1d-11.30.1 (x86_64) 0:1.1.1d-11.30.1 (noarch) 0:1.1.1d-11.30.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.8.22-3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.14-11.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-3.43.1 (x86_64) 0:1.0.2p-3.43.1 (noarch) 0:1.0.2p-3.43.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.2-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.0-3.3.1 (noarch) 0:1.0.0-3.3.1 (x86_64) 0:1.0.0-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.7-3.59.1 (noarch) 0:1.10.21-3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.8-3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:9.52-155.1 (aarch64|ppc64le|s390x|x86_64) 0:0.2.8-3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6.13-3.3.1 (x86_64) 0:0.6.13-3.3.1 (aarch64|x86_64) 0:4.14.2_06-3.12.1 (x86_64) 0:4.14.2_06-3.12.1 (noarch) 0:4.14.2_06-3.12.1 (noarch) 0:1.6.1-3.6.1 (x86_64) 0:5.3.18-38.22.2 (noarch) 0:5.3.18-38.22.1 (x86_64) 0:5.3.18-38.22.1 (aarch64|ppc64le|s390x|x86_64) 0:4.13.6+git.211.555d60b24ba-3.7.1 (x86_64) 0:4.13.6+git.211.555d60b24ba-3.7.1 (aarch64|x86_64) 0:4.13.6+git.211.555d60b24ba-3.7.1 (noarch) 0:4.13.6+git.211.555d60b24ba-3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-11.11.1 (x86_64) 0:3.4.2-11.11.1 (aarch64|ppc64le|s390x|x86_64) 0:0.3.12-3.3.1 (noarch) 0:0.3.12-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.14-5.6.1 (noarch) 0:1.3.14-5.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.1-3.3.1 (aarch64) 0:5.3.18-59.24.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.24.1 (aarch64|x86_64) 0:5.3.18-59.24.1 (ppc64le|x86_64) 0:5.3.18-59.24.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.24.1.18.12.1 (noarch) 0:5.3.18-59.24.1 (s390x) 0:5.3.18-59.24.1 (aarch64|ppc64le|s390x|x86_64) 0:14.17.5-5.15.5 (noarch) 0:14.17.5-5.15.5 (aarch64|ppc64le|s390x|x86_64) 0:2.2.5-11.3.1 (x86_64) 0:2.2.5-11.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.0-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:13.4-5.16.2 (x86_64) 0:13.4-5.16.2 (noarch) 0:13.4-5.16.2 (aarch64|ppc64le|s390x|x86_64) 0:12.8-8.23.2 (noarch) 0:12.8-8.23.2 (aarch64|ppc64le|s390x|x86_64) 0:2.31-9.3.2 (x86_64) 0:2.31-9.3.2 (noarch) 0:2.31-9.3.2 (aarch64|ppc64le|s390x|x86_64) 0:1.16.8-1.26.1 (aarch64|x86_64) 0:1.16.8-1.26.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-11.14.1 (x86_64) 0:3.4.2-11.14.1 (aarch64|ppc64le|s390x|x86_64) 0:8.17.0-10.15.11 (noarch) 0:8.17.0-10.15.11 (aarch64|ppc64le|s390x|x86_64) 0:7.66.0-4.27.1 (x86_64) 0:7.66.0-4.27.1 (aarch64|ppc64le|s390x|x86_64) 0:5.6.5-1.6.1 (x86_64) 0:5.6.5-1.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.8.11-3.3.3 (aarch64|ppc64le|s390x|x86_64) 0:0.19.0-1.9.1 (x86_64) 0:5.3.18-38.25.2 (noarch) 0:5.3.18-38.25.2 (x86_64) 0:5.3.18-38.25.1 (noarch) 0:234-24.93.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.0-3.6.1 (noarch) 0:1.0.0-3.6.1 (x86_64) 0:1.0.0-3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.32.4-12.3 (x86_64) 0:2.32.4-12.3 (noarch) 0:2.32.4-12.3 (aarch64|ppc64le|s390x|x86_64) 0:5.12.7-3.3.1 (x86_64) 0:5.12.7-3.3.1 (noarch) 0:5.12.7-3.3.1 (aarch64) 0:5.3.18-59.27.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.27.1 (aarch64|x86_64) 0:5.3.18-59.27.1 (ppc64le|x86_64) 0:5.3.18-59.27.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.27.1.18.15.1 (noarch) 0:5.3.18-59.27.1 (s390x) 0:5.3.18-59.27.1 (aarch64|ppc64le|s390x|x86_64) 0:4.14.3-40.1 (x86_64) 0:4.14.3-40.1 (aarch64|ppc64le|s390x|x86_64) 0:25-6.10.1 (aarch64|ppc64le|s390x|x86_64) 0:91.2.0-8.54.1 (aarch64|ppc64le|s390x|x86_64) 0:91-9.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.3-3.24.1 (x86_64) 0:1.16.3-3.24.1 (aarch64|ppc64le|s390x|x86_64) 0:5.8.2-11.21.1 (noarch) 0:5.8.2-11.21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.5-4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.36.2-4.5.1 (x86_64) 0:2.36.2-4.5.1 (noarch) 0:2.36.2-4.5.1 (noarch) 0:1.4.18-3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:4.17-5.29.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.9-1.29.1 (aarch64|x86_64) 0:1.16.9-1.29.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.17.2-1.6.2 (aarch64|x86_64) 0:1.17.2-1.6.2 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-33.1 (x86_64) 0:2.7.18-33.1 (noarch) 0:2.7.18-33.1 (aarch64|ppc64le|s390x|x86_64) 0:6.1-5.9.1 (x86_64) 0:6.1-5.9.1 (aarch64|ppc64le|s390x|x86_64) 0:6.3.26-20.17.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.11-56.1 (aarch64|ppc64le|s390x|x86_64) 0:20.10.9_ce-156.1 (noarch) 0:20.10.9_ce-156.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2-23.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-11.17.1 (x86_64) 0:3.4.2-11.17.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.43-3.32.1 (noarch) 0:2.4.43-3.32.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.20200827-5.9.1 (aarch64|ppc64le|s390x|x86_64) 0:8.45-20.10.1 (x86_64) 0:8.45-20.10.1 (noarch) 0:8.45-20.10.1 (aarch64|ppc64le|s390x|x86_64) 0:2.86-7.14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.26.2-4.5.1 (aarch64|ppc64le|s390x|x86_64) 0:3002.2-50.1.15.1 (noarch) 0:3002.2-50.1.15.1 (aarch64|ppc64le|s390x|x86_64) 0:3.2.8b-4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.32.4-15.1 (x86_64) 0:2.32.4-15.1 (noarch) 0:2.32.4-15.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.1-11.31.3 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-106.4 (noarch) 0:1.0.0+-106.4 (s390x|x86_64) 0:5.2.0-106.4 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-106.3 (noarch) 0:5.2.0-106.4 (noarch) 0:1.14.0_0_g155821a-106.4 (noarch) 0:8-106.4 (ppc64le|s390x|x86_64) 0:1.8.0.312-3.18.2 (noarch) 0:1.8.0.312-3.18.2 (aarch64|ppc64le|s390x|x86_64) 0:2.37-7.21.2 (x86_64) 0:2.37-7.21.2 (aarch64|ppc64le|s390x|x86_64) 0:0.11.4-3.2.1 (noarch) 0:0.11.4-3.2.1 (ppc64le|s390x|x86_64) 0:2.37-7.21.1 (aarch64|ppc64le|s390x|x86_64) 0:2.37-7.21.1 (aarch64|s390x|x86_64) 0:2.37-7.21.1 (aarch64|ppc64le|x86_64) 0:2.37-7.21.1 (aarch64|ppc64le|s390x) 0:2.37-7.21.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0-6.8.1 (noarch) 0:7.1.0-6.8.1 (x86_64) 0:7.1.0-6.8.1 (aarch64|x86_64) 0:7.1.0-6.8.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.4-5.3.3 (aarch64|ppc64le|s390x|x86_64) 0:2.6.2-3.3.1 (x86_64) 0:5.3.18-38.28.2 (noarch) 0:5.3.18-38.28.2 (x86_64) 0:5.3.18-38.28.1 (aarch64|ppc64le|s390x|x86_64) 0:2.37-7.26.1 (x86_64) 0:2.37-7.26.1 (ppc64le|s390x|x86_64) 0:2.37-7.26.1 (aarch64|s390x|x86_64) 0:2.37-7.26.1 (aarch64|ppc64le|x86_64) 0:2.37-7.26.1 (aarch64|ppc64le|s390x) 0:2.37-7.26.1 (aarch64|ppc64le|s390x|x86_64) 0:4.13.13+git.528.140935f8d6a-3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.2-3.3.1 (x86_64) 0:4.13.13+git.528.140935f8d6a-3.12.1 (aarch64_ilp32) 0:4.13.13+git.528.140935f8d6a-3.12.1 (x86_64) 0:2.2.2-3.3.1 (aarch64|x86_64) 0:4.13.13+git.528.140935f8d6a-3.12.1 (noarch) 0:4.13.13+git.528.140935f8d6a-3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:4.11.14+git.308.666c63d4eea-4.28.1 (x86_64) 0:4.11.14+git.308.666c63d4eea-4.28.1 (aarch64|ppc64le|s390x|x86_64) 0:4.13.13+git.531.903f5c0ccdc-3.17.1 (x86_64) 0:4.13.13+git.531.903f5c0ccdc-3.17.1 (aarch64_ilp32) 0:4.13.13+git.531.903f5c0ccdc-3.17.1 (aarch64|x86_64) 0:4.13.13+git.531.903f5c0ccdc-3.17.1 (noarch) 0:4.13.13+git.531.903f5c0ccdc-3.17.1 (aarch64|ppc64le|s390x|x86_64) 0:9.18.0-4.7.2 (aarch64|ppc64le|s390x|x86_64) 0:11.0.13.0-3.65.1 (noarch) 0:11.0.13.0-3.65.1 (noarch) 0:9.0.36-13.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5+git.471.5edbe3dcae7-3.57.2 (x86_64) 0:4.9.5+git.471.5edbe3dcae7-3.57.2 (aarch64) 0:5.3.18-59.34.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.34.1 (aarch64|x86_64) 0:5.3.18-59.34.1 (ppc64le|x86_64) 0:5.3.18-59.34.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.34.1.18.21.1 (noarch) 0:5.3.18-59.34.1 (s390x) 0:5.3.18-59.34.1 (aarch64|ppc64le|s390x|x86_64) 0:91.3.0-152.6.1 (aarch64|ppc64le|s390x|x86_64) 0:12.9-8.26.1 (noarch) 0:12.9-8.26.1 (aarch64|ppc64le|s390x|x86_64) 0:14.1-5.6.1 (x86_64) 0:14.1-5.6.1 (noarch) 0:14.1-5.6.1 (aarch64|ppc64le|s390x|x86_64) 0:13.5-5.22.1 (noarch) 0:13.5-5.22.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.312-3.58.2 (noarch) 0:1.8.0.312-3.58.2 (aarch64|ppc64le|s390x|x86_64) 0:6.0.14-6.8.1 (x86_64) 0:9.16.6-12.57.1 (aarch64|ppc64le|x86_64) 0:4.6.1-5.7.1 (x86_64) 0:4.6.1-5.7.1 (aarch64|ppc64le|x86_64) 0:4.7.3-3.7.2 (x86_64) 0:5.3.18-38.31.1 (noarch) 0:5.3.18-38.31.1 (aarch64|ppc64le|x86_64) 0:4.6.1-10.7.2 (noarch) 0:4.6.1-10.7.2 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.17.3-1.9.1 (aarch64|x86_64) 0:1.17.3-1.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.10-1.32.1 (aarch64|x86_64) 0:1.16.10-1.32.1 (aarch64|ppc64le|s390x|x86_64) 0:10.5.13-3.12.1 (noarch) 0:10.5.13-3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.9-4.20.1 (noarch) 0:2.5.9-4.20.1 (noarch) 0:2.6.1-4.3.1 (noarch) 0:2.2.0-4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.1-3.38.1 (x86_64) 0:2.2.1-3.38.1 (aarch64|ppc64le|s390x|x86_64) 0:0.62.0-4.6.1 (x86_64) 0:0.62.0-4.6.1 (noarch) 0:0.4.2-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2-3.3.1 (x86_64) 0:1.2-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.7.4-4.3.2 (x86_64) 0:4.7.4-4.3.2 (noarch) 0:4.7.4-4.3.2 (aarch64|ppc64le|s390x|x86_64) 0:2.34.1-18.1 (x86_64) 0:2.34.1-18.1 (noarch) 0:2.34.1-18.1 (ppc64le|x86_64) 0:4.12.14-197.102.2 (s390x) 0:4.12.14-197.102.2 (x86_64) 0:4.12.14-197.102.2 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-197.102.2 (aarch64|ppc64le|s390x|x86_64) 0:84.87+git20180409.04c9dae-3.52.1 (aarch64|ppc64le|s390x|x86_64) 0:3.68.1-3.61.1 (x86_64) 0:3.68.1-3.61.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.10-3.62.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.7-4.22.1 (noarch) 0:12.22.7-4.22.1 (aarch64) 0:5.3.18-59.37.2 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.37.2 (aarch64|x86_64) 0:5.3.18-59.37.2 (aarch64) 0:5.3.18-59.37.1 (ppc64le|x86_64) 0:5.3.18-59.37.2 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.37.2.18.23.3 (noarch) 0:5.3.18-59.37.2 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.37.3 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.37.1 (s390x) 0:5.3.18-59.37.2 (aarch64|ppc64le|s390x|x86_64) 0:1.0.7-3.3.1 (x86_64) 0:1.0.7-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.6-3.29.1 (aarch64|ppc64le|s390x|x86_64) 0:2.62.4-3.3.1 (x86_64) 0:2.62.4-3.3.1 (noarch) 0:2.62.4-3.3.1 (noarch) 0:2.8.0-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:6.1.2-4.9.1 (x86_64) 0:6.1.2-4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:0.103.4-3.32.1 (aarch64|ppc64le|s390x|x86_64) 0:8.4p1-3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:14.18.1-15.21.2 (noarch) 0:14.18.1-15.21.2 (aarch64|x86_64) 0:4.14.3_04-3.15.1 (x86_64) 0:4.14.3_04-3.15.1 (noarch) 0:4.14.3_04-3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:91.4.0-152.9.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-10.18.1 (x86_64) 0:7.0.7.34-10.18.1 (noarch) 0:7.0.7.34-10.18.1 (noarch) 0:2.13.0-4.3.1 (noarch) 0:20.0.2-6.15.1 (noarch) 0:10.0.1-3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.22-20.20.1 (aarch64|ppc64le|s390x|x86_64) 0:10.19-8.41.1 (noarch) 0:10.19-8.41.1 (aarch64|ppc64le|s390x|x86_64) 0:69.1-7.3.2 (noarch) 0:69.1-7.3.2 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-22.5.39.1 (noarch) 0:2.13.0-4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-10.9.1 (x86_64) 0:3.6.15-10.9.1 (noarch) 0:3.4.4-3.3.1 (noarch) 0:5.0.0-5.3.1 (noarch) 0:2.16.0-4.10.1 (noarch) 0:1.2.8-3.3.1 (noarch) 0:1.2.17-5.6.1 (noarch) 0:1.2.17-4.3.1 (noarch) 0:2.17.0-4.13.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-22.5.42.1 (aarch64|ppc64le|s390x|x86_64) 0:91.4.0-8.45.2 (aarch64|ppc64le|s390x|x86_64) 0:8.4p1-3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:0.23.2-4.13.1 (x86_64) 0:0.23.2-4.13.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.12-1.37.2 (aarch64|x86_64) 0:1.16.12-1.37.2 (aarch64|ppc64le|s390x|x86_64) 0:1.0.0-3.9.1 (noarch) 0:1.0.0-3.9.1 (x86_64) 0:1.0.0-3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.3-27.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.17.5-1.14.2 (aarch64|x86_64) 0:1.17.5-1.14.2 (aarch64|ppc64le|s390x|x86_64) 0:20181225-23.9.1 (noarch) 0:20181225-23.9.1 (noarch) 0:2.17.0-4.16.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.16-3.3.1 (noarch) 0:0.4.16-3.3.1 (x86_64) 0:0.4.16-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.3.34-3.3.1 (noarch) 0:0.3.34-3.3.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr7.5-150000.3.56.1 (x86_64) 0:1.8.0_sr7.5-150000.3.56.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.3-150000.5.10.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.51-150200.3.42.1 (noarch) 0:2.4.51-150200.3.42.1 (x86_64) 0:5.3.18-150300.38.50.1 (noarch) 0:5.3.18-150300.38.50.1 (aarch64) 0:5.3.18-150300.59.60.4 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.60.4 (aarch64|x86_64) 0:5.3.18-150300.59.60.4 (ppc64le|x86_64) 0:5.3.18-150300.59.60.4 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.60.4.150300.18.37.5 (noarch) 0:5.3.18-150300.59.60.4 (s390x) 0:5.3.18-150300.59.60.4 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8-11.3.1 (x86_64) 0:2.0.8-11.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.2-4.12.1 (x86_64) 0:3.9.2-4.12.1 (noarch) 0:3.9.2-4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3002.2-150300.53.10.1 (noarch) 0:3002.2-150300.53.10.1 (noarch) 0:0.14.1-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.11-150000.3.30.1 (x86_64) 0:1.2.11-150000.3.30.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.5-150200.3.5.1 (aarch64|ppc64le|x86_64) 0:1.16.5-150200.3.5.1 (noarch) 0:20210208-150300.4.7.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6.1-4.5.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr7.0-3.53.1 (x86_64) 0:1.8.0_sr7.0-3.53.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.38.2 (x86_64) 0:2.7.18-150000.38.2 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.38.1 (x86_64) 0:2.7.18-150000.38.1 (noarch) 0:2.7.18-150000.38.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.4.19~git28.b12c72226-150300.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6.0-4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:14.18.3-15.24.1 (noarch) 0:14.18.3-15.24.1 (aarch64|ppc64le|s390x|x86_64) 0:91.8.0-150200.152.26.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.9-4.25.1 (noarch) 0:12.22.9-4.25.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6.22-150000.5.9.1 (x86_64) 0:0.6.22-150000.5.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.68.3-150000.3.67.1 (x86_64) 0:3.68.3-150000.3.67.1 (aarch64|ppc64le|s390x|x86_64) 0:0.19.0-150100.3.16.1 (x86_64) 0:0.19.0-150100.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.22-150200.12.1 (aarch64|ppc64le|s390x|x86_64) 0:17.30.0-150200.36.1 (aarch64|ppc64le|s390x|x86_64) 0:1.14.52-150200.30.2 (noarch) 0:1.14.52-150200.30.2 (aarch64|ppc64le|s390x|x86_64) 0:5.2.3-150000.4.7.1 (x86_64) 0:5.2.3-150000.4.7.1 (noarch) 0:5.2.3-150000.4.7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.6-150300.10.8.1 (noarch) 0:1.10.6-150300.10.8.1 (x86_64) 0:5.3.18-150300.38.53.1 (noarch) 0:5.3.18-150300.38.53.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.15-150000.1.46.1 (aarch64|x86_64) 0:1.16.15-150000.1.46.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.17.8-150000.1.25.1 (aarch64|x86_64) 0:1.17.8-150000.1.25.1 (aarch64|ppc64le|s390x|x86_64) 0:91.8.0-150200.8.65.1 (aarch64) 0:5.3.18-150300.59.63.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.63.1 (aarch64|x86_64) 0:5.3.18-150300.59.63.1 (ppc64le|x86_64) 0:5.3.18-150300.59.63.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.63.1.150300.18.39.1 (noarch) 0:5.3.18-150300.59.63.1 (s390x) 0:5.3.18-150300.59.63.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8-150200.11.6.1 (x86_64) 0:2.0.8-150200.11.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.0-150000.3.5.1 (x86_64) 0:2.3.0-150000.3.5.1 (ppc64le|x86_64) 0:4.12.14-150100.197.111.1 (s390x) 0:4.12.14-150100.197.111.1 (x86_64) 0:4.12.14-150100.197.111.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.111.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.2-150100.7.3.1 (noarch) 0:1.7.2-150100.7.3.1 (noarch) 0:1.14.2-150200.3.3.1 (noarch) 0:3.0.2-150200.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1.75-150200.4.6.2 (noarch) 0:4.1.75-150200.4.6.2 (aarch64|ppc64le|s390x|x86_64) 0:1.2.15-150000.3.19.1 (x86_64) 0:1.2.15-150000.3.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.35-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.24-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:9.28.0-150000.3.3.1 (noarch) 0:9.28.0-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.2-150000.4.5.1 (x86_64) 0:1.5.2-150000.4.5.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.3-150300.3.3.1 (noarch) 0:9.0.36-150200.22.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.5-150000.3.3.1 (x86_64) 0:1.10.5-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.86-150100.7.20.1 (aarch64) 0:5.3.18-59.40.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.40.1 (aarch64|x86_64) 0:5.3.18-59.40.1 (ppc64le|x86_64) 0:5.3.18-59.40.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-59.40.1.18.25.1 (noarch) 0:5.3.18-59.40.1 (s390x) 0:5.3.18-59.40.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1.75-150200.4.9.1 (noarch) 0:4.1.75-150200.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.6-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.17.3-10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.34.1-4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:91.5.0-152.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.1-150000.3.23.1 (noarch) 0:1.10.1-150000.3.23.1 (aarch64|ppc64le|s390x|x86_64) 0:0.10.0-150000.1.3.1 (noarch) 0:4.2.6-150000.3.34.1 (noarch) 0:4.2.16-150000.3.77.1 (aarch64|ppc64le|s390x|x86_64) 0:7.5.12-3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:20181225-23.12.1 (noarch) 0:20181225-23.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.1-150000.1.11.1 (aarch64|x86_64) 0:1.18.1-150000.1.11.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.17.9-150000.1.28.1 (aarch64|x86_64) 0:1.17.9-150000.1.28.1 (noarch) 0:1.10.7-150200.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:6.9-150100.5.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.36.0-150200.32.1 (x86_64) 0:2.36.0-150200.32.1 (noarch) 0:2.36.0-150200.32.1 (noarch) 0:0.9.3-150300.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.32.1-150100.4.9.2 (aarch64|ppc64le|s390x|x86_64) 0:1.0.0-150200.3.12.1 (noarch) 0:1.0.0-150200.3.12.1 (x86_64) 0:1.0.0-150200.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.1-150300.8.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.7-150300.3.5.1 (noarch) 0:2.3.7-150300.3.5.1 (x86_64) 0:2.3.7-150300.3.5.1 (noarch) 0:2.4.2-150100.6.12.1 (noarch) 0:20.0.2-150100.6.18.1 (noarch) 0:2.62.6-150200.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.62.6-150200.3.9.1 (x86_64) 0:2.62.6-150200.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.12-150200.4.32.1 (noarch) 0:12.22.12-150200.4.32.1 (aarch64|ppc64le|s390x|x86_64) 0:14.19.1-150200.15.31.1 (noarch) 0:14.19.1-150200.15.31.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.1-150300.2.7.1 (aarch64|ppc64le|s390x|x86_64) 0:0.99.beta19.git20171003-150200.11.6.1 (x86_64) 0:0.99.beta19.git20171003-150200.11.6.1 (noarch) 0:0.99.beta19.git20171003-150200.11.6.1 (aarch64|ppc64le|s390x|x86_64) 0:19.10.0-150200.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.14-150000.3.25.1 (x86_64) 0:2.0.14-150000.3.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.35.3-150300.10.12.1 (noarch) 0:2.35.3-150300.10.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.10-150300.4.8.1 (x86_64) 0:3.9.10-150300.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.10-150300.4.8.2 (x86_64) 0:3.9.10-150300.4.8.2 (aarch64|ppc64le|s390x|x86_64) 0:1.56.1-150300.7.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.16-24.1 (aarch64|x86_64) 0:4.14.4_04-150300.3.24.1 (x86_64) 0:4.14.4_04-150300.3.24.1 (noarch) 0:4.14.4_04-150300.3.24.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.9-150000.5.14.1 (aarch64|ppc64le|s390x|x86_64) 0:9.16.6-150300.22.13.1 (noarch) 0:9.16.6-150300.22.13.1 (aarch64|x86_64) 0:3.1.1260.0-150000.5.9.2 (aarch64|ppc64le|s390x|x86_64) 0:2.5.9-150000.4.23.1 (noarch) 0:2.5.9-150000.4.23.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.15.0-150000.3.80.1 (noarch) 0:11.0.15.0-150000.3.80.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.11-150000.3.6.2 (aarch64|ppc64le|s390x|x86_64) 0:0.2.12-150000.4.4.1 (x86_64) 0:0.2.12-150000.4.4.1 (aarch64|ppc64le|s390x|x86_64) 0:0.17.0-150200.5.7.1 (aarch64|ppc64le|s390x|x86_64) 0:4.30-150300.3.3.1 (noarch) 0:4.30-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.34-150000.3.12.1 (noarch) 0:1.34-150000.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0-150300.6.29.1 (noarch) 0:7.1.0-150300.6.29.1 (x86_64) 0:7.1.0-150300.6.29.1 (aarch64|x86_64) 0:7.1.0-150300.6.29.1 (aarch64|ppc64le|s390x|x86_64) 0:5.2.1-150000.4.8.1 (x86_64) 0:5.2.1-150000.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.0-9.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.2-150300.3.15.1 (x86_64) 0:2.4.2-150300.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:8.2106.0-150200.4.26.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10-150200.10.1 (aarch64|ppc64le|s390x|x86_64) 0:0.103.6-150000.3.38.1 (aarch64|ppc64le|s390x|x86_64) 0:7.66.0-150200.4.30.1 (x86_64) 0:7.66.0-150200.4.30.1 (aarch64|ppc64le|s390x|x86_64) 0:2.13.0-150200.12.6.1 (noarch) 0:2.13.0-150200.12.6.1 (aarch64|ppc64le|s390x|x86_64) 0:20.11.9-150300.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.46-150200.14.8.1 (x86_64) 0:2.4.46-150200.14.8.1 (noarch) 0:2.4.46-150200.14.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2-150200.14.8.1 (x86_64) 0:5.3.18-150300.38.56.1 (noarch) 0:5.3.18-150300.38.56.1 (noarch) 0:2.13.0-150200.3.6.1 (noarch) 0:2.13.0-150200.3.3.1 (noarch) 0:2.13.0-150200.3.9.1 (noarch) 0:2.13.0-150200.3.3.3 (aarch64) 0:5.3.18-150300.59.68.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.68.1 (aarch64|x86_64) 0:5.3.18-150300.59.68.1 (ppc64le|x86_64) 0:5.3.18-150300.59.68.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.68.1.150300.18.41.3 (noarch) 0:5.3.18-150300.59.68.1 (s390x) 0:5.3.18-150300.59.68.1 (aarch64|ppc64le|s390x|x86_64) 0:1.43.8-150000.4.33.1 (x86_64) 0:1.43.8-150000.4.33.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.11-150000.68.1 (aarch64|ppc64le|s390x|x86_64) 0:20.10.14_ce-150000.163.1 (noarch) 0:20.10.14_ce-150000.163.1 (x86_64) 0:5.3.18-150300.38.37.1 (noarch) 0:5.3.18-150300.38.37.1 (aarch64|ppc64le|s390x|x86_64) 0:8.17.0-150200.10.22.1 (noarch) 0:8.17.0-150200.10.22.1 (aarch64|ppc64le|s390x|x86_64) 0:1.55.0-150300.7.6.1 (aarch64|ppc64le|s390x|x86_64) 0:10.24.1-150000.1.44.1 (noarch) 0:10.24.1-150000.1.44.1 (aarch64|ppc64le|s390x|x86_64) 0:91.9.0-150200.8.68.2 (x86_64) 0:20220510-150200.14.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.1-150300.6.2 (aarch64|ppc64le|s390x|x86_64) 0:91.9.0-150200.152.37.3 (aarch64|ppc64le|s390x|x86_64) 0:1.57.0-150300.7.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.46.1 (x86_64) 0:2.9.7-150000.3.46.1 (noarch) 0:2.9.7-150000.3.46.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.8-10.6.1 (noarch) 0:1.6.8-10.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-150200.10.26.1 (x86_64) 0:7.0.7.34-150200.10.26.1 (noarch) 0:7.0.7.34-150200.10.26.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.6-150200.3.38.2 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-150300.109.2 (noarch) 0:1.0.0+-150300.109.2 (s390x|x86_64) 0:5.2.0-150300.109.2 (noarch) 0:5.2.0-150300.109.2 (noarch) 0:1.14.0_0_g155821a-150300.109.2 (noarch) 0:8-150300.109.2 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-150300.109.4 (aarch64|ppc64le|s390x|x86_64) 0:2.2.5-3.9.1 (x86_64) 0:2.2.5-3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.4.6.1 (x86_64) 0:3.4.2-150200.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.34.3-23.3 (x86_64) 0:2.34.3-23.3 (noarch) 0:2.34.3-23.3 (aarch64|ppc64le|s390x|x86_64) 0:1.18.2-150000.1.17.1 (aarch64|x86_64) 0:1.18.2-150000.1.17.1 (aarch64|ppc64le|s390x|x86_64) 0:91.9.1-150200.152.40.1 (aarch64|ppc64le|s390x|x86_64) 0:20.11.9-150200.6.10.1 (aarch64|ppc64le|s390x|x86_64) 0:0.13-3.3.1 (noarch) 0:0.13-3.3.1 (x86_64) 0:0.13-3.3.1 (noarch) 0:20210208-150300.4.10.1 (aarch64|ppc64le|s390x|x86_64) 0:6.0.14-150200.6.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.5-150200.3.6.1 (x86_64) 0:1.0.5-150200.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.7-150000.3.32.1 (x86_64) 0:2.2.7-150000.3.32.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.17.10-150000.1.34.1 (aarch64|x86_64) 0:1.17.10-150000.1.34.1 (aarch64|ppc64le|s390x|x86_64) 0:7.66.0-150200.4.33.1 (x86_64) 0:7.66.0-150200.4.33.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-150000.45.8.1 (x86_64) 0:4.0.9-150000.45.8.1 (aarch64|ppc64le|s390x|x86_64) 0:10.31-150000.3.7.1 (x86_64) 0:10.31-150000.3.7.1 (noarch) 0:10.31-150000.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:0.3.1-150000.1.13.1 (aarch64|ppc64le|s390x|x86_64) 0:10.21-150100.8.47.1 (noarch) 0:10.21-150100.8.47.1 (aarch64|ppc64le|x86_64) 0:19.11.4-150300.11.1 (noarch) 0:19.11.4-150300.11.1 (aarch64|ppc64le|x86_64) 0:19.11.4_k5.3.18_150300.59.63-150300.11.1 (aarch64|x86_64) 0:19.11.4_k5.3.18_150300.59.63-150300.11.1 (aarch64) 0:19.11.4-150300.11.1 (aarch64) 0:19.11.4_k5.3.18_150300.59.63-150300.11.1 (aarch64|ppc64le|s390x|x86_64) 0:12.11-150200.8.32.1 (noarch) 0:12.11-150200.8.32.1 (aarch64|ppc64le|s390x|x86_64) 0:13.7-150200.5.28.1 (noarch) 0:13.7-150200.5.28.1 (aarch64|ppc64le|s390x|x86_64) 0:0.116-3.6.1 (x86_64) 0:0.116-3.6.1 (noarch) 0:0.116-3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:14.3-150200.5.12.2 (x86_64) 0:14.3-150200.5.12.2 (aarch64|ppc64le|s390x|x86_64) 0:14.3-150200.5.12.1 (noarch) 0:14.3-150200.5.12.2 (noarch) 0:1.10.8-150300.4.3.1 (noarch) 0:1.10.8-150300.4.3.2 (aarch64|ppc64le|s390x|x86_64) 0:1.10.8-150300.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.8-150300.4.3.2 (aarch64|ppc64le|s390x|x86_64) 0:91.10.0-150200.152.43.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.6-150000.5.3.1 (aarch64) 0:5.3.18-150300.59.43.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.43.1 (aarch64|x86_64) 0:5.3.18-150300.59.43.1 (ppc64le|x86_64) 0:5.3.18-150300.59.43.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.43.1.150300.18.27.1 (noarch) 0:5.3.18-150300.59.43.1 (s390x) 0:5.3.18-150300.59.43.1 (aarch64|ppc64le|s390x|x86_64) 0:91.5.0-8.51.1 (aarch64|ppc64le|s390x|x86_64) 0:10.5.16-150300.3.18.1 (noarch) 0:10.5.16-150300.3.18.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.17.11-150000.1.37.1 (aarch64|x86_64) 0:1.17.11-150000.1.37.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.3-150000.1.20.1 (aarch64|x86_64) 0:1.18.3-150000.1.20.1 (noarch) 0:2.8.9-150200.3.6.3 (noarch) 0:3.10.6-150200.3.3.2 (aarch64) 0:2021.01-150300.7.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.01-150300.7.12.1 (aarch64) 0:2020.01-150200.10.12.1 (aarch64|ppc64le|s390x|x86_64) 0:91.10.0-150200.8.73.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.12-150300.9.3.1 (noarch) 0:2.10.12-150300.9.3.1 (x86_64) 0:2.10.12-150300.9.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.04-150300.22.20.2 (noarch) 0:2.04-150300.22.20.2 (s390x) 0:2.04-150300.22.20.2 (aarch64|x86_64) 0:4.14.5_02-150300.3.29.1 (x86_64) 0:4.14.5_02-150300.3.29.1 (noarch) 0:4.14.5_02-150300.3.29.1 (aarch64|ppc64le|s390x|x86_64) 0:19.10.0-150200.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.36.3-150200.35.1 (x86_64) 0:2.36.3-150200.35.1 (noarch) 0:2.36.3-150200.35.1 (aarch64) 0:5.3.18-150300.59.71.2 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.71.2 (aarch64|x86_64) 0:5.3.18-150300.59.71.2 (aarch64) 0:5.3.18-150300.59.71.1 (ppc64le|x86_64) 0:5.3.18-150300.59.71.2 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.71.2.150300.18.43.2 (noarch) 0:5.3.18-150300.59.71.2 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.71.1 (s390x) 0:5.3.18-150300.59.71.2 (x86_64) 0:5.3.18-150300.38.59.1 (noarch) 0:5.3.18-150300.38.59.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.4.19~git38.9951c1101-150300.3.17.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0-6.11.1 (noarch) 0:7.1.0-6.11.1 (x86_64) 0:7.1.0-6.11.1 (aarch64|x86_64) 0:7.1.0-6.11.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.1-11.34.2 (aarch64|ppc64le|s390x|x86_64) 0:8.2.5038-150000.5.21.1 (noarch) 0:8.2.5038-150000.5.21.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.4-150000.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.4-150000.3.6.1 (ppc64le|x86_64) 0:4.12.14-150100.197.114.2 (s390x) 0:4.12.14-150100.197.114.2 (x86_64) 0:4.12.14-150100.197.114.2 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.114.2 (aarch64|ppc64le|s390x|x86_64) 0:0.23.0-150100.4.7.1 (noarch) 0:1.2.17-5.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.0-150100.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.29~0+git.9a7bc817-150300.3.5.1 (aarch64) 0:9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 (aarch64|x86_64) 0:9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 (x86_64) 0:9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.5.1 (x86_64) 0:5.3.18-150300.38.62.1 (noarch) 0:5.3.18-150300.38.62.1 (aarch64) 0:5.3.18-150300.59.76.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.76.1 (aarch64|x86_64) 0:5.3.18-150300.59.76.1 (ppc64le|x86_64) 0:5.3.18-150300.59.76.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.76.1.150300.18.45.2 (noarch) 0:5.3.18-150300.59.76.1 (s390x) 0:5.3.18-150300.59.76.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.13-150300.4.13.1 (x86_64) 0:3.9.13-150300.4.13.1 (aarch64|ppc64le|s390x|x86_64) 0:3004-150300.53.24.1 (noarch) 0:3004-150300.53.24.1 (noarch) 0:3.11.0-150200.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.0-150200.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.6-150200.3.41.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1d-150200.11.48.1 (x86_64) 0:1.1.1d-150200.11.48.1 (noarch) 0:1.1.1d-150200.11.48.1 (aarch64|ppc64le|s390x|x86_64) 0:3.3.0-150000.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-150300.115.2 (noarch) 0:5.2.0-150300.115.2 (noarch) 0:1.0.0+-150300.115.2 (s390x|x86_64) 0:5.2.0-150300.115.2 (noarch) 0:1.14.0_0_g155821a-150300.115.2 (noarch) 0:8-150300.115.2 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-150300.115.4 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-150200.10.31.1 (x86_64) 0:7.0.7.34-150200.10.31.1 (noarch) 0:7.0.7.34-150200.10.31.1 (noarch) 0:1.2.17-4.9.1 (aarch64|ppc64le|x86_64) 0:19.11.4-150300.13.3 (noarch) 0:19.11.4-150300.13.3 (aarch64|ppc64le|x86_64) 0:19.11.4_k5.3.18_150300.59.76-150300.13.3 (aarch64|x86_64) 0:19.11.4_k5.3.18_150300.59.76-150300.13.3 (aarch64) 0:19.11.4-150300.13.3 (aarch64) 0:19.11.4_k5.3.18_150300.59.76-150300.13.3 (aarch64|ppc64le|x86_64) 0:18.11.9-150100.4.16.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.30-150300.8.3.1 (noarch) 0:20210626-150300.8.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.3-150300.10.5.1 (x86_64) 0:2.5.3-150300.10.5.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.4-150300.9.3.2 (noarch) 0:3.4.4-150300.9.3.2 (s390x) 0:2.15.1-150300.8.24.1 (aarch64|ppc64le|s390x|x86_64) 0:91.11.0-150200.152.48.1 (aarch64|ppc64le|s390x|x86_64) 0:91.11.0-150200.8.76.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-150000.3.56.1 (x86_64) 0:1.0.2p-150000.3.56.1 (noarch) 0:1.0.2p-150000.3.56.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.8-150300.3.5.1 (noarch) 0:1.5.8-150300.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:4.8.0+git30.d0077df0-150300.8.28.1 (noarch) 0:4.8.0+git30.d0077df0-150300.8.28.1 (aarch64|ppc64le|s390x|x86_64) 0:7.66.0-150200.4.36.1 (x86_64) 0:7.66.0-150200.4.36.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1d-150200.11.51.1 (x86_64) 0:1.1.1d-150200.11.51.1 (noarch) 0:1.1.1d-150200.11.51.1 (aarch64|x86_64) 0:12-150100.11.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.6-150000.73.2 (aarch64|ppc64le|s390x|x86_64) 0:20.10.17_ce-150000.166.1 (noarch) 0:20.10.17_ce-150000.166.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.3-150000.30.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.51-150200.3.48.1 (noarch) 0:2.4.51-150200.3.48.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.41.1 (x86_64) 0:2.7.18-150000.41.1 (noarch) 0:2.7.18-150000.41.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.3-150300.8.9.1 (noarch) 0:1.9.3-150300.8.9.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.9-150300.23.10.1 (x86_64) 0:7.2.9-150300.23.10.1 (aarch64) 0:7.2.9_k5.3.18_150300.59.76-150300.23.10.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.9_k5.3.18_150300.59.76-150300.23.10.1 (aarch64|x86_64) 0:7.2.9_k5.3.18_150300.59.76-150300.23.10.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.2-150200.15.15.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.27.1 (x86_64) 0:3.6.15-150300.10.27.1 (aarch64|ppc64le|s390x|x86_64) 0:8.45-150000.20.13.1 (x86_64) 0:8.45-150000.20.13.1 (noarch) 0:8.45-150000.20.13.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150200.22.5.55.1 (x86_64) 0:5.3.18-150300.38.69.1 (noarch) 0:5.3.18-150300.38.69.1 (aarch64) 0:2.0.8_k5.3.18_150300.59.76-150300.19.5.3 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8_k5.3.18_150300.59.76-150300.19.5.3 (aarch64|x86_64) 0:2.0.8_k5.3.18_150300.59.76-150300.19.5.3 (x86_64) 0:2.0.8_k5.3.18_8.13-150300.19.5.3 (noarch) 0:1.7.1-150200.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.23.2-150000.4.16.1 (x86_64) 0:0.23.2-150000.4.16.1 (ppc64le|x86_64) 0:4.12.14-150100.197.117.1 (s390x) 0:4.12.14-150100.197.117.1 (x86_64) 0:4.12.14-150100.197.117.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.117.1 (aarch64|ppc64le|s390x|x86_64) 0:14.20.0-150200.15.34.1 (noarch) 0:14.20.0-150200.15.34.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.12-150200.4.35.1 (noarch) 0:12.22.12-150200.4.35.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.15-150200.62.1 (aarch64|ppc64le|s390x|x86_64) 0:2.36.4-150200.38.2 (x86_64) 0:2.36.4-150200.38.2 (noarch) 0:2.36.4-150200.38.2 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.332-150000.3.67.1 (noarch) 0:1.8.0.332-150000.3.67.1 (aarch64|ppc64le|s390x|x86_64) 0:3.79-150000.3.74.1 (x86_64) 0:3.79-150000.3.74.1 (aarch64|ppc64le|s390x|x86_64) 0:4.34-150000.3.23.1 (x86_64) 0:4.34-150000.3.23.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.27-150300.3.5.1 (noarch) 0:2.2.27-150300.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:3.13.0-150000.4.7.1 (aarch64) 0:5.3.18-150300.59.87.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.87.1 (aarch64|x86_64) 0:5.3.18-150300.59.87.1 (ppc64le|x86_64) 0:5.3.18-150300.59.87.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.87.1.150300.18.50.2 (noarch) 0:5.3.18-150300.59.87.1 (s390x) 0:5.3.18-150300.59.87.1 (aarch64|ppc64le|s390x|x86_64) 0:2.35.3-150300.10.15.1 (noarch) 0:2.35.3-150300.10.15.1 (aarch64|ppc64le|s390x|x86_64) 0:16.16.0-150300.7.6.2 (noarch) 0:16.16.0-150300.7.6.2 (aarch64|ppc64le|s390x|x86_64) 0:4.17-150000.5.32.1 (noarch) 0:0.35.2-150000.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:0.35.2-150000.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.3-150000.1.9.1 (aarch64|ppc64le|s390x|x86_64) 0:4.15.8+git.500.d5910280cc7-150300.3.37.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.3-150300.3.20.1 (x86_64) 0:2.4.3-150300.3.20.1 (x86_64) 0:4.15.8+git.500.d5910280cc7-150300.3.37.1 (aarch64_ilp32) 0:4.15.8+git.500.d5910280cc7-150300.3.37.1 (aarch64|x86_64) 0:4.15.8+git.500.d5910280cc7-150300.3.37.1 (noarch) 0:4.15.8+git.500.d5910280cc7-150300.3.37.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.4-150000.3.3.1 (aarch64|x86_64) 0:4.14.5_04-150300.3.32.1 (x86_64) 0:4.14.5_04-150300.3.32.1 (noarch) 0:4.14.5_04-150300.3.32.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0-150300.18.3.1 (aarch64|ppc64le|s390x|x86_64) 0:91.12.0-150200.152.53.1 (aarch64|ppc64le|s390x|x86_64) 0:1.22-150300.7.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.177-150300.11.3.1 (noarch) 0:0.177-150300.11.3.1 (x86_64) 0:0.177-150300.11.3.1 (x86_64) 0:1.22-150300.7.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.12-150200.3.9.1 (aarch64|ppc64le|x86_64) 0:0.4.0-150200.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:5.44-150000.5.6.1 (noarch) 0:5.44-150000.5.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-150000.45.11.1 (x86_64) 0:4.0.9-150000.45.11.1 (aarch64|ppc64le|s390x|x86_64) 0:10.31-150000.3.12.1 (x86_64) 0:10.31-150000.3.12.1 (noarch) 0:10.31-150000.3.12.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr7.10-150000.3.59.1 (x86_64) 0:1.8.0_sr7.10-150000.3.59.1 (aarch64) 0:2021.01-150300.7.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.01-150300.7.15.1 (aarch64) 0:2020.01-150200.10.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.4-150200.3.3.1 (x86_64) 0:2.6.4-150200.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.2-150000.3.5.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.17.13-150000.1.42.1 (aarch64|x86_64) 0:1.17.13-150000.1.42.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.5-150000.1.25.1 (aarch64|x86_64) 0:1.18.5-150000.1.25.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35-150100.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:5.4.0-150000.4.15.1 (x86_64) 0:5.4.0-150000.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.16.0-150000.3.83.1 (noarch) 0:11.0.16.0-150000.3.83.1 (aarch64|ppc64le|s390x|x86_64) 0:6.1-150000.5.12.1 (x86_64) 0:6.1-150000.5.12.1 (x86_64) 0:5.3.18-150300.38.75.1 (noarch) 0:5.3.18-150300.38.75.1 (aarch64|ppc64le|s390x|x86_64) 0:91.12.0-150200.8.79.1 (noarch) 0:2.0.15-150100.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.4-150300.8.12.1 (noarch) 0:1.12.4-150300.8.12.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1-33.2 (aarch64|ppc64le|s390x|x86_64) 0:6.9-150100.5.18.1 (aarch64|ppc64le|s390x|x86_64) 0:2.36.5-150200.41.1 (x86_64) 0:2.36.5-150200.41.1 (noarch) 0:2.36.5-150200.41.1 (aarch64|ppc64le|s390x|x86_64) 0:19.10.0-150200.3.15.1 (ppc64le|x86_64) 0:4.12.14-150100.197.120.1 (s390x) 0:4.12.14-150100.197.120.1 (x86_64) 0:4.12.14-150100.197.120.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.120.1 (aarch64|ppc64le|s390x|x86_64) 0:2.13.6-150300.3.11.2 (noarch) 0:2.13.6-150300.3.11.2 (aarch64|ppc64le|s390x|x86_64) 0:4.15.4+git.324.8332acf1a63-150300.3.25.3 (aarch64|ppc64le|s390x|x86_64) 0:1.19.2-150300.8.3.2 (x86_64) 0:1.19.2-150300.8.3.2 (aarch64|ppc64le|s390x|x86_64) 0:2.4.1-150300.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:2.13.6-150300.3.11.1 (x86_64) 0:2.13.6-150300.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.1-150300.23.17.3 (x86_64) 0:2.4.1-150300.3.10.1 (x86_64) 0:4.15.4+git.324.8332acf1a63-150300.3.25.3 (aarch64_ilp32) 0:4.15.4+git.324.8332acf1a63-150300.3.25.3 (aarch64|ppc64le|s390x|x86_64) 0:2.3.3-150300.3.3.2 (x86_64) 0:2.3.3-150300.3.3.2 (aarch64|ppc64le|s390x|x86_64) 0:1.4.4-150300.3.3.2 (x86_64) 0:1.4.4-150300.3.3.2 (aarch64|ppc64le|s390x|x86_64) 0:0.11.0-150300.3.3.2 (x86_64) 0:0.11.0-150300.3.3.2 (x86_64) 0:2.13.6-150300.3.11.2 (aarch64|x86_64) 0:4.15.4+git.324.8332acf1a63-150300.3.25.3 (noarch) 0:4.15.4+git.324.8332acf1a63-150300.3.25.3 (aarch64|ppc64le|s390x|x86_64) 0:2.3.3-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.11.0-150300.3.3.1 (noarch) 0:1.1.5-150000.3.2.1 (noarch) 0:1.4-150000.3.2.1 (aarch64|ppc64le|s390x|x86_64) 0:4.5.4-150000.3.3.2 (noarch) 0:1.10.0-150000.5.9.2 (noarch) 0:2.5.0-150000.3.2.2 (noarch) 0:2.1.1-150000.3.2.2 (aarch64|ppc64le|s390x|x86_64) 0:2022.5.17-150000.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.7-150300.9.9.2 (noarch) 0:3.4.7-150300.9.9.2 (aarch64|ppc64le|s390x|x86_64) 0:10.24.1-150000.1.47.1 (noarch) 0:10.24.1-150000.1.47.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.345-150000.3.70.1 (noarch) 0:1.8.0.345-150000.3.70.1 (noarch) 0:15-150100.8.17.1 (aarch64) 0:2021.01-150300.7.18.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.01-150300.7.18.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.4-150000.4.3.1 (noarch) 0:6.01-150000.3.5.1 (aarch64) 0:5.3.18-150300.59.90.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.90.1 (aarch64|x86_64) 0:5.3.18-150300.59.90.1 (ppc64le|x86_64) 0:5.3.18-150300.59.90.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.90.1.150300.18.52.1 (noarch) 0:5.3.18-150300.59.90.1 (s390x) 0:5.3.18-150300.59.90.1 (aarch64|ppc64le|s390x|x86_64) 0:0.2.3-150000.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:0.14.3-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.7-150200.14.19.2 (x86_64) 0:3.6.7-150200.14.19.2 (aarch64|ppc64le|s390x|x86_64) 0:5.55-150300.3.11.1 (noarch) 0:5.55-150300.3.11.1 (x86_64) 0:5.55-150300.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.2-150200.15.18.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.15-150200.9.12.1 (x86_64) 0:2.0.15-150200.9.12.1 (aarch64|ppc64le|s390x|x86_64) 0:4.7.1-150200.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.184-150300.3.3.1 (noarch) 0:1.0.184-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.19-150100.3.6.1 (aarch64|x86_64) 0:12.1.0-150300.19.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.1-150300.11.1 (aarch64|ppc64le|s390x|x86_64) 0:10.22-150100.8.50.1 (noarch) 0:10.22-150100.8.50.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.11-150000.3.33.1 (x86_64) 0:1.2.11-150000.3.33.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr7.11-150000.3.62.1 (x86_64) 0:1.8.0_sr7.11-150000.3.62.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.3-150200.3.9.1 (x86_64) 0:1.16.3-150200.3.9.1 (noarch) 0:1.16.3-150200.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.3-150000.4.13.1 (x86_64) 0:20220809-150200.18.1 (aarch64|ppc64le|s390x|x86_64) 0:13.8-150200.5.31.1 (noarch) 0:13.8-150200.5.31.1 (aarch64|ppc64le|s390x|x86_64) 0:12.12-150200.8.35.1 (noarch) 0:12.12-150200.8.35.1 (aarch64|ppc64le|s390x|x86_64) 0:14.5-150200.5.17.1 (x86_64) 0:14.5-150200.5.17.1 (noarch) 0:14.5-150200.5.17.1 (aarch64|ppc64le|s390x|x86_64) 0:2.40.0-150200.3.6.1 (x86_64) 0:2.40.0-150200.3.6.1 (noarch) 0:2.40.0-150200.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.66.0-150200.4.39.1 (x86_64) 0:7.66.0-150200.4.39.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.4.19~git46.c900a28c8-150300.3.22.1 (aarch64|ppc64le|s390x|x86_64) 0:91.13.0-150200.152.56.2 (aarch64|ppc64le|s390x|x86_64) 0:91-150200.9.7.1 (ppc64le|s390x|x86_64) 0:1.8.0.345-150200.3.24.1 (noarch) 0:1.8.0.345-150200.3.24.1 (noarch) 0:3.4.2-150200.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.13.2-150200.9.17.1 (aarch64|ppc64le|s390x|x86_64) 0:20.03.1-150200.9.17.1 (noarch) 0:0.12.13-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.12-150300.9.6.1 (noarch) 0:2.10.12-150300.9.6.1 (x86_64) 0:2.10.12-150300.9.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.14.2-150300.19.3.1 (aarch64|ppc64le|s390x|x86_64) 0:20.06.2-150300.19.3.1 (noarch) 0:2.14.2-150300.19.3.1 (noarch) 0:20.06.2-150300.19.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-150200.10.36.1 (x86_64) 0:7.0.7.34-150200.10.36.1 (noarch) 0:7.0.7.34-150200.10.36.1 (aarch64|ppc64le|s390x|x86_64) 0:60.2-150000.3.12.1 (x86_64) 0:60.2-150000.3.12.1 (noarch) 0:60.2-150000.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:65.1-150200.4.5.1 (x86_64) 0:65.1-150200.4.5.1 (noarch) 0:65.1-150200.4.5.1 (aarch64|ppc64le|s390x|x86_64) 0:2.8.1-150200.3.3.1 (noarch) 0:2.8.1-150200.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0-150000.4.3.1 (x86_64) 0:2.1.0-150000.4.3.1 (noarch) 0:2.9.27-150000.1.14.1 (noarch) 0:0.1.1657643023.0d694ce-150000.1.35.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.0-150000.1.15.1 (noarch) 0:2.3.5-150000.3.9.1 (noarch) 0:4.3.14-150000.3.83.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.7-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.0313-150000.5.25.1 (noarch) 0:9.0.0313-150000.5.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.40.0-150200.3.9.1 (x86_64) 0:2.40.0-150200.3.9.1 (noarch) 0:2.40.0-150200.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.184-150300.3.6.1 (noarch) 0:1.0.184-150300.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4-150300.4.7.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.2-150200.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.103.7-150000.3.41.1 (aarch64|ppc64le|s390x|x86_64) 0:16.17.0-150300.7.9.1 (noarch) 0:16.17.0-150300.7.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.4-150000.4.12.1 (x86_64) 0:2.10.4-150000.4.12.1 (noarch) 0:2.10.4-150000.4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.15.0-150000.3.3.1 (aarch64) 0:5.3.18-150300.59.93.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.93.1 (aarch64|x86_64) 0:5.3.18-150300.59.93.1 (ppc64le|x86_64) 0:5.3.18-150300.59.93.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.93.1.150300.18.54.1 (noarch) 0:5.3.18-150300.59.93.1 (s390x) 0:5.3.18-150300.59.93.1 (aarch64|ppc64le|s390x|x86_64) 0:0.0.3-150000.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:5.26.1-150300.17.11.1 (x86_64) 0:5.26.1-150300.17.11.1 (noarch) 0:5.26.1-150300.17.11.1 (aarch64|ppc64le|s390x|x86_64) 0:102.2.2-150200.8.82.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.9-150000.4.26.1 (noarch) 0:2.5.9-150000.4.26.1 (aarch64|ppc64le|s390x|x86_64) 0:2.31-150300.9.12.1 (x86_64) 0:2.31-150300.9.12.1 (noarch) 0:2.31-150300.9.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.6-150300.3.14.1 (x86_64) 0:1.2.6-150300.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:3.39.3-150000.3.17.1 (x86_64) 0:3.39.3-150000.3.17.1 (noarch) 0:3.39.3-150000.3.17.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.8-150000.3.74.1 (x86_64) 0:0.49.0-150300.8.13.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.6-150000.1.31.1 (aarch64|x86_64) 0:1.18.6-150000.1.31.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.1-150000.1.9.1 (aarch64|x86_64) 0:1.19.1-150000.1.9.1 (aarch64|ppc64le|s390x|x86_64) 0:6.7.0-150000.3.3.1 (aarch64|x86_64) 0:4.14.3_06-150300.3.18.2 (x86_64) 0:4.14.3_06-150300.3.18.2 (noarch) 0:4.14.3_06-150300.3.18.2 (x86_64) 0:1.43.2-150300.8.9.3 (aarch64|ppc64le|s390x|x86_64) 0:1.4.12-60.1 (aarch64|ppc64le|s390x|x86_64) 0:20.10.12_ce-159.1 (noarch) 0:20.10.12_ce-159.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8-150000.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.36.7-150200.44.1 (x86_64) 0:2.36.7-150200.44.1 (noarch) 0:2.36.7-150200.44.1 (aarch64|ppc64le|x86_64) 0:19.11.4-150300.16.1 (noarch) 0:19.11.4-150300.16.1 (aarch64|ppc64le|x86_64) 0:19.11.4_k5.3.18_150300.59.93-150300.16.1 (aarch64|x86_64) 0:19.11.4_k5.3.18_150300.59.93-150300.16.1 (aarch64) 0:19.11.4-150300.16.1 (aarch64) 0:19.11.4_k5.3.18_150300.59.93-150300.16.1 (aarch64|ppc64le|s390x|x86_64) 0:10.5.17-150300.3.21.1 (noarch) 0:10.5.17-150300.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.4.9.1 (x86_64) 0:3.4.2-150200.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:20181225-150200.23.15.1 (noarch) 0:20181225-150200.23.15.1 (aarch64|ppc64le|s390x|x86_64) 0:102.3.0-150200.152.61.1 (aarch64|ppc64le|s390x|x86_64) 0:102-150200.9.10.1 (noarch) 0:1.31-150200.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:6.00-150000.4.11.1 (aarch64|ppc64le|s390x|x86_64) 0:0.99.beta19.git20171003-150200.11.9.1 (x86_64) 0:0.99.beta19.git20171003-150200.11.9.1 (noarch) 0:0.99.beta19.git20171003-150200.11.9.1 (ppc64le|x86_64) 0:4.12.14-150100.197.123.1 (s390x) 0:4.12.14-150100.197.123.1 (x86_64) 0:4.12.14-150100.197.123.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.123.1 (aarch64|ppc64le|x86_64) 0:18.11.9-150100.4.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.62.1-150300.7.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2020.8-150200.3.6.1 (aarch64|ppc64le|x86_64) 0:2020.8-150200.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.5-150200.12.9.1 (aarch64|ppc64le|s390x|x86_64) 0:18.08.9-150000.1.17.1 (aarch64|ppc64le|s390x|x86_64) 0:18.08.9-150100.3.22.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.14-150300.4.16.1 (x86_64) 0:3.9.14-150300.4.16.1 (aarch64|ppc64le|s390x|x86_64) 0:20.02.7-150200.3.14.2 (aarch64|ppc64le|s390x|x86_64) 0:20.02.7-150100.3.24.1 (aarch64|ppc64le|s390x|x86_64) 0:0.28.4-150200.3.3.1 (x86_64) 0:0.28.4-150200.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.26.8-150000.3.15.1 (x86_64) 0:0.26.8-150000.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.44.1 (x86_64) 0:2.7.18-150000.44.1 (noarch) 0:2.7.18-150000.44.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.3-150000.32.5.1 (aarch64|ppc64le|s390x|x86_64) 0:62.2.0-150000.32.5.1 (x86_64) 0:62.2.0-150000.32.5.1 (aarch64|ppc64le|s390x|x86_64) 0:8.1.2-150000.32.5.1 (x86_64) 0:8.1.2-150000.32.5.1 (aarch64|ppc64le|s390x|x86_64) 0:17.11.13-150000.6.40.1 (aarch64|ppc64le|s390x|x86_64) 0:2.36.8-150200.47.1 (x86_64) 0:2.36.8-150200.47.1 (noarch) 0:2.36.8-150200.47.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.30.1 (x86_64) 0:3.6.15-150300.10.30.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-150200.10.39.1 (x86_64) 0:7.0.7.34-150200.10.39.1 (noarch) 0:7.0.7.34-150200.10.39.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.12-150000.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.1-150200.69.1 (aarch64|ppc64le|s390x|x86_64) 0:4.17-150000.5.35.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.5-150000.3.22.1 (x86_64) 0:2.2.5-150000.3.22.1 (aarch64|ppc64le|s390x|x86_64) 0:0.26-150000.6.16.1 (noarch) 0:0.26-150000.6.16.1 (x86_64) 0:0.26-150000.6.16.1 (x86_64) 0:5.3.18-150300.38.80.1 (noarch) 0:5.3.18-150300.38.80.1 (noarch) 0:42.2.25-150300.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:14.20.1-150200.15.37.1 (noarch) 0:14.20.1-150200.15.37.1 (aarch64|ppc64le|s390x|x86_64) 0:16.17.1-150300.7.12.1 (noarch) 0:16.17.1-150300.7.12.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.12-150200.4.38.1 (noarch) 0:12.22.12-150200.4.38.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.4-150000.3.9.1 (x86_64) 0:5.3.18-150300.38.40.4 (noarch) 0:5.3.18-150300.38.40.4 (x86_64) 0:5.3.18-150300.38.40.1 (aarch64|ppc64le|x86_64) 0:7.3.6.2-150300.14.22.24.2 (noarch) 0:7.3.6.2-150300.14.22.24.2 (ppc64le|x86_64) 0:4.12.14-197.105.1 (s390x) 0:4.12.14-197.105.1 (x86_64) 0:4.12.14-197.105.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-197.105.1 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-150300.118.3 (noarch) 0:5.2.0-150300.118.3 (noarch) 0:1.0.0+-150300.118.3 (s390x|x86_64) 0:5.2.0-150300.118.3 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-150300.118.2 (noarch) 0:1.14.0_0_g155821a-150300.118.3 (noarch) 0:8-150300.118.3 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-150300.118.5 (aarch64|x86_64) 0:4.14.5_06-150300.3.35.1 (x86_64) 0:4.14.5_06-150300.3.35.1 (noarch) 0:4.14.5_06-150300.3.35.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.4-150000.1.10.3 (noarch) 0:3.9.4-150000.1.10.3 (noarch) 0:1.8-150100.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.7-150000.1.34.1 (aarch64|x86_64) 0:1.18.7-150000.1.34.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.2-150000.1.12.1 (aarch64|x86_64) 0:1.19.2-150000.1.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.14-150000.3.28.1 (x86_64) 0:2.0.14-150000.3.28.1 (aarch64|ppc64le|s390x|x86_64) 0:9.16.6-150300.22.21.2 (noarch) 0:9.16.6-150300.22.21.2 (aarch64|ppc64le|s390x|x86_64) 0:1.3.5-150000.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-150000.45.16.1 (x86_64) 0:4.0.9-150000.45.16.1 (ppc64le|x86_64) 0:4.12.14-150100.197.126.1 (s390x) 0:4.12.14-150100.197.126.1 (x86_64) 0:4.12.14-150100.197.126.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.126.1 (aarch64) 0:5.3.18-150300.59.49.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.49.1 (aarch64|x86_64) 0:5.3.18-150300.59.49.1 (ppc64le|x86_64) 0:5.3.18-150300.59.49.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.49.1.150300.18.31.1 (noarch) 0:5.3.18-150300.59.49.1 (s390x) 0:5.3.18-150300.59.49.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.5+126+suse.8ce8da5-150300.2.14.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.3+173+suse.7dd1b01-150000.3.29.1 (aarch64|ppc64le|s390x|x86_64) 0:102.4.0-150200.152.64.1 (x86_64) 0:9.16.6-150000.12.63.1 (noarch) 0:2.4.3-150100.6.15.1 (noarch) 0:1.4.3-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.0-150100.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0-150300.6.23.1 (noarch) 0:7.1.0-150300.6.23.1 (x86_64) 0:7.1.0-150300.6.23.1 (aarch64|x86_64) 0:7.1.0-150300.6.23.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.1-3.68.1 (noarch) 0:0.1.1661440542.6cbe0da-150000.1.38.1 (aarch64|ppc64le|s390x|x86_64) 0:0.11.0-150000.1.12.1 (noarch) 0:4.3.15-150000.3.86.1 (aarch64|ppc64le|s390x|x86_64) 0:8.3.10-150200.3.26.1 (aarch64|ppc64le|s390x|x86_64) 0:1.27.1-150300.8.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.42-150300.9.3.1 (x86_64) 0:1.42-150300.9.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.66.0-150200.4.42.1 (x86_64) 0:7.66.0-150200.4.42.1 (aarch64) 0:5.3.18-150300.59.98.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.98.1 (aarch64|x86_64) 0:5.3.18-150300.59.98.1 (ppc64le|x86_64) 0:5.3.18-150300.59.98.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.98.1.150300.18.56.3 (noarch) 0:5.3.18-150300.59.98.1 (s390x) 0:5.3.18-150300.59.98.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.0-150000.4.19.2 (aarch64|ppc64le|s390x|x86_64) 0:0.15.1b-150000.5.3.1 (x86_64) 0:0.15.1b-150000.5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.13-150000.4.8.1 (x86_64) 0:4.13-150000.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.6-4.3.3 (x86_64) 0:3.9.6-4.3.3 (aarch64|ppc64le|s390x|x86_64) 0:3.9.6-4.3.4 (x86_64) 0:3.9.6-4.3.4 (aarch64|ppc64le|s390x|x86_64) 0:3.9.6-4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:102.4.0-150200.8.85.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.0-150000.3.8.1 (x86_64) 0:2.3.0-150000.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.2-150100.8.14.1 (x86_64) 0:1.12.2-150100.8.14.1 (noarch) 0:1.12.2-150100.8.14.1 (aarch64|ppc64le|s390x|x86_64) 0:2.8-150000.3.3.1 (noarch) 0:2.8-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.7-150300.9.12.1 (noarch) 0:3.4.7-150300.9.12.1 (noarch) 0:2.3.3-150000.7.3.1 (noarch) 0:1.10.8-150300.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.8-150300.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.6-150300.3.6.1 (noarch) 0:3.0.0-150100.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:10.24.1-150000.1.50.1 (noarch) 0:10.24.1-150000.1.50.1 (noarch) 0:4.0.0-150000.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.26.2-150000.4.3.1 (x86_64) 0:3.26.2-150000.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150200.22.5.58.1 (aarch64|ppc64le|s390x|x86_64) 0:2022.5.17-150000.3.16.1 (noarch) 0:3.4.2-150200.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.2-150000.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.51.1 (x86_64) 0:2.9.7-150000.3.51.1 (noarch) 0:2.9.7-150000.3.51.1 (noarch) 0:2.6.0-150000.5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.26-150000.6.21.1 (noarch) 0:0.26-150000.6.21.1 (x86_64) 0:0.26-150000.6.21.1 (x86_64) 0:5.3.18-150300.38.83.1 (noarch) 0:5.3.18-150300.38.83.1 (noarch) 0:8.15.2-150000.8.9.1 (aarch64|ppc64le|s390x|x86_64) 0:8.15.2-150000.8.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.3-150200.4.6.2 (x86_64) 0:1.16.3-150200.4.6.2 (noarch) 0:1.16.3-150200.4.6.2 (aarch64|ppc64le|s390x|x86_64) 0:2.2.5-150000.3.25.1 (x86_64) 0:2.2.5-150000.3.25.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.5-150200.12.12.1 (x86_64) 0:0.49.0-150300.8.15.1 (x86_64) 0:1.43.2-150300.8.11.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.2-150200.4.19.2 (x86_64) 0:3.9.2-150200.4.19.2 (noarch) 0:3.9.2-150200.4.19.2 (aarch64|ppc64le|s390x|x86_64) 0:2.35.3-150300.10.18.1 (noarch) 0:2.35.3-150300.10.18.1 (noarch) 0:3.4.2-150000.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.4.12.1 (x86_64) 0:3.4.2-150200.4.12.1 (aarch64|x86_64) 0:4.14.5_08-150300.3.40.1 (x86_64) 0:4.14.5_08-150300.3.40.1 (noarch) 0:4.14.5_08-150300.3.40.1 (aarch64|x86_64) 0:1.25.1~0-150300.7.13.2 (aarch64|ppc64le|s390x|x86_64) 0:330-150200.11.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.15.8+git.527.8d0c05d313e-150300.3.40.2 (x86_64) 0:4.15.8+git.527.8d0c05d313e-150300.3.40.2 (aarch64_ilp32) 0:4.15.8+git.527.8d0c05d313e-150300.3.40.2 (aarch64|x86_64) 0:4.15.8+git.527.8d0c05d313e-150300.3.40.2 (noarch) 0:4.15.8+git.527.8d0c05d313e-150300.3.40.2 (noarch) 0:1.0.7-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:5.55-150300.3.14.1 (noarch) 0:5.55-150300.3.14.1 (x86_64) 0:5.55-150300.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.2-150200.15.21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.5-150000.3.24.1 (x86_64) 0:1.6.5-150000.3.24.1 (noarch) 0:1.6.5-150000.3.24.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.10-150000.4.29.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.6.P1-150000.6.17.1 (noarch) 0:2.13.4.2-150200.3.12.1 (x86_64) 0:0.45.0-8.7.1 (noarch) 0:1.15.3-150200.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.5-150000.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.2-150200.13.1 (noarch) 0:2.9.2-150200.3.3.1 (aarch64) 0:5.3.18-150300.59.101.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.101.1 (aarch64|x86_64) 0:5.3.18-150300.59.101.1 (ppc64le|x86_64) 0:5.3.18-150300.59.101.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.101.1.150300.18.58.1 (noarch) 0:5.3.18-150300.59.101.1 (s390x) 0:5.3.18-150300.59.101.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.3-150000.1.15.1 (aarch64|x86_64) 0:1.19.3-150000.1.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.8-150000.1.37.1 (aarch64|x86_64) 0:1.18.8-150000.1.37.1 (aarch64|ppc64le|s390x|x86_64) 0:246.16-150300.7.54.1 (x86_64) 0:246.16-150300.7.54.1 (noarch) 0:246.16-150300.7.54.1 (aarch64|ppc64le|s390x|x86_64) 0:19.10.0-150200.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:102.5.0-150200.152.67.3 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150200.3.46.2 (aarch64|ppc64le|s390x|x86_64) 0:3.9.15-150300.4.21.1 (x86_64) 0:3.9.15-150300.4.21.1 (aarch64|x86_64) 0:0.3.0~git5.14a4b8b-150300.7.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.5p2-150300.3.13.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.17.0-150000.3.86.2 (noarch) 0:11.0.17.0-150000.3.86.2 (aarch64|ppc64le|s390x|x86_64) 0:1.19.0.4-150000.4.4.1 (noarch) 0:1.19.0.4-150000.4.4.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.2-150000.4.10.1 (x86_64) 0:1.5.2-150000.4.10.1 (aarch64|ppc64le|s390x|x86_64) 0:16.18.1-150300.7.15.1 (noarch) 0:16.18.1-150300.7.15.1 (aarch64|ppc64le|s390x|x86_64) 0:102.5.0-150200.8.90.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.4.19~git59.136fc84-150300.3.27.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4-150300.4.10.1 (aarch64|ppc64le|s390x|x86_64) 0:2.39-150100.7.40.1 (x86_64) 0:2.39-150100.7.40.1 (ppc64le|s390x|x86_64) 0:2.39-150100.7.40.1 (aarch64|s390x|x86_64) 0:2.39-150100.7.40.1 (aarch64|ppc64le|x86_64) 0:2.39-150100.7.40.1 (aarch64|ppc64le|s390x) 0:2.39-150100.7.40.1 (aarch64|ppc64le|s390x|x86_64) 0:0.34.0-150000.7.5.1 (x86_64) 0:0.34.0-150000.7.5.1 (aarch64|ppc64le|s390x|x86_64) 0:5.8.2-150200.11.30.1 (noarch) 0:5.8.2-150200.11.30.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr7.20-150000.3.65.1 (x86_64) 0:1.8.0_sr7.20-150000.3.65.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.2-150300.7.7.1 (x86_64) 0:1.19.2-150300.7.7.1 (aarch64|ppc64le|s390x|x86_64) 0:6.0.14-150200.6.14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.4-150200.4.6.1 (noarch) 0:1.4.4-150200.4.6.1 (x86_64) 0:1.4.4-150200.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.19.0-150100.3.19.1 (x86_64) 0:0.19.0-150100.3.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.8-150300.3.9.1 (noarch) 0:1.19.8-150300.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.4.15.1 (x86_64) 0:3.4.2-150200.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:5.9.3-150300.15.3.1 (x86_64) 0:5.9.3-150300.15.3.1 (noarch) 0:4.8.30-150000.7.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.8.30-150000.7.6.1 (x86_64) 0:4.8.30-150000.7.6.1 (aarch64|ppc64le|s390x|x86_64) 0:22.3-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.04-150300.22.25.1 (noarch) 0:2.04-150300.22.25.1 (s390x) 0:2.04-150300.22.25.1 (ppc64le|s390x|x86_64) 0:1.8.0.352-150200.3.27.1 (noarch) 0:1.8.0.352-150200.3.27.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.12-150200.4.41.2 (noarch) 0:12.22.12-150200.4.41.2 (aarch64|ppc64le|s390x|x86_64) 0:14.21.1-150200.15.40.2 (noarch) 0:14.21.1-150200.15.40.2 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-150000.45.19.1 (x86_64) 0:4.0.9-150000.45.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.0-150000.4.14.1 (aarch64|ppc64le|s390x|x86_64) 0:0.26-150000.6.26.1 (noarch) 0:0.26-150000.6.26.1 (x86_64) 0:0.26-150000.6.26.1 (noarch) 0:3.1.21-150300.7.35.15.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.37.2 (x86_64) 0:3.6.15-150300.10.37.2 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.37.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.0814-150000.5.28.1 (noarch) 0:9.0.0814-150000.5.28.1 (aarch64|ppc64le|s390x|x86_64) 0:2.38.2-150200.54.2 (x86_64) 0:2.38.2-150200.54.2 (noarch) 0:2.38.2-150200.54.2 (aarch64|ppc64le|s390x|x86_64) 0:2.1.2-150200.15.24.1 (aarch64|ppc64le|s390x|x86_64) 0:246.16-7.33.1 (x86_64) 0:246.16-7.33.1 (noarch) 0:246.16-7.33.1 (aarch64|ppc64le|s390x|x86_64) 0:10.24.1-150000.1.53.1 (noarch) 0:10.24.1-150000.1.53.1 (noarch) 0:5.2-150200.11.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.0-150000.4.17.1 (aarch64|ppc64le|s390x|x86_64) 0:25.3-150000.3.12.1 (noarch) 0:25.3-150000.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:102.5.1-150200.8.93.1 (aarch64|ppc64le|s390x|x86_64) 0:1.28.2-150300.8.14.1 (aarch64|ppc64le|s390x|x86_64) 0:3.8.11-150300.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:3.34.3-150200.4.6.1 (x86_64) 0:3.34.3-150200.4.6.1 (noarch) 0:3.34.3-150200.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.15.12+git.535.7750e5c95ef-150300.3.43.1 (x86_64) 0:4.15.12+git.535.7750e5c95ef-150300.3.43.1 (aarch64_ilp32) 0:4.15.12+git.535.7750e5c95ef-150300.3.43.1 (aarch64|x86_64) 0:4.15.12+git.535.7750e5c95ef-150300.3.43.1 (noarch) 0:4.15.12+git.535.7750e5c95ef-150300.3.43.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.4-150000.1.18.1 (aarch64|x86_64) 0:1.19.4-150000.1.18.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.9-150000.1.40.1 (aarch64|x86_64) 0:1.18.9-150000.1.40.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-150000.45.22.1 (x86_64) 0:4.0.9-150000.45.22.1 (aarch64|ppc64le|s390x|x86_64) 0:8.5.13-150200.3.29.5 (noarch) 0:0.1.1665997480.587fa10-150000.1.41.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6-150000.1.9.1 (aarch64|ppc64le|s390x|x86_64) 0:0.13.0-150000.3.9.1 (noarch) 0:4.3.16-150000.3.89.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.352-150000.3.73.1 (noarch) 0:1.8.0.352-150000.3.73.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.10-150000.3.78.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.2-150300.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:102.6.0-150200.152.70.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.12-150000.79.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150200.22.5.63.1 (aarch64|ppc64le|s390x|x86_64) 0:4.5.18-150000.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:16.2.9.536+g41a9f9a5573-150300.6.3.1 (noarch) 0:16.2.9.536+g41a9f9a5573-150300.6.3.1 (x86_64) 0:16.2.9.536+g41a9f9a5573-150300.6.3.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.1-150300.7.5.1 (x86_64) 0:5.3.18-150300.38.88.1 (noarch) 0:5.3.18-150300.38.88.1 (ppc64le|x86_64) 0:4.12.14-150100.197.131.1 (s390x) 0:4.12.14-150100.197.131.1 (x86_64) 0:4.12.14-150100.197.131.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.131.1 (aarch64|ppc64le|s390x|x86_64) 0:102.6.0-150200.8.96.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.1-150100.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.6-150100.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.3-150000.1.13.1 (noarch) 0:3.10.3-150000.1.13.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.5-150300.8.6.1 (x86_64) 0:5.3.18-150300.112.1 (noarch) 0:5.3.18-150300.112.1 (aarch64) 0:5.3.18-150300.59.106.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.106.1 (aarch64|x86_64) 0:5.3.18-150300.59.106.1 (ppc64le|x86_64) 0:5.3.18-150300.59.106.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.106.1.150300.18.60.2 (noarch) 0:5.3.18-150300.59.106.1 (s390x) 0:5.3.18-150300.59.106.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.21-150200.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3.39.3-150000.3.20.1 (x86_64) 0:3.39.3-150000.3.20.1 (noarch) 0:3.39.3-150000.3.20.1 (aarch64|ppc64le|s390x|x86_64) 0:246.16-150300.7.57.1 (x86_64) 0:246.16-150300.7.57.1 (noarch) 0:246.16-150300.7.57.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.1040-150000.5.31.1 (noarch) 0:9.0.1040-150000.5.31.1 (aarch64|ppc64le|s390x|x86_64) 0:7.66.0-150200.4.45.1 (x86_64) 0:7.66.0-150200.4.45.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6.0-4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-45.5.1 (x86_64) 0:4.0.9-45.5.1 (noarch) 0:1.53.0-22.1 (aarch64|x86_64) 0:1.53.0-22.1 (aarch64|ppc64le|s390x|x86_64) 0:5.8.2-11.24.1 (noarch) 0:5.8.2-11.24.1 (aarch64|ppc64le|s390x|x86_64) 0:0.103.5-3.35.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.5-3.12.1 (x86_64) 0:2.2.5-3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:19.10.0-3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:5.7.3-10.9.1 (x86_64) 0:5.7.3-10.9.1 (noarch) 0:2.11.0-4.3.1 (noarch) 0:2.12.0-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.28-5.15.1 (x86_64) 0:1.0.28-5.15.1 (aarch64|ppc64le|s390x|x86_64) 0:0.116-3.9.1 (x86_64) 0:0.116-3.9.1 (noarch) 0:0.116-3.9.1 (x86_64) 0:0.49.0-150300.8.10.1 (aarch64|ppc64le|s390x|x86_64) 0:246.16-150300.7.39.1 (x86_64) 0:246.16-150300.7.39.1 (noarch) 0:246.16-150300.7.39.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-10.21.1 (x86_64) 0:7.0.7.34-10.21.1 (noarch) 0:7.0.7.34-10.21.1 (aarch64|ppc64le|s390x|x86_64) 0:91.6.1-8.54.1 (x86_64) 0:5.3.18-38.34.1 (noarch) 0:5.3.18-38.34.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.14-3.22.1 (x86_64) 0:2.0.14-3.22.1 (x86_64) 0:20220207-10.1 (aarch64|ppc64le|s390x|x86_64) 0:91.4.1-8.48.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.1-3.41.1 (x86_64) 0:2.2.1-3.41.1 (noarch) 0:20.2.4-7.8.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.10-4.29.3 (noarch) 0:12.22.10-4.29.3 (noarch) 0:5.1.47-3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.0-4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6-3.14.1 (x86_64) 0:0.6-3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:91.6.0-152.15.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.6-3.32.1 (aarch64|ppc64le|s390x|x86_64) 0:8.17.0-10.19.2 (noarch) 0:8.17.0-10.19.2 (aarch64|ppc64le|s390x|x86_64) 0:2.34.6-29.1 (x86_64) 0:2.34.6-29.1 (noarch) 0:2.34.6-29.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.7-4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.5-3.15.1 (x86_64) 0:2.2.5-3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:14.19.0-15.27.1 (noarch) 0:14.19.0-15.27.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9-4.33.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.7-14.16.1 (x86_64) 0:3.6.7-14.16.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.12-63.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.2-3.71.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.17.7-1.20.1 (aarch64|x86_64) 0:1.17.7-1.20.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.14-1.43.1 (aarch64|x86_64) 0:1.16.14-1.43.1 (aarch64|ppc64le|s390x|x86_64) 0:2.36.2-150300.4.14.3 (x86_64) 0:2.36.2-150300.4.14.3 (aarch64|ppc64le|s390x|x86_64) 0:0.4.4+git20220104.962774f-150300.3.6.2 (x86_64) 0:0.4.4+git20220104.962774f-150300.3.6.2 (noarch) 0:4.8.1-150300.4.3.8 (aarch64|ppc64le|s390x|x86_64) 0:2.36.2-150300.4.14.2 (aarch64|ppc64le|s390x|x86_64) 0:4.8.1-150300.4.3.8 (noarch) 0:2.36.2-150300.4.14.3 (aarch64|ppc64le|s390x|x86_64) 0:10.5.15-150300.3.15.1 (noarch) 0:10.5.15-150300.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:5.6-7.5.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.1568-5.17.1 (noarch) 0:8.0.1568-5.17.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.27-150300.4.6.1 (x86_64) 0:2.1.27-150300.4.6.1 (x86_64) 0:5.3.18-150300.38.47.1 (noarch) 0:5.3.18-150300.38.47.1 (aarch64) 0:5.3.18-150300.59.54.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.54.1 (aarch64|x86_64) 0:5.3.18-150300.59.54.1 (ppc64le|x86_64) 0:5.3.18-150300.59.54.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.18-150300.59.54.1.150300.18.35.3 (noarch) 0:5.3.18-150300.59.54.1 (s390x) 0:5.3.18-150300.59.54.1 (ppc64le|x86_64) 0:4.12.14-197.108.1 (s390x) 0:4.12.14-197.108.1 (x86_64) 0:4.12.14-197.108.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-197.108.1 (aarch64|ppc64le|s390x|x86_64) 0:0.99.beta19.git20171003-11.3.1 (x86_64) 0:0.99.beta19.git20171003-11.3.1 (noarch) 0:0.99.beta19.git20171003-11.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.23.1-150300.8.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.2-3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:91.6.1-152.19.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-3.40.1 (aarch64|ppc64le|s390x|x86_64) 0:4.7.1-3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:91.6.2-8.59.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.2-3.9.1 (x86_64) 0:1.3.2-3.9.1 (noarch) 0:1.3.2-3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.14.0-3.74.2 (noarch) 0:11.0.14.0-3.74.2 (noarch) 0:1.4.19-3.18.2 (noarch) 0:9.0.36-19.1 (aarch64|ppc64le|s390x|x86_64) 0:91.7.0-152.22.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.0-5.5.1 (x86_64) 0:3.5.0-5.5.1 (aarch64|ppc64le|s390x|x86_64) 0:5.12.7-4.17.1 (x86_64) 0:5.12.7-4.17.1 (noarch) 0:5.12.7-4.17.1 (aarch64|ppc64le|s390x|x86_64) 0:1.59.0-150300.21.20.1 (aarch64|ppc64le|s390x|x86_64) 0:1.58.0-150300.7.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.59.0-150300.7.4.2 (aarch64|ppc64le|s390x|x86_64) 0:2.2.5-3.19.1 (x86_64) 0:2.2.5-3.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.1-3.9.1 (x86_64) 0:1.10.1-3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1-150300.16.3.1 (noarch) 0:4.1-150300.16.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.6-3.35.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-3.49.1 (x86_64) 0:1.0.2p-3.49.1 (noarch) 0:1.0.2p-3.49.1 (aarch64|ppc64le|s390x|x86_64) 0:2.31-150300.20.7 (x86_64) 0:2.31-150300.20.7 (noarch) 0:2.31-150300.20.7 (aarch64|ppc64le|s390x|x86_64) 0:2.31-150300.20.1 (x86_64) 0:2.31-150300.20.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.15-150300.4.2.41 (x86_64) 0:4.4.15-150300.4.2.41 (aarch64|ppc64le|s390x|x86_64) 0:1.2.11-3.26.10 (x86_64) 0:1.2.11-3.26.10 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1d-11.43.1 (x86_64) 0:1.1.1d-11.43.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3-3.2.10 (noarch) 0:1.1.1d-11.43.1 (ppc64le|s390x|x86_64) 0:1.8.0.322-3.21.2 (noarch) 0:1.8.0.322-3.21.2 (aarch64|ppc64le|s390x|x86_64) 0:5.62-3.14.1 (noarch) 0:5.62-3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.322-3.64.2 (noarch) 0:1.8.0.322-3.64.2 (aarch64|ppc64le|s390x|x86_64) 0:9.52-161.1 (aarch64|ppc64le|x86_64) 0:7.2.5.1-150300.14.22.18.3 (noarch) 0:7.2.5.1-150300.14.22.18.3 (aarch64|ppc64le|s390x|x86_64) 0:7.4-150300.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:91.7.0-150200.8.62.7 (aarch64|ppc64le|s390x|x86_64) 0:2.4.51-3.37.1 (noarch) 0:2.4.51-3.37.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.0-4.6.1 (x86_64) 0:3.5.0-4.6.1 (noarch) 0:3.5.0-4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1-150200.35.1 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-150300.112.4 (noarch) 0:5.2.0-150300.112.4 (noarch) 0:1.0.0+-150300.112.4 (s390x|x86_64) 0:5.2.0-150300.112.4 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-150300.112.3 (noarch) 0:1.14.0_0_g155821a-150300.112.4 (noarch) 0:8-150300.112.4 (aarch64|ppc64le|s390x|x86_64) 0:5.2.0-150300.112.7 (aarch64|x86_64) 0:4.14.4_02-150300.3.21.1 (x86_64) 0:4.14.4_02-150300.3.21.1 (noarch) 0:4.14.4_02-150300.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.21.1 (x86_64) 0:3.6.15-150300.10.21.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.7-3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.4.3.1 (x86_64) 0:3.4.2-150200.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:9.16.6-150300.22.16.1 (noarch) 0:9.16.6-150300.22.16.1 (x86_64) 0:9.16.6-150000.12.60.1 (aarch64|ppc64le|s390x|x86_64) 0:1.66-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:5.4.0-4.12.1 (x86_64) 0:5.4.0-4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10-150300.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:8.6.12-150300.14.6.1 (x86_64) 0:8.6.12-150300.14.6.1 (noarch) 0:0.13.1+git.1667812208.4db963e-150200.3.15.1