Marcus Updateinfo to OVAL Converter 5.5 2024-02-28T04:42:10 ImageMagick-7.1.0.9-150400.4.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the ImageMagick-7.1.0.9-150400.4.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5118 CVE-2018-10805 CVE-2018-11624 CVE-2018-11625 CVE-2018-12599 CVE-2018-12600 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 CVE-2018-16323 CVE-2018-16328 CVE-2018-16329 CVE-2018-16412 CVE-2018-16413 CVE-2018-16640 CVE-2018-16641 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-17966 CVE-2018-18024 CVE-2018-18544 CVE-2018-20467 CVE-2018-9135 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11470 CVE-2019-11472 CVE-2019-11505 CVE-2019-11506 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13133 CVE-2019-13134 CVE-2019-13135 CVE-2019-13136 CVE-2019-13137 CVE-2019-13295 CVE-2019-13296 CVE-2019-13297 CVE-2019-13298 CVE-2019-13299 CVE-2019-13300 CVE-2019-13301 CVE-2019-13302 CVE-2019-13303 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13310 CVE-2019-13311 CVE-2019-13391 CVE-2019-13454 CVE-2019-14980 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16711 CVE-2019-16712 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949 CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27560 CVE-2020-27750 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27756 CVE-2020-27757 CVE-2020-27758 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 CVE-2020-29599 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20246 CVE-2021-20311 CVE-2021-20312 CVE-2021-20313 CVE-2021-4219 CVE-2022-0284 CVE-2022-1114 CVE-2022-1115 cpe:/o:opensuse:leap:15.4 Mesa-21.2.4-150400.66.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the Mesa-21.2.4-150400.66.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-5068 cpe:/o:opensuse:leap:15.4 MozillaFirefox-91.8.0-150200.152.26.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the MozillaFirefox-91.8.0-150200.152.26.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2011-3079 CVE-2012-2808 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 CVE-2014-8642 CVE-2014-8643 CVE-2015-0798 CVE-2015-0799 CVE-2015-0800 CVE-2015-0801 CVE-2015-0802 CVE-2015-0803 CVE-2015-0804 CVE-2015-0805 CVE-2015-0806 CVE-2015-0807 CVE-2015-0808 CVE-2015-0810 CVE-2015-0811 CVE-2015-0812 CVE-2015-0813 CVE-2015-0814 CVE-2015-0815 CVE-2015-0816 CVE-2015-0817 CVE-2015-0818 CVE-2015-0819 CVE-2015-0820 CVE-2015-0821 CVE-2015-0822 CVE-2015-0823 CVE-2015-0824 CVE-2015-0825 CVE-2015-0826 CVE-2015-0827 CVE-2015-0828 CVE-2015-0829 CVE-2015-0830 CVE-2015-0831 CVE-2015-0832 CVE-2015-0833 CVE-2015-0834 CVE-2015-0835 CVE-2015-0836 CVE-2015-2706 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2711 CVE-2015-2712 CVE-2015-2713 CVE-2015-2715 CVE-2015-2716 CVE-2015-2717 CVE-2015-2718 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2742 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4476 CVE-2015-4477 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4481 CVE-2015-4482 CVE-2015-4483 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4490 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 CVE-2015-4495 CVE-2015-4497 CVE-2015-4498 CVE-2015-4500 CVE-2015-4501 CVE-2015-4502 CVE-2015-4503 CVE-2015-4504 CVE-2015-4505 CVE-2015-4506 CVE-2015-4507 CVE-2015-4508 CVE-2015-4509 CVE-2015-4510 CVE-2015-4511 CVE-2015-4512 CVE-2015-4513 CVE-2015-4514 CVE-2015-4515 CVE-2015-4516 CVE-2015-4517 CVE-2015-4518 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7184 CVE-2015-7185 CVE-2015-7186 CVE-2015-7187 CVE-2015-7188 CVE-2015-7189 CVE-2015-7190 CVE-2015-7191 CVE-2015-7192 CVE-2015-7193 CVE-2015-7194 CVE-2015-7195 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 CVE-2015-7201 CVE-2015-7202 CVE-2015-7203 CVE-2015-7204 CVE-2015-7205 CVE-2015-7207 CVE-2015-7208 CVE-2015-7210 CVE-2015-7211 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7215 CVE-2015-7216 CVE-2015-7217 CVE-2015-7218 CVE-2015-7219 CVE-2015-7220 CVE-2015-7221 CVE-2015-7222 CVE-2015-7223 CVE-2015-7575 CVE-2016-0718 CVE-2016-1930 CVE-2016-1931 CVE-2016-1933 CVE-2016-1935 CVE-2016-1937 CVE-2016-1938 CVE-2016-1939 CVE-2016-1942 CVE-2016-1943 CVE-2016-1944 CVE-2016-1945 CVE-2016-1946 CVE-2016-1947 CVE-2016-1949 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1958 CVE-2016-1959 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1963 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1967 CVE-2016-1968 CVE-2016-1970 CVE-2016-1971 CVE-2016-1972 CVE-2016-1973 CVE-2016-1974 CVE-2016-1975 CVE-2016-1976 CVE-2016-1977 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-2804 CVE-2016-2806 CVE-2016-2807 CVE-2016-2808 CVE-2016-2809 CVE-2016-2810 CVE-2016-2811 CVE-2016-2812 CVE-2016-2813 CVE-2016-2814 CVE-2016-2815 CVE-2016-2816 CVE-2016-2817 CVE-2016-2818 CVE-2016-2819 CVE-2016-2820 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2825 CVE-2016-2827 CVE-2016-2828 CVE-2016-2829 CVE-2016-2830 CVE-2016-2831 CVE-2016-2832 CVE-2016-2833 CVE-2016-2834 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5251 CVE-2016-5252 CVE-2016-5253 CVE-2016-5254 CVE-2016-5255 CVE-2016-5256 CVE-2016-5257 CVE-2016-5258 CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266 CVE-2016-5267 CVE-2016-5268 CVE-2016-5270 CVE-2016-5271 CVE-2016-5272 CVE-2016-5273 CVE-2016-5274 CVE-2016-5275 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5279 CVE-2016-5280 CVE-2016-5281 CVE-2016-5282 CVE-2016-5283 CVE-2016-5284 CVE-2016-5287 CVE-2016-5288 CVE-2016-5289 CVE-2016-5290 CVE-2016-5291 CVE-2016-5292 CVE-2016-5293 CVE-2016-5294 CVE-2016-5295 CVE-2016-5296 CVE-2016-5297 CVE-2016-5298 CVE-2016-5299 CVE-2016-6354 CVE-2016-9061 CVE-2016-9062 CVE-2016-9063 CVE-2016-9064 CVE-2016-9065 CVE-2016-9066 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9070 CVE-2016-9071 CVE-2016-9072 CVE-2016-9073 CVE-2016-9074 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 CVE-2016-9078 CVE-2016-9079 CVE-2016-9080 CVE-2016-9893 CVE-2016-9894 CVE-2016-9895 CVE-2016-9896 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9903 CVE-2016-9904 CVE-2017-16541 CVE-2017-5031 CVE-2017-5373 CVE-2017-5374 CVE-2017-5375 CVE-2017-5376 CVE-2017-5377 CVE-2017-5378 CVE-2017-5379 CVE-2017-5380 CVE-2017-5381 CVE-2017-5382 CVE-2017-5383 CVE-2017-5384 CVE-2017-5385 CVE-2017-5386 CVE-2017-5387 CVE-2017-5388 CVE-2017-5389 CVE-2017-5390 CVE-2017-5391 CVE-2017-5392 CVE-2017-5393 CVE-2017-5394 CVE-2017-5395 CVE-2017-5396 CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 CVE-2017-5412 CVE-2017-5413 CVE-2017-5414 CVE-2017-5415 CVE-2017-5416 CVE-2017-5417 CVE-2017-5418 CVE-2017-5419 CVE-2017-5420 CVE-2017-5421 CVE-2017-5422 CVE-2017-5426 CVE-2017-5427 CVE-2017-5428 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7753 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7760 CVE-2017-7761 CVE-2017-7764 CVE-2017-7765 CVE-2017-7766 CVE-2017-7767 CVE-2017-7768 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7793 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7805 CVE-2017-7807 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 CVE-2017-7843 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12381 CVE-2018-12383 CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 CVE-2018-12405 CVE-2018-17466 CVE-2018-18335 CVE-2018-18356 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2018-18506 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 CVE-2018-5147 CVE-2018-5148 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5156 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178 CVE-2018-5183 CVE-2018-5188 CVE-2018-6126 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-11707 CVE-2019-11708 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11745 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-13722 CVE-2019-15903 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 CVE-2019-20503 CVE-2019-5785 CVE-2019-7317 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9800 CVE-2019-9801 CVE-2019-9810 CVE-2019-9811 CVE-2019-9812 CVE-2019-9813 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-12402 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 CVE-2020-15683 CVE-2020-15969 CVE-2020-15999 CVE-2020-16012 CVE-2020-16042 CVE-2020-16044 CVE-2020-26950 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26976 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 CVE-2020-6463 CVE-2020-6514 CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 CVE-2020-6831 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23961 CVE-2021-23964 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29951 CVE-2021-29964 CVE-2021-29967 CVE-2021-29970 CVE-2021-29976 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-30547 CVE-2021-32810 CVE-2021-38492 CVE-2021-38495 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510 CVE-2021-4140 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 cpe:/o:opensuse:leap:15.4 MozillaThunderbird-91.8.0-150200.8.65.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the MozillaThunderbird-91.8.0-150200.8.65.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2011-3079 CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8638 CVE-2014-8639 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0833 CVE-2015-0836 CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4475 CVE-2015-4477 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4481 CVE-2015-4482 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 CVE-2015-4500 CVE-2015-4505 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4513 CVE-2015-4514 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 CVE-2015-7201 CVE-2015-7205 CVE-2015-7207 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 CVE-2015-7575 CVE-2016-1930 CVE-2016-1935 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-2806 CVE-2016-2807 CVE-2016-2815 CVE-2016-2818 CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-5824 CVE-2016-6354 CVE-2016-9066 CVE-2016-9079 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905 CVE-2017-16541 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 CVE-2017-5412 CVE-2017-5413 CVE-2017-5414 CVE-2017-5416 CVE-2017-5418 CVE-2017-5419 CVE-2017-5421 CVE-2017-5422 CVE-2017-5426 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7753 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7793 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7805 CVE-2017-7807 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 CVE-2017-7826 CVE-2017-7828 CVE-2017-7829 CVE-2017-7830 CVE-2017-7845 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848 CVE-2018-12359 CVE-2018-12360 CVE-2018-12361 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12367 CVE-2018-12371 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12383 CVE-2018-12385 CVE-2018-12389 CVE-2018-12390 CVE-2018-12391 CVE-2018-12392 CVE-2018-12393 CVE-2018-12405 CVE-2018-17466 CVE-2018-18335 CVE-2018-18356 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2018-18509 CVE-2018-18511 CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5156 CVE-2018-5159 CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5185 CVE-2018-5187 CVE-2018-5188 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 CVE-2019-11707 CVE-2019-11708 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11745 CVE-2019-11746 CVE-2019-11752 CVE-2019-11755 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-13722 CVE-2019-15903 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 CVE-2019-20503 CVE-2019-5785 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9810 CVE-2019-9811 CVE-2019-9813 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 CVE-2020-12387 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-12397 CVE-2020-12398 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-15652 CVE-2020-15659 CVE-2020-15663 CVE-2020-15664 CVE-2020-15669 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 CVE-2020-15683 CVE-2020-15685 CVE-2020-15969 CVE-2020-15999 CVE-2020-16012 CVE-2020-16042 CVE-2020-16044 CVE-2020-26950 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 CVE-2020-26970 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26976 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 CVE-2020-6463 CVE-2020-6514 CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6797 CVE-2020-6798 CVE-2020-6800 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6831 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23961 CVE-2021-23964 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-23991 CVE-2021-23993 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948 CVE-2021-29950 CVE-2021-29951 CVE-2021-29956 CVE-2021-29957 CVE-2021-29964 CVE-2021-29967 CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 CVE-2021-29991 CVE-2021-30547 CVE-2021-32810 CVE-2021-38492 CVE-2021-38495 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510 CVE-2021-40529 CVE-2021-4126 CVE-2021-4140 CVE-2021-43528 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-44538 CVE-2022-0566 CVE-2022-1097 CVE-2022-1196 CVE-2022-1197 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 CVE-2022-24713 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289 cpe:/o:opensuse:leap:15.4 NetworkManager-1.32.12-150400.1.11 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the NetworkManager-1.32.12-150400.1.11 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2006-7246 CVE-2015-2924 CVE-2016-0764 CVE-2018-1000135 CVE-2018-15688 CVE-2020-10754 CVE-2020-13529 CVE-2021-20297 cpe:/o:opensuse:leap:15.4 NetworkManager-applet-1.24.0-150400.2.9 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the NetworkManager-applet-1.24.0-150400.2.9 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-6590 cpe:/o:opensuse:leap:15.4 NetworkManager-vpnc-1.2.6-bp154.2.68 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the NetworkManager-vpnc-1.2.6-bp154.2.68 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-10900 cpe:/o:opensuse:leap:15.4 PackageKit-1.2.4-150400.1.11 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the PackageKit-1.2.4-150400.1.11 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-1106 CVE-2020-16121 cpe:/o:opensuse:leap:15.4 WebKit2GTK-4.1-lang-2.36.0-150400.2.13 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the WebKit2GTK-4.1-lang-2.36.0-150400.2.13 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-1856 CVE-2016-1857 CVE-2016-4590 CVE-2016-4591 CVE-2016-4622 CVE-2016-4624 CVE-2016-4692 CVE-2016-4743 CVE-2016-7586 CVE-2016-7587 CVE-2016-7589 CVE-2016-7592 CVE-2016-7598 CVE-2016-7599 CVE-2016-7610 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2017-1000121 CVE-2017-1000122 CVE-2017-13788 CVE-2017-13798 CVE-2017-13803 CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-13884 CVE-2017-13885 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2538 CVE-2017-2539 CVE-2017-5715 CVE-2017-5753 CVE-2017-7006 CVE-2017-7011 CVE-2017-7012 CVE-2017-7018 CVE-2017-7019 CVE-2017-7020 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7038 CVE-2017-7039 CVE-2017-7040 CVE-2017-7041 CVE-2017-7042 CVE-2017-7043 CVE-2017-7046 CVE-2017-7048 CVE-2017-7049 CVE-2017-7052 CVE-2017-7055 CVE-2017-7056 CVE-2017-7059 CVE-2017-7061 CVE-2017-7064 CVE-2017-7081 CVE-2017-7087 CVE-2017-7089 CVE-2017-7090 CVE-2017-7091 CVE-2017-7092 CVE-2017-7093 CVE-2017-7094 CVE-2017-7095 CVE-2017-7096 CVE-2017-7098 CVE-2017-7099 CVE-2017-7100 CVE-2017-7102 CVE-2017-7104 CVE-2017-7107 CVE-2017-7109 CVE-2017-7111 CVE-2017-7117 CVE-2017-7120 CVE-2017-7142 CVE-2017-7153 CVE-2017-7156 CVE-2017-7157 CVE-2017-7160 CVE-2017-7161 CVE-2017-7165 CVE-2018-11646 CVE-2018-11712 CVE-2018-11713 CVE-2018-12911 CVE-2018-4088 CVE-2018-4096 CVE-2018-4101 CVE-2018-4113 CVE-2018-4114 CVE-2018-4117 CVE-2018-4118 CVE-2018-4119 CVE-2018-4120 CVE-2018-4122 CVE-2018-4125 CVE-2018-4127 CVE-2018-4128 CVE-2018-4129 CVE-2018-4133 CVE-2018-4146 CVE-2018-4161 CVE-2018-4162 CVE-2018-4163 CVE-2018-4165 CVE-2018-4190 CVE-2018-4191 CVE-2018-4197 CVE-2018-4199 CVE-2018-4200 CVE-2018-4204 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4218 CVE-2018-4222 CVE-2018-4232 CVE-2018-4233 CVE-2018-4246 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 CVE-2019-11070 CVE-2019-6201 CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8375 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8518 CVE-2019-8523 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-10018 CVE-2020-11793 CVE-2020-13543 CVE-2020-13558 CVE-2020-13584 CVE-2020-13753 CVE-2020-27918 CVE-2020-29623 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9952 CVE-2020-9983 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1817 CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 CVE-2021-21775 CVE-2021-21779 CVE-2021-21806 CVE-2021-30661 CVE-2021-30663 CVE-2021-30665 CVE-2021-30666 CVE-2021-30682 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30761 CVE-2021-30762 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30858 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-42762 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22637 cpe:/o:opensuse:leap:15.4 accountsservice-0.6.55-150400.12.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the accountsservice-0.6.55-150400.12.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-14036 cpe:/o:opensuse:leap:15.4 apache2-2.4.51-150400.4.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the apache2-2.4.51-150400.4.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-5704 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-4000 CVE-2016-0736 CVE-2016-2161 CVE-2016-4979 CVE-2016-5387 CVE-2016-8740 CVE-2016-8743 CVE-2017-9798 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10097 CVE-2019-10098 CVE-2019-9517 CVE-2020-11984 CVE-2020-11993 CVE-2020-13950 CVE-2020-35452 CVE-2020-9490 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 CVE-2021-31618 CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 CVE-2021-39275 CVE-2021-40438 CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 cpe:/o:opensuse:leap:15.4 apache2-mod_php7-7.4.25-150400.2.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the apache2-mod_php7-7.4.25-150400.2.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-3622 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-9426 CVE-2014-9427 CVE-2015-0231 CVE-2015-0232 CVE-2015-0235 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2305 CVE-2015-2325 CVE-2015-2326 CVE-2015-2331 CVE-2015-3152 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 CVE-2017-9120 CVE-2018-1000222 CVE-2018-1000888 CVE-2018-12882 CVE-2018-14851 CVE-2018-17082 CVE-2018-19935 CVE-2018-20783 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 CVE-2020-7062 CVE-2020-7063 CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 CVE-2021-21703 CVE-2021-21704 CVE-2021-21705 CVE-2021-21706 CVE-2021-21708 cpe:/o:opensuse:leap:15.4 apparmor-abstractions-3.0.4-150400.3.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the apparmor-abstractions-3.0.4-150400.3.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-6507 CVE-2022-1271 cpe:/o:opensuse:leap:15.4 ark-21.12.3-bp154.1.34 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the ark-21.12.3-bp154.1.34 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-16116 CVE-2020-24654 cpe:/o:opensuse:leap:15.4 augeas-1.12.0-150400.1.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the augeas-1.12.0-150400.1.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8119 CVE-2017-7555 cpe:/o:opensuse:leap:15.4 autofs-5.1.3-150000.7.11.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the autofs-5.1.3-150000.7.11.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8169 cpe:/o:opensuse:leap:15.4 autoyast2-4.4.36-150400.1.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the autoyast2-4.4.36-150400.1.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-18905 cpe:/o:opensuse:leap:15.4 avahi-0.8-150400.5.73 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the avahi-0.8-150400.5.73 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-6519 CVE-2018-1000845 CVE-2021-26720 CVE-2021-3468 CVE-2021-3502 cpe:/o:opensuse:leap:15.4 bash-4.4-150400.25.22 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the bash-4.4-150400.25.22 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-9401 cpe:/o:opensuse:leap:15.4 bcm43xx-firmware-20180314-150400.28.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the bcm43xx-firmware-20180314-150400.28.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-10370 cpe:/o:opensuse:leap:15.4 bind-9.16.20-150400.3.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the bind-9.16.20-150400.3.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-3214 CVE-2014-3859 CVE-2014-8500 CVE-2014-8680 CVE-2015-1349 CVE-2015-4620 CVE-2015-5477 CVE-2015-5722 CVE-2015-5986 CVE-2015-8000 CVE-2015-8461 CVE-2015-8704 CVE-2015-8705 CVE-2016-1285 CVE-2016-1286 CVE-2016-2088 CVE-2016-2775 CVE-2016-2776 CVE-2016-6170 CVE-2016-8864 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2016-9778 CVE-2017-3135 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 CVE-2017-3140 CVE-2017-3141 CVE-2017-3142 CVE-2017-3143 CVE-2017-3145 CVE-2018-5736 CVE-2018-5737 CVE-2018-5738 CVE-2018-5740 CVE-2018-5743 CVE-2018-5744 CVE-2018-5745 CVE-2019-6465 CVE-2019-6467 CVE-2019-6471 CVE-2019-6475 CVE-2019-6476 CVE-2019-6477 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8625 CVE-2021-25214 CVE-2021-25215 CVE-2021-25216 CVE-2021-25218 CVE-2021-25219 CVE-2021-25220 CVE-2022-0396 cpe:/o:opensuse:leap:15.4 binutils-2.37-150100.7.29.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the binutils-2.37-150100.7.29.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-9939 CVE-2017-12448 CVE-2017-12450 CVE-2017-12452 CVE-2017-12453 CVE-2017-12454 CVE-2017-12456 CVE-2017-12799 CVE-2017-13757 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130 CVE-2017-14333 CVE-2017-14529 CVE-2017-14729 CVE-2017-14745 CVE-2017-14974 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-1000876 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2019-1010180 CVE-2019-12972 CVE-2019-14250 CVE-2019-14444 CVE-2019-17450 CVE-2019-17451 CVE-2019-9074 CVE-2019-9075 CVE-2019-9077 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2021-20197 CVE-2021-20284 CVE-2021-20294 CVE-2021-3487 cpe:/o:opensuse:leap:15.4 blktrace-1.1.0+git.20170126-3.6.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the blktrace-1.1.0+git.20170126-3.6.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-10689 cpe:/o:opensuse:leap:15.4 bluez-5.62-150400.2.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the bluez-5.62-150400.2.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-9797 CVE-2016-9798 CVE-2016-9800 CVE-2016-9801 CVE-2016-9802 CVE-2016-9804 CVE-2016-9917 CVE-2016-9918 CVE-2020-26558 CVE-2021-0129 CVE-2021-3588 cpe:/o:opensuse:leap:15.4 btrfsmaintenance-0.4.2-3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the btrfsmaintenance-0.4.2-3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-14722 cpe:/o:opensuse:leap:15.4 bubblewrap-0.4.1-1.16 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the bubblewrap-0.4.1-1.16 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-5226 CVE-2019-12439 CVE-2020-5291 cpe:/o:opensuse:leap:15.4 bzip2-1.0.8-150400.1.122 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the bzip2-1.0.8-150400.1.122 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-3189 CVE-2019-12900 cpe:/o:opensuse:leap:15.4 chromium-101.0.4951.64-bp154.1.2 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the chromium-101.0.4951.64-bp154.1.2 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-0574 CVE-2014-7899 CVE-2014-7900 CVE-2014-7901 CVE-2014-7902 CVE-2014-7903 CVE-2014-7904 CVE-2014-7905 CVE-2014-7906 CVE-2014-7907 CVE-2014-7908 CVE-2014-7909 CVE-2014-7910 CVE-2014-7923 CVE-2014-7924 CVE-2014-7925 CVE-2014-7926 CVE-2014-7927 CVE-2014-7928 CVE-2014-7929 CVE-2014-7930 CVE-2014-7932 CVE-2014-7933 CVE-2014-7934 CVE-2014-7935 CVE-2014-7936 CVE-2014-7937 CVE-2014-7938 CVE-2014-7939 CVE-2014-7940 CVE-2014-7941 CVE-2014-7942 CVE-2014-7943 CVE-2014-7944 CVE-2014-7945 CVE-2014-7946 CVE-2014-7947 CVE-2014-7948 CVE-2015-1205 CVE-2015-1209 CVE-2015-1210 CVE-2015-1211 CVE-2015-1212 CVE-2015-1213 CVE-2015-1214 CVE-2015-1215 CVE-2015-1216 CVE-2015-1217 CVE-2015-1218 CVE-2015-1219 CVE-2015-1220 CVE-2015-1221 CVE-2015-1222 CVE-2015-1223 CVE-2015-1224 CVE-2015-1225 CVE-2015-1226 CVE-2015-1227 CVE-2015-1228 CVE-2015-1229 CVE-2015-1230 CVE-2015-1231 CVE-2015-1233 CVE-2015-1234 CVE-2015-1235 CVE-2015-1236 CVE-2015-1237 CVE-2015-1238 CVE-2015-1240 CVE-2015-1241 CVE-2015-1242 CVE-2015-1243 CVE-2015-1244 CVE-2015-1245 CVE-2015-1246 CVE-2015-1247 CVE-2015-1248 CVE-2015-1249 CVE-2015-1250 CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254 CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258 CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262 CVE-2015-1263 CVE-2015-1264 CVE-2015-1265 CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269 CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273 CVE-2015-1274 CVE-2015-1275 CVE-2015-1276 CVE-2015-1277 CVE-2015-1278 CVE-2015-1279 CVE-2015-1280 CVE-2015-1281 CVE-2015-1282 CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286 CVE-2015-1287 CVE-2015-1288 CVE-2015-1289 CVE-2015-1291 CVE-2015-1292 CVE-2015-1293 CVE-2015-1294 CVE-2015-1295 CVE-2015-1296 CVE-2015-1297 CVE-2015-1298 CVE-2015-1299 CVE-2015-1300 CVE-2015-1301 CVE-2015-1302 CVE-2015-1303 CVE-2015-1304 CVE-2015-6755 CVE-2015-6756 CVE-2015-6757 CVE-2015-6758 CVE-2015-6759 CVE-2015-6760 CVE-2015-6761 CVE-2015-6762 CVE-2015-6763 CVE-2015-6764 CVE-2015-6765 CVE-2015-6766 CVE-2015-6767 CVE-2015-6768 CVE-2015-6769 CVE-2015-6770 CVE-2015-6771 CVE-2015-6772 CVE-2015-6773 CVE-2015-6774 CVE-2015-6775 CVE-2015-6776 CVE-2015-6777 CVE-2015-6778 CVE-2015-6779 CVE-2015-6780 CVE-2015-6781 CVE-2015-6782 CVE-2015-6783 CVE-2015-6784 CVE-2015-6785 CVE-2015-6786 CVE-2015-6787 CVE-2015-6788 CVE-2015-6789 CVE-2015-6790 CVE-2015-6791 CVE-2015-6792 CVE-2015-7834 CVE-2015-8126 CVE-2016-1612 CVE-2016-1613 CVE-2016-1614 CVE-2016-1615 CVE-2016-1616 CVE-2016-1617 CVE-2016-1618 CVE-2016-1619 CVE-2016-1620 CVE-2016-1622 CVE-2016-1623 CVE-2016-1624 CVE-2016-1625 CVE-2016-1626 CVE-2016-1627 CVE-2016-1629 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633 CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638 CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642 CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 CVE-2016-1646 CVE-2016-1647 CVE-2016-1648 CVE-2016-1649 CVE-2016-1650 CVE-2016-1651 CVE-2016-1652 CVE-2016-1653 CVE-2016-1654 CVE-2016-1655 CVE-2016-1656 CVE-2016-1657 CVE-2016-1658 CVE-2016-1659 CVE-2016-1660 CVE-2016-1661 CVE-2016-1662 CVE-2016-1663 CVE-2016-1664 CVE-2016-1665 CVE-2016-1666 CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687 CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695 CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700 CVE-2016-1701 CVE-2016-1702 CVE-2016-1703 CVE-2016-1704 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707 CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711 CVE-2016-3679 CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134 CVE-2016-5135 CVE-2016-5136 CVE-2016-5137 CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142 CVE-2016-5143 CVE-2016-5144 CVE-2016-5145 CVE-2016-5146 CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 CVE-2016-5150 CVE-2016-5151 CVE-2016-5152 CVE-2016-5153 CVE-2016-5154 CVE-2016-5155 CVE-2016-5156 CVE-2016-5157 CVE-2016-5158 CVE-2016-5159 CVE-2016-5160 CVE-2016-5161 CVE-2016-5162 CVE-2016-5163 CVE-2016-5164 CVE-2016-5165 CVE-2016-5166 CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5173 CVE-2016-5174 CVE-2016-5175 CVE-2016-5177 CVE-2016-5178 CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 CVE-2016-5198 CVE-2016-5199 CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 CVE-2016-5203 CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5210 CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214 CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219 CVE-2016-5220 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650 CVE-2016-9651 CVE-2016-9652 CVE-2017-11215 CVE-2017-11225 CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-15396 CVE-2017-15398 CVE-2017-15399 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 CVE-2017-15429 CVE-2017-15430 CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5013 CVE-2017-5014 CVE-2017-5015 CVE-2017-5016 CVE-2017-5017 CVE-2017-5018 CVE-2017-5019 CVE-2017-5020 CVE-2017-5021 CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025 CVE-2017-5026 CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040 CVE-2017-5041 CVE-2017-5042 CVE-2017-5043 CVE-2017-5044 CVE-2017-5045 CVE-2017-5046 CVE-2017-5052 CVE-2017-5053 CVE-2017-5054 CVE-2017-5055 CVE-2017-5056 CVE-2017-5057 CVE-2017-5058 CVE-2017-5059 CVE-2017-5060 CVE-2017-5061 CVE-2017-5062 CVE-2017-5063 CVE-2017-5064 CVE-2017-5065 CVE-2017-5066 CVE-2017-5067 CVE-2017-5068 CVE-2017-5069 CVE-2017-5070 CVE-2017-5071 CVE-2017-5072 CVE-2017-5073 CVE-2017-5074 CVE-2017-5075 CVE-2017-5076 CVE-2017-5077 CVE-2017-5078 CVE-2017-5079 CVE-2017-5080 CVE-2017-5081 CVE-2017-5082 CVE-2017-5083 CVE-2017-5085 CVE-2017-5086 CVE-2017-5087 CVE-2017-5088 CVE-2017-5089 CVE-2017-5091 CVE-2017-5092 CVE-2017-5093 CVE-2017-5094 CVE-2017-5095 CVE-2017-5096 CVE-2017-5097 CVE-2017-5098 CVE-2017-5099 CVE-2017-5100 CVE-2017-5101 CVE-2017-5102 CVE-2017-5103 CVE-2017-5104 CVE-2017-5105 CVE-2017-5106 CVE-2017-5107 CVE-2017-5108 CVE-2017-5109 CVE-2017-5110 CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 CVE-2017-5121 CVE-2017-5122 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128 CVE-2017-5129 CVE-2017-5130 CVE-2017-5131 CVE-2017-5132 CVE-2017-5133 CVE-2017-7000 CVE-2018-16065 CVE-2018-16066 CVE-2018-16067 CVE-2018-16068 CVE-2018-16069 CVE-2018-16070 CVE-2018-16071 CVE-2018-16073 CVE-2018-16074 CVE-2018-16075 CVE-2018-16076 CVE-2018-16077 CVE-2018-16078 CVE-2018-16079 CVE-2018-16080 CVE-2018-16081 CVE-2018-16082 CVE-2018-16083 CVE-2018-16084 CVE-2018-16085 CVE-2018-16086 CVE-2018-16087 CVE-2018-16088 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17472 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477 CVE-2018-17478 CVE-2018-17479 CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359 CVE-2018-20073 CVE-2018-4117 CVE-2018-5179 CVE-2018-6031 CVE-2018-6032 CVE-2018-6033 CVE-2018-6034 CVE-2018-6035 CVE-2018-6036 CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 CVE-2018-6040 CVE-2018-6041 CVE-2018-6042 CVE-2018-6043 CVE-2018-6044 CVE-2018-6045 CVE-2018-6046 CVE-2018-6047 CVE-2018-6048 CVE-2018-6049 CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 CVE-2018-6053 CVE-2018-6054 CVE-2018-6056 CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-2018-6074 CVE-2018-6075 CVE-2018-6076 CVE-2018-6077 CVE-2018-6078 CVE-2018-6079 CVE-2018-6080 CVE-2018-6081 CVE-2018-6082 CVE-2018-6083 CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106 CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114 CVE-2018-6115 CVE-2018-6116 CVE-2018-6117 CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122 CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6128 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 CVE-2018-6139 CVE-2018-6140 CVE-2018-6141 CVE-2018-6142 CVE-2018-6143 CVE-2018-6144 CVE-2018-6145 CVE-2018-6147 CVE-2018-6148 CVE-2018-6149 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155 CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159 CVE-2018-6160 CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164 CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168 CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172 CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176 CVE-2018-6177 CVE-2018-6178 CVE-2018-6179 CVE-2018-6406 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-13685 CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713 CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717 CVE-2019-13718 CVE-2019-13719 CVE-2019-13720 CVE-2019-13721 CVE-2019-13723 CVE-2019-13724 CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 CVE-2019-13764 CVE-2019-13767 CVE-2019-15903 CVE-2019-18197 CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926 CVE-2019-20503 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5761 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5771 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782 CVE-2019-5784 CVE-2019-5786 CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5801 CVE-2019-5802 CVE-2019-5803 CVE-2019-5804 CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5812 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5816 CVE-2019-5817 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823 CVE-2019-5824 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 CVE-2019-5844 CVE-2019-5845 CVE-2019-5846 CVE-2019-5847 CVE-2019-5848 CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853 CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857 CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861 CVE-2019-5862 CVE-2019-5863 CVE-2019-5864 CVE-2019-5865 CVE-2019-5867 CVE-2019-5868 CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-5881 CVE-2019-8075 CVE-2020-0561 CVE-2020-15959 CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991 CVE-2020-15992 CVE-2020-15995 CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16007 CVE-2020-16008 CVE-2020-16009 CVE-2020-16011 CVE-2020-16012 CVE-2020-16013 CVE-2020-16014 CVE-2020-16015 CVE-2020-16016 CVE-2020-16017 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 CVE-2020-16036 CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042 CVE-2020-16043 CVE-2020-16044 CVE-2020-27844 CVE-2020-6377 CVE-2020-6378 CVE-2020-6379 CVE-2020-6380 CVE-2020-6381 CVE-2020-6382 CVE-2020-6385 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 CVE-2020-6406 CVE-2020-6407 CVE-2020-6408 CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416 CVE-2020-6417 CVE-2020-6418 CVE-2020-6420 CVE-2020-6422 CVE-2020-6423 CVE-2020-6424 CVE-2020-6425 CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 CVE-2020-6449 CVE-2020-6450 CVE-2020-6451 CVE-2020-6452 CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457 CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6462 CVE-2020-6463 CVE-2020-6464 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6477 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 CVE-2020-6509 CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6532 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 CVE-2020-6556 CVE-2020-6557 CVE-2020-6558 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 CVE-2020-6831 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139 CVE-2021-21140 CVE-2021-21141 CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147 CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156 CVE-2021-21157 CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21164 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199 CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204 CVE-2021-21205 CVE-2021-21206 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219 CVE-2021-21220 CVE-2021-21221 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226 CVE-2021-21227 CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 CVE-2021-21231 CVE-2021-21232 CVE-2021-21233 CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520 CVE-2021-30521 CVE-2021-30522 CVE-2021-30523 CVE-2021-30524 CVE-2021-30525 CVE-2021-30526 CVE-2021-30527 CVE-2021-30528 CVE-2021-30529 CVE-2021-30530 CVE-2021-30531 CVE-2021-30532 CVE-2021-30533 CVE-2021-30534 CVE-2021-30535 CVE-2021-30536 CVE-2021-30537 CVE-2021-30538 CVE-2021-30539 CVE-2021-30540 CVE-2021-30541 CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547 CVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551 CVE-2021-30552 CVE-2021-30553 CVE-2021-30554 CVE-2021-30555 CVE-2021-30556 CVE-2021-30557 CVE-2021-30559 CVE-2021-30560 CVE-2021-30561 CVE-2021-30562 CVE-2021-30563 CVE-2021-30564 CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568 CVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573 CVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30577 CVE-2021-30578 CVE-2021-30579 CVE-2021-30581 CVE-2021-30582 CVE-2021-30584 CVE-2021-30585 CVE-2021-30588 CVE-2021-30589 CVE-2021-30590 CVE-2021-30591 CVE-2021-30592 CVE-2021-30593 CVE-2021-30594 CVE-2021-30596 CVE-2021-30597 CVE-2021-30598 CVE-2021-30599 CVE-2021-30600 CVE-2021-30601 CVE-2021-30602 CVE-2021-30603 CVE-2021-30604 CVE-2021-30606 CVE-2021-30607 CVE-2021-30608 CVE-2021-30609 CVE-2021-30610 CVE-2021-30611 CVE-2021-30612 CVE-2021-30613 CVE-2021-30614 CVE-2021-30615 CVE-2021-30616 CVE-2021-30617 CVE-2021-30618 CVE-2021-30619 CVE-2021-30620 CVE-2021-30621 CVE-2021-30622 CVE-2021-30623 CVE-2021-30624 CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30629 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 CVE-2021-37956 CVE-2021-37957 CVE-2021-37958 CVE-2021-37959 CVE-2021-37960 CVE-2021-37961 CVE-2021-37962 CVE-2021-37963 CVE-2021-37964 CVE-2021-37965 CVE-2021-37966 CVE-2021-37967 CVE-2021-37968 CVE-2021-37969 CVE-2021-37970 CVE-2021-37971 CVE-2021-37972 CVE-2021-37973 CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022 CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4078 CVE-2021-4079 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098 CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 CVE-2022-0120 CVE-2022-0289 CVE-2022-0290 CVE-2022-0291 CVE-2022-0292 CVE-2022-0293 CVE-2022-0294 CVE-2022-0295 CVE-2022-0296 CVE-2022-0297 CVE-2022-0298 CVE-2022-0300 CVE-2022-0301 CVE-2022-0302 CVE-2022-0303 CVE-2022-0304 CVE-2022-0305 CVE-2022-0306 CVE-2022-0307 CVE-2022-0308 CVE-2022-0309 CVE-2022-0310 CVE-2022-0311 CVE-2022-0452 CVE-2022-0453 CVE-2022-0454 CVE-2022-0455 CVE-2022-0456 CVE-2022-0457 CVE-2022-0459 CVE-2022-0460 CVE-2022-0461 CVE-2022-0462 CVE-2022-0463 CVE-2022-0464 CVE-2022-0465 CVE-2022-0466 CVE-2022-0467 CVE-2022-0468 CVE-2022-0469 CVE-2022-0470 CVE-2022-0603 CVE-2022-0604 CVE-2022-0605 CVE-2022-0606 CVE-2022-0607 CVE-2022-0608 CVE-2022-0609 CVE-2022-0610 CVE-2022-0789 CVE-2022-0790 CVE-2022-0791 CVE-2022-0792 CVE-2022-0793 CVE-2022-0794 CVE-2022-0795 CVE-2022-0796 CVE-2022-0797 CVE-2022-0798 CVE-2022-0799 CVE-2022-0800 CVE-2022-0801 CVE-2022-0802 CVE-2022-0803 CVE-2022-0804 CVE-2022-0805 CVE-2022-0806 CVE-2022-0807 CVE-2022-0808 CVE-2022-0809 CVE-2022-0971 CVE-2022-0972 CVE-2022-0973 CVE-2022-0974 CVE-2022-0975 CVE-2022-0976 CVE-2022-0977 CVE-2022-0978 CVE-2022-0979 CVE-2022-0980 CVE-2022-1096 CVE-2022-1125 CVE-2022-1127 CVE-2022-1128 CVE-2022-1129 CVE-2022-1130 CVE-2022-1131 CVE-2022-1132 CVE-2022-1133 CVE-2022-1134 CVE-2022-1135 CVE-2022-1136 CVE-2022-1137 CVE-2022-1138 CVE-2022-1139 CVE-2022-1141 CVE-2022-1142 CVE-2022-1143 CVE-2022-1144 CVE-2022-1145 CVE-2022-1146 CVE-2022-1232 CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308 CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312 CVE-2022-1313 CVE-2022-1314 CVE-2022-1364 CVE-2022-1477 CVE-2022-1478 CVE-2022-1479 CVE-2022-1480 CVE-2022-1481 CVE-2022-1482 CVE-2022-1483 CVE-2022-1484 CVE-2022-1485 CVE-2022-1486 CVE-2022-1487 CVE-2022-1488 CVE-2022-1489 CVE-2022-1490 CVE-2022-1491 CVE-2022-1492 CVE-2022-1493 CVE-2022-1494 CVE-2022-1495 CVE-2022-1496 CVE-2022-1497 CVE-2022-1498 CVE-2022-1499 CVE-2022-1500 CVE-2022-1501 CVE-2022-1633 CVE-2022-1634 CVE-2022-1635 CVE-2022-1636 CVE-2022-1637 CVE-2022-1638 CVE-2022-1639 CVE-2022-1640 CVE-2022-1641 cpe:/o:opensuse:leap:15.4 chrony-4.1-150400.19.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the chrony-4.1-150400.19.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-1567 CVE-2020-14367 cpe:/o:opensuse:leap:15.4 cifs-utils-6.14-150400.1.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the cifs-utils-6.14-150400.1.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-14342 CVE-2021-20208 cpe:/o:opensuse:leap:15.4 coreutils-8.32-150400.7.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the coreutils-8.32-150400.7.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-4041 CVE-2015-4042 CVE-2017-7476 cpe:/o:opensuse:leap:15.4 cpio-2.13-150400.1.98 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the cpio-2.13-150400.1.98 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-9112 CVE-2015-1197 CVE-2016-2037 CVE-2019-14866 CVE-2021-38185 cpe:/o:opensuse:leap:15.4 cpp7-7.5.0+r278197-4.30.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the cpp7-7.5.0+r278197-4.30.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-14250 CVE-2019-15847 CVE-2020-13844 cpe:/o:opensuse:leap:15.4 cracklib-2.9.7-11.6.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the cracklib-2.9.7-11.6.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-6318 cpe:/o:opensuse:leap:15.4 cron-4.2-150400.82.21 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the cron-4.2-150400.82.21 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-9704 CVE-2019-9705 cpe:/o:opensuse:leap:15.4 cryptsetup-2.4.3-150400.1.110 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the cryptsetup-2.4.3-150400.1.110 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-14382 CVE-2021-4122 cpe:/o:opensuse:leap:15.4 cups-2.2.7-3.26.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the cups-2.2.7-3.26.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2012-5519 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2015-1158 CVE-2015-1159 CVE-2017-18248 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 CVE-2018-4700 CVE-2019-8675 CVE-2019-8696 CVE-2019-8842 CVE-2020-10001 CVE-2020-3898 CVE-2021-25317 cpe:/o:opensuse:leap:15.4 cups-filters-1.25.0-3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the cups-filters-1.25.0-3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-2265 CVE-2015-3258 CVE-2015-3279 CVE-2015-8327 CVE-2015-8560 cpe:/o:opensuse:leap:15.4 cups-pk-helper-0.2.6-150400.12.12 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the cups-pk-helper-0.2.6-150400.12.12 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2012-4510 cpe:/o:opensuse:leap:15.4 curl-7.79.1-150400.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the curl-7.79.1-150400.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8150 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 CVE-2015-3236 CVE-2015-3237 CVE-2016-0755 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 CVE-2016-9586 CVE-2016-9594 CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254 CVE-2017-1000257 CVE-2017-2629 CVE-2017-7468 CVE-2017-8816 CVE-2017-8817 CVE-2017-8818 CVE-2017-9502 CVE-2018-0500 CVE-2018-1000005 CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000300 CVE-2018-1000301 CVE-2018-14618 CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 CVE-2018-16890 CVE-2019-15601 CVE-2019-3822 CVE-2019-3823 CVE-2019-5435 CVE-2019-5436 CVE-2019-5481 CVE-2019-5482 CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22297 CVE-2021-22298 CVE-2021-22876 CVE-2021-22890 CVE-2021-22898 CVE-2021-22901 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-22945 CVE-2021-22946 CVE-2021-22947 CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 cpe:/o:opensuse:leap:15.4 cyrus-sasl-2.1.27-150300.4.6.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the cyrus-sasl-2.1.27-150300.4.6.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-19906 CVE-2020-8032 CVE-2022-24407 cpe:/o:opensuse:leap:15.4 dbus-1-1.12.2-150400.16.52 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the dbus-1-1.12.2-150400.16.52 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-3636 CVE-2014-3637 CVE-2014-3639 CVE-2014-7824 CVE-2014-8148 CVE-2015-0245 CVE-2019-12749 CVE-2020-12049 CVE-2020-35512 cpe:/o:opensuse:leap:15.4 dbus-1-glib-0.108-1.29 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the dbus-1-glib-0.108-1.29 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2010-1172 CVE-2013-0292 cpe:/o:opensuse:leap:15.4 dhcp-4.3.6.P1-6.11.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the dhcp-4.3.6.P1-6.11.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-8605 CVE-2017-3144 CVE-2018-5732 CVE-2018-5733 CVE-2019-6470 CVE-2021-25217 cpe:/o:opensuse:leap:15.4 dirmngr-2.2.27-1.2 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the dirmngr-2.2.27-1.2 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-1000858 CVE-2018-12020 CVE-2018-9234 CVE-2019-13050 CVE-2019-14855 CVE-2020-25125 cpe:/o:opensuse:leap:15.4 dnsmasq-2.86-150400.14.3 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the dnsmasq-2.86-150400.14.3 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-3294 CVE-2015-8899 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 CVE-2017-15107 CVE-2019-14834 CVE-2020-14312 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2021-3448 CVE-2022-0934 cpe:/o:opensuse:leap:15.4 dracut-055+suse.252.g4988b0bf-150400.1.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the dracut-055+suse.252.g4988b0bf-150400.1.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-8637 cpe:/o:opensuse:leap:15.4 e2fsprogs-1.46.4-150400.1.80 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the e2fsprogs-1.46.4-150400.1.80 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-0247 CVE-2015-1572 CVE-2019-5094 CVE-2019-5188 cpe:/o:opensuse:leap:15.4 elfutils-0.185-150400.3.35 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the elfutils-0.185-150400.3.35 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-9447 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 cpe:/o:opensuse:leap:15.4 emacs-27.2-150400.1.49 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the emacs-27.2-150400.1.49 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 CVE-2014-9483 CVE-2017-7476 cpe:/o:opensuse:leap:15.4 eog-41.1-150400.1.9 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the eog-41.1-150400.1.9 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-7447 CVE-2016-6855 cpe:/o:opensuse:leap:15.4 evince-41.3-150400.1.11 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the evince-41.3-150400.1.11 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-1000083 CVE-2019-1010006 CVE-2019-11459 cpe:/o:opensuse:leap:15.4 evolution-3.42.4-150400.1.10 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the evolution-3.42.4-150400.1.10 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-15587 cpe:/o:opensuse:leap:15.4 evolution-data-server-3.42.4-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the evolution-data-server-3.42.4-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-14928 CVE-2020-16117 cpe:/o:opensuse:leap:15.4 expat-2.4.4-150400.2.24 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the expat-2.4.4-150400.2.24 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2012-0876 CVE-2012-6702 CVE-2013-0340 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2016-5300 CVE-2016-9063 CVE-2017-9233 CVE-2018-20843 CVE-2019-15903 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 cpe:/o:opensuse:leap:15.4 file-5.32-7.14.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the file-5.32-7.14.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 CVE-2017-1000249 CVE-2018-10360 CVE-2019-18218 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 cpe:/o:opensuse:leap:15.4 file-roller-3.40.0-150400.3.13 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the file-roller-3.40.0-150400.3.13 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-11736 CVE-2020-36314 cpe:/o:opensuse:leap:15.4 firewalld-0.9.3-150400.7.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the firewalld-0.9.3-150400.7.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-5410 cpe:/o:opensuse:leap:15.4 flatpak-1.12.5-150400.1.11 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the flatpak-1.12.5-150400.1.11 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-8659 CVE-2017-5226 CVE-2019-10063 CVE-2019-5736 CVE-2021-21261 CVE-2021-41133 CVE-2021-43860 CVE-2022-21682 cpe:/o:opensuse:leap:15.4 freerdp-2.4.0-150400.1.12 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the freerdp-2.4.0-150400.1.12 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-0250 CVE-2014-0791 CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 CVE-2018-0886 CVE-2018-1000852 CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 CVE-2019-17177 CVE-2019-17178 CVE-2020-11017 CVE-2020-11018 CVE-2020-11019 CVE-2020-11038 CVE-2020-11039 CVE-2020-11040 CVE-2020-11041 CVE-2020-11043 CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 CVE-2020-15103 CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 cpe:/o:opensuse:leap:15.4 fribidi-1.0.10-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the fribidi-1.0.10-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-18397 cpe:/o:opensuse:leap:15.4 fuse-2.9.7-3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the fuse-2.9.7-3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2009-3297 CVE-2011-0541 CVE-2015-3202 CVE-2018-10906 cpe:/o:opensuse:leap:15.4 fwupd-1.7.3-150400.2.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the fwupd-1.7.3-150400.2.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-10759 cpe:/o:opensuse:leap:15.4 gcab-1.1-1.15 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gcab-1.1-1.15 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-0552 CVE-2018-5345 cpe:/o:opensuse:leap:15.4 gdb-11.1-8.30.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gdb-11.1-8.30.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-1010180 cpe:/o:opensuse:leap:15.4 gdk-pixbuf-lang-2.42.6-150400.3.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gdk-pixbuf-lang-2.42.6-150400.3.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-4491 CVE-2015-7552 CVE-2015-7673 CVE-2015-7674 CVE-2016-6352 CVE-2017-2862 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2020-29385 cpe:/o:opensuse:leap:15.4 gdk-pixbuf-loader-rsvg-2.52.6-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.52.6-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-11464 CVE-2019-20446 CVE-2021-25900 cpe:/o:opensuse:leap:15.4 gdm-41.3-150400.2.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gdm-41.3-150400.2.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-7496 CVE-2017-12164 CVE-2018-14424 CVE-2019-3825 CVE-2020-16125 CVE-2020-27837 cpe:/o:opensuse:leap:15.4 gegl-0_4-0.4.34-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gegl-0_4-0.4.34-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2012-4433 CVE-2018-10114 cpe:/o:opensuse:leap:15.4 ghostscript-9.52-161.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the ghostscript-9.52-161.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-5653 CVE-2015-3228 CVE-2016-10217 CVE-2016-10218 CVE-2016-10219 CVE-2016-10220 CVE-2016-10317 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 CVE-2017-9216 CVE-2018-10194 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 CVE-2018-6616 CVE-2019-10216 CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-14869 CVE-2019-3835 CVE-2019-3838 CVE-2019-6116 CVE-2020-12268 CVE-2020-15900 CVE-2021-3781 CVE-2021-45944 CVE-2021-45949 cpe:/o:opensuse:leap:15.4 gimp-2.10.30-150400.1.10 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gimp-2.10.30-150400.1.10 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2007-3126 CVE-2016-4994 cpe:/o:opensuse:leap:15.4 glib-networking-2.70.1-150400.1.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the glib-networking-2.70.1-150400.1.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-13645 cpe:/o:opensuse:leap:15.4 glib2-lang-2.70.4-150400.1.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the glib2-lang-2.70.4-150400.1.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 CVE-2020-6750 CVE-2021-27218 CVE-2021-27219 cpe:/o:opensuse:leap:15.4 glibc-2.31-150300.20.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the glibc-2.31-150300.20.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2009-5155 CVE-2010-3192 CVE-2012-3406 CVE-2013-4458 CVE-2014-7817 CVE-2014-8121 CVE-2014-9402 CVE-2014-9761 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 CVE-2015-5180 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-10228 CVE-2016-10739 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 CVE-2016-5417 CVE-2016-6323 CVE-2017-1000366 CVE-2017-1000408 CVE-2017-1000409 CVE-2017-12132 CVE-2017-12133 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-16997 CVE-2017-17426 CVE-2017-18269 CVE-2018-1000001 CVE-2018-11236 CVE-2018-11237 CVE-2018-6485 CVE-2018-6551 CVE-2019-19126 CVE-2019-9169 CVE-2020-10029 CVE-2020-1751 CVE-2020-1752 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2021-27645 CVE-2021-3326 CVE-2021-33574 CVE-2021-35942 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 cpe:/o:opensuse:leap:15.4 glibc-locale-32bit-2.26-13.8.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the glibc-locale-32bit-2.26-13.8.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2009-5029 CVE-2009-5064 CVE-2010-3192 CVE-2012-3406 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-2207 CVE-2013-4237 CVE-2013-4332 CVE-2013-4458 CVE-2013-7423 CVE-2014-0475 CVE-2014-4043 CVE-2014-5119 CVE-2014-6040 CVE-2014-7817 CVE-2014-8121 CVE-2014-9402 CVE-2014-9761 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 CVE-2015-5180 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 CVE-2016-5417 CVE-2016-6323 CVE-2017-1000366 CVE-2017-1000408 CVE-2017-1000409 CVE-2017-12132 CVE-2017-12133 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-16997 CVE-2017-17426 CVE-2017-18269 CVE-2018-1000001 CVE-2018-11236 CVE-2018-11237 CVE-2018-6485 CVE-2018-6551 cpe:/o:opensuse:leap:15.4 gnome-desktop-lang-41.2-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gnome-desktop-lang-41.2-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-11460 cpe:/o:opensuse:leap:15.4 gnome-extensions-41.4-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gnome-extensions-41.4-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-8288 CVE-2019-3820 CVE-2020-12825 CVE-2020-17489 cpe:/o:opensuse:leap:15.4 gnome-photos-40.0-150400.2.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gnome-photos-40.0-150400.2.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-7447 cpe:/o:opensuse:leap:15.4 gnome-settings-daemon-41.0-150400.1.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gnome-settings-daemon-41.0-150400.1.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-7300 cpe:/o:opensuse:leap:15.4 gnome-shell-search-provider-nautilus-41.2-150400.1.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gnome-shell-search-provider-nautilus-41.2-150400.1.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-11461 cpe:/o:opensuse:leap:15.4 gnuchess-6.2.9-bp154.1.21 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gnuchess-6.2.9-bp154.1.21 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-8972 CVE-2019-15767 CVE-2021-30184 cpe:/o:opensuse:leap:15.4 gnutls-3.7.3-150400.2.12 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gnutls-3.7.3-150400.2.12 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8564 CVE-2015-6251 CVE-2016-8610 CVE-2017-10790 CVE-2017-7869 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 CVE-2018-16868 CVE-2019-3829 CVE-2019-3836 CVE-2020-11501 CVE-2020-13777 CVE-2020-24659 CVE-2021-20231 CVE-2021-20232 cpe:/o:opensuse:leap:15.4 gptfdisk-1.0.8-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gptfdisk-1.0.8-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-0256 CVE-2021-0308 cpe:/o:opensuse:leap:15.4 graphviz-2.48.0-150400.1.165 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the graphviz-2.48.0-150400.1.165 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-10196 CVE-2019-11023 cpe:/o:opensuse:leap:15.4 grep-3.1-4.3.12 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the grep-3.1-4.3.12 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-1345 cpe:/o:opensuse:leap:15.4 grilo-lang-0.3.14-150400.1.11 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the grilo-lang-0.3.14-150400.1.11 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-39365 cpe:/o:opensuse:leap:15.4 groff-1.22.4-150400.3.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the groff-1.22.4-150400.3.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2009-5080 CVE-2009-5081 cpe:/o:opensuse:leap:15.4 grub2-2.06-150400.9.9 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the grub2-2.06-150400.9.9 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-8370 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-14372 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 CVE-2021-3981 CVE-2021-46705 cpe:/o:opensuse:leap:15.4 gstreamer-1.20.1-150400.1.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gstreamer-1.20.1-150400.1.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-10198 CVE-2016-10199 CVE-2017-5837 CVE-2017-5838 CVE-2017-5839 CVE-2017-5840 CVE-2017-5841 CVE-2017-5842 CVE-2017-5843 CVE-2017-5844 CVE-2017-5845 CVE-2017-5846 CVE-2017-5847 CVE-2017-5848 CVE-2021-3185 cpe:/o:opensuse:leap:15.4 gstreamer-plugins-bad-1.20.1-lp154.1.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gstreamer-plugins-bad-1.20.1-lp154.1.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-5838 CVE-2017-5847 CVE-2017-5848 CVE-2021-3185 cpe:/o:opensuse:leap:15.4 gstreamer-plugins-base-1.20.1-150400.1.9 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gstreamer-plugins-base-1.20.1-150400.1.9 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-9928 CVE-2021-3185 cpe:/o:opensuse:leap:15.4 gstreamer-plugins-good-1.20.1-150400.1.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gstreamer-plugins-good-1.20.1-150400.1.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-5838 CVE-2021-3185 CVE-2021-3497 CVE-2021-3498 cpe:/o:opensuse:leap:15.4 gstreamer-plugins-ugly-1.20.1-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gstreamer-plugins-ugly-1.20.1-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-5838 CVE-2017-5847 cpe:/o:opensuse:leap:15.4 gtk-vnc-lang-1.3.0-150400.1.10 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gtk-vnc-lang-1.3.0-150400.1.10 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-5884 CVE-2017-5885 cpe:/o:opensuse:leap:15.4 gvfs-1.48.1-150400.2.17 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the gvfs-1.48.1-150400.2.17 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-12447 CVE-2019-12448 CVE-2019-12449 CVE-2019-12795 CVE-2019-3827 cpe:/o:opensuse:leap:15.4 hplip-hpijs-3.21.10-150400.1.9 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the hplip-hpijs-3.21.10-150400.1.9 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-0839 cpe:/o:opensuse:leap:15.4 ibus-1.5.25-150400.1.13 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the ibus-1.5.25-150400.1.13 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-14822 cpe:/o:opensuse:leap:15.4 ibus-chewing-1.6.1-1.53 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the ibus-chewing-1.6.1-1.53 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-4509 cpe:/o:opensuse:leap:15.4 iscsiuio-0.7.8.6-150400.37.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the iscsiuio-0.7.8.6-150400.37.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 cpe:/o:opensuse:leap:15.4 java-11-openjdk-11.0.15.0-150000.3.80.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the java-11-openjdk-11.0.15.0-150000.3.80.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-11212 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2814 CVE-2018-2825 CVE-2018-2826 CVE-2018-2940 CVE-2018-2952 CVE-2018-2972 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3150 CVE-2018-3157 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2818 CVE-2019-2821 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2977 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-7317 CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2655 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830 CVE-2021-2161 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603 CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 cpe:/o:opensuse:leap:15.4 kate-21.12.3-bp154.1.31 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the kate-21.12.3-bp154.1.31 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2022-23853 cpe:/o:opensuse:leap:15.4 kconf_update5-5.90.0-150400.1.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the kconf_update5-5.90.0-150400.1.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-14744 cpe:/o:opensuse:leap:15.4 kcoreaddons-5.90.0-150400.1.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the kcoreaddons-5.90.0-150400.1.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-7966 cpe:/o:opensuse:leap:15.4 kdump-1.0.2+git10.g26f0b96-150400.1.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the kdump-1.0.2+git10.g26f0b96-150400.1.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-5759 cpe:/o:opensuse:leap:15.4 kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the kernel-64kb-5.14.21-150400.22.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-1000251 CVE-2017-12153 CVE-2017-13080 CVE-2017-14051 CVE-2017-16536 CVE-2017-16537 CVE-2017-16646 CVE-2017-16648 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-10323 CVE-2018-12232 CVE-2018-13053 CVE-2018-20669 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-14615 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15030 CVE-2019-15031 CVE-2019-15098 CVE-2019-15099 CVE-2019-15290 CVE-2019-15291 CVE-2019-15504 CVE-2019-16231 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-17133 CVE-2019-17666 CVE-2019-18198 CVE-2019-18660 CVE-2019-18683 CVE-2019-18786 CVE-2019-18808 CVE-2019-18809 CVE-2019-18811 CVE-2019-18812 CVE-2019-18813 CVE-2019-18814 CVE-2019-19037 CVE-2019-19043 CVE-2019-19044 CVE-2019-19045 CVE-2019-19046 CVE-2019-19047 CVE-2019-19048 CVE-2019-19049 CVE-2019-19050 CVE-2019-19051 CVE-2019-19052 CVE-2019-19053 CVE-2019-19054 CVE-2019-19055 CVE-2019-19056 CVE-2019-19057 CVE-2019-19058 CVE-2019-19060 CVE-2019-19061 CVE-2019-19062 CVE-2019-19063 CVE-2019-19064 CVE-2019-19065 CVE-2019-19066 CVE-2019-19067 CVE-2019-19068 CVE-2019-19069 CVE-2019-19070 CVE-2019-19071 CVE-2019-19072 CVE-2019-19073 CVE-2019-19074 CVE-2019-19075 CVE-2019-19077 CVE-2019-19078 CVE-2019-19080 CVE-2019-19081 CVE-2019-19082 CVE-2019-19083 CVE-2019-19241 CVE-2019-19252 CVE-2019-19332 CVE-2019-19338 CVE-2019-19447 CVE-2019-19462 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19526 CVE-2019-19528 CVE-2019-19529 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19602 CVE-2019-19767 CVE-2019-19768 CVE-2019-19769 CVE-2019-19770 CVE-2019-19807 CVE-2019-19922 CVE-2019-19947 CVE-2019-19965 CVE-2019-20422 CVE-2019-20810 CVE-2019-20812 CVE-2019-3016 CVE-2019-8912 CVE-2020-0110 CVE-2020-0305 CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-0543 CVE-2020-10135 CVE-2020-10690 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-10781 CVE-2020-10942 CVE-2020-11494 CVE-2020-11608 CVE-2020-11668 CVE-2020-11884 CVE-2020-12351 CVE-2020-12352 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-12373 CVE-2020-12464 CVE-2020-12465 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12659 CVE-2020-12769 CVE-2020-12770 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14314 CVE-2020-14331 CVE-2020-14351 CVE-2020-14356 CVE-2020-14385 CVE-2020-14386 CVE-2020-14390 CVE-2020-14416 CVE-2020-15393 CVE-2020-15436 CVE-2020-15437 CVE-2020-15780 CVE-2020-16120 CVE-2020-16166 CVE-2020-1749 CVE-2020-24490 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-2521 CVE-2020-25211 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25639 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-25704 CVE-2020-25705 CVE-2020-26088 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2020-26558 CVE-2020-27068 CVE-2020-27170 CVE-2020-27171 CVE-2020-27194 CVE-2020-2732 CVE-2020-27673 CVE-2020-27675 CVE-2020-27777 CVE-2020-27786 CVE-2020-27815 CVE-2020-27820 CVE-2020-27825 CVE-2020-27830 CVE-2020-27835 CVE-2020-28374 CVE-2020-28915 CVE-2020-28941 CVE-2020-28974 CVE-2020-29368 CVE-2020-29369 CVE-2020-29370 CVE-2020-29371 CVE-2020-29373 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-35519 CVE-2020-36158 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2020-36385 CVE-2020-36386 CVE-2020-4788 CVE-2020-8428 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-8694 CVE-2020-8835 CVE-2020-8992 CVE-2020-9383 CVE-2021-0129 CVE-2021-0342 CVE-2021-0512 CVE-2021-0605 CVE-2021-20177 CVE-2021-20268 CVE-2021-20321 CVE-2021-21781 CVE-2021-22543 CVE-2021-22555 CVE-2021-22600 CVE-2021-23134 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-28950 CVE-2021-28952 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3347 CVE-2021-3348 CVE-2021-33624 CVE-2021-33909 CVE-2021-3428 CVE-2021-3444 CVE-2021-34556 CVE-2021-34693 CVE-2021-3483 CVE-2021-3489 CVE-2021-3490 CVE-2021-3491 CVE-2021-35039 CVE-2021-3542 CVE-2021-35477 CVE-2021-3573 CVE-2021-3609 CVE-2021-3612 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3659 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3744 CVE-2021-3753 CVE-2021-37576 CVE-2021-3759 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-38160 CVE-2021-38166 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38206 CVE-2021-38207 CVE-2021-38209 CVE-2021-3896 CVE-2021-39685 CVE-2021-39698 CVE-2021-4001 CVE-2021-4002 CVE-2021-4083 CVE-2021-4090 CVE-2021-41073 CVE-2021-4135 CVE-2021-4148 CVE-2021-4155 CVE-2021-41864 CVE-2021-4197 CVE-2021-4202 CVE-2021-4204 CVE-2021-42252 CVE-2021-42327 CVE-2021-42739 CVE-2021-43056 CVE-2021-43057 CVE-2021-43267 CVE-2021-43389 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45402 CVE-2021-45480 CVE-2021-45868 CVE-2022-0001 CVE-2022-0002 CVE-2022-0168 CVE-2022-0185 CVE-2022-0264 CVE-2022-0322 CVE-2022-0330 CVE-2022-0382 CVE-2022-0435 CVE-2022-0487 CVE-2022-0492 CVE-2022-0500 CVE-2022-0516 CVE-2022-0644 CVE-2022-0742 CVE-2022-0847 CVE-2022-0886 CVE-2022-0995 CVE-2022-0998 CVE-2022-1011 CVE-2022-1015 CVE-2022-1048 CVE-2022-1055 CVE-2022-1158 CVE-2022-22942 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-23222 CVE-2022-23960 CVE-2022-24122 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25636 CVE-2022-26878 CVE-2022-26966 CVE-2022-28893 cpe:/o:opensuse:leap:15.4 kernel-firmware-all-20220119-150400.2.3 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the kernel-firmware-all-20220119-150400.2.3 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-13080 CVE-2017-13081 CVE-2017-5715 CVE-2019-9836 CVE-2021-33139 CVE-2021-33155 cpe:/o:opensuse:leap:15.4 kinit-5.90.0-bp154.1.48 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the kinit-5.90.0-bp154.1.48 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-3100 cpe:/o:opensuse:leap:15.4 kio-extras5-21.12.3-bp154.1.50 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the kio-extras5-21.12.3-bp154.1.50 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8600 cpe:/o:opensuse:leap:15.4 konversation-21.12.3-bp154.1.33 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the konversation-21.12.3-bp154.1.33 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8483 CVE-2017-15923 cpe:/o:opensuse:leap:15.4 krb5-1.19.2-150400.1.9 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the krb5-1.19.2-150400.1.9 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 CVE-2015-2694 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-2698 CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 CVE-2016-3119 CVE-2016-3120 CVE-2017-11368 CVE-2017-11462 CVE-2018-20217 CVE-2018-5729 CVE-2018-5730 CVE-2020-28196 CVE-2021-36222 CVE-2021-37750 cpe:/o:opensuse:leap:15.4 kscreenlocker-5.24.4-bp154.1.31 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the kscreenlocker-5.24.4-bp154.1.31 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-2312 cpe:/o:opensuse:leap:15.4 ktexteditor-5.90.0-bp154.1.38 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the ktexteditor-5.90.0-bp154.1.38 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-10361 cpe:/o:opensuse:leap:15.4 less-590-150400.1.51 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the less-590-150400.1.51 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-9488 cpe:/o:opensuse:leap:15.4 libBasicUsageEnvironment1-2021.11.23-bp154.1.72 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libBasicUsageEnvironment1-2021.11.23-bp154.1.72 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-4013 CVE-2019-15232 CVE-2019-6256 CVE-2019-7314 CVE-2019-9215 CVE-2021-28899 CVE-2021-38380 CVE-2021-38381 CVE-2021-38382 CVE-2021-39282 CVE-2021-39283 cpe:/o:opensuse:leap:15.4 libFLAC8-1.3.2-3.9.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libFLAC8-1.3.2-3.9.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8962 CVE-2014-9028 CVE-2017-6888 CVE-2020-0487 CVE-2020-0499 CVE-2021-0561 cpe:/o:opensuse:leap:15.4 libHX28-3.22-1.26 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libHX28-3.22-1.26 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2010-2947 cpe:/o:opensuse:leap:15.4 libICE6-1.0.9-1.25 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libICE6-1.0.9-1.25 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-2626 cpe:/o:opensuse:leap:15.4 libIlmImf-2_2-23-2.2.1-3.41.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libIlmImf-2_2-23-2.2.1-3.41.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-12596 CVE-2017-14988 CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2018-18444 CVE-2020-11758 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 CVE-2020-15304 CVE-2020-15305 CVE-2020-15306 CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 CVE-2021-20296 CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-23215 CVE-2021-26260 CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3479 CVE-2021-3598 CVE-2021-3605 CVE-2021-3933 CVE-2021-3941 CVE-2021-45942 cpe:/o:opensuse:leap:15.4 libKF5Auth5-5.90.0-150400.1.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libKF5Auth5-5.90.0-150400.1.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-8422 CVE-2019-7443 cpe:/o:opensuse:leap:15.4 libKF5Codecs5-5.90.0-150400.1.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libKF5Codecs5-5.90.0-150400.1.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-0779 cpe:/o:opensuse:leap:15.4 libQt5Concurrent5-5.15.2+kde294-150400.4.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libQt5Concurrent5-5.15.2+kde294-150400.4.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-0295 CVE-2020-0570 CVE-2020-12267 CVE-2020-13962 CVE-2020-17507 CVE-2022-23853 CVE-2022-25255 cpe:/o:opensuse:leap:15.4 libQt5Svg5-5.15.2+kde16-150400.1.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libQt5Svg5-5.15.2+kde16-150400.1.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-3481 cpe:/o:opensuse:leap:15.4 libSDL-1_2-0-1.2.15-150000.3.19.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libSDL-1_2-0-1.2.15-150000.3.19.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-13616 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 cpe:/o:opensuse:leap:15.4 libSDL2-2_0-0-2.0.8-150200.11.6.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libSDL2-2_0-0-2.0.8-150200.11.6.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-2888 CVE-2019-13616 CVE-2019-13626 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 cpe:/o:opensuse:leap:15.4 libSoundTouch0-1.8.0-3.11.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libSoundTouch0-1.8.0-3.11.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-1000223 CVE-2018-17096 CVE-2018-17097 CVE-2018-17098 cpe:/o:opensuse:leap:15.4 libX11-6-1.6.5-3.21.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libX11-6-1.6.5-3.21.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 CVE-2020-14344 CVE-2020-14363 CVE-2021-31535 cpe:/o:opensuse:leap:15.4 libXRes1-1.2.0-1.18 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXRes1-1.2.0-1.18 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-1988 cpe:/o:opensuse:leap:15.4 libXcursor1-1.1.15-1.18 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXcursor1-1.1.15-1.18 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-2003 CVE-2017-16612 cpe:/o:opensuse:leap:15.4 libXdmcp6-1.1.2-1.23 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXdmcp6-1.1.2-1.23 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-2625 cpe:/o:opensuse:leap:15.4 libXext6-1.3.3-1.30 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXext6-1.3.3-1.30 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-1982 cpe:/o:opensuse:leap:15.4 libXfixes3-6.0.0-150400.1.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXfixes3-6.0.0-150400.1.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-1983 cpe:/o:opensuse:leap:15.4 libXfont1-1.5.4-1.17 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXfont1-1.5.4-1.17 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2011-2895 CVE-2013-6462 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 CVE-2017-13720 CVE-2017-13722 CVE-2017-16611 cpe:/o:opensuse:leap:15.4 libXfont2-2-2.0.3-1.17 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXfont2-2-2.0.3-1.17 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-16611 cpe:/o:opensuse:leap:15.4 libXi6-1.7.9-3.2.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXi6-1.7.9-3.2.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-1984 CVE-2013-1995 CVE-2013-1998 cpe:/o:opensuse:leap:15.4 libXinerama1-1.1.3-1.22 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXinerama1-1.1.3-1.22 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-1985 cpe:/o:opensuse:leap:15.4 libXrandr2-1.5.1-2.17 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXrandr2-1.5.1-2.17 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-1986 CVE-2016-7947 CVE-2016-7948 cpe:/o:opensuse:leap:15.4 libXrender1-0.9.10-1.30 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXrender1-0.9.10-1.30 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-1987 cpe:/o:opensuse:leap:15.4 libXt6-1.1.5-2.24 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXt6-1.1.5-2.24 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-2002 CVE-2013-2005 cpe:/o:opensuse:leap:15.4 libXtst6-1.2.3-1.24 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXtst6-1.2.3-1.24 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-2063 cpe:/o:opensuse:leap:15.4 libXv1-1.0.11-1.23 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXv1-1.0.11-1.23 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-1989 CVE-2013-2066 CVE-2016-5407 cpe:/o:opensuse:leap:15.4 libXvMC1-1.0.10-1.23 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXvMC1-1.0.10-1.23 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-1990 CVE-2013-1999 cpe:/o:opensuse:leap:15.4 libXvnc1-1.10.1-150400.5.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXvnc1-1.10.1-150400.5.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8240 CVE-2015-0255 CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695 CVE-2020-26117 cpe:/o:opensuse:leap:15.4 libXxf86dga1-1.1.4-1.24 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXxf86dga1-1.1.4-1.24 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-1991 CVE-2013-2000 cpe:/o:opensuse:leap:15.4 libXxf86vm1-1.1.4-1.23 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libXxf86vm1-1.1.4-1.23 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-2001 cpe:/o:opensuse:leap:15.4 libZXing1-1.2.0-9.7.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libZXing1-1.2.0-9.7.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-28021 CVE-2021-42715 CVE-2021-42716 cpe:/o:opensuse:leap:15.4 libaom3-3.2.0-150400.1.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libaom3-3.2.0-150400.1.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-30474 CVE-2021-30475 cpe:/o:opensuse:leap:15.4 libapr-util1-1.6.1-18.2.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libapr-util1-1.6.1-18.2.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-12618 cpe:/o:opensuse:leap:15.4 libarchive13-3.5.1-150400.1.9 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libarchive13-3.5.1-150400.1.9 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-0211 CVE-2015-2304 CVE-2015-8917 CVE-2015-8928 CVE-2015-8933 CVE-2015-8934 CVE-2016-1541 CVE-2016-4300 CVE-2016-4301 CVE-2016-4809 CVE-2016-5418 CVE-2016-5844 CVE-2016-6250 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880 CVE-2019-1000019 CVE-2019-1000020 CVE-2019-18408 CVE-2019-19221 cpe:/o:opensuse:leap:15.4 libass9-0.14.0-3.9.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libass9-0.14.0-3.9.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-7969 CVE-2016-7970 CVE-2016-7972 CVE-2020-24994 CVE-2020-26682 CVE-2020-36430 cpe:/o:opensuse:leap:15.4 libaudit1-3.0.6-150400.2.13 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libaudit1-3.0.6-150400.2.13 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-5186 cpe:/o:opensuse:leap:15.4 libavcodec57-3.4.2-11.17.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libavcodec57-3.4.2-11.17.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-8216 CVE-2015-8217 CVE-2015-8218 CVE-2015-8219 CVE-2015-8363 CVE-2015-8364 CVE-2015-8365 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 CVE-2016-10190 CVE-2016-10191 CVE-2016-10192 CVE-2016-1897 CVE-2016-1898 CVE-2017-11399 CVE-2017-11665 CVE-2017-14054 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14058 CVE-2017-14059 CVE-2017-14169 CVE-2017-14170 CVE-2017-14171 CVE-2017-14222 CVE-2017-14223 CVE-2017-14225 CVE-2017-15186 CVE-2017-15672 CVE-2017-16840 CVE-2017-17081 CVE-2017-17555 CVE-2017-7859 CVE-2017-7862 CVE-2017-7863 CVE-2017-7865 CVE-2017-7866 CVE-2018-12458 CVE-2018-13300 CVE-2018-13301 CVE-2018-13302 CVE-2018-13305 CVE-2018-14394 CVE-2018-14395 CVE-2018-15822 CVE-2018-1999010 CVE-2018-1999011 CVE-2018-1999012 CVE-2018-1999013 CVE-2018-6392 CVE-2018-6621 CVE-2019-12730 CVE-2019-17539 CVE-2019-17542 CVE-2019-9718 CVE-2019-9721 CVE-2020-13904 CVE-2020-20448 CVE-2020-20451 CVE-2020-20891 CVE-2020-20892 CVE-2020-20895 CVE-2020-20896 CVE-2020-20899 CVE-2020-20902 CVE-2020-21041 CVE-2020-21688 CVE-2020-21697 CVE-2020-22015 CVE-2020-22016 CVE-2020-22017 CVE-2020-22019 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22031 CVE-2020-22032 CVE-2020-22033 CVE-2020-22034 CVE-2020-22037 CVE-2020-22038 CVE-2020-22039 CVE-2020-22042 CVE-2020-22043 CVE-2020-22044 CVE-2020-22046 CVE-2020-22048 CVE-2020-22049 CVE-2020-22054 CVE-2020-35965 CVE-2021-3566 CVE-2021-38092 CVE-2021-38093 CVE-2021-38094 CVE-2021-38114 CVE-2021-38171 cpe:/o:opensuse:leap:15.4 libavcodec58_134-4.4-150400.1.13 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libavcodec58_134-4.4-150400.1.13 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-8216 CVE-2015-8217 CVE-2015-8218 CVE-2015-8219 CVE-2015-8363 CVE-2015-8364 CVE-2015-8365 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 CVE-2016-10190 CVE-2016-10191 CVE-2016-10192 CVE-2016-1897 CVE-2016-1898 CVE-2017-11399 CVE-2017-11665 CVE-2017-14054 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14058 CVE-2017-14059 CVE-2017-14169 CVE-2017-14170 CVE-2017-14171 CVE-2017-14222 CVE-2017-14223 CVE-2017-14225 CVE-2017-15186 CVE-2017-15672 CVE-2017-16840 CVE-2017-17081 CVE-2017-17555 CVE-2017-7859 CVE-2017-7862 CVE-2017-7863 CVE-2017-7865 CVE-2017-7866 CVE-2018-13300 CVE-2018-13305 CVE-2018-15822 CVE-2018-6392 CVE-2018-6621 CVE-2018-7751 CVE-2019-11338 CVE-2019-11339 CVE-2019-15942 CVE-2020-22046 CVE-2020-35964 CVE-2021-33815 CVE-2021-38114 CVE-2021-38171 cpe:/o:opensuse:leap:15.4 libblas3-3.5.0-4.6.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libblas3-3.5.0-4.6.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-4048 cpe:/o:opensuse:leap:15.4 libblkid1-2.37.2-150400.6.26 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libblkid1-2.37.2-150400.6.26 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-9114 CVE-2015-5218 CVE-2016-2779 CVE-2016-5011 CVE-2017-2616 CVE-2021-37600 CVE-2021-3995 CVE-2021-3996 cpe:/o:opensuse:leap:15.4 libbrotlicommon1-1.0.7-3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libbrotlicommon1-1.0.7-3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-8927 cpe:/o:opensuse:leap:15.4 libbsd0-0.8.7-3.3.17 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libbsd0-0.8.7-3.3.17 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-20367 cpe:/o:opensuse:leap:15.4 libcaca0-0.99.beta19.git20171003-150200.11.6.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libcaca0-0.99.beta19.git20171003-150200.11.6.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 CVE-2021-30498 CVE-2021-30499 CVE-2022-0856 cpe:/o:opensuse:leap:15.4 libcacard0-2.5.3-1.27 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libcacard0-2.5.3-1.27 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-6414 cpe:/o:opensuse:leap:15.4 libcairo-gobject2-1.16.0-150400.9.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libcairo-gobject2-1.16.0-150400.9.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-9082 CVE-2017-7475 CVE-2017-9814 cpe:/o:opensuse:leap:15.4 libcares2-1.17.1+20200724-3.17.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libcares2-1.17.1+20200724-3.17.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-5180 CVE-2017-1000381 CVE-2020-8277 CVE-2021-3672 cpe:/o:opensuse:leap:15.4 libcdio16-0.94-6.9.2 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libcdio16-0.94-6.9.2 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-18199 CVE-2017-18201 cpe:/o:opensuse:leap:15.4 libcdio19-2.1.0-1.27 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libcdio19-2.1.0-1.27 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-18198 CVE-2017-18199 CVE-2017-18201 cpe:/o:opensuse:leap:15.4 libcfitsio9-3.490-bp154.1.83 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libcfitsio9-3.490-bp154.1.83 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-1000166 cpe:/o:opensuse:leap:15.4 libdjvulibre21-3.5.27-11.11.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libdjvulibre21-3.5.27-11.11.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 CVE-2019-18804 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 CVE-2021-3500 CVE-2021-3630 cpe:/o:opensuse:leap:15.4 libdmx1-1.1.3-1.23 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libdmx1-1.1.3-1.23 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-1992 cpe:/o:opensuse:leap:15.4 libebml5-1.4.2-bp154.2.69 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libebml5-1.4.2-bp154.2.69 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-3405 cpe:/o:opensuse:leap:15.4 libekmfweb1-2.19.0-150400.5.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libekmfweb1-2.19.0-150400.5.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-25316 cpe:/o:opensuse:leap:15.4 libevent-2_1-8-2.1.8-2.23 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libevent-2_1-8-2.1.8-2.23 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-6272 cpe:/o:opensuse:leap:15.4 libexempi3-2.4.5-3.3.2 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libexempi3-2.4.5-3.3.2 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-12648 CVE-2018-7728 CVE-2018-7729 CVE-2018-7730 CVE-2018-7731 cpe:/o:opensuse:leap:15.4 libexif12-0.6.22-150000.5.9.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libexif12-0.6.22-150000.5.9.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2019-9278 CVE-2020-0093 CVE-2020-0181 CVE-2020-0198 CVE-2020-0452 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 cpe:/o:opensuse:leap:15.4 libexiv2-26-0.26-6.8.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libexiv2-26-0.26-6.8.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-9449 CVE-2017-1000126 CVE-2017-11337 CVE-2017-11338 CVE-2017-11339 CVE-2017-11340 CVE-2017-11553 CVE-2017-11591 CVE-2017-11592 CVE-2017-11683 CVE-2017-12955 CVE-2017-12956 CVE-2017-12957 CVE-2017-14859 CVE-2017-14860 CVE-2017-14862 CVE-2017-14864 CVE-2017-9239 CVE-2018-12264 CVE-2018-12265 CVE-2018-17229 CVE-2018-17230 CVE-2018-17282 CVE-2018-19108 CVE-2018-19607 CVE-2018-9305 CVE-2019-13114 cpe:/o:opensuse:leap:15.4 libfreebl3-3.68.3-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libfreebl3-3.68.3-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-1569 CVE-2015-2721 CVE-2015-4000 CVE-2015-7181 CVE-2015-7182 CVE-2015-7575 CVE-2016-1950 CVE-2016-1979 CVE-2016-2834 CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-18508 CVE-2019-11745 CVE-2019-17006 CVE-2020-12399 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 CVE-2020-25648 CVE-2020-6829 CVE-2021-43527 CVE-2022-1097 cpe:/o:opensuse:leap:15.4 libfreetype6-2.10.1-4.8.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libfreetype6-2.10.1-4.8.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-2240 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 CVE-2017-8105 CVE-2017-8287 CVE-2018-6942 CVE-2020-15999 cpe:/o:opensuse:leap:15.4 libgadu3-1.12.2-1.44 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libgadu3-1.12.2-1.44 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-6487 CVE-2014-3775 cpe:/o:opensuse:leap:15.4 libgc1-7.6.4-1.16 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libgc1-7.6.4-1.16 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2012-2673 cpe:/o:opensuse:leap:15.4 libgcrypt20-1.9.4-150400.4.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libgcrypt20-1.9.4-150400.4.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-3591 CVE-2015-0837 CVE-2015-5738 CVE-2015-7511 CVE-2016-6313 CVE-2017-0379 CVE-2017-7526 CVE-2018-0495 CVE-2019-12904 CVE-2019-13627 CVE-2021-3345 CVE-2021-33560 cpe:/o:opensuse:leap:15.4 libgd3-2.2.5-11.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libgd3-2.2.5-11.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-2497 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-5116 CVE-2016-5766 CVE-2016-6128 CVE-2016-6132 CVE-2016-6207 CVE-2016-6214 CVE-2016-6905 CVE-2016-6912 CVE-2016-9317 CVE-2017-6362 CVE-2017-7890 CVE-2018-1000222 CVE-2018-14553 CVE-2018-5711 CVE-2019-11038 CVE-2019-6977 CVE-2019-6978 CVE-2021-40812 cpe:/o:opensuse:leap:15.4 libgfbgraph-0_2-0-0.2.5-150400.1.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libgfbgraph-0_2-0-0.2.5-150400.1.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-39358 cpe:/o:opensuse:leap:15.4 libgif7-5.2.1-150000.4.8.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libgif7-5.2.1-150000.4.8.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-7555 CVE-2016-3977 CVE-2018-11490 CVE-2019-15133 cpe:/o:opensuse:leap:15.4 libgme0-0.6.2-1.17 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libgme0-0.6.2-1.17 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961 cpe:/o:opensuse:leap:15.4 libgmp10-32bit-6.1.2-4.9.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libgmp10-32bit-6.1.2-4.9.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-43618 cpe:/o:opensuse:leap:15.4 libgnome-autoar-0-0-0.4.1-150400.1.10 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libgnome-autoar-0-0-0.4.1-150400.1.10 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-36241 CVE-2021-28650 cpe:/o:opensuse:leap:15.4 libgraphite2-3-1.3.11-2.12 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libgraphite2-3-1.3.11-2.12 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-1521 CVE-2017-5436 CVE-2018-7999 cpe:/o:opensuse:leap:15.4 libgupnp-1_2-1-1.4.3-150400.1.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libgupnp-1_2-1-1.4.3-150400.1.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-12695 CVE-2021-33516 cpe:/o:opensuse:leap:15.4 libgxps2-0.3.0-4.3.29 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libgxps2-0.3.0-4.3.29 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-10733 cpe:/o:opensuse:leap:15.4 libhdf5-103-1.10.8-150400.1.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libhdf5-103-1.10.8-150400.1.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-17505 CVE-2017-17506 CVE-2017-17508 CVE-2017-17509 CVE-2018-11202 CVE-2018-11203 CVE-2018-11204 CVE-2018-11206 CVE-2018-11207 CVE-2018-13869 CVE-2018-13870 CVE-2018-14032 CVE-2018-14033 CVE-2018-14460 CVE-2018-17233 CVE-2018-17234 CVE-2018-17237 CVE-2018-17432 CVE-2018-17433 CVE-2018-17434 CVE-2018-17435 CVE-2018-17436 CVE-2018-17437 CVE-2018-17438 CVE-2020-10809 CVE-2020-10810 CVE-2020-10811 cpe:/o:opensuse:leap:15.4 libhivex0-1.3.21-150400.2.10 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libhivex0-1.3.21-150400.2.10 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-3504 CVE-2021-3622 cpe:/o:opensuse:leap:15.4 libhogweed6-3.7.3-150400.2.21 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libhogweed6-3.7.3-150400.2.21 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 CVE-2016-6489 CVE-2018-16869 CVE-2021-20305 CVE-2021-3580 cpe:/o:opensuse:leap:15.4 libhunspell-1_6-0-1.6.2-3.8.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libhunspell-1_6-0-1.6.2-3.8.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-16707 cpe:/o:opensuse:leap:15.4 libical-glib3-3.0.10-150400.1.12 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libical-glib3-3.0.10-150400.1.12 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-5824 CVE-2016-5827 CVE-2016-9584 cpe:/o:opensuse:leap:15.4 libidn11-1.34-3.2.2 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libidn11-1.34-3.2.2 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 CVE-2017-14062 cpe:/o:opensuse:leap:15.4 libidn2-0-2.2.0-3.6.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libidn2-0-2.2.0-3.6.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 CVE-2019-12290 CVE-2019-18224 cpe:/o:opensuse:leap:15.4 libimobiledevice-1_0-6-1.3.0+git.20210921-150400.1.15 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libimobiledevice-1_0-6-1.3.0+git.20210921-150400.1.15 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-5104 cpe:/o:opensuse:leap:15.4 libinput-udev-1.19.4-150400.1.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libinput-udev-1.19.4-150400.1.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2022-1215 cpe:/o:opensuse:leap:15.4 libixml11-1.14.12-bp154.1.66 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libixml11-1.14.12-bp154.1.66 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-6255 CVE-2016-8863 CVE-2021-28302 CVE-2021-29462 cpe:/o:opensuse:leap:15.4 libjansson4-2.9-1.24 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libjansson4-2.9-1.24 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-6401 cpe:/o:opensuse:leap:15.4 libjasper4-2.0.14-150000.3.25.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libjasper4-2.0.14-150000.3.25.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2008-3522 CVE-2011-4516 CVE-2011-4517 CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-9029 CVE-2015-5203 CVE-2015-5221 CVE-2016-10251 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 CVE-2016-9262 CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9395 CVE-2016-9396 CVE-2016-9398 CVE-2016-9399 CVE-2016-9557 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2017-1000050 CVE-2017-14132 CVE-2017-5498 CVE-2017-5499 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 CVE-2017-6850 CVE-2017-9782 CVE-2018-18873 CVE-2018-19139 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541 CVE-2018-19542 CVE-2018-19543 CVE-2018-20570 CVE-2018-20622 CVE-2018-9055 CVE-2018-9154 CVE-2018-9252 CVE-2020-27828 CVE-2021-26926 CVE-2021-26927 CVE-2021-27845 CVE-2021-3272 CVE-2021-3443 CVE-2021-3467 cpe:/o:opensuse:leap:15.4 libjbig2-2.1-3.2.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libjbig2-2.1-3.2.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-6369 cpe:/o:opensuse:leap:15.4 libjpeg8-8.2.2-150400.15.9 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libjpeg8-8.2.2-150400.15.9 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-9092 CVE-2017-15232 CVE-2018-1152 CVE-2018-11813 CVE-2018-14498 CVE-2018-19644 CVE-2018-19664 CVE-2018-20330 CVE-2019-2201 CVE-2020-13790 CVE-2020-17541 cpe:/o:opensuse:leap:15.4 libjson-c3-0.13-3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libjson-c3-0.13-3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-6370 CVE-2013-6371 CVE-2020-12762 cpe:/o:opensuse:leap:15.4 libksba8-1.3.5-2.14 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libksba8-1.3.5-2.14 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-9087 CVE-2016-4574 CVE-2016-4579 cpe:/o:opensuse:leap:15.4 liblcms2-2-2.12-150400.1.10 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the liblcms2-2-2.12-150400.1.10 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-16435 cpe:/o:opensuse:leap:15.4 libldap-2_4-2-2.4.46-150200.14.5.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libldap-2_4-2-2.4.46-150200.14.5.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-1545 CVE-2015-1546 CVE-2015-6908 CVE-2017-17740 CVE-2019-13057 CVE-2019-13565 CVE-2020-12243 CVE-2020-15719 CVE-2020-25692 CVE-2020-25709 CVE-2020-25710 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8023 CVE-2020-8027 CVE-2021-27212 cpe:/o:opensuse:leap:15.4 libldb2-2.4.1-150400.2.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libldb2-2.4.1-150400.2.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-3223 CVE-2015-5330 CVE-2018-1140 CVE-2019-3824 CVE-2020-10700 CVE-2020-10730 CVE-2020-27840 CVE-2021-20277 cpe:/o:opensuse:leap:15.4 liblouis-data-3.16.1-150400.1.9 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the liblouis-data-3.16.1-150400.1.9 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744 CVE-2018-11410 CVE-2018-11440 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 CVE-2018-12085 cpe:/o:opensuse:leap:15.4 liblua5_3-5-32bit-5.3.6-3.6.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the liblua5_3-5-32bit-5.3.6-3.6.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-6706 CVE-2020-24370 CVE-2020-24371 cpe:/o:opensuse:leap:15.4 liblz4-1-1.9.3-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the liblz4-1-1.9.3-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-17543 CVE-2021-3520 cpe:/o:opensuse:leap:15.4 liblzma5-32bit-5.2.3-150000.4.7.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the liblzma5-32bit-5.2.3-150000.4.7.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2022-1271 cpe:/o:opensuse:leap:15.4 liblzo2-2-2.10-2.22 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the liblzo2-2-2.10-2.22 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-4607 cpe:/o:opensuse:leap:15.4 libmad0-0.15.1b-3.16 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libmad0-0.15.1b-3.16 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-8374 cpe:/o:opensuse:leap:15.4 libmariadb3-3.1.13-3.30.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libmariadb3-3.1.13-3.30.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-13249 cpe:/o:opensuse:leap:15.4 libmariadbd19-10.6.7-150400.1.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libmariadbd19-10.6.7-150400.1.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4864 CVE-2015-4866 CVE-2015-4870 CVE-2015-4879 CVE-2015-4895 CVE-2015-4913 CVE-2015-5969 CVE-2015-7744 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0610 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0644 CVE-2016-0646 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0668 CVE-2016-2047 CVE-2016-3477 CVE-2016-3492 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-6664 CVE-2016-7440 CVE-2016-8283 CVE-2016-9843 CVE-2017-10268 CVE-2017-10286 CVE-2017-10320 CVE-2017-10365 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 CVE-2017-15365 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2759 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2777 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3162 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3251 CVE-2018-3277 CVE-2018-3282 CVE-2018-3284 CVE-2019-18901 CVE-2019-2503 CVE-2019-2510 CVE-2019-2537 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2758 CVE-2019-2805 CVE-2019-2938 CVE-2019-2974 CVE-2020-13249 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 CVE-2020-2574 CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 CVE-2020-7221 CVE-2021-2154 CVE-2021-2166 CVE-2021-2372 CVE-2021-2389 CVE-2021-27928 CVE-2021-35604 CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 cpe:/o:opensuse:leap:15.4 libmarkdown2-2.2.4-1.41 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libmarkdown2-2.2.4-1.41 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-11468 CVE-2018-12495 cpe:/o:opensuse:leap:15.4 libminiupnpc17-2.2.2-bp154.1.81 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libminiupnpc17-2.2.2-bp154.1.81 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-1000494 CVE-2017-8798 cpe:/o:opensuse:leap:15.4 libminizip1-1.2.11-150000.3.30.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libminizip1-1.2.11-150000.3.30.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-9843 CVE-2018-25032 cpe:/o:opensuse:leap:15.4 libmozjs-78-0-78.15.0-150400.1.10 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libmozjs-78-0-78.15.0-150400.1.10 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-29984 cpe:/o:opensuse:leap:15.4 libmp3lame0-3.100-1.33 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libmp3lame0-3.100-1.33 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-9410 CVE-2017-9411 CVE-2017-9412 cpe:/o:opensuse:leap:15.4 libmpfr6-4.0.2-3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libmpfr6-4.0.2-3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-9474 cpe:/o:opensuse:leap:15.4 libmpg123-0-1.26.4-1.15 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libmpg123-0-1.26.4-1.15 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-10683 CVE-2017-11126 cpe:/o:opensuse:leap:15.4 libmspack0-0.6-3.14.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libmspack0-0.6-3.14.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-9556 CVE-2017-11423 CVE-2017-6419 CVE-2018-14679 CVE-2018-14681 CVE-2018-14682 CVE-2018-18584 CVE-2018-18585 CVE-2018-18586 CVE-2019-1010305 cpe:/o:opensuse:leap:15.4 libmwaw-0_3-3-0.3.20-4.14.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libmwaw-0_3-3-0.3.20-4.14.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-9433 cpe:/o:opensuse:leap:15.4 libncurses6-6.1-5.9.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libncurses6-6.1-5.9.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-19211 CVE-2019-17594 CVE-2019-17595 CVE-2021-39537 cpe:/o:opensuse:leap:15.4 libndp0-1.6-1.26 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libndp0-1.6-1.26 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-3698 cpe:/o:opensuse:leap:15.4 libnetpbm11-10.80.1-3.11.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libnetpbm11-10.80.1-3.11.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-2579 CVE-2017-2580 CVE-2018-8975 cpe:/o:opensuse:leap:15.4 libnewt0_52-0.52.20-5.35 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libnewt0_52-0.52.20-5.35 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2009-2905 cpe:/o:opensuse:leap:15.4 libnghttp2-14-1.40.0-6.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libnghttp2-14-1.40.0-6.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-1544 CVE-2018-1000168 CVE-2019-18802 CVE-2019-9511 CVE-2019-9513 CVE-2020-11080 cpe:/o:opensuse:leap:15.4 libntfs-3g87-2021.8.22-3.8.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libntfs-3g87-2021.8.22-3.8.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-9755 CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263 cpe:/o:opensuse:leap:15.4 libodbc2-2.3.9-150400.14.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libodbc2-2.3.9-150400.14.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-7409 CVE-2018-7485 cpe:/o:opensuse:leap:15.4 libopencv405-4.5.5-150400.1.28 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libopencv405-4.5.5-150400.1.28 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-14491 CVE-2019-14492 CVE-2019-15939 cpe:/o:opensuse:leap:15.4 libopenjp2-7-2.3.0-150000.3.5.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libopenjp2-7-2.3.0-150000.3.5.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-10504 CVE-2016-10505 CVE-2016-10506 CVE-2016-5139 CVE-2016-5152 CVE-2016-5158 CVE-2016-5159 CVE-2016-7163 CVE-2016-8332 CVE-2017-12982 CVE-2017-14039 CVE-2017-14040 CVE-2017-14041 CVE-2017-14151 CVE-2017-14152 CVE-2017-14164 CVE-2018-14423 CVE-2018-16375 CVE-2018-16376 CVE-2018-20845 CVE-2018-5727 CVE-2018-5785 CVE-2018-6616 CVE-2020-15389 CVE-2020-27823 CVE-2020-6851 CVE-2020-8112 CVE-2021-29338 CVE-2022-1122 cpe:/o:opensuse:leap:15.4 libopenjpeg1-1.5.2-150000.4.5.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libopenjpeg1-1.5.2-150000.4.5.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2012-3358 CVE-2012-3535 CVE-2013-1447 CVE-2013-4289 CVE-2013-4290 CVE-2013-6045 CVE-2013-6052 CVE-2013-6053 CVE-2013-6054 CVE-2013-6887 CVE-2016-7445 CVE-2018-14423 CVE-2018-16376 CVE-2020-15389 CVE-2020-27823 CVE-2020-8112 CVE-2021-29338 cpe:/o:opensuse:leap:15.4 libopenmpt0-0.3.28-2.13.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libopenmpt0-0.3.28-2.13.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-11311 CVE-2018-10017 CVE-2018-11710 CVE-2018-20860 CVE-2018-20861 CVE-2019-14382 CVE-2019-14383 CVE-2019-17113 cpe:/o:opensuse:leap:15.4 libopenssl1_1-1.1.1l-150400.5.14 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libopenssl1_1-1.1.1l-150400.5.14 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2002-20001 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-1793 CVE-2015-1794 CVE-2015-3193 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2016-0701 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2016-7056 CVE-2017-3731 CVE-2017-3732 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 CVE-2018-0732 CVE-2018-0734 CVE-2018-0735 CVE-2018-0737 CVE-2018-0739 CVE-2019-1543 CVE-2019-1547 CVE-2019-1549 CVE-2019-1551 CVE-2019-1563 CVE-2020-1967 CVE-2020-1971 CVE-2021-23840 CVE-2021-23841 CVE-2021-3449 CVE-2021-3450 CVE-2021-3711 CVE-2021-3712 CVE-2022-0778 cpe:/o:opensuse:leap:15.4 libopus0-1.3.1-3.6.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libopus0-1.3.1-3.6.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-0381 cpe:/o:opensuse:leap:15.4 libosinfo-1.7.1-150400.8.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libosinfo-1.7.1-150400.8.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-13313 cpe:/o:opensuse:leap:15.4 libotr5-4.1.1-2.3 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libotr5-4.1.1-2.3 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-2851 cpe:/o:opensuse:leap:15.4 libp11-kit0-0.23.22-150400.1.10 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libp11-kit0-0.23.22-150400.1.10 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 cpe:/o:opensuse:leap:15.4 libpango-1_0-0-1.50.4-150400.1.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libpango-1_0-0-1.50.4-150400.1.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-15120 cpe:/o:opensuse:leap:15.4 libpano13-3-2.9.21-bp154.1.27 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libpano13-3-2.9.21-bp154.1.27 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-20307 cpe:/o:opensuse:leap:15.4 libpcap1-1.10.1-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libpcap1-1.10.1-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-16301 CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 cpe:/o:opensuse:leap:15.4 libpcre1-32bit-8.45-20.10.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libpcre1-32bit-8.45-20.10.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8964 CVE-2015-2325 CVE-2015-2326 CVE-2015-3217 CVE-2016-1283 CVE-2016-3191 CVE-2017-6004 CVE-2017-7186 CVE-2017-7244 CVE-2017-7245 CVE-2017-7246 CVE-2019-20838 CVE-2020-14155 cpe:/o:opensuse:leap:15.4 libpcre2-16-0-10.39-150400.2.3 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libpcre2-16-0-10.39-150400.2.3 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8964 CVE-2015-2325 CVE-2015-2326 CVE-2016-3191 CVE-2017-7186 CVE-2017-8786 cpe:/o:opensuse:leap:15.4 libpcsclite1-1.9.4-150400.1.9 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libpcsclite1-1.9.4-150400.1.9 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-10109 cpe:/o:opensuse:leap:15.4 libplist-2_0-3-2.2.0-150400.5.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libplist-2_0-3-2.2.0-150400.5.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 CVE-2017-6440 CVE-2017-7982 cpe:/o:opensuse:leap:15.4 libpng16-16-1.6.34-3.9.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libpng16-16-1.6.34-3.9.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-8126 CVE-2016-10087 CVE-2016-5735 CVE-2017-12652 CVE-2018-13785 CVE-2019-7317 cpe:/o:opensuse:leap:15.4 libpolkit0-0.116-3.9.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libpolkit0-0.116-3.9.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 CVE-2018-1116 CVE-2018-19788 CVE-2019-6133 CVE-2021-3560 CVE-2021-4034 CVE-2021-4115 cpe:/o:opensuse:leap:15.4 libpoppler-cpp0-22.01.0-150400.1.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libpoppler-cpp0-22.01.0-150400.1.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-14517 CVE-2017-14518 CVE-2017-7511 CVE-2017-7515 cpe:/o:opensuse:leap:15.4 libpotrace0-1.16-150400.1.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libpotrace0-1.16-150400.1.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-7437 CVE-2016-8685 CVE-2016-8686 CVE-2017-12067 cpe:/o:opensuse:leap:15.4 libpq5-14.2-5.9.2 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libpq5-14.2-5.9.2 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 CVE-2021-20229 CVE-2021-23214 CVE-2021-23222 CVE-2021-32027 CVE-2021-32028 CVE-2021-32029 CVE-2021-3393 cpe:/o:opensuse:leap:15.4 libprocps7-3.3.15-7.22.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libprocps7-3.3.15-7.22.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:opensuse:leap:15.4 libprotobuf-lite20-3.9.2-4.12.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libprotobuf-lite20-3.9.2-4.12.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-22570 cpe:/o:opensuse:leap:15.4 libproxy1-0.4.17-150400.1.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libproxy1-0.4.17-150400.1.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-25219 CVE-2020-26154 cpe:/o:opensuse:leap:15.4 libpskc0-2.6.2-1.15 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libpskc0-2.6.2-1.15 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-7322 cpe:/o:opensuse:leap:15.4 libpurple-2.14.8-150400.1.10 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libpurple-2.14.8-150400.1.10 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3697 CVE-2014-3698 CVE-2017-2640 cpe:/o:opensuse:leap:15.4 libpython3_6m1_0-3.6.15-150300.10.21.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libpython3_6m1_0-3.6.15-150300.10.21.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-20406 CVE-2018-20852 CVE-2019-10160 CVE-2019-15903 CVE-2019-16056 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20916 CVE-2019-5010 CVE-2019-9636 CVE-2019-9674 CVE-2019-9947 CVE-2020-14422 CVE-2020-26116 CVE-2020-27619 CVE-2020-8492 CVE-2021-23336 CVE-2021-3177 CVE-2021-3426 CVE-2021-3572 CVE-2021-3733 CVE-2021-3737 cpe:/o:opensuse:leap:15.4 libqpdf26-9.0.2-1.36 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libqpdf26-9.0.2-1.36 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 cpe:/o:opensuse:leap:15.4 libqt5-qtwebengine-5.15.9-bp154.1.32 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libqt5-qtwebengine-5.15.9-bp154.1.32 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-6033 CVE-2019-5786 CVE-2020-16044 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21135 CVE-2021-21137 CVE-2021-21140 CVE-2021-21141 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147 CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21152 CVE-2021-21153 CVE-2021-21156 CVE-2021-21157 CVE-2021-30522 CVE-2021-30523 CVE-2021-30530 CVE-2021-30533 CVE-2021-30534 CVE-2021-30535 CVE-2021-30536 CVE-2021-30541 CVE-2021-30544 CVE-2021-30547 CVE-2021-30548 CVE-2021-30551 CVE-2021-30553 CVE-2021-30554 CVE-2021-30556 CVE-2021-30559 CVE-2021-30560 CVE-2021-30563 CVE-2021-30566 CVE-2021-30568 CVE-2021-30569 CVE-2021-30573 CVE-2021-30585 CVE-2021-30587 CVE-2021-30588 CVE-2021-30598 CVE-2021-30599 CVE-2021-30602 CVE-2021-30603 CVE-2021-30604 CVE-2021-30613 CVE-2021-30616 CVE-2021-30618 CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30629 CVE-2021-30630 CVE-2021-30633 CVE-2021-3517 CVE-2021-3541 CVE-2021-37962 CVE-2021-37967 CVE-2021-37968 CVE-2021-37971 CVE-2021-37973 CVE-2021-37975 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 CVE-2021-37984 CVE-2021-37987 CVE-2021-37989 CVE-2021-37992 CVE-2021-37993 CVE-2021-37996 CVE-2021-38001 CVE-2021-38003 CVE-2021-38005 CVE-2021-38007 CVE-2021-38009 CVE-2021-38010 CVE-2021-38012 CVE-2021-38015 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38021 CVE-2021-38022 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4062 CVE-2021-4078 CVE-2021-4079 CVE-2021-4098 CVE-2021-4099 CVE-2021-4101 CVE-2021-4102 CVE-2022-0100 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0108 CVE-2022-0109 CVE-2022-0111 CVE-2022-0113 CVE-2022-0116 CVE-2022-0117 CVE-2022-0289 CVE-2022-0291 CVE-2022-0293 CVE-2022-0298 CVE-2022-0305 CVE-2022-0306 CVE-2022-0310 CVE-2022-0456 CVE-2022-0459 CVE-2022-0460 CVE-2022-0461 CVE-2022-0606 CVE-2022-0607 CVE-2022-0608 CVE-2022-0609 CVE-2022-0610 CVE-2022-0971 CVE-2022-1096 CVE-2022-23852 cpe:/o:opensuse:leap:15.4 libquicktime0-1.2.4+git20180804.fff99cd-1.19 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libquicktime0-1.2.4+git20180804.fff99cd-1.19 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-2399 CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 cpe:/o:opensuse:leap:15.4 librados2-16.2.7.654+gd5a90ff46f0-150400.1.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the librados2-16.2.7.654+gd5a90ff46f0-150400.1.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-16818 CVE-2018-10861 CVE-2018-1128 CVE-2018-1129 CVE-2018-16889 CVE-2019-10222 CVE-2019-3821 CVE-2020-10736 CVE-2020-1759 CVE-2020-1760 CVE-2020-25660 CVE-2020-25678 CVE-2020-27781 CVE-2020-27839 CVE-2021-20288 CVE-2021-3509 CVE-2021-3524 CVE-2021-3531 cpe:/o:opensuse:leap:15.4 libraptor2-0-2.0.15-9.7.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libraptor2-0-2.0.15-9.7.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2012-0037 CVE-2017-18926 cpe:/o:opensuse:leap:15.4 libraw20-0.20.2-150400.1.36 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libraw20-0.20.2-150400.1.36 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-8367 CVE-2017-13735 CVE-2017-14265 CVE-2017-14348 CVE-2017-6886 CVE-2017-6887 CVE-2017-6890 CVE-2017-6899 CVE-2018-10528 CVE-2018-10529 CVE-2018-20337 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365 CVE-2018-5813 CVE-2018-5815 CVE-2018-5816 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 CVE-2020-15503 cpe:/o:opensuse:leap:15.4 libreoffice-7.2.5.1-150300.14.22.18.3 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libreoffice-7.2.5.1-150300.14.22.18.3 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-3693 CVE-2014-8146 CVE-2014-8147 CVE-2014-9093 CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 CVE-2016-0794 CVE-2016-0795 CVE-2016-10327 CVE-2016-4324 CVE-2017-3157 CVE-2017-7870 CVE-2017-7882 CVE-2017-8358 CVE-2018-10119 CVE-2018-10120 CVE-2018-1055 CVE-2018-10583 CVE-2018-16858 CVE-2018-6871 CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9853 CVE-2019-9854 CVE-2019-9855 CVE-2020-12801 CVE-2020-12802 CVE-2020-12803 CVE-2021-25636 cpe:/o:opensuse:leap:15.4 libruby2_5-2_5-2.5.9-150000.4.23.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libruby2_5-2_5-2.5.9-150000.4.23.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2012-6708 CVE-2015-9251 CVE-2017-17742 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-16395 CVE-2018-16396 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 CVE-2020-10663 CVE-2020-10933 CVE-2020-25613 CVE-2020-8130 CVE-2021-28965 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-41817 CVE-2022-28739 cpe:/o:opensuse:leap:15.4 libsamba-policy0-python3-4.15.5+git.328.f1f29505d84-150400.1.44 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libsamba-policy0-python3-4.15.5+git.328.f1f29505d84-150400.1.44 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8143 CVE-2015-0240 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-5370 CVE-2015-7560 CVE-2015-8467 CVE-2015-8543 CVE-2016-0771 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 CVE-2016-2119 CVE-2016-2123 CVE-2016-2124 CVE-2016-2125 CVE-2016-2126 CVE-2017-11103 CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 CVE-2017-14746 CVE-2017-15275 CVE-2017-2619 CVE-2017-7494 CVE-2018-1050 CVE-2018-1057 CVE-2018-10858 CVE-2018-10918 CVE-2018-10919 CVE-2018-1139 CVE-2018-1140 CVE-2018-14629 CVE-2018-16841 CVE-2018-16851 CVE-2018-16852 CVE-2018-16853 CVE-2018-16857 CVE-2018-16860 CVE-2019-10197 CVE-2019-10218 CVE-2019-12435 CVE-2019-12436 CVE-2019-14833 CVE-2019-14847 CVE-2019-14861 CVE-2019-14870 CVE-2019-14902 CVE-2019-14907 CVE-2019-19344 CVE-2019-3824 CVE-2019-3870 CVE-2019-3880 CVE-2020-10700 CVE-2020-10704 CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 CVE-2020-1472 CVE-2020-17049 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722 CVE-2020-27840 CVE-2021-20254 CVE-2021-20277 CVE-2021-23192 CVE-2021-3738 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 cpe:/o:opensuse:leap:15.4 libseccomp2-2.5.3-150400.2.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libseccomp2-2.5.3-150400.2.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-9893 cpe:/o:opensuse:leap:15.4 libserf-1-1-1.3.9-2.31 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libserf-1-1-1.3.9-2.31 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-3504 cpe:/o:opensuse:leap:15.4 libshp2-1.5.0-bp154.2.50 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libshp2-1.5.0-bp154.2.50 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2022-0699 cpe:/o:opensuse:leap:15.4 libslirp0-4.3.1-150300.2.7.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libslirp0-4.3.1-150300.2.7.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-10756 CVE-2020-1983 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 cpe:/o:opensuse:leap:15.4 libsndfile1-1.0.28-5.15.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libsndfile1-1.0.28-5.15.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-9496 CVE-2014-9756 CVE-2015-7805 CVE-2015-8075 CVE-2017-12562 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-17456 CVE-2017-17457 CVE-2017-6892 CVE-2017-7585 CVE-2017-7586 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 CVE-2018-13139 CVE-2018-19432 CVE-2018-19758 CVE-2021-3246 CVE-2021-4156 cpe:/o:opensuse:leap:15.4 libsnmp30-5.7.3-10.12.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libsnmp30-5.7.3-10.12.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-5621 CVE-2018-18065 CVE-2020-15862 cpe:/o:opensuse:leap:15.4 libsolv-tools-0.7.22-150400.1.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libsolv-tools-0.7.22-150400.1.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 cpe:/o:opensuse:leap:15.4 libsoup-2_4-1-2.74.2-150400.1.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libsoup-2_4-1-2.74.2-150400.1.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-2885 CVE-2018-12910 cpe:/o:opensuse:leap:15.4 libspeex1-1.2-3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libspeex1-1.2-3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-23903 cpe:/o:opensuse:leap:15.4 libspice-client-glib-2_0-8-0.39-150400.2.13 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libspice-client-glib-2_0-8-0.39-150400.2.13 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-10873 CVE-2018-10893 CVE-2020-14355 CVE-2021-20201 cpe:/o:opensuse:leap:15.4 libspice-server1-0.15.0-150400.2.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libspice-server1-0.15.0-150400.2.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-4282 CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 CVE-2016-0749 CVE-2016-2150 CVE-2016-9577 CVE-2016-9578 CVE-2018-10873 CVE-2018-10893 CVE-2019-3813 CVE-2020-14355 CVE-2021-20201 cpe:/o:opensuse:leap:15.4 libsqlite3-0-3.36.0-3.12.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libsqlite3-0-3.36.0-3.12.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-3414 CVE-2015-3415 CVE-2018-20346 CVE-2018-8740 CVE-2019-16168 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2019-9936 CVE-2019-9937 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-9327 cpe:/o:opensuse:leap:15.4 libsrt1-1.3.4-1.45 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libsrt1-1.3.4-1.45 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-15784 cpe:/o:opensuse:leap:15.4 libsrtp2-1-2.2.0-1.34 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libsrtp2-1-2.2.0-1.34 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-6360 cpe:/o:opensuse:leap:15.4 libssh-config-0.9.6-150400.1.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libssh-config-0.9.6-150400.1.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8132 CVE-2015-3146 CVE-2018-10933 CVE-2019-14889 CVE-2020-16135 CVE-2020-1730 CVE-2021-3634 cpe:/o:opensuse:leap:15.4 libssh2-1-1.9.0-4.13.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libssh2-1-1.9.0-4.13.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-1782 CVE-2016-0787 CVE-2019-17498 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:opensuse:leap:15.4 libstaroffice-0_0-0-0.0.7-7.3.2 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libstaroffice-0_0-0-0.0.7-7.3.2 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-9432 cpe:/o:opensuse:leap:15.4 libsynctex2-1.21-150400.29.15 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libsynctex2-1.21-150400.29.15 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-10243 CVE-2018-17407 CVE-2019-18604 CVE-2020-8016 cpe:/o:opensuse:leap:15.4 libsystemd0-249.11-150400.6.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libsystemd0-249.11-150400.6.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-7510 CVE-2016-10156 CVE-2017-15908 CVE-2017-18078 CVE-2017-9445 CVE-2018-15686 CVE-2018-15687 CVE-2018-15688 CVE-2018-16864 CVE-2018-16865 CVE-2018-21029 CVE-2018-6954 CVE-2019-20386 CVE-2019-3842 CVE-2019-3843 CVE-2019-3844 CVE-2019-6454 CVE-2020-13529 CVE-2020-1712 CVE-2021-33910 CVE-2021-3997 cpe:/o:opensuse:leap:15.4 libtag1-1.11.1-4.9.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libtag1-1.11.1-4.9.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-12678 CVE-2018-11439 cpe:/o:opensuse:leap:15.4 libtasn1-4.13-4.5.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libtasn1-4.13-4.5.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-2806 CVE-2015-3622 CVE-2016-4008 CVE-2018-1000654 CVE-2018-6003 cpe:/o:opensuse:leap:15.4 libtiff5-4.0.9-45.5.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libtiff5-4.0.9-45.5.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2012-4564 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10095 CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10270 CVE-2016-10271 CVE-2016-10272 CVE-2016-10371 CVE-2016-3186 CVE-2016-3622 CVE-2016-3623 CVE-2016-3658 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5318 CVE-2016-5320 CVE-2016-5321 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 CVE-2016-9538 CVE-2017-11613 CVE-2017-12944 CVE-2017-16232 CVE-2017-17095 CVE-2017-18013 CVE-2017-5225 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 CVE-2017-9403 CVE-2017-9404 CVE-2017-9935 CVE-2017-9936 CVE-2018-10779 CVE-2018-10963 CVE-2018-12900 CVE-2018-16335 CVE-2018-17000 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 CVE-2018-18557 CVE-2018-18661 CVE-2018-19210 CVE-2018-5784 CVE-2018-7456 CVE-2018-8905 CVE-2019-14973 CVE-2019-17546 CVE-2019-6128 CVE-2019-7663 CVE-2020-19131 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 CVE-2022-22844 cpe:/o:opensuse:leap:15.4 libtirpc-netconfig-1.2.6-150300.3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libtirpc-netconfig-1.2.6-150300.3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-4429 cpe:/o:opensuse:leap:15.4 libtpms0-0.8.2-3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libtpms0-0.8.2-3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-3446 CVE-2021-3505 CVE-2021-3746 cpe:/o:opensuse:leap:15.4 libtss2-esys0-3.1.0-150400.1.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libtss2-esys0-3.1.0-150400.1.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-24455 cpe:/o:opensuse:leap:15.4 libudisks2-0-2.9.2-150400.1.15 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libudisks2-0-2.9.2-150400.1.15 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-17336 cpe:/o:opensuse:leap:15.4 libunwind-1.5.0-4.5.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libunwind-1.5.0-4.5.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-3239 cpe:/o:opensuse:leap:15.4 libupsclient1-2.7.4-4.72 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libupsclient1-2.7.4-4.72 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2012-2944 cpe:/o:opensuse:leap:15.4 libvdpau1-1.1.1-1.28 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libvdpau1-1.1.1-1.28 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 cpe:/o:opensuse:leap:15.4 libvirglrenderer1-0.9.1-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libvirglrenderer1-0.9.1-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-10214 CVE-2017-5937 CVE-2017-5957 CVE-2017-5993 CVE-2017-5994 CVE-2017-6386 CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391 CVE-2019-18392 CVE-2020-8002 CVE-2020-8003 CVE-2022-0175 cpe:/o:opensuse:leap:15.4 libvirt-client-8.0.0-150400.5.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libvirt-client-8.0.0-150400.5.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-7823 CVE-2014-8131 CVE-2015-0236 CVE-2015-5247 CVE-2015-5313 CVE-2017-1000256 CVE-2017-2635 CVE-2017-5715 CVE-2018-1064 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-3639 CVE-2018-5748 CVE-2019-10132 CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 CVE-2019-10168 CVE-2019-11091 CVE-2019-11135 CVE-2019-3886 CVE-2020-10701 CVE-2020-12430 CVE-2020-14339 CVE-2020-15708 CVE-2020-25637 CVE-2021-3631 CVE-2021-3667 CVE-2021-4147 CVE-2022-0897 cpe:/o:opensuse:leap:15.4 libvlc5-3.0.17.3-bp154.1.49 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libvlc5-3.0.17.3-bp154.1.49 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-9625 CVE-2015-5949 CVE-2015-7981 CVE-2015-8126 CVE-2016-5108 CVE-2017-10699 CVE-2017-9300 CVE-2018-19857 CVE-2019-12874 CVE-2019-13602 CVE-2019-13962 CVE-2019-14437 CVE-2019-14438 CVE-2019-14498 CVE-2019-14533 CVE-2019-14534 CVE-2019-14535 CVE-2019-14776 CVE-2019-14777 CVE-2019-14778 CVE-2019-14970 CVE-2019-5439 CVE-2019-5459 CVE-2019-5460 CVE-2020-0499 CVE-2020-13428 CVE-2020-26664 CVE-2021-0561 cpe:/o:opensuse:leap:15.4 libvmtools0-11.3.5-13.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libvmtools0-11.3.5-13.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-5191 cpe:/o:opensuse:leap:15.4 libvncclient1-0.9.13-150400.1.9 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libvncclient1-0.9.13-150400.1.9 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-4607 CVE-2017-18922 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 CVE-2018-21247 CVE-2018-6307 CVE-2018-7225 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 CVE-2020-25708 cpe:/o:opensuse:leap:15.4 libvorbis0-1.3.6-4.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libvorbis0-1.3.6-4.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2008-1420 CVE-2009-3379 CVE-2012-0444 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 CVE-2018-10392 CVE-2018-10393 CVE-2018-5146 cpe:/o:opensuse:leap:15.4 libvpx4-1.6.1-6.6.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libvpx4-1.6.1-6.6.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-1621 CVE-2016-2464 CVE-2017-0641 CVE-2017-13194 CVE-2019-2126 CVE-2019-9232 CVE-2019-9325 CVE-2019-9371 CVE-2019-9433 CVE-2020-0034 cpe:/o:opensuse:leap:15.4 libwavpack1-5.4.0-4.12.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libwavpack1-5.4.0-4.12.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 CVE-2018-19840 CVE-2018-19841 CVE-2018-6767 CVE-2018-7253 CVE-2018-7254 CVE-2019-1010319 CVE-2019-11498 CVE-2020-35738 CVE-2021-44269 cpe:/o:opensuse:leap:15.4 libwebp7-1.0.3-3.2.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libwebp7-1.0.3-3.2.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-8888 CVE-2016-9085 cpe:/o:opensuse:leap:15.4 libwmf-0_2-7-0.2.12-150000.4.4.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libwmf-0_2-7-0.2.12-150000.4.4.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2006-3376 CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 CVE-2019-6978 cpe:/o:opensuse:leap:15.4 libwpd-0_10-10-0.10.2-3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libwpd-0_10-10-0.10.2-3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-14226 CVE-2018-19208 cpe:/o:opensuse:leap:15.4 libxapian30-1.4.17-1.43 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libxapian30-1.4.17-1.43 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-0499 cpe:/o:opensuse:leap:15.4 libxerces-c-3_2-3.2.3-1.28 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libxerces-c-3_2-3.2.3-1.28 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-0729 CVE-2016-2099 CVE-2016-4463 CVE-2017-12627 cpe:/o:opensuse:leap:15.4 libxkbcommon-x11-0-1.3.0-150400.1.13 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libxkbcommon-x11-0-1.3.0-150400.1.13 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-15853 CVE-2018-15854 CVE-2018-15855 CVE-2018-15856 CVE-2018-15857 CVE-2018-15858 CVE-2018-15859 CVE-2018-15861 CVE-2018-15862 CVE-2018-15863 CVE-2018-15864 cpe:/o:opensuse:leap:15.4 libxml2-2-2.9.12-150400.3.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libxml2-2-2.9.12-150400.3.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-0191 CVE-2014-3660 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8242 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 CVE-2016-4658 CVE-2017-0663 CVE-2017-5969 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2018-14404 CVE-2018-14567 CVE-2018-9251 CVE-2019-19956 CVE-2019-20388 CVE-2020-24977 CVE-2020-7595 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541 CVE-2022-23308 cpe:/o:opensuse:leap:15.4 libxslt-tools-1.1.34-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libxslt-tools-1.1.34-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 CVE-2019-11068 CVE-2019-13117 CVE-2019-13118 CVE-2019-18197 cpe:/o:opensuse:leap:15.4 libyaml-0-2-0.1.7-1.17 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libyaml-0-2-0.1.7-1.17 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 cpe:/o:opensuse:leap:15.4 libyaml-cpp0_6-0.6.3-150400.2.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libyaml-cpp0_6-0.6.3-150400.2.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-5950 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 cpe:/o:opensuse:leap:15.4 libzip5-1.8.0-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libzip5-1.8.0-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-2331 CVE-2017-12858 CVE-2017-14107 cpe:/o:opensuse:leap:15.4 libzstd1-1.5.0-150400.1.71 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libzstd1-1.5.0-150400.1.71 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-11922 cpe:/o:opensuse:leap:15.4 libzypp-17.30.0-150400.1.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the libzypp-17.30.0-150400.1.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-7435 CVE-2017-7436 CVE-2017-9269 CVE-2017-9271 CVE-2018-7685 CVE-2019-18900 cpe:/o:opensuse:leap:15.4 login_defs-4.8.1-150400.8.57 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the login_defs-4.8.1-150400.8.57 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-7169 cpe:/o:opensuse:leap:15.4 mailx-12.5-3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the mailx-12.5-3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2004-2771 CVE-2014-7844 cpe:/o:opensuse:leap:15.4 mc-4.8.27-bp154.1.50 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the mc-4.8.27-bp154.1.50 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-36370 cpe:/o:opensuse:leap:15.4 messagelib-21.12.3-bp154.1.22 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the messagelib-21.12.3-bp154.1.22 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-10732 CVE-2021-31855 cpe:/o:opensuse:leap:15.4 mozilla-nspr-4.32-3.20.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the mozilla-nspr-4.32-3.20.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-7183 cpe:/o:opensuse:leap:15.4 nbdkit-1.29.4-150400.1.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the nbdkit-1.29.4-150400.1.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-3716 cpe:/o:opensuse:leap:15.4 nfs-client-2.1.1-150100.10.24.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the nfs-client-2.1.1-150100.10.24.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-3689 cpe:/o:opensuse:leap:15.4 okular-21.12.3-bp154.1.25 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the okular-21.12.3-bp154.1.25 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-1000801 CVE-2020-9359 cpe:/o:opensuse:leap:15.4 openconnect-7.08-6.9.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the openconnect-7.08-6.9.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-16239 CVE-2020-12105 CVE-2020-12823 cpe:/o:opensuse:leap:15.4 openslp-2.0.0-6.15.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the openslp-2.0.0-6.15.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-4912 CVE-2016-7567 CVE-2017-17833 cpe:/o:opensuse:leap:15.4 openssh-8.4p1-3.9.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the openssh-8.4p1-3.9.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-8325 CVE-2016-0777 CVE-2016-0778 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-6210 CVE-2016-6515 CVE-2016-8858 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2021-28041 CVE-2021-41617 cpe:/o:opensuse:leap:15.4 openssl-1.1.1l-150400.1.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the openssl-1.1.1l-150400.1.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-1793 CVE-2015-1794 CVE-2015-3193 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2016-0701 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2016-7056 CVE-2017-3731 CVE-2017-3732 cpe:/o:opensuse:leap:15.4 openvpn-2.5.5-150400.1.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the openvpn-2.5.5-150400.1.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8104 CVE-2017-12166 CVE-2017-7521 CVE-2017-7522 CVE-2018-7544 CVE-2018-9336 CVE-2020-11810 CVE-2020-15078 cpe:/o:opensuse:leap:15.4 ovmf-202202-150400.3.3 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the ovmf-202202-150400.3.3 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-0739 CVE-2018-12178 CVE-2018-12180 CVE-2018-12181 CVE-2018-3613 CVE-2018-3630 CVE-2019-0160 CVE-2019-0161 CVE-2019-14553 CVE-2019-14558 CVE-2019-14559 CVE-2019-14562 CVE-2019-14563 CVE-2019-14575 CVE-2019-14584 CVE-2019-14586 CVE-2019-14587 CVE-2021-28210 CVE-2021-28211 cpe:/o:opensuse:leap:15.4 p7zip-16.02-14.7.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the p7zip-16.02-14.7.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-1038 CVE-2016-2334 CVE-2016-2335 CVE-2016-9296 CVE-2017-17969 CVE-2021-3465 cpe:/o:opensuse:leap:15.4 pam-1.3.0-150000.6.55.3 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the pam-1.3.0-150000.6.55.3 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-3238 CVE-2018-17953 cpe:/o:opensuse:leap:15.4 perl-5.26.1-150300.17.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the perl-5.26.1-150300.17.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-12837 CVE-2017-12883 CVE-2018-12015 CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 cpe:/o:opensuse:leap:15.4 perl-Archive-Zip-1.60-3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the perl-Archive-Zip-1.60-3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-10860 cpe:/o:opensuse:leap:15.4 perl-HTML-Parser-3.72-1.26 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the perl-HTML-Parser-3.72-1.26 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2009-3627 cpe:/o:opensuse:leap:15.4 perl-LWP-Protocol-https-6.06-1.24 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the perl-LWP-Protocol-https-6.06-1.24 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-3230 cpe:/o:opensuse:leap:15.4 perl-XML-LibXML-2.0132-1.20 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the perl-XML-LibXML-2.0132-1.20 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-3451 cpe:/o:opensuse:leap:15.4 perl-XML-Twig-3.52-3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the perl-XML-Twig-3.52-3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-9180 cpe:/o:opensuse:leap:15.4 permissions-20201225-150400.3.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the permissions-20201225-150400.3.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-3687 CVE-2019-3688 CVE-2019-3690 CVE-2020-8013 CVE-2020-8025 cpe:/o:opensuse:leap:15.4 plasma5-desktop-5.24.4-bp154.1.21 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the plasma5-desktop-5.24.4-bp154.1.21 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8651 cpe:/o:opensuse:leap:15.4 powerpc-utils-1.3.9-150400.17.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the powerpc-utils-1.3.9-150400.17.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-4040 cpe:/o:opensuse:leap:15.4 ppc64-diag-2.7.7-150400.1.8 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the ppc64-diag-2.7.7-150400.1.8 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-4038 CVE-2014-4039 cpe:/o:opensuse:leap:15.4 ppp-2.4.7-150000.5.6.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the ppp-2.4.7-150000.5.6.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-3310 CVE-2020-8597 cpe:/o:opensuse:leap:15.4 procmail-3.22-2.34 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the procmail-3.22-2.34 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-3618 CVE-2017-16844 cpe:/o:opensuse:leap:15.4 python3-cryptography-2.8-10.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the python3-cryptography-2.8-10.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-25659 CVE-2020-36242 cpe:/o:opensuse:leap:15.4 python3-lxml-4.7.1-3.7.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the python3-lxml-4.7.1-3.7.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-19787 CVE-2020-27783 CVE-2021-28957 CVE-2021-43818 cpe:/o:opensuse:leap:15.4 python3-numpy-1.17.3-150400.21.32 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the python3-numpy-1.17.3-150400.21.32 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-12852 CVE-2019-6446 CVE-2021-33430 CVE-2021-41496 cpe:/o:opensuse:leap:15.4 python3-pip-20.0.2-150400.15.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the python3-pip-20.0.2-150400.15.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8991 CVE-2015-2296 CVE-2019-20916 CVE-2021-3572 cpe:/o:opensuse:leap:15.4 python3-py-1.8.1-5.6.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the python3-py-1.8.1-5.6.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-29651 cpe:/o:opensuse:leap:15.4 python3-requests-2.24.0-1.24 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the python3-requests-2.24.0-1.24 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-2296 CVE-2018-18074 cpe:/o:opensuse:leap:15.4 python3-setuptools-44.1.1-150400.1.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the python3-setuptools-44.1.1-150400.1.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-20916 cpe:/o:opensuse:leap:15.4 python3-urllib3-1.25.10-4.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the python3-urllib3-1.25.10-4.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-9015 CVE-2018-20060 CVE-2019-11236 CVE-2019-11324 CVE-2019-9740 CVE-2020-26137 CVE-2021-33503 cpe:/o:opensuse:leap:15.4 qemu-6.2.0-150400.35.10 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the qemu-6.2.0-150400.35.10 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-3456 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-10028 CVE-2016-10155 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 CVE-2016-3712 CVE-2016-4002 CVE-2016-4020 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4964 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6351 CVE-2016-6490 CVE-2016-6833 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 CVE-2016-7157 CVE-2016-7161 CVE-2016-7170 CVE-2016-7421 CVE-2016-7422 CVE-2016-7423 CVE-2016-7466 CVE-2016-7907 CVE-2016-7908 CVE-2016-7909 CVE-2016-7994 CVE-2016-7995 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8668 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 CVE-2016-9381 CVE-2016-9602 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922 CVE-2016-9923 CVE-2017-10664 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434 CVE-2017-13672 CVE-2017-13673 CVE-2017-13711 CVE-2017-14167 CVE-2017-15038 CVE-2017-15118 CVE-2017-15119 CVE-2017-15268 CVE-2017-15289 CVE-2017-2615 CVE-2017-2620 CVE-2017-2630 CVE-2017-2633 CVE-2017-5525 CVE-2017-5526 CVE-2017-5552 CVE-2017-5578 CVE-2017-5579 CVE-2017-5667 CVE-2017-5715 CVE-2017-5856 CVE-2017-5857 CVE-2017-5898 CVE-2017-5931 CVE-2017-5973 CVE-2017-5987 CVE-2017-6058 CVE-2017-6505 CVE-2017-7471 CVE-2017-7493 CVE-2017-8112 CVE-2017-8309 CVE-2017-8379 CVE-2017-8380 CVE-2017-9503 CVE-2017-9524 CVE-2018-10839 CVE-2018-11806 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-12207 CVE-2018-12617 CVE-2018-15746 CVE-2018-16847 CVE-2018-16872 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 CVE-2018-20123 CVE-2018-20124 CVE-2018-20125 CVE-2018-20126 CVE-2018-20191 CVE-2018-20216 CVE-2018-20815 CVE-2018-3639 CVE-2018-7550 CVE-2018-7858 CVE-2019-11091 CVE-2019-11135 CVE-2019-12068 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-15890 CVE-2019-5008 CVE-2019-6778 CVE-2019-8934 CVE-2019-9824 CVE-2020-10702 CVE-2020-10717 CVE-2020-10761 CVE-2020-11102 CVE-2020-11869 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13800 CVE-2020-14364 CVE-2020-15863 CVE-2020-16092 CVE-2020-1711 CVE-2020-17380 CVE-2020-1983 CVE-2020-24352 CVE-2020-25085 CVE-2020-25707 CVE-2020-25723 CVE-2020-27821 CVE-2020-29129 CVE-2020-29130 CVE-2020-35503 CVE-2020-7039 CVE-2020-8608 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 CVE-2021-20263 CVE-2021-3409 CVE-2021-3416 CVE-2021-3419 CVE-2021-3527 CVE-2021-3544 CVE-2021-3545 CVE-2021-3546 CVE-2021-3582 CVE-2021-3607 CVE-2021-3608 CVE-2021-3682 CVE-2021-3713 CVE-2021-3748 CVE-2021-3929 CVE-2021-4158 CVE-2022-0358 cpe:/o:opensuse:leap:15.4 rpcbind-0.2.3-5.9.2 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the rpcbind-0.2.3-5.9.2 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-7236 CVE-2017-8779 cpe:/o:opensuse:leap:15.4 rpm-32bit-4.14.3-150300.46.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the rpm-32bit-4.14.3-150300.46.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-7500 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 cpe:/o:opensuse:leap:15.4 rsync-3.2.3-150400.1.53 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the rsync-3.2.3-150400.1.53 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8242 CVE-2014-9512 CVE-2017-16548 CVE-2018-5764 CVE-2020-14387 cpe:/o:opensuse:leap:15.4 rsyslog-8.2106.0-150400.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the rsyslog-8.2106.0-150400.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-3243 CVE-2022-24903 cpe:/o:opensuse:leap:15.4 rtkit-0.11+git.20130926-1.34 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the rtkit-0.11+git.20130926-1.34 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-4326 cpe:/o:opensuse:leap:15.4 ruby2.5-rubygem-nokogiri-1.8.5-150400.12.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the ruby2.5-rubygem-nokogiri-1.8.5-150400.12.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-7995 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2016-4658 CVE-2016-4738 CVE-2016-5131 CVE-2017-15412 CVE-2017-5029 CVE-2018-14404 CVE-2018-14567 CVE-2018-3740 CVE-2018-3741 CVE-2018-8048 CVE-2019-5477 CVE-2020-26247 cpe:/o:opensuse:leap:15.4 sane-backends-1.0.32-6.6.2 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the sane-backends-1.0.32-6.6.2 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-6318 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 cpe:/o:opensuse:leap:15.4 screen-4.6.2-5.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the screen-4.6.2-5.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-5618 CVE-2021-26937 cpe:/o:opensuse:leap:15.4 sddm-0.19.0-lp154.3.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the sddm-0.19.0-lp154.3.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-7271 CVE-2014-7272 CVE-2015-0856 CVE-2018-14345 CVE-2020-28049 cpe:/o:opensuse:leap:15.4 sharutils-4.15.2-2.21 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the sharutils-4.15.2-2.21 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-1000097 cpe:/o:opensuse:leap:15.4 shim-15.4-4.7.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the shim-15.4-4.7.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 CVE-2019-14584 cpe:/o:opensuse:leap:15.4 spice-vdagent-0.21.0-3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the spice-vdagent-0.21.0-3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-15108 CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 cpe:/o:opensuse:leap:15.4 squashfs-4.4-1.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the squashfs-4.4-1.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-4645 CVE-2015-4646 cpe:/o:opensuse:leap:15.4 sudo-1.9.9-150400.2.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the sudo-1.9.9-150400.2.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-9680 CVE-2016-7032 CVE-2016-7076 CVE-2017-1000367 CVE-2017-1000368 CVE-2019-14287 CVE-2019-18634 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 cpe:/o:opensuse:leap:15.4 swtpm-0.5.3-150300.3.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the swtpm-0.5.3-150300.3.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2020-28407 CVE-2022-23645 cpe:/o:opensuse:leap:15.4 tar-1.34-150000.3.12.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the tar-1.34-150000.3.12.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-6321 CVE-2018-20482 CVE-2019-9923 CVE-2021-20193 cpe:/o:opensuse:leap:15.4 telepathy-idle-0.2.2-bp154.1.40 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the telepathy-idle-0.2.2-bp154.1.40 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2007-6746 cpe:/o:opensuse:leap:15.4 texlive-lm-fonts-2021.189.2.005svn58637-150400.18.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the texlive-lm-fonts-2021.189.2.005svn58637-150400.18.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-10243 cpe:/o:opensuse:leap:15.4 tmux-3.1c-1.38 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the tmux-3.1c-1.38 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-19387 CVE-2020-27347 cpe:/o:opensuse:leap:15.4 tnftp-20151004-bp154.2.20 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the tnftp-20151004-bp154.2.20 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8517 cpe:/o:opensuse:leap:15.4 transmission-common-3.00-bp154.1.67 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the transmission-common-3.00-bp154.1.67 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-5072 CVE-2018-5702 cpe:/o:opensuse:leap:15.4 trousers-0.3.15-150400.1.10 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the trousers-0.3.15-150400.1.10 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-18898 CVE-2020-24330 CVE-2020-24331 CVE-2020-24332 cpe:/o:opensuse:leap:15.4 u-boot-rpiarm64-2021.10-150400.2.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the u-boot-rpiarm64-2021.10-150400.2.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2018-18439 CVE-2018-18440 CVE-2020-10648 CVE-2020-8432 cpe:/o:opensuse:leap:15.4 ucode-intel-20220207-10.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the ucode-intel-20220207-10.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-5715 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-3639 CVE-2018-3640 CVE-2019-11091 CVE-2019-11135 CVE-2019-11139 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120 cpe:/o:opensuse:leap:15.4 unzip-6.00-4.8.13 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the unzip-6.00-4.8.13 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 CVE-2014-9636 CVE-2014-9913 CVE-2015-7696 CVE-2015-7697 CVE-2016-9844 CVE-2018-1000035 CVE-2018-18384 cpe:/o:opensuse:leap:15.4 update-alternatives-1.19.0.4-4.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the update-alternatives-1.19.0.4-4.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-0840 cpe:/o:opensuse:leap:15.4 vim-8.0.1568-5.17.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the vim-8.0.1568-5.17.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2009-0316 CVE-2017-1000382 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 CVE-2019-12735 CVE-2019-20807 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3927 CVE-2021-3928 CVE-2021-3984 CVE-2021-4019 CVE-2021-4193 CVE-2021-46059 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0361 CVE-2022-0413 cpe:/o:opensuse:leap:15.4 virt-install-4.0.0-150400.1.5 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the virt-install-4.0.0-150400.1.5 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-10183 cpe:/o:opensuse:leap:15.4 virtualbox-guest-tools-6.1.32-lp154.1.83 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the virtualbox-guest-tools-6.1.32-lp154.1.83 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-0224 CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0377 CVE-2015-0418 CVE-2015-0427 CVE-2015-3456 CVE-2015-4813 CVE-2015-4896 CVE-2016-0678 CVE-2016-5501 CVE-2016-5538 CVE-2016-5545 CVE-2016-5605 CVE-2016-5608 CVE-2016-5610 CVE-2016-5611 CVE-2017-10392 CVE-2017-10407 CVE-2017-10408 CVE-2017-10428 CVE-2017-3290 CVE-2017-3316 CVE-2017-3332 CVE-2017-3513 CVE-2017-3538 CVE-2017-3558 CVE-2017-3559 CVE-2017-3561 CVE-2017-3563 CVE-2017-3575 CVE-2017-3576 CVE-2017-3587 CVE-2017-3733 CVE-2017-5715 CVE-2018-0732 CVE-2018-0734 CVE-2018-0739 CVE-2018-11763 CVE-2018-11784 CVE-2018-2676 CVE-2018-2685 CVE-2018-2686 CVE-2018-2687 CVE-2018-2688 CVE-2018-2689 CVE-2018-2690 CVE-2018-2693 CVE-2018-2694 CVE-2018-2698 CVE-2018-2830 CVE-2018-2831 CVE-2018-2835 CVE-2018-2836 CVE-2018-2837 CVE-2018-2842 CVE-2018-2843 CVE-2018-2844 CVE-2018-2845 CVE-2018-2860 CVE-2018-2909 CVE-2018-3005 CVE-2018-3055 CVE-2018-3085 CVE-2018-3086 CVE-2018-3087 CVE-2018-3088 CVE-2018-3089 CVE-2018-3090 CVE-2018-3091 CVE-2018-3287 CVE-2018-3288 CVE-2018-3289 CVE-2018-3290 CVE-2018-3291 CVE-2018-3292 CVE-2018-3293 CVE-2018-3294 CVE-2018-3295 CVE-2018-3296 CVE-2018-3297 CVE-2018-3298 CVE-2018-3309 CVE-2019-1543 CVE-2019-1547 CVE-2019-2446 CVE-2019-2448 CVE-2019-2450 CVE-2019-2451 CVE-2019-2500 CVE-2019-2501 CVE-2019-2504 CVE-2019-2505 CVE-2019-2506 CVE-2019-2508 CVE-2019-2509 CVE-2019-2511 CVE-2019-2520 CVE-2019-2521 CVE-2019-2522 CVE-2019-2523 CVE-2019-2524 CVE-2019-2525 CVE-2019-2526 CVE-2019-2527 CVE-2019-2548 CVE-2019-2552 CVE-2019-2553 CVE-2019-2554 CVE-2019-2555 CVE-2019-2556 CVE-2019-2574 CVE-2019-2656 CVE-2019-2657 CVE-2019-2678 CVE-2019-2679 CVE-2019-2680 CVE-2019-2690 CVE-2019-2696 CVE-2019-2703 CVE-2019-2721 CVE-2019-2722 CVE-2019-2723 CVE-2019-2848 CVE-2019-2850 CVE-2019-2859 CVE-2019-2863 CVE-2019-2864 CVE-2019-2865 CVE-2019-2866 CVE-2019-2867 CVE-2019-2873 CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2877 CVE-2019-2926 CVE-2019-2944 CVE-2019-2984 CVE-2019-3002 CVE-2019-3005 CVE-2019-3017 CVE-2019-3021 CVE-2019-3026 CVE-2019-3028 CVE-2019-3031 CVE-2020-14628 CVE-2020-14629 CVE-2020-14646 CVE-2020-14647 CVE-2020-14648 CVE-2020-14649 CVE-2020-14650 CVE-2020-14673 CVE-2020-14674 CVE-2020-14675 CVE-2020-14676 CVE-2020-14677 CVE-2020-14694 CVE-2020-14695 CVE-2020-14698 CVE-2020-14699 CVE-2020-14700 CVE-2020-14703 CVE-2020-14704 CVE-2020-14707 CVE-2020-14711 CVE-2020-14712 CVE-2020-14713 CVE-2020-14714 CVE-2020-14715 CVE-2020-2674 CVE-2020-2678 CVE-2020-2681 CVE-2020-2682 CVE-2020-2689 CVE-2020-2690 CVE-2020-2691 CVE-2020-2692 CVE-2020-2693 CVE-2020-2698 CVE-2020-2701 CVE-2020-2702 CVE-2020-2703 CVE-2020-2704 CVE-2020-2705 CVE-2020-2725 CVE-2020-2726 CVE-2020-2727 CVE-2021-2074 CVE-2021-2129 CVE-2021-2145 CVE-2021-2250 CVE-2021-2264 CVE-2021-2266 CVE-2021-2279 CVE-2021-2280 CVE-2021-2281 CVE-2021-2282 CVE-2021-2283 CVE-2021-2284 CVE-2021-2285 CVE-2021-2286 CVE-2021-2287 CVE-2021-2291 CVE-2021-2296 CVE-2021-2297 CVE-2021-2306 CVE-2021-2309 CVE-2021-2310 CVE-2021-2312 CVE-2021-2475 CVE-2021-35538 CVE-2021-35540 CVE-2021-35542 CVE-2021-35545 CVE-2022-21394 cpe:/o:opensuse:leap:15.4 vorbis-tools-1.4.0-1.53 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the vorbis-tools-1.4.0-1.53 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 CVE-2015-6749 cpe:/o:opensuse:leap:15.4 vsftpd-3.0.5-150400.1.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the vsftpd-3.0.5-150400.1.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-1419 cpe:/o:opensuse:leap:15.4 w3m-0.5.3+git20180125-1.17 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the w3m-0.5.3+git20180125-1.17 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2010-2074 CVE-2012-4929 CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 CVE-2018-6196 CVE-2018-6197 CVE-2018-6198 cpe:/o:opensuse:leap:15.4 wget-1.20.3-3.12.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the wget-1.20.3-3.12.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-4877 CVE-2015-7665 CVE-2016-4971 CVE-2017-13089 CVE-2017-13090 CVE-2017-6508 CVE-2018-0494 CVE-2018-20483 CVE-2019-5953 cpe:/o:opensuse:leap:15.4 wicked-0.6.69-150400.1.3 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the wicked-0.6.69-150400.1.3 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-18902 CVE-2019-18903 CVE-2020-7216 CVE-2020-7217 cpe:/o:opensuse:leap:15.4 wpa_supplicant-2.9-4.33.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the wpa_supplicant-2.9-4.33.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2014-3686 CVE-2015-1863 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146 CVE-2015-5310 CVE-2015-5315 CVE-2015-5316 CVE-2015-8041 CVE-2016-4476 CVE-2016-4477 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 CVE-2018-14526 CVE-2019-11555 CVE-2019-13377 CVE-2019-16275 CVE-2019-9494 CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 CVE-2021-0326 CVE-2021-27803 CVE-2021-30004 CVE-2022-23303 CVE-2022-23304 cpe:/o:opensuse:leap:15.4 xdg-utils-1.1.3+20201113-150400.1.4 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the xdg-utils-1.1.3+20201113-150400.1.4 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-18266 cpe:/o:opensuse:leap:15.4 xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the xen-libs-4.16.0_08-150400.2.12 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-3495 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2014-0222 CVE-2014-3640 CVE-2014-3672 CVE-2014-7815 CVE-2015-1779 CVE-2015-3259 CVE-2015-3340 CVE-2015-3456 CVE-2015-4037 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-5154 CVE-2015-5239 CVE-2015-5278 CVE-2015-5307 CVE-2015-6815 CVE-2015-6855 CVE-2015-7311 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8615 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-10013 CVE-2016-10024 CVE-2016-10025 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-4439 CVE-2016-4441 CVE-2016-5238 CVE-2016-5338 CVE-2016-6258 CVE-2016-6259 CVE-2016-6351 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8910 CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 CVE-2016-9921 CVE-2016-9922 CVE-2016-9932 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-2615 CVE-2017-2620 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-6505 CVE-2017-8309 CVE-2017-9330 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 CVE-2018-10982 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-15468 CVE-2018-15469 CVE-2018-15470 CVE-2018-18883 CVE-2018-19961 CVE-2018-19962 CVE-2018-19963 CVE-2018-19964 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 CVE-2018-3639 CVE-2018-3646 CVE-2018-3665 CVE-2018-5244 CVE-2018-7540 CVE-2018-7541 CVE-2018-7542 CVE-2018-8897 CVE-2019-11091 CVE-2019-17349 CVE-2020-0543 CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-11743 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25598 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 CVE-2020-29040 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29567 CVE-2020-29570 CVE-2020-29571 CVE-2021-0089 CVE-2021-26401 CVE-2021-28687 CVE-2021-28690 CVE-2021-28692 CVE-2021-28693 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVE-2021-28701 CVE-2022-0001 CVE-2022-0002 CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 cpe:/o:opensuse:leap:15.4 xinetd-2.3.15.4-bp154.1.21 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the xinetd-2.3.15.4-bp154.1.21 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2013-4342 cpe:/o:opensuse:leap:15.4 xorg-x11-essentials-7.6_1-1.22 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the xorg-x11-essentials-7.6_1-1.22 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2011-0465 cpe:/o:opensuse:leap:15.4 xorg-x11-server-1.20.3-150400.36.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the xorg-x11-server-1.20.3-150400.36.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-3164 CVE-2017-10971 CVE-2017-10972 CVE-2017-12176 CVE-2017-12187 CVE-2017-13721 CVE-2017-13723 CVE-2017-2624 CVE-2018-14665 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14360 CVE-2020-14361 CVE-2020-14362 CVE-2020-25712 CVE-2021-3472 CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011 cpe:/o:opensuse:leap:15.4 xscreensaver-6.03-150400.1.6 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the xscreensaver-6.03-150400.1.6 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2015-8025 cpe:/o:opensuse:leap:15.4 xterm-330-11.3.1 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the xterm-330-11.3.1 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-27135 cpe:/o:opensuse:leap:15.4 xwayland-21.1.4-150400.1.12 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the xwayland-21.1.4-150400.1.12 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2021-3472 CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011 cpe:/o:opensuse:leap:15.4 yast2-security-4.4.13-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the yast2-security-4.4.13-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2019-3700 cpe:/o:opensuse:leap:15.4 yast2-users-4.4.10-150400.1.7 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the yast2-users-4.4.10-150400.1.7 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2016-1601 cpe:/o:opensuse:leap:15.4 zypper-1.14.52-150400.1.9 on GA media (Moderate) openSUSE Leap 15.4 These are all security issues fixed in the zypper-1.14.52-150400.1.9 package on the GA media of openSUSE Leap 15.4. Moderate CVE-2017-7436 CVE-2017-9269 cpe:/o:opensuse:leap:15.4 Security update for librecad (Important) openSUSE Leap 15.4 This update for librecad fixes the following issues: - CVE-2021-45341: Fixed a buffer overflow vulnerability in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195105] - CVE-2021-45342: Fixed a buffer overflow vulnerability in jwwlib in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195122] - Strip excess blank fields from librecad.desktop:MimeType [boo#1197664] Update to 2.2.0-rc3 * major release * DWG imports are more reliable now * and a lot more of bugfixes and improvements Important SUSE bug 1195105 SUSE bug 1195122 SUSE bug 1197664 CVE-2021-45341 CVE-2021-45342 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 102.0.5001.61 (boo#1199893) * CVE-2022-1853: Use after free in Indexed DB * CVE-2022-1854: Use after free in ANGLE * CVE-2022-1855: Use after free in Messaging * CVE-2022-1856: Use after free in User Education * CVE-2022-1857: Insufficient policy enforcement in File System API * CVE-2022-1858: Out of bounds read in DevTools * CVE-2022-1859: Use after free in Performance Manager * CVE-2022-1860: Use after free in UI Foundations * CVE-2022-1861: Use after free in Sharing * CVE-2022-1862: Inappropriate implementation in Extensions * CVE-2022-1863: Use after free in Tab Groups * CVE-2022-1864: Use after free in WebApp Installs * CVE-2022-1865: Use after free in Bookmarks * CVE-2022-1866: Use after free in Tablet Mode * CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer * CVE-2022-1868: Inappropriate implementation in Extensions API * CVE-2022-1869: Type Confusion in V8 * CVE-2022-1870: Use after free in App Service * CVE-2022-1871: Insufficient policy enforcement in File System API * CVE-2022-1872: Insufficient policy enforcement in Extensions API * CVE-2022-1873: Insufficient policy enforcement in COOP * CVE-2022-1874: Insufficient policy enforcement in Safe Browsing * CVE-2022-1875: Inappropriate implementation in PDF * CVE-2022-1876: Heap buffer overflow in DevTools - Chromium 101.0.4951.67 * fixes for other platforms Important SUSE bug 1199893 CVE-2022-1853 CVE-2022-1854 CVE-2022-1855 CVE-2022-1856 CVE-2022-1857 CVE-2022-1858 CVE-2022-1859 CVE-2022-1860 CVE-2022-1861 CVE-2022-1862 CVE-2022-1863 CVE-2022-1864 CVE-2022-1865 CVE-2022-1866 CVE-2022-1867 CVE-2022-1868 CVE-2022-1869 CVE-2022-1870 CVE-2022-1871 CVE-2022-1872 CVE-2022-1873 CVE-2022-1874 CVE-2022-1875 CVE-2022-1876 cpe:/o:opensuse:leap:15.4 Security update for caddy (Moderate) openSUSE Leap 15.4 This update for caddy fixes the following issues: Update to version 2.5.1: * Fixed regression in Unix socket admin endpoints. * Fixed regression in caddy trust commands. * Hash-based load balancing policies (ip_hash, uri_hash, header, and cookie) use an improved highest-random-weight (HRW) algorithm for increased consistency. * Dynamic upstreams, which is the ability to get the list of upstreams at every request (more specifically, every iteration in the proxy loop of every request) rather than just once at config-load time. * Caddy will automatically try to get relevant certificates from the local Tailscale instance. * New OpenTelemetry integration. * Added new endpoints /pki/ca/<id> and /pki/ca/<id>/certificates for getting information about Caddy's managed CAs. * Rename _caddy to zsh-completion * Fix MatchPath sanitizing [bsc#1200279, CVE-2022-29718] Moderate SUSE bug 1200279 CVE-2022-29718 cpe:/o:opensuse:leap:15.4 Security update for chromium (Critical) openSUSE Leap 15.4 This update for chromium fixes the following issues: - Chromium 102.0.5005.115 (boo#1200423) * CVE-2022-2007: Use after free in WebGPU * CVE-2022-2008: Out of bounds memory access in WebGL * CVE-2022-2010: Out of bounds read in compositing * CVE-2022-2011: Use after free in ANGLE Critical SUSE bug 1200139 SUSE bug 1200423 CVE-2022-2007 CVE-2022-2008 CVE-2022-2010 CVE-2022-2011 cpe:/o:opensuse:leap:15.4 Security update for firejail (Important) openSUSE Leap 15.4 This update for firejail fixes the following issues: firejail was updated to version 0.9.70: - CVE-2022-31214 - root escalation in --join logic (boo#1199148) Reported by Matthias Gerstner, working exploit code was provided to our development team. In the same time frame, the problem was independently reported by Birk Blechschmidt. Full working exploit code was also provided. - feature: enable shell tab completion with --tab (#4936) - feature: disable user profiles at compile time (#4990) - feature: Allow resolution of .local names with avahi-daemon in the apparmor - profile (#5088) - feature: always log seccomp errors (#5110) - feature: firecfg --guide, guided user configuration (#5111) - feature: --oom, kernel OutOfMemory-killer (#5122) - modif: --ids feature needs to be enabled at compile time (#5155) - modif: --nettrace only available to root user - rework: whitelist restructuring (#4985) - rework: firemon, speed up and lots of fixes - bugfix: --private-cwd not expanding macros, broken hyperrogue (#4910) - bugfix: nogroups + wrc prints confusing messages (#4930 #4933) - bugfix: openSUSE Leap - whitelist-run-common.inc (#4954) - bugfix: fix printing in evince (#5011) - bugfix: gcov: fix gcov functions always declared as dummy (#5028) - bugfix: Stop warning on safe supplementary group clean (#5114) - build: remove ultimately unused INSTALL and RANLIB check macros (#5133) - build: mkdeb.sh.in: pass remaining arguments to ./configure (#5154) - ci: replace centos (EOL) with almalinux (#4912) - ci: fix --version not printing compile-time features (#5147) - ci: print version after install & fix apparmor support on build_apparmor (#5148) - docs: Refer to firejail.config in configuration files (#4916) - docs: firejail.config: add warning about allow-tray (#4946) - docs: mention that the protocol command accumulates (#5043) - docs: mention inconsistent homedir bug involving --private=dir (#5052) - docs: mention capabilities(7) on --caps (#5078) - new profiles: onionshare, onionshare-cli, opera-developer, songrec - new profiles: node-gyp, npx, semver, ping-hardened - removed profiles: nvm update to firejail 0.9.68: - security: on Ubuntu, the PPA is now recommended over the distro package (see README.md) (#4748) - security: bugfix: private-cwd leaks access to the entire filesystem (#4780); reported by Hugo Osvaldo Barrera - feature: remove (some) environment variables with auth-tokens (#4157) - feature: ALLOW_TRAY condition (#4510 #4599) - feature: add basic Firejail support to AppArmor base abstraction (#3226 #4628) - feature: intrusion detection system (--ids-init, --ids-check) - feature: deterministic shutdown command (--deterministic-exit-code, --deterministic-shutdown) (#928 #3042 #4635) - feature: noprinters command (#4607 #4827) - feature: network monitor (--nettrace) - feature: network locker (--netlock) (#4848) - feature: whitelist-ro profile command (#4740) - feature: disable pipewire with --nosound (#4855) - feature: Unset TMP if it doesn't exist inside of sandbox (#4151) - feature: Allow apostrophe in whitelist and blacklist (#4614) - feature: AppImage support in --build command (#4878) - modifs: exit code: distinguish fatal signals by adding 128 (#4533) - modifs: firecfg.config is now installed to /etc/firejail/ (#408 #4669) - modifs: close file descriptors greater than 2 (--keep-fd) (#4845) - modifs: nogroups now stopped causing certain system groups to be dropped, - which are now controlled by the relevant 'no' options instead (such as - nosound -> drop audio group), which fixes device access issues on systems - not using (e)logind (such as with seatd) (#4632 #4725 #4732 #4851) - removal: --disable-whitelist at compile time - removal: whitelist=yes/no in /etc/firejail/firejail.config - bugfix: Fix sndio support (#4362 #4365) - bugfix: Error mounting tmpfs (MS_REMOUNT flag not being cleared) (#4387) - bugfix: --build clears the environment (#4460 #4467) - bugfix: firejail hangs with net parameter (#3958 #4476) - bugfix: Firejail does not work with a custom hosts file (#2758 #4560) - bugfix: --tracelog and --trace override /etc/ld.so.preload (#4558 #4586) - bugfix: PATH_MAX is undeclared on musl libc (#4578 #4579 #4583 #4606) - bugfix: firejail symlinks are not skipped with private-bin + globs (#4626) - bugfix: Firejail rejects empty arguments (#4395) - bugfix: firecfg does not work with symlinks (discord.desktop) (#4235) - bugfix: Seccomp list output goes to stdout instead of stderr (#4328) - bugfix: private-etc does not work with symlinks (#4887) - bugfix: Hardware key not detected on keepassxc (#4883) - build: allow building with address sanitizer (#4594) - build: Stop linking pthread (#4695) - build: Configure cleanup and improvements (#4712) - ci: add profile checks for sorting disable-programs.inc and - firecfg.config and for the required arguments in private-etc (#2739 #4643) - ci: pin GitHub actions to SHAs and use Dependabot to update them (#4774) - docs: Add new command checklist to CONTRIBUTING.md (#4413) - docs: Rework bug report issue template and add both a question and a - feature request template (#4479 #4515 #4561) - docs: fix contradictory descriptions of machine-id ('preserves' vs 'spoofs') (#4689) - docs: Document that private-bin and private-etc always accumulate (#4078) - new includes: whitelist-run-common.inc (#4288), disable-X11.inc (#4462) - new includes: disable-proc.inc (#4521) - removed includes: disable-passwordmgr.inc (#4454 #4461) - new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim - new profiles: io.github.lainsce.Notejot, rednotebook, gallery-dl - new profiles: yt-dlp, goldendict, goldendict, bundle, cmake - new profiles: make, meson, pip, codium, telnet, ftp, OpenStego - new profiles: imv, retroarch, torbrowser, CachyBrowser, - new profiles: notable, RPCS3, wget2, raincat, conitop, 1passwd, - new profiles: Seafile, neovim, com.github.tchx84.Flatseal Important SUSE bug 1199148 CVE-2022-31214 cpe:/o:opensuse:leap:15.4 Security update for chafa (Important) openSUSE Leap 15.4 This update for chafa fixes the following issues: - CVE-2022-2061: Fix heap based buffer overflow in lzw_decode (boo#1200510) Important SUSE bug 1200510 CVE-2022-2061 cpe:/o:opensuse:leap:15.4 Security update for atheme (Important) openSUSE Leap 15.4 This update for atheme fixes the following issues: atheme was updated to release 7.2.12: * CVE-2022-24976: Fixed General authentication bypass in Atheme IRC services with InspIRCd 3 [boo#1195989] * Track SASL login EID Important SUSE bug 1195989 CVE-2022-24976 cpe:/o:opensuse:leap:15.4 Security update for neomutt (Moderate) openSUSE Leap 15.4 This update for neomutt fixes the following issues: neomutt was updated to 20220429: * Bug Fixes * Do not crash on an invalid use_threads/sort combination * Fix: stuck browser cursor * Resolve (move) the cursor after <edit-label> * Index: fix menu size on new mail * Don't overlimit LMDB mmap size * OpenBSD y/n translation fix * Generic: split out OP_EXIT binding * Fix parsing of sendmail cmd * Fix: crash with menu_move_off=no * Newsrc: bugfix; nntp_user and nntp_pass ignored * Menu: ensure config changes cause a repaint * Mbox: fix sync duplicates * Make sure the index redraws all that's needed * Translations * 100% Chinese (Simplified) * 100% Czech * 100% German * 100% Hungarian * 100% Lithuanian * 100% Serbian * 100% Turkish * Docs * add missing pattern modifier ~I for external_search_command * Code * menu: eliminate custom_redraw() * modernise mixmaster * Kill global and Propagate display attach status through State- neomutt was updated to 20220415: * Security * Fix uudecode buffer overflow (CVE-2022-1328) * Features * Colours, colours, colours * Bug Fixes * Pager: fix pager_stop * Merge colours with normal * Color: disable mono command * Fix forwarding text attachments when honor_disposition is set * Pager: drop the nntp change-group bindings * Use mailbox_check flags coherently, add IMMEDIATE flag * Fix: tagging in attachment list * Fix: misalignment of mini-index * Make sure to update the menu size after a resort * Translations * 100% Hungarian * Build * Update acutest * Code * Unify pipe functions * Index: notify if navigation fails * Gui: set colour to be merged with normal * Fix: leak in tls_check_one_certificate() * Upstream * Flush iconv() in mutt_convert_string() * Fix integer overflow in mutt_convert_string() * Fix uudecode cleanup on unexpected eof update to 20220408: * Compose multipart emails * Fix screen mode after attempting decryption * imap: increase max size of oauth2 token * Fix autocrypt * Unify Alias/Query workflow * Fix colours * Say which file exists when saving attachments * Force SMTP authentication if `smtp_user` is set * Fix selecting the right email after limiting * Make sure we have enough memory for a new email * Don't overwrite with zeroes after unlinking the file * Fix crash when forwarding attachments * Fix help reformatting on window resize * Fix poll to use PollFdsCount and not PollFdsLen * regex: range check arrays strictly * Fix Coverity defects * Fix out of bounds write with long log lines * Apply `fast_reply` to 'to', 'cc', or 'bcc' * Prevent warning on empty emails * New default: `set rfc2047_parameters = yes` * 100% German * 100% Lithuanian * 100% Serbian * 100% Czech * 100% Turkish * 72% Hungarian * Improve header cache explanation * Improve description of some notmuch variables * Explain how timezones and `!`s work inside `%{}`, `%[]` and `%()` * Document config synonyms and deprecations * Create lots of GitHub Actions * Drop TravisCI * Add automated Fuzzing tests * Add automated ASAN tests * Create Dockers for building Centos/Fedora * Build fixes for Solaris 10 * New libraries: browser, enter, envelope * New configure options: `--fuzzing` `--debug-color` `--debug-queue` * Split Index/Pager GUIs/functions * Add lots of function dispatchers * Eliminate `menu_loop()` * Refactor function opcodes * Refactor cursor setting * Unify Alias/Query functions * Refactor Compose/Envelope functions * Modernise the Colour handling * Refactor the Attachment View * Eliminate the global `Context` * Upgrade `mutt_get_field()` * Refactor the `color quoted` code * Fix lots of memory leaks * Refactor Index resolve code * Refactor PatternList parsing * Refactor Mailbox freeing * Improve key mapping * Factor out charset hooks * Expose mutt_file_seek API * Improve API of `strto*` wrappers * imap QRESYNC fixes * Allow an empty To: address prompt * Fix argc==0 handling * Don't queue IMAP close commands * Fix IMAP UTF-7 for code points >= U+10000 * Don't include inactive messages in msgset generation update to 20211029 (boo#1185705, CVE-2021-32055): * Notmuch: support separate database and mail roots without .notmuch * fix notmuch crash on open failure * fix crypto crash handling pgp keys * fix ncrypt/pgp file_get_size return check * fix restore case-insensitive header sort * fix pager redrawing of long lines * fix notmuch: check database dir for xapian dir * fix notmuch: update index count after <entire-thread> * fix protect hash table against empty keys * fix prevent real_subj being set but empty * fix leak when saving fcc * fix leak after <edit-or-view-raw-message> * fix leak after trash to hidden mailbox * fix leak restoring postponed emails * fix new mail notifications * fix pattern compilation error for ( !>(~P) ) * fix menu display on window resize * Stop batch mode emails with no argument or recipients * Add sanitize call in print mailcap function * fix hdr_order to use the longest match * fix (un)setenv to not return an error with unset env vars * fix Imap sync when closing a mailbox * fix segfault on OpenBSD current * sidebar: restore sidebar_spoolfile colour * fix assert when displaying a file from the browser * fix exec command in compose * fix check_stats for Notmuch mailboxes * Fallback: Open Notmuch database without config * fix gui hook commands on startup * threads: implement the $use_threads feature * https://neomutt.org/feature/use-threads * hooks: allow a -noregex param to folder and mbox hooks * mailing lists: implement list-(un)subscribe using RFC2369 headers * mailcap: implement x-neomutt-nowrap flag * pager: add $local_date_header option * imap, smtp: add support for authenticating using XOAUTH2 * Allow <sync-mailbox> to fail quietly * imap: speed up server-side searches * pager: improve skip-quoted and skip-headers * notmuch: open database with user's configuration * notmuch: implement <vfolder-window-reset> * config: allow += modification of my_ variables * notmuch: tolerate file renames behind neomutt's back * pager: implement $pager_read_delay * notmuch: validate nm_query_window_timebase * notmuch: make $nm_record work in non-notmuch mailboxes * compose: add $greeting - a welcome message on top of emails * notmuch: show additional mail in query windows * imap: fix crash on external IMAP events * notmuch: handle missing libnotmuch version bumps * imap: add sanity check for qresync * notmuch: allow windows with 0 duration * index: fix index selection on <collapse-all> * imap: fix crash when sync'ing labels * search: fix searching by Message-Id in <mark-message> * threads: fix double sorting of threads * stats: don't check mailbox stats unless told * alias: fix crash on empty query * pager: honor mid-message config changes * mailbox: don't propagate read-only state across reopens * hcache: fix caching new labels in the header cache * crypto: set invalidity flags for gpgme/smime keys * notmuch: fix parsing of multiple type= * notmuch: validate $nm_default_url * messages: avoid unnecessary opening of messages * imap: fix seqset iterator when it ends in a comma * build: refuse to build without pcre2 when pcre2 is linked in ncurses Moderate SUSE bug 1184787 SUSE bug 1185705 CVE-2021-32055 CVE-2022-1328 cpe:/o:opensuse:leap:15.4 Security update for trivy (Moderate) openSUSE Leap 15.4 This update for trivy fixes the following issues: trivy was updated to version 0.28.0 (boo#1199760, CVE-2022-28946): * fix: remove Highlighted from json output (#2131) * fix: remove trivy-kubernetes replace (#2132) * docs: Add Operator docs under Kubernetes section (#2111) * fix(k8s): security-checks panic (#2127) * ci: added k8s scope (#2130) * docs: Update misconfig output in examples (#2128) * fix(misconf): Fix coloured output in Goland terminal (#2126) * docs(secret): Fix default value of --security-checks in docs (#2107) * refactor(report): move colorize function from trivy-db (#2122) * feat: k8s resource scanning (#2118) * chore: add CODEOWNERS (#2121) * feat(image): add `--server` option for remote scans (#1871) * refactor: k8s (#2116) * refactor: export useful APIs (#2108) * docs: fix k8s doc (#2114) * feat(kubernetes): Add report flag for summary (#2112) * fix: Remove problematic advanced rego policies (#2113) * feat(misconf): Add special output format for misconfigurations (#2100) * feat: add k8s subcommand (#2065) * chore: fix make lint version (#2102) * fix(java): handle relative pom modules (#2101) * fix(misconf): Add missing links for non-rego misconfig results (#2094) * feat(misconf): Added fs.FS based scanning via latest defsec (#2084) * chore(deps): bump trivy-issue-action to v0.0.4 (#2091) * chore(deps): bump github.com/twitchtv/twirp (#2077) * chore(deps): bump github.com/urfave/cli/v2 from 2.4.0 to 2.5.1 (#2074) * chore(os): updated fanal version and alpine distroless test (#2086) * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2 (#2075) * chore(deps): bump github.com/samber/lo from 1.16.0 to 1.19.0 (#2076) * feat(report): add support for SPDX (#2059) * chore(deps): bump actions/setup-go from 2 to 3 (#2073) * chore(deps): bump actions/cache from 3.0.1 to 3.0.2 (#2071) * chore(deps): bump golang from 1.18.0 to 1.18.1 (#2069) * chore(deps): bump actions/stale from 4 to 5 (#2070) * chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.3.0 (#2072) * chore(deps): bump github.com/open-policy-agent/opa from 0.39.0 to 0.40.0 (#2079) * chore: app version 0.27.0 (#2046) * fix(misconf): added to skip conf files if their scanning is not enabled (#2066) * docs(secret) fix rule path in docs (#2061) * docs: change from go.sum to go.mod (#2056) Update to version 0.27.1: * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.0 to 0.5.1 (#1926) * refactor(fs): scanner options (#2050) * feat(secret): truncate long line (#2052) * docs: fix a broken bullets (#2042) * feat(ubuntu): add 22.04 approx eol date (#2044) * docs: update installation.md (#2027) * docs: add Containerfile (#2032) Update to version 0.27.0: * fix(go): fixed panic to scan gomod without version (#2038) * docs(mariner): confirm it works with Mariner 2.0 VM (#2036) * feat(secret): support enable rules (#2035) * chore: app version 26.0 (#2030) * docs(secret): add a demo movie (#2031) * feat: support cache TTL in Redis (#2021) * fix(go): skip system installed binaries (#2028) * fix(go): check if go.sum is nil (#2029) * feat: add secret scanning (#1901) * chore: gh publish only with push the tag release (#2025) * fix(fs): ignore permission errors (#2022) * test(mod): using correct module inside test go.mod (#2020) * feat(server): re-add proxy support for client/server communications (#1995) * fix(report): truncate a description before escaping in ASFF template (#2004) * fix(cloudformation): correct margin removal for empty lines (#2002) * fix(template): correct check of old sarif template files (#2003) Update to version 0.26.0: * feat(alpine): warn mixing versions (#2000) * Update ASFF template (#1914) * chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994) * chore(deps): bump alpine from 3.15.3 to 3.15.4 (#1993) * test(go): add integration tests for gomod (#1989) * fix(python): fixed panic when scan .egg archive (#1992) * fix(go): set correct go modules type (#1990) * feat(alpine): support apk repositories (#1987) * docs: add CBL-Mariner (#1982) * docs(go): fix version (#1986) * feat(go): support go.mod in Go 1.17+ (#1985) * ci: fix URLs in the PR template (#1972) * ci: add semantic pull requests check (#1968) * docs(issue): added docs for wrong detection issues (#1961) Update to version 0.25.4: * docs: move CONTRIBUTING.md to docs (#1971) * refactor(table): use file name instead package path (#1966) * fix(sbom): add --db-repository (#1964) * feat(table): add PkgPath in table result (#1960) * fix(pom): merge multiple pom imports in a good manner (#1959) Update to version 0.25.3: * fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956) * fix(misconf): update BurntSushi/toml for fix runtime error (#1948) * fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947) * feat(jar): allow setting Maven Central URL using environment variable (#1939) * chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931) * chore(chart): remove version comments (#1933) Update to version 0.25.2: * fix(downloadDB): add flag to server command (#1942) Update to version 0.25.1: * fix(misconf): update defsec to resolve panics (#1935) * chore(deps): bump github.com/docker/docker (#1924) * docs: restructure the documentation (#1887) * chore(deps): bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 (#1923) * chore(deps): bump actions/cache from 2 to 3.0.1 (#1920) * chore(deps): bump actions/checkout from 2 to 3 (#1916) * chore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.39.0 (#1921) * chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.1.0 (#1919) * chore(deps): bump helm/chart-testing-action from 2.2.0 to 2.2.1 (#1918) * chore(deps): bump golang from 1.17 to 1.18.0 (#1915) * Add trivy horizontal logo (#1932) * chore(deps): bump alpine from 3.15.0 to 3.15.3 (#1917) * chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5 (#1925) * chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#1927) * feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873) Update to version 0.25.0: * docs(filter vulnerabilities): fix link (#1880) * feat(template) Add misconfigurations to gitlab codequality report (#1756) * fix(rpc): add PkgPath field to client / server mode (#1643) * fix(vulnerabilities): fixed trivy-db vulns (#1883) * feat(cache): remove temporary cache after filesystem scanning (#1868) * feat(sbom): add a dedicated sbom command (#1799) * feat(cyclonedx): add vulnerabilities (#1832) * fix(option): hide false warning about remote options (#1865) * chore: bump up Go to 1.18 (#1862) * feat(filesystem): scan in client/server mode (#1829) * refactor(template): remove unused test (#1861) * fix(cli): json format for trivy version (#1854) * docs: change URL for tfsec-checks (#1857) Moderate SUSE bug 1199760 CVE-2022-23648 CVE-2022-28946 cpe:/o:opensuse:leap:15.4 Security update for tor (Important) openSUSE Leap 15.4 This update for tor fixes the following issues: tor was updated to 0.4.7.8: * Fix a scenario where RTT estimation can become wedged, seriously degrading congestion control performance on all circuits. This impacts clients, onion services, and relays, and can be triggered remotely by a malicious endpoint. (TROVE-2022-001, CVE-2022-33903, boo#1200672) * Regenerate fallback directories generated on June 17, 2022. * Update the geoip files to match the IPFire Location Database, as retrieved on 2022/06/17. * Allow the rseq system call in the sandbox * logging bug fixes Important SUSE bug 1200672 CVE-2022-33903 cpe:/o:opensuse:leap:15.4 Security update for dbus-broker (Moderate) openSUSE Leap 15.4 This update for dbus-broker fixes the following issues: - CVE-2022-31212: Fix a stack buffer over-read in bundled c-shquote (boo#1200332) - CVE-2022-31213: Fix a NULL pointer dereferences in bundled c-shquote (boo#1200333) Moderate SUSE bug 1200332 SUSE bug 1200333 CVE-2022-31212 CVE-2022-31213 cpe:/o:opensuse:leap:15.4 Security update for wdiff (Moderate) openSUSE Leap 15.4 This update for wdiff fixes the following issues: This update ships wdiff. Updated to 1.2.2: * Updated Vietnamese, Swedish, Estonian, Chinese (traditional), Brazilian Portuguese and Russian translations. * Updated gnulib. * Used more recent autotools: autoconf 2.69 and automake 1.14.1. updated to 1.2.1: * Added Esperanto translation. * Updated Czech, German, Spanish, Finnish, Galician, Italian, Dutch, Polish, Slovenian, Serbian, Swedish, Ukrainian and Vietnamese translations. * Updated gnulib. * Recreated build system using recent versions of autotools. This will avoid security issues in 'make distcheck' target. (CVE-2012-3386) updated to 1.1.2: * Backport gnulib change to deal with removal of gets function. This is a build-time-only fix. (Mentioned in Fedora bug #821791) * Added Serbian translation. * Updated Danish and Vietnamese translations. * Work around a bug in the formatting of the man page. (Debian bug #669340) * Updated Czech, German, Spanish, Finnish, Dutch, Polish, Slovenian, Swedish and Ukrainian translations. * Fix several issue with the use of screen in the test suite. * Allow WDIFF_PAGER to override PAGER environment variable. * Do not autodetect less, so we don't auto-enable less-mode. This should improve things for UTF8 text. (Savannah bug #34224) Less-mode is considered deprecated, as it isn't fit for multi-byte encodings. Nevertheless it can still be enabled on the command line. * Introduces use of ngettext to allow correct handling of plural forms updated to 1.0.1: * Updated Polish, Ukrainian, Slovenian, Dutch, Finnish, Swedish and Czech translations * Changed major version to 1 to reflect maturity of the package * Updated Dutch, French, Danish and Slovenian translations * Added Ukrainian translation * Improved error reporting in case a child process has problems * Added tests to the test suite * Updated gnulib updated to 0.6.5: * Never initialize or deinitialize terminals, as we do no cursor movement * Deprecated --no-init-term (-K) command line option * Avoid relative path in man pages * Updated gnulib, might be particularly important for uClibc users updated to 0.6.4: * Updated Catalan translations * Updated gnulib update to 0.6.3: * `wdiff -d' to read input from single unified diff, perhaps stdin. * Updated texinfo documentation taking experimental switch into account. * Experimental programs (mdiff & friends) and a configure switch --enable-experimental to control them. * Recent imports from gnulib, use of recent autotools. * Improved autodetection of termcap library like ncurses. * Reformatted translations, still a number of fuzzy translations. * Changed from CVS to bzr for source code version control. * Various bug fixes. See ChangeLog for a more exhaustive list. * Introduce --with-default-pager=PAGER configure switch. * Fix missing newline in info dir entry list. * Fix shell syntax in configure script * Updated gnulib and gettext, the latter to 0.18 * Updated Dutch translation * Fixed a number of portability issues reported by maint.mk syntax checks * Updated Italian and Swedish translations * Updated gnulib Moderate CVE-2012-3386 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 103.0.5060.53 (boo#1200783) * CVE-2022-2156: Use after free in Base * CVE-2022-2157: Use after free in Interest groups * CVE-2022-2158: Type Confusion in V8 * CVE-2022-2160: Insufficient policy enforcement in DevTools * CVE-2022-2161: Use after free in WebApp Provider * CVE-2022-2162: Insufficient policy enforcement in File System API * CVE-2022-2163: Use after free in Cast UI and Toolbar * CVE-2022-2164: Inappropriate implementation in Extensions API * CVE-2022-2165: Insufficient data validation in URL formatting Important SUSE bug 1200783 CVE-2022-2156 CVE-2022-2157 CVE-2022-2158 CVE-2022-2160 CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164 CVE-2022-2165 cpe:/o:opensuse:leap:15.4 Security update for librttopo (Important) openSUSE Leap 15.4 This update for librttopo fixes the following issues: - CVE-2017-18359: Fixed a denial of service in rtgeom_to_x3d3() (boo#1201215) Important SUSE bug 1201215 CVE-2017-18359 cpe:/o:opensuse:leap:15.4 Security update for chafa (Moderate) openSUSE Leap 15.4 This update for chafa fixes the following issues: - CVE-2022-2301: Fixed buffer over-read (boo#1201211) Moderate SUSE bug 1201211 CVE-2022-2301 cpe:/o:opensuse:leap:15.4 Security update for libqt5-qtwebengine (Moderate) openSUSE Leap 15.4 This update for libqt5-qtwebengine fixes the following issues: Update to version 5.15.10: * Fix top level build with no widget * Fix read-after-free on EGL extensions * Update Chromium * Add workaround for unstable gn on macOS in ci * Pass archiver to gn build * Fix navigation to non-local URLs * Add support for universal builds for qtwebengine and qtpdf * Enable Apple Silicon support * Fix cross compilation x86_64->arm64 on mac * Bump version to 5.15.10 * CustomDialogs: Make custom input fields readable in dark mode * CookieBrowser: Make alternating rows readable in dark mode * Update Chromium: * Bump V8_PATCH_LEVEL * Fix clang set-but-unused-variable warning * Fix mac toolchain python linker script call * Fix missing dependency for gpu sources * Fix python calls * Fix undefined symbol for universal link * Quick fix for regression in service workers by reverting backports * [Backport] CVE-2022-0797: Out of bounds memory access in Mojo * [Backport] CVE-2022-1125 * [Backport] CVE-2022-1138: Inappropriate implementation in Web Cursor. * [Backport] CVE-2022-1305: Use after free in storage * [Backport] CVE-2022-1310: Use after free in regular expressions * [Backport] CVE-2022-1314: Type Confusion in V8 * [Backport] CVE-2022-1493: Use after free in Dev Tools * [Backport] On arm64 hosts, set host_cpu to 'arm64', not 'arm' * [Backport] Security Bug 1296876 * [Backport] Security bug 1269999 * [Backport] Security bug 1280852 * [Backport] Security bug 1292905 * [Backport] Security bug 1304659 * [Backport] Security bug 1306507 Moderate CVE-2022-0797 CVE-2022-1125 CVE-2022-1138 CVE-2022-1305 CVE-2022-1310 CVE-2022-1314 CVE-2022-1493 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 103.0.5060.114 (boo#1201216) * CVE-2022-2294: Heap buffer overflow in WebRTC * CVE-2022-2295: Type Confusion in V8 * CVE-2022-2296: Use after free in Chrome OS Shell Important SUSE bug 1201216 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: opera was updated to 88.0.4412.74: - DNA-100645 Cherry-pick CVE-2022-2294 onto stabilization branches Update to 88.0.4412.53 - DNA-99108 [Lin] Options on video pop out not possible to change - DNA-99832 On automatic video popout, close button should not stop video - DNA-99833 Allow turning on and off of each 'BABE' section from gear icon - DNA-99852 Default browser in Mac installer - DNA-99993 Crashes in AudioFileReaderTest, FFmpegAACBitstreamConverterTest - DNA-100045 iFrame Exception not unblocked with Acceptable Ads - DNA-100291 Update snapcraft uploading/releasing in scripts to use craft store Changes in 88.0.4412.40 - CHR-8905 Update chromium on desktop-stable-102-4412 to 102.0.5005.115 - DNA-99713 Sizing issues with video conferencing controls in PiP window - DNA-99831 Add 'back to tab' button like on video pop-out - The update to chromium 102.0.5005.115 fixes following issues: CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, CVE-2022-2011 Changes in 88.0.4412.27 - DNA-99725 Crash at opera::ModalDialogViews::Show() - DNA-99752 Do not allow to uncheck all lists for adBlock - DNA-99918 Enable #scrollable-tab-strip on desktop-stable-102-4412 - DNA-99969 Promote O88 to stable - Complete Opera 88.0 changelog at: https://blogs.opera.com/desktop/changelog-for-88/ Update to 87.0.4390.45 - DNA-99478 Top Sites don’t always has big icon - DNA-99702 Enable Acceptable Ads for stable stream - DNA-99725 Crash at opera::ModalDialogViews::Show() - DNA-99752 Do not allow to uncheck all lists for adBlock - Update to 87.0.4390.36 - CHR-8883 Update chromium on desktop-stable-101-4390 to 101.0.4951.67 - DNA-99190 Investigate windows installer signature errors on win7 - DNA-99502 Sidebar – API to open panels - DNA-99593 Report sad tab displayed counts per kind - DNA-99628 Personalized Speed Dial context menu issue fix Important CVE-2022-2007 CVE-2022-2008 CVE-2022-2010 CVE-2022-2011 CVE-2022-2294 cpe:/o:opensuse:leap:15.4 Security update for phpPgAdmin (Critical) openSUSE Leap 15.4 This update for phpPgAdmin fixes the following issues: - CVE-2019-10784: Fixed improper source validation that could lead to CSRF (boo#1162794) Critical SUSE bug 1162794 CVE-2019-10784 cpe:/o:opensuse:leap:15.4 Security update for virtualbox (Important) openSUSE Leap 15.4 This update for virtualbox fixes the following issues: - Save and restore FPU status during interrupt. (boo#1199803) - Update support of building with Python - Replace SDL-devel BuildRequires with pkgconfig(sdl): allow to use sdl12_compat as an alternative. Version bump to 6.1.36 released by Oracle July 19 2022 This is a maintenance release. The following items were fixed and/or added: - VMM: Fixed possible Linux guest kernel crash when configuring Speculative Store Bypass for a single vCPU VM - GUI: In the storage page of the virtual machine settings dialog, fixed a bug which disrupted mouse interaction with the native file selector on KDE - NAT: Prevent issue when host resolver incorrectly returned NXDOMAIN for unsupported queries (bug #20977) - Audio: General improvements in saved state area - Recording: Various fixes for settings handling - VGA: Performance improvements for screen updates when VBE banking is used - USB: Fixed rare crashes when detaching a USB device - ATA: Fixed NT4 guests taking a minute to eject CDs - vboximg-mount: Fixed broken write support (bug #20896) - SDK: Fixed Python bindings incorrectly trying to convert arbitrary byte data into unicode objects with Python 3, causing exceptions (bug #19740) - API: Fixed an issue when virtual USB mass storage devices or virtual USB DVD drives are added while the VM is not running are by default not marked as hot-pluggable - API: Initial support for Python 3.10 - API: Solaris OS types cleanup - Linux and Solaris hosts: Allow to mount shared folder if it is represented as a symlink on a host side (bug #17491) - Linux Host and Guest drivers: Introduced initial support for kernels 5.18, 5.19 and RHEL 9.1 (bugs #20914, #20941) - Linux Host and Guest drivers: Better support for kernels built with clang compiler (bugs #20425 and #20998) - Solaris Guest Additions: General improvements in installer area - Solaris Guest Additions: Fixed guest screen resize in VMSVGA graphics configuration - Linux and Solaris Guest Additions: Fixed multi-screen handling in VBoxVGA and VBoxSVGA graphics configuration - Linux and Solaris Guest Additions: Added support for setting primary screen via VBoxManage - Linux and Solaris Guest Additions: Fixed X11 resources leak when resizing guest screens - Linux and Solaris Guest Additions: Fixed file descriptor leak when starting a process using guest control (bug #20902) - Linux and Solaris Guest Additions: Fixed guest control executing processes as root - Linux Guest Additions: Improved guests booting time by preventing kernel modules from being rebuilt when it is not necessary (bug #20502) - Windows Guest Additions: Fixed VBoxTray crash on startup in NT4 guests on rare circumstances - Fixes CVE-2022-21571,CVE-2022-21554 - boo#1201720 Version bump to 6.1.34 (released March 22 2022) by Oracle - This is a maintenance release. The following items were fixed and/or added: - VMM: Fix instruction emulation for 'cmpxchg16b' - GUI: Improved GUI behavior on macOS Big Sur and later when kernel extensions are not loaded - EHCI: Addressed an issue with handling short packets (bug #20726) - Storage: Fixed a potential hang during disk I/O when the host I/O cache is disabled (bug #20875) - NVMe: Fixed loading saved state when nothing is attached to it (bug #20791) - DevPcBios: Addressed an issue which resulted in rejecting the detected LCHS geometry when the head count was above 16 - virtio-scsi: Improvements - E1000: Improve descriptor handling - VBoxManage: Fixed handling of command line arguments with incomplete quotes (bug #20740) - VBoxManage: Improved 'natnetwork list' output - VBoxManage: NATNetwork: Provide an option (--ipv6-prefix) to set IPv6 prefix - VBoxManage: NATNetwork: Provide an option (--ipv6-default) to advertise default IPv6 route (bug #20714) - VBoxManage: Fix documentation of 'usbdevsource add' (bug #20849) - Networking: General improvements in IPv4 and IPv6 area (bug #20714) - OVF Import: Allow users to specify a different storage controller and/or controller port for hard disks when importing a VM - Unattended install: Improvements - Shared Clipboard: Improved HTML clipboard handling for Windows host - Linux host and guest: Introduced initial support for kernel 5.17 - Solaris package: Fixes for API access from Python - Solaris IPS package: Suppress dependency on libpython2.7.so.* - Linux host and guest: Fixes for Linux kernel 5.14 - Linux Guest Additions: Fixed guest screen resize for older guests which are running libXrandr older than version 1.4 - Linux Guest Additions: Introduced initial support for RHEL 8.6 kernels (bug #20877) - Windows guest: Make driver install smarter - Solaris guest: Addressed an issue which prevented VBox GAs 6.1.30 or 6.1.32 from being removed in Solaris 10 guests (bug #20780) - EFI: Fixed booting from FreeBSD ISO images (bug #19910) - Fixes CVE-2022-21465 (boo#1198676), CVE-2022-21471 (boo#1198677), CVE-2022-21491 (boo#1198680), CVE-2022-21487 (boo#1198678), and CVE-2022-21488 (boo#1198679). - package virtualbox-websrv needs sysvinit-tools (boo#1198703) Important SUSE bug 1198676 SUSE bug 1198677 SUSE bug 1198678 SUSE bug 1198679 SUSE bug 1198680 SUSE bug 1198703 SUSE bug 1199803 SUSE bug 1201720 CVE-2022-21465 CVE-2022-21471 CVE-2022-21487 CVE-2022-21488 CVE-2022-21491 CVE-2022-21554 CVE-2022-21571 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium was updated to 103.0.5060.134 (boo#1201679): * CVE-2022-2477 : Use after free in Guest View * CVE-2022-2478 : Use after free in PDF * CVE-2022-2479 : Insufficient validation of untrusted input in File * CVE-2022-2480 : Use after free in Service Worker API * CVE-2022-2481: Use after free in Views * CVE-2022-2163: Use after free in Cast UI and Toolbar * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1201679 CVE-2022-2163 CVE-2022-2477 CVE-2022-2478 CVE-2022-2479 CVE-2022-2480 CVE-2022-2481 cpe:/o:opensuse:leap:15.4 Security update for python-jupyterlab (Important) openSUSE Leap 15.4 This update for python-jupyterlab fixes the following issues: Update to 2.2.10: * Remove `form` tags' `action` attribute during sanitizing, to prevent an XSS (CVE-2021-32797) (boo#1196663) * Header ‘Content-Type’ should not be overwritten * Do not use token parameters in websocket urls * Properly handle errors in async browser_check * Cells can no longer be executed while kernels are terminating or restarting. There is a new status for these events on the Kernel Indicator * Add styling for high memory usage warning in status bar with nbresuse * Adds support for Python version 3.10 * Support live editing of SVG with updating rendering * Lazy load codemirror theme stylesheets * Add feature request template + slight reorg in readme * Add link to react example in extension-examples repo * Close correct tab with close tab * Remove unused css rules * Simplified multicursor backspace code * Fix recent breaking changes to normalizepath in filebrowser * Handle quit_button when launched as an extension * Add worker-loader * Fix icon sidebar height for third party extensions * Scrolls cells into view after deletion * Support Node.js 10+ * Select search text when focusing the search overlay * Throttle fetch requests in the setting registry’s data connector * Avoid redundant checkpoint calls on loading a notebook Important SUSE bug 1196663 CVE-2021-32797 cpe:/o:opensuse:leap:15.4 Security update for connman (Critical) openSUSE Leap 15.4 This update for connman fixes the following issues: - CVE-2022-32292: Add refcounting to wispr portal detection to avoid heap overflow (boo#1200190) - CVE-2022-32292: Fix OOB write in received_data (boo#1200189) Critical SUSE bug 1200189 SUSE bug 1200190 CVE-2022-32292 CVE-2022-32293 cpe:/o:opensuse:leap:15.4 Security update for caddy (Moderate) openSUSE Leap 15.4 This update for caddy fixes the following issues: Update to version 2.5.2: * admin: expect quoted ETags (#4879) * headers: Only replace known placeholders (#4880) * reverseproxy: Err 503 if all upstreams unavailable * reverseproxy: Adjust new TLS Caddyfile directive names (#4872) * fileserver: Use safe redirects in file browser * admin: support ETag on config endpoints (#4579) * caddytls: Reuse issuer between PreCheck and Issue (#4866) * admin: Implement /adapt endpoint (close #4465) (#4846) * forwardauth: Fix case when `copy_headers` is omitted (#4856) * Expose several Caddy HTTP Matchers to the CEL Matcher (#4715) * reverseproxy: Fix double headers in response handlers (#4847) * reverseproxy: Fix panic when TLS is not configured (#4848) * reverseproxy: Skip TLS for certain configured ports (#4843) * forwardauth: Support renaming copied headers, block support (#4783) * Add comment about xcaddy to main * headers: Support wildcards for delete ops (close #4830) (#4831) * reverseproxy: Dynamic ServerName for TLS upstreams (#4836) * reverseproxy: Make TLS renegotiation optional * reverseproxy: Add renegotiation param in TLS client (#4784) * caddyhttp: Log error from CEL evaluation (fix #4832) * reverseproxy: Correct the `tls_server_name` docs (#4827) * reverseproxy: HTTP 504 for upstream timeouts (#4824) * caddytls: Make peer certificate verification pluggable (#4389) * reverseproxy: api: Remove misleading 'healthy' value * Fix #4822 and fix #4779 * reverseproxy: Add --internal-certs CLI flag #3589 (#4817) * ci: Fix build caching on Windows (#4811) * templates: Add `humanize` function (#4767) * core: Micro-optim in run() (#4810) * httpcaddyfile: Add `{err.*}` placeholder shortcut (#4798) * templates: Documentation consistency (#4796) * chore: Bump quic-go to v0.27.0 (#4782) * reverseproxy: Support http1.1>h2c (close #4777) (#4778) * rewrite: Handle fragment before query (fix #4775) [boo#1201822, CVE-2022-34037] * httpcaddyfile: Support multiple values for `default_bind` (#4774) Moderate SUSE bug 1201822 CVE-2022-34037 cpe:/o:opensuse:leap:15.4 Security update for trivy (Moderate) openSUSE Leap 15.4 This update for trivy fixes the following issues: trivy was updated to version 0.30.4: * fix: remove the first arg when running as a plugin (#2595) * fix: k8s controlplaner scanning (#2593) * fix(vuln): GitLab report template (#2578) Update to version 0.30.3: * fix(server): use a new db worker for hot updates (#2581) * docs: add trivy with download-db-only flag to Air-Gapped Environment (#2583) * docs: split commands to download db for different versions of oras (#2582) * feat(report): export exitcode for license checks (#2564) * fix: cli can use lowercase for severities (#2565) * fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577) * fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569) * fix: enable some features of the wasm runtime (#2575) * fix(k8s): no error logged if trivy can't get docker image in kubernetes mode (#2521) * docs(sbom): improve sbom attestation documentation (#2566) Update to version 0.30.2: * fix(report): show the summary without results (#2548) * fix(cli): replace '-' to '_' for env vars (#2561) Update to version 0.30.1: * chore: remove a test repository (#2551) * fix(license): lazy loading of classifiers (#2547) * fix: CVE-2022-1996 in Trivy (#2499) * docs(sbom): add sbom attestation (#2527) * feat(rocky): set Rocky Linux 9 EOL (#2543) * docs: add attributes to the video tag to autoplay demo videos (#2538) * fix: yaml files with non-string chart name (#2534) * fix: skip dirs (#2530) * feat(repo): add support for branch, commit, & tag (#2494) * fix: remove auto configure environment variables via viper (#2526) Update to version 0.30.0: * fix: separating multiple licenses from one line in dpkg copyright files (#2508) * fix: change a capital letter for `plugin uninstall` subcommand (#2519) * fix: k8s hide empty report when scanning resource (#2517) * refactor: fix comments (#2516) * fix: scan vendor dir (#2515) * feat: Add support for license scanning (#2418) * chore: add owners for secret scanning (#2485) * fix: remove dependency-tree flag for image subcommand (#2492) * fix(k8s): add shorthand for k8s namespace flag (#2495) * docs: add information about using multiple servers to troubleshooting (#2498) * ci: add pushing canary build images to registries (#2428) * feat(dotnet): add support for .Net core .deps.json files (#2487) * feat(amazon): add support for 2022 version (#2429) * Type correction bitnami chart (#2415) * docs: add config file and update CLI references (#2489) * feat: add support for flag groups (#2488) * refactor: move from urfave/cli to spf13/cobra (#2458) * fix: Fix secrets output not containing file/lines (#2467) * fix: clear output with modules (#2478) * docs(cbl): distroless 1.0 supported (#2473) * fix: Fix example dockerfile rego policy (#2460) * fix(config): add helm to list of config analyzers (#2457) * feat: k8s resouces scan (#2395) * feat(sbom): add cyclonedx sbom scan (#2203) * docs: remove links to removed content (#2431) * ci: added rpm build for rhel 9 (#2437) * fix(secret): remove space from asymmetric private key (#2434) * test(integration): fix golden files for debian 9 (#2435) * fix(cli): fix version string in docs link when secret scanning is enabled (#2422) * refactor: move CycloneDX marshaling (#2420) * docs(nodejs): add docs about pnpm support (#2423) * docs: improve k8s usage documentation (#2425) * feat: Make secrets scanning output consistant (#2410) * ci: create canary build after main branch changes (#1638) * fix(misconf): skip broken scans (#2396) * feat(nodejs): add pnpm support (#2414) * fix: Fix false positive for use of COS images (#2413) * eliminate nerdctl dependency (#2412) * Add EOL date for SUSE SLES 15.3, 15.4 and OpenSUSE 15.4 (#2403) * fix(go): no cast to lowercase go package names (#2401) * BREAKING(sbom): change 'trivy sbom' to scan SBOM (#2408) * fix(server): hot update the db from custom repository (#2406) * feat: added license parser for dpkg (#2381) * fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key (#2400) * feat: extract stripe publishable and secret keys (#2392) * feat: rbac support k8s sub-command (#2339) * feat(ruby): drop platform strings from dependency versions bundled with bundler v2 (#2390) * docs: Updating README with new CLI command (#2359) * fix(misconf): Update defsec to v0.68.4 to resolve CF detection bug (#2383) * chore: add integration label and merge security label (#2316) Update to version 0.29.2: * chore: skip Visual Studio Code project folder (#2379) * fix(helm): handle charts with templated names (#2374) * docs: redirect operator docs to trivy-operator repo (#2372) * fix(secret): use secret result when determining Failed status (#2370) * try removing libdb-dev * run integration tests in fanal * use same testing images in fanal * feat(helm): add support for trivy dbRepository (#2345) * fix: Fix failing test due to deref lint issue * test: Fix broken test * fix: Fix makefile when no previous named ref is visible in a shallow clone * chore: Fix linting issues in fanal * refactor: Fix fanal import paths and remove dotfiles Update to version 0.29.1: * fix(report): add required fields to the SARIF template (#2341) * chore: fix spelling errors (#2352) * Omit Remediation if PrimaryURL is empty (#2006) * docs(repo): Link to installation documentation in readme shows 404 (#2348) * feat(alma): support for scanning of modular packages for AlmaLinux (#2347) Update to version 0.29.0: * fix(lang): fix dependency graph in client server mode (#2336) * feat: allow expiration date for .trivyignore entries (#2332) * feat(lang): add dependency origin graph (#1970) * docs: update nix installation info (#2331) * feat: add rbac scanning support (#2328) * refactor: move WordPress module to another repository (#2329) * ci: add support for ppc64le (#2281) * feat: add support for WASM modules (#2195) * feat(secret): show recommendation for slow scanning (#2051) * fix(flag): remove --clear-cache flag client mode (#2301) * fix(java): added check for looping for variable evaluation in pom file (#2322) * BREAKING(k8s): change CLI API (#2186) * feat(alpine): add Alpine Linux 3.16 (#2319) * ci: add `go mod tidy` check (#2314) * chore: run `go mod tidy` (#2313) * fix: do not exit if one resource is not found (#2311) * feat(cli): use stderr for all log messages (resolve #381) (#2289) * test: replace deprecated subcommand client in integration tests (#2308) * feat: add support for containerd (#2305) * fix(kubernetes): Support floats in manifest yaml (#2297) * docs(kubernetes): dead links (#2307) * chore: add license label (#2304) * feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293) * feat(helm): add pod annotations (#2272) * refactor: do not import defsec in fanal types package (#2292) * feat(report): Add misconfiguration support to ASFF report template (#2285) * test: use images in GHCR (#2275) * feat(helm): support pod annotations (#2265) * feat(misconf): Helm chart scanning (#2269) * docs: Update custom rego policy docs to reflect latest defsec/fanal changes (#2267) * fix: mask redis credentials when logging (#2264) * refactor: extract commands Runner interface (#2147) * docs: update operator release (#2263) * feat(redhat): added architecture check (#2172) * docs: updating links in the docs to work again (#2256) * docs: fix readme (#2251) * fix: fixed incorrect CycloneDX output format (#2255) * refactor(deps): move dependencies to package (#2189) * fix(report): change github format version to required (#2229) * docs: update readme (#2110) * docs: added information about choosing advisory database (#2212) * chore: update trivy-kubernetes (#2224) * docs: clarifying parts of the k8s docs and updating links (#2222) * fix(k8s): timeout error logging (#2179) * chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214) * feat(k8s): add --context flag (#2171) * fix(k8s): properly instantiate TableWriter (#2175) * test: fixed integration tests after updating testcontainers to v0.13.0 (#2208) * chore: update labels (#2197) * fix(report): fixed panic if all misconf reports were removed in filter (#2188) * feat(k8s): scan secrets (#2178) * feat(report): GitHub Dependency Snapshots support (#1522) * feat(db): added insecure skip tls verify to download trivy db (#2140) * fix(redhat): always use vulns with fixed version if there is one (#2165) * chore(redhat): Add support for Red Hat UBI 9. (#2183) * fix(k8s): update trivy-kubernetes (#2163) * fix misconfig start line for code quality tpl (#2181) * fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176) * docs(vuln): Include GitLab 15.0 integration (#2153) * docs: fix the operator version (#2167) * fix(k8s): summary report when when only vulns exit (#2146) * chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives in ksv038) (#2156) * perf(misconf): Improve performance when scanning very large files (#2152) * docs(misconf): Update examples and docs to refer to builtin/defsec instead of appshield (#2150) * chore(deps): Update fanal (for less verbose code in misconf results) (#2151) * docs: fixed installation instruction for rhel/centos (#2143) Moderate CVE-2022-1996 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 104.0.5112.79 (boo#1202075) * CVE-2022-2603: Use after free in Omnibox * CVE-2022-2604: Use after free in Safe Browsing * CVE-2022-2605: Out of bounds read in Dawn * CVE-2022-2606: Use after free in Managed devices API * CVE-2022-2607: Use after free in Tab Strip * CVE-2022-2608: Use after free in Overview Mode * CVE-2022-2609: Use after free in Nearby Share * CVE-2022-2610: Insufficient policy enforcement in Background Fetch * CVE-2022-2611: Inappropriate implementation in Fullscreen API * CVE-2022-2612: Side-channel information leakage in Keyboard input * CVE-2022-2613: Use after free in Input * CVE-2022-2614: Use after free in Sign-In Flow * CVE-2022-2615: Insufficient policy enforcement in Cookies * CVE-2022-2616: Inappropriate implementation in Extensions API * CVE-2022-2617: Use after free in Extensions API * CVE-2022-2618: Insufficient validation of untrusted input in Internals * CVE-2022-2619: Insufficient validation of untrusted input in Settings * CVE-2022-2620: Use after free in WebUI * CVE-2022-2621: Use after free in Extensions * CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing * CVE-2022-2623: Use after free in Offline * CVE-2022-2624: Heap buffer overflow in PDF - Switch back to Clang so that we can use BTI on aarch64 * Gold is too old - doesn't understand BTI * LD crashes on aarch64 - Re-enable LTO - Prepare move to FFmpeg 5 for new channel layout (requires 5.1+) Important SUSE bug 1202075 CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612 CVE-2022-2613 CVE-2022-2614 CVE-2022-2615 CVE-2022-2616 CVE-2022-2617 CVE-2022-2618 CVE-2022-2619 CVE-2022-2620 CVE-2022-2621 CVE-2022-2622 CVE-2022-2623 CVE-2022-2624 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: Opera was updated to 89.0.4447.71 - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134 - DNA-100492 authPrivate.storeCredentials should work with running auth session - DNA-100649 “Sign out” from settings doesn’t also sign out from auth - DNA-100653 VPN Badge popup – not working well with different page zoom being set in browser settings - DNA-100712 Wrong spacing on text to reset sync passphrase in settings - DNA-100799 VPN icon is “pro” on disconnected - DNA-100841 Remove Get Subscription and Get button from VPN pro settings - DNA-100883 Update missing translations from chromium - DNA-100899 Translation error in Turkish - DNA-100912 Unable to select pinboards when sync everything is enabled - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB - DNA-100960 Use after move CountryBlacklistServiceImpl::DownloadCountryBlacklist - DNA-100961 Use after move CategorizationDataCollection::Iterator::Iterator - DNA-100989 Crash at opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&) - The update to chromium 103.0.5060.134 fixes following issues: CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479 CVE-2022-2480, CVE-2022-2481 - Update to 89.0.4447.51 - DNA-99538 Typed content of address bar shared between tabs - DNA-100418 Set 360 so as search engine in China - DNA-100629 Launch Auth login when enabling sync while logged in - DNA-100776 Popup is too long if there are no services available - Update to 89.0.4447.48 - CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114 - DNA-100247 Make it possible to display hint when tab scrolling gets triggered - DNA-100482 Shopping corner icon availability - DNA-100575 Add unique IDs to all web element in opera account popup - DNA-100625 Opera account popup appears too high on Linux - DNA-100627 Enable #snap-from-panel on all stream - DNA-100636 DCHECK at suggestion_item.cc(484) - DNA-100685 Fix crash when attaching to tab strip scroll buttons - DNA-100693 Enable Sticky Site sidebar item to have notification bubble - DNA-100698 [AdBlock] Unhandled Disconnect list category: 'emailaggressive' - DNA-100716 Misstype Settings 'Enhanced address bar' - DNA-100732 Fix &amp; escaping in translated strings - DNA-100759 Crash when loading personal news in private window - The update to chromium 103.0.5060.114 fixes following issues: CVE-2022-2294, CVE-2022-2295, CVE-2022-2296 - Update to 89.0.4447.38 - DNA-100283 Translations for O89 - Complete Opera 89.0 changelog at: https://blogs.opera.com/desktop/changelog-for-89/ - Changes in 89.0.4447.37 - CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66 - DNA-99780 Crash at zmq::zmq_abort(char const*) - DNA-100377 New opera account popup doesn’t open on Linux - DNA-100589 Crash at base::internal::Invoker<T>::RunOnce (base::internal::BindStateBase*, scoped_refptr<T>&&) - DNA-100607 Sync “Sign in” button doesn’t work with Opera Account popup Important CVE-2022-2163 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296 CVE-2022-2477 CVE-2022-2478 CVE-2022-2479 CVE-2022-2480 CVE-2022-2481 cpe:/o:opensuse:leap:15.4 Security update for seamonkey (Important) openSUSE Leap 15.4 This update for seamonkey fixes the following issues: update to SeaMonkey 2.53.13 * Updates to devtools. * Updates to build configuration. * Starting the switch from Python 2 to Python 3 in the build system. * Removal of array comprehensions, legacy iterators and generators bug 1414340 and bug 1098412. * Adding initial optional chaining and Promise.allSettled() support. * SeaMonkey 2.53.13 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.13 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.11 and Thunderbird 91.11 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. update to SeaMonkey 2.53.12 * Format Toolbar forgets its hidden status when switching to other view modes bug 1719020. * Remove obsolete plugin code from SeaMonkey bug 1762733. * Fix a few strict warnings in SeaMonkey bug 1755553. * Remove Run Flash from Site permissions and page info bug 1758289. * Use fixIterator and replace use of removeItemAt in FilterListDialog bug 1756359. * Remove RDF usage in tabmail.js bug 1758282. * Implement 'Edit Template' and 'New Message From Template' commands and UI bug 1759376. * [SM] Implement 'Edit Draft' command and hide it when not in a draft folder (port Thunderbird bug 1106412) bug 1256716. * Messages in Template folder need 'Edit Template' button in header (like for Drafts) bug 80280. * Refactor and simplify the feed Subscribe dialog options updates bug 1420473. * Add system memory and disk size and placeDB page limit to about:support bug 1753729. * Remove warning about missing plugins in SeaMonkey 2.53 and 2.57 bug 1755558. * SeaMonkey 2.53.12 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.12 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.9 and Thunderbird 91.9 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. update to SeaMonkey 2.53.11.1 * Fix edge case when setting IntersectionObserver threshold bug 1758291. * OAuth2 prefs should use realuserName instead of username bug 1518126. * SeaMonkey 2.53.11.1 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.11.1 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.7 and Thunderbird 91.7 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. update to SeaMonkey 2.53.11 * Remove obsolete MOZ_EXTENSIONS check in suite bug 1749146. * Add connect button to cZ Networks Editor bug 1736443. * Remove freenode remnants from ChatZilla in SeaMonkey bug 1741082. * Prefer secure over insecure protocol in network list in ChatZilla bug 1744440. * Composer - Change tag textbox is not removed after use bug 1755369. * Clean up repo links in debugQA bug 1746790. * Fix misspelled references to macOS in suite bug 1749144. * Remove obsolete references to Java and Flash bug 1749141. * Help button not working in delete cert dialog bug 1750386. * Rearrange Message Filter Dialog to make room for new features bug 1735053. * Use Insert key as shortcut to create new message filters bug 1735055. * Rename some variables used in SeaMonkey's FilterListDialog to match Thunderbird's bug 1735056. * Implement Copy to New message filter functionality bug 1735057. * Add move to top / bottom buttons to message filters bug 1735059. * Add preference to not prompt for message filter deletion bug 1735061. * Clean up folder handling in FilterListDialog bug 1736425. * Add refresh function to Filter list dialog so that it can be updated when already open and new filters are added externally bug 1737450. * Use listbox rather than tree in FilterListDialog bug 1746081. * MsgFilterList(args) should take targetFilter and pass it to FilterListDialog bug 1753891. * Mail&News' start.xhtml: 'We' link broken bug 1748178. * Add search functionality to filter dialog bug 1749207. * Move the taskbar refresh timer in SeaMonkey to idle dispatch bug 1746788. * Prevent subresource loads from showing the progress indicator on the tab in SeaMonkey bug 1746787. * SeaMonkey 2.53.11 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * Additional important security fixes up to Current Firefox 91.6 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. * SeaMonkey 2.53.11 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. Important cpe:/o:opensuse:leap:15.4 Security update for canna (Important) openSUSE Leap 15.4 This update for canna fixes the following issues: - CVE-2022-21950: Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. Use systemd-tmpfiles for cleaning old sockets (boo#1199280). Important SUSE bug 1199280 CVE-2022-21950 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 104.0.5112.101 (boo#1202509): * CVE-2022-2852: Use after free in FedCM * CVE-2022-2854: Use after free in SwiftShader * CVE-2022-2855: Use after free in ANGLE * CVE-2022-2857: Use after free in Blink * CVE-2022-2858: Use after free in Sign-In Flow * CVE-2022-2853: Heap buffer overflow in Downloads * CVE-2022-2856: Insufficient validation of untrusted input in Intents * CVE-2022-2859: Use after free in Chrome OS Shell * CVE-2022-2860: Insufficient policy enforcement in Cookies * CVE-2022-2861: Inappropriate implementation in Extensions API - Re-enable our version of chrome-wrapper - Set no sandbox if root is being used (https://crbug.com/638180) Important SUSE bug 1202509 CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 cpe:/o:opensuse:leap:15.4 Security update for nim (Important) openSUSE Leap 15.4 This update for nim fixes the following issues: Includes upstream security fixes for: * (boo#1175333, CVE-2020-15693) httpClient is vulnerable to a CR-LF injection * (boo#1175334, CVE-2020-15692) mishandle of argument to browsers.openDefaultBrowser * (boo#1175332, CVE-2020-15694) httpClient.get().contentLength() fails to properly validate the server response * (boo#1192712, CVE-2021-41259) null byte accepted in getContent function, leading to URI validation bypass * (boo#1185948, CVE-2021-29495) stdlib httpClient does not validate peer certificates by default * (boo#1185085, CVE-2021-21374) Improper verification of the SSL/TLS certificate * (boo#1185084, CVE-2021-21373) 'nimble refresh' falls back to a non-TLS URL in case of error * (boo#1185083, CVE-2021-21372) doCmd can be leveraged to execute arbitrary commands * (boo#1181705, CVE-2020-15690) Standard library asyncftpclient lacks a check for newline character Update to 1.6.6 * standard library use consistent styles for variable names so it can be used in projects which force a consistent style with --styleCheck:usages option. * ARC/ORC are now considerably faster at method dispatching, bringing its performance back on the level of the refc memory management. * Full changelog: https://nim-lang.org/blog/2022/05/05/version-166-released.html - Previous updates and changelogs: * 1.6.4: https://nim-lang.org/blog/2022/02/08/version-164-released.html * 1.6.2: https://nim-lang.org/blog/2021/12/17/version-162-released.html * 1.6.0: https://nim-lang.org/blog/2021/10/19/version-160-released.html * 1.4.8: https://nim-lang.org/blog/2021/05/25/version-148-released.html * 1.4.6: https://nim-lang.org/blog/2021/04/15/versions-146-and-1212-released.html * 1.4.4: https://nim-lang.org/blog/2021/02/23/versions-144-and-1210-released.html * 1.4.2: https://nim-lang.org/blog/2020/12/01/version-142-released.html * 1.4.0: https://nim-lang.org/blog/2020/10/16/version-140-released.html update to 1.2.16 * oids: switch from PRNG to random module * nimc.rst: fix table markup * nimRawSetjmp: support Windows * correctly enable chronos * bigints are not supposed to work on 1.2.x * disable nimpy * misc bugfixes * fixes a 'mixin' statement handling regression [backport:1.2 Important SUSE bug 1175332 SUSE bug 1175333 SUSE bug 1175334 SUSE bug 1181705 SUSE bug 1185083 SUSE bug 1185084 SUSE bug 1185085 SUSE bug 1185948 SUSE bug 1192712 CVE-2020-15690 CVE-2020-15692 CVE-2020-15693 CVE-2020-15694 CVE-2021-21372 CVE-2021-21373 CVE-2021-21374 CVE-2021-29495 CVE-2021-41259 cpe:/o:opensuse:leap:15.4 Security update for freeciv (Important) openSUSE Leap 15.4 This update for freeciv fixes the following issues: - update to 3.0.3 (boo#1202548, CVE-2022-6083): * 3.0.3 is a bugfix release * see https://freeciv.fandom.com/wiki/NEWS-3.0.3 - update to 3.0.2: * 3.0.2 is a generic bugfix release * see https://freeciv.fandom.com/wiki/NEWS-3.0.2 - update to 3.0.1: * 3.0.1 is a generic bugfix release * see https://freeciv.fandom.com/wiki/NEWS-3.0.1 - update to 3.0.0: * This release is a major upgrade which with some changes that can support backward compatible rulesets * see https://freeciv.fandom.com/wiki/NEWS-3.0.0#WHAT.27S_CHANGED_SINCE_2.6 - update to 2.6.6: * https://freeciv.fandom.com/wiki/NEWS-2.6.5 * 2.6.6 is a bugfix release. Important SUSE bug 1202548 CVE-2022-6083 cpe:/o:opensuse:leap:15.4 Security update for python-Django (Important) openSUSE Leap 15.4 This update for python-Django fixes the following issues: - CVE-2022-36359: Fixed potential reflected file download vulnerability in FileResponse (boo#1201923) * Backport fix and tests from uptream branch 3.2.X Important SUSE bug 1201923 CVE-2022-36359 cpe:/o:opensuse:leap:15.4 Security update for varnish (Important) openSUSE Leap 15.4 This update for varnish fixes the following issues: Update to release 7.1.1: - CVE-2022-38150: Resolve a denial of service attack involving reason phrases (boo#1202350). Important SUSE bug 1202350 CVE-2022-38150 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: - Update to 90.0.4480.54 - CHR-8981 Update chromium on desktop-stable-104-4480 to 104.0.5112.102 - DNA-98165 [buildsign] Whitelist Silent.nib when creating universal NI package on Mac - DNA-101309 Use base filename in PUT request when uploading files to buildbot - The update to chromium 104.0.5112.102 fixes following issues: CVE-2022-2852, CVE-2022-2854, CVE-2022-2855, CVE-2022-2857, CVE-2022-2858, CVE-2022-2853, CVE-2022-2856, CVE-2022-2859, CVE-2022-2860, CVE-2022-2861 - Update to 90.0.4480.48 - DNA-100835 AddressBarModelTestWithCategories.RefreshUnfiltered SuggestionsWhenPrefsChanged fails on beta stream - DNA-101171 Translations for O90 - DNA-101216 Remove empty string from flow client_capabilities - DNA-101357 Promote O90 to Stable - DNA-101383 Revert DNA-101033 - Complete Opera 90.0 changelog at: https://blogs.opera.com/desktop/changelog-for-90/ - Update to 89.0.4447.91 - DNA-100673 Crash at void opera::ModalDialogBaseView::OnExtraButtonPressed (const class ui::Event& const) - DNA-100915 [Sync Settings] Confirm your identity to enable encryption message flickers - DNA-100937 Missing links to ToS and Privacy Statement in launcher dialog when running installer with –show-eula-window-on-start - DNA-101002 Make errors from webpack compilation appear in the log - DNA-101045 Popup contents are pushed outside of popup in 'Unprotected' VPN state - DNA-101076 Disabled Pinboards should have another color in Account popup - DNA-101086 Sync – Clicking Next on auth.opera.com/account/v3/desktop/login/confirm-password does not redirect anywhere - Update to 89.0.4447.83 - DNA-99507 Badge deactivates on a basket page of the shop - DNA-99840 Add speed dials to start page - DNA-100127 Enable #enable-force-dark-from-settings on all streams - DNA-100233 [Settings] 'Sync everything' and 'Do not sync' unselects itself - DNA-100560 Add 'suggested speed dials' in the Google search box on the start page - DNA-100568 Fix icon in suggestions and update layout - DNA-100646 Add synchronization states to Opera account popup - DNA-100665 Create private API to open Account popup + allow rich hints - DNA-100668 Use a category based suggestion list to sort search box suggestions - DNA-100701 'Force dark page' shortcut don’t work - DNA-100711 Unable to click suggestions on start page search box - DNA-100725 [WinLin] Opera account logo is offcenter - DNA-100762 Suggestions from networks get favicon from network - DNA-100764 Fix 'Confirm Identity' URL - DNA-100905 Request to update event_sd_tile_used.type - DNA-100921 Add accessibility info about sync state to opera account button - DNA-100943 VPN pro popup can be zoomed - DNA-100945 Disable Context Menu for VPN and VPN Pro popups - DNA-100958 Opera account popup should display actual state of synchronization instead of selected option - DNA-100994 'Secure More devices' is pushed outside of popup - DNA-101009 Free VPN – 'Try for free' disappear after clicked - DNA-101012 Remove VPN Pro service available from VPN pro settings when logged in without subscription - DNA-101094 Unable to close a window from JavaScript - DNA-101121 chrome.operaAccountPrivate is undefined Important CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: Update to 90.0.4480.84 - DNA-101690 Cherry-pick fix for CVE-2022-3075 from chromium Update to 90.0.4480.80 - DNA-99188 Tab Tooltip doesn't disappear - DNA-100664 Shopping corner widget - DNA-100843 Options to install and update VPN Pro app, when it's not installed - DNA-100901 Disappearing 'X' when closing tabs. - DNA-101093 Changing News section is not working - DNA-101246 Use long tail list for suggesting instead of current Speed Dial Suggestions - DNA-101278 PDF don't work on Opera with CN location - DNA-101312 Allow changing logged in user with BrowserAPI - DNA-101315 Can not connect to free VPN in private window - DNA-101411 [Linux] Clicking VpnPopup Settings to 'vpnWithDisclaimer' leads to black popup - DNA-101422 Crash at void content::NavigationControllerImpl:: NavigateToExistingPendingEntry(content::ReloadType, int, bool) - DNA-101429 News loads for Global-EN language by default - DNA-101482 Crash at ProfileKey::GetProtoDatabaseProvider() - DNA-101485 Crash at base::SequencedTaskRunnerHandle::Get() via extensions::OperaTouchPrivateGetImageFunction::PerformGetImage - DNA-101524 [Mac] Tab should be highlighted again after dismissing context menu - DNA-101549 Crash at views::View::IsMouseHovered() Important CVE-2022-3075 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 105.0.5195.102 (boo#1203102): * CVE-2022-3075: Insufficient data validation in Mojo Chromium 105.0.5195.52 (boo#1202964): * CVE-2022-3038: Use after free in Network Service * CVE-2022-3039: Use after free in WebSQL * CVE-2022-3040: Use after free in Layout * CVE-2022-3041: Use after free in WebSQL * CVE-2022-3042: Use after free in PhoneHub * CVE-2022-3043: Heap buffer overflow in Screen Capture * CVE-2022-3044: Inappropriate implementation in Site Isolation * CVE-2022-3045: Insufficient validation of untrusted input in V8 * CVE-2022-3046: Use after free in Browser Tag * CVE-2022-3071: Use after free in Tab Strip * CVE-2022-3047: Insufficient policy enforcement in Extensions API * CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen * CVE-2022-3049: Use after free in SplitScreen * CVE-2022-3050: Heap buffer overflow in WebUI * CVE-2022-3051: Heap buffer overflow in Exosphere * CVE-2022-3052: Heap buffer overflow in Window Manager * CVE-2022-3053: Inappropriate implementation in Pointer Lock * CVE-2022-3054: Insufficient policy enforcement in DevTools * CVE-2022-3055: Use after free in Passwords * CVE-2022-3056: Insufficient policy enforcement in Content Security Policy * CVE-2022-3057: Inappropriate implementation in iframe Sandbox * CVE-2022-3058: Use after free in Sign-In Flow - Update chromium-symbolic.svg: this fixes boo#1202403. - Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH Important SUSE bug 1202403 SUSE bug 1202964 SUSE bug 1203102 CVE-2022-3038 CVE-2022-3039 CVE-2022-3040 CVE-2022-3041 CVE-2022-3042 CVE-2022-3043 CVE-2022-3044 CVE-2022-3045 CVE-2022-3046 CVE-2022-3047 CVE-2022-3048 CVE-2022-3049 CVE-2022-3050 CVE-2022-3051 CVE-2022-3052 CVE-2022-3053 CVE-2022-3054 CVE-2022-3055 CVE-2022-3056 CVE-2022-3057 CVE-2022-3058 CVE-2022-3071 CVE-2022-3075 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 105.0.5195.127 (boo#1203419): * CVE-2022-3195: Out of bounds write in Storage * CVE-2022-3196: Use after free in PDF * CVE-2022-3197: Use after free in PDF * CVE-2022-3198: Use after free in PDF * CVE-2022-3199: Use after free in Frames * CVE-2022-3200: Heap buffer overflow in Internals * CVE-2022-3201: Insufficient validation of untrusted input in DevTools * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1203419 CVE-2022-3195 CVE-2022-3196 CVE-2022-3197 CVE-2022-3198 CVE-2022-3199 CVE-2022-3200 CVE-2022-3201 cpe:/o:opensuse:leap:15.4 Security update for mupdf (Moderate) openSUSE Leap 15.4 This update for mupdf fixes the following issues: mupdf was updated to 1.20.3: * return error, not success when unable to lock native device resource. * Bug 705620: Start journal operation instead of pushing local xref. * Ensure AndroidDrawDevice is destroyed, even upon exception. * source/pdf/pdf-clean.c: fix segv from incorrect call to fz_drop_pixmap(). * Bug 705681: Enclose code in begin/end operation. * Guard against SEGVs when calling archive functions with NULL archive. mupdf was updated to 1.20.0 (boo#1202858, CVE-2021-4216): * Experimental C# bindings * Cross compilation should no longer need a host compiler * Major additions to JNI bindings * New API to edit outline * New API to resolve and create links * New API to toggle individual layers in PDF * Layer panel in mupdf-gl * Layer option in mutool draw * New API to add a Javascript console * Console panel in mupdf-gl * Text search API extended to be able to distinguish between separate search hits * Command line tool improvements: * all: Negative page numbers to index from the last page * mutool draw: Add option to render document without text * mutool draw and convert: Support DPI option in text and HTML output * New hybrid HTML output format using 'scripts/pdftohtml' script: * Graphics in a background image * Text on top * Improved WASM viewer demo * Support high DPI screens * Progressive loading * Update to zlib 1.2.12 for security fix mupdf was updated to 1.19.1: * Updated zlib to 1.2.12 due to CVE-2018-25032 Moderate SUSE bug 1202858 CVE-2018-25032 CVE-2021-4216 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: Update to 91.0.4516.20 - CHR-9019 Update chromium on desktop-stable-105-4516 to 105.0.5195.127 - DNA-101312 Allow changing logged in user with BrowserAPI - The update to chromium 105.0.5195.127 fixes following issues: CVE-2022-3196, CVE-2022-3197, CVE-2022-3198, CVE-2022-3199, CVE-2022-3200, CVE-2022-3201 Update to 91.0.4516.16 - CHR-9010 Update chromium on desktop-stable-105-4516 to 105.0.5195.102 - DNA-101447 Incorrect translation in Russian - DNA-101482 Crash at ProfileKey::GetProtoDatabaseProvider() - DNA-101495 Performance Stint 2022 - DNA-101551 Add version number info to browser API - DNA-101662 Suppress 'Allowing special test code paths' warning on buildbot - DNA-101753 News don't show after close browser - DNA-101760 Translations for O91 - DNA-101799 Crash at opera::SuggestionList::SortAndCull - DNA-101812 Sponsored site gets chosen as default entry when typing part of top-level domain - DNA-101876 Promote 91 to stable - Complete Opera 91.0 changelog at: https://blogs.opera.com/desktop/changelog-for-91/ - Update to 90.0.4480.107 - DNA-100664 Shopping corner widget - DNA-101495 Performance Stint 2022 - DNA-101753 News don’t show after close browser - DNA-101799 Crash at opera::SuggestionList::SortAndCull Important CVE-2022-3196 CVE-2022-3197 CVE-2022-3198 CVE-2022-3199 CVE-2022-3200 CVE-2022-3201 cpe:/o:opensuse:leap:15.4 Security update for lighttpd (Moderate) openSUSE Leap 15.4 This update for lighttpd fixes the following issues: lighttpd was updated to 1.4.66: * a number of bug fixes * Fix HTTP/2 downloads >= 4GiB * Fix SIGUSR1 graceful restart with TLS * futher bug fixes * CVE-2022-37797: null pointer dereference in mod_wstunnel, possibly a remotely triggerable crash (boo#1203358) * In an upcoming release the TLS modules will default to using stronger, modern chiphers and will default to allow client preference in selecting ciphers. “CipherString” => “EECDH+AESGCM:AES256+EECDH:CHACHA20:SHA256:!SHA384”, “Options” => “-ServerPreference” old defaults: “CipherString” => “HIGH”, “Options” => “ServerPreference” * A number of TLS options are how deprecated and will be removed in a future release: – ssl.honor-cipher-order – ssl.dh-file – ssl.ec-curve – ssl.disable-client-renegotiation – ssl.use-sslv2 – ssl.use-sslv3 The replacement option is ssl.openssl.ssl-conf-cmd, but lighttpd defaults should be prefered * A number of modules are now deprecated and will be removed in a future release: mod_evasive, mod_secdownload, mod_uploadprogress, mod_usertrack can be replaced by mod_magnet and a few lines of lua. update to 1.4.65: * WebSockets over HTTP/2 * RFC 8441 Bootstrapping WebSockets with HTTP/2 * HTTP/2 PRIORITY_UPDATE * RFC 9218 Extensible Prioritization Scheme for HTTP * prefix/suffix conditions in lighttpd.conf * mod_webdav safe partial-PUT * webdav.opts += (“partial-put-copy-modify” => “enable”) * mod_accesslog option: accesslog.escaping = “json” * mod_deflate libdeflate build option * speed up request body uploads via HTTP/2 * Behavior Changes * change default server.max-keep-alive-requests = 1000 to adjust * to increasing HTTP/2 usage and to web2/web3 application usage * (prior default was 100) * mod_status HTML now includes HTTP/2 control stream id 0 in the output * which contains aggregate counts for the HTTP/2 connection * (These lines can be identified with URL ‘*’, part of “PRI *” preface) * alternative: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_status * MIME type application/javascript is translated to text/javascript (RFC 9239) Moderate SUSE bug 1203358 CVE-2022-37797 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 106.0.5249.91 (boo#1203808): * CVE-2022-3370: Use after free in Custom Elements * CVE-2022-3373: Out of bounds write in V8 includes changes from 106.0.5249.61: * CVE-2022-3304: Use after free in CSS * CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools * CVE-2022-3305: Use after free in Survey * CVE-2022-3306: Use after free in Survey * CVE-2022-3307: Use after free in Media * CVE-2022-3308: Insufficient policy enforcement in Developer Tools * CVE-2022-3309: Use after free in Assistant * CVE-2022-3310: Insufficient policy enforcement in Custom Tabs * CVE-2022-3311: Use after free in Import * CVE-2022-3312: Insufficient validation of untrusted input in VPN * CVE-2022-3313: Incorrect security UI in Full Screen * CVE-2022-3314: Use after free in Logging * CVE-2022-3315: Type confusion in Blink * CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing * CVE-2022-3317: Insufficient validation of untrusted input in Intents * CVE-2022-3318: Use after free in ChromeOS Notifications Important SUSE bug 1203808 CVE-2022-3201 CVE-2022-3304 CVE-2022-3305 CVE-2022-3306 CVE-2022-3307 CVE-2022-3308 CVE-2022-3309 CVE-2022-3310 CVE-2022-3311 CVE-2022-3312 CVE-2022-3313 CVE-2022-3314 CVE-2022-3315 CVE-2022-3316 CVE-2022-3317 CVE-2022-3318 CVE-2022-3370 CVE-2022-3373 cpe:/o:opensuse:leap:15.4 Security update for lighttpd (Moderate) openSUSE Leap 15.4 This update for lighttpd fixes the following issues: lighttpd was updated to 1.4.67: * Update comment about TCP_INFO on OpenBSD * [mod_ajp13] fix crash with bad response headers (fixes #3170) * [core] handle RDHUP when collecting chunked body CVE-2022-41556 (boo#1203872) * [core] tweak streaming request body to backends * [core] handle ENOSPC with pwritev() (#3171) * [core] manually calculate off_t max (fixes #3171) * [autoconf] force large file support (#3171) * [multiple] quiet coverity warnings using casts * [meson] add license keyword to project declaration Moderate SUSE bug 1203872 CVE-2022-41556 cpe:/o:opensuse:leap:15.4 Security update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer (Important) openSUSE Leap 15.4 This update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer fixes the following issues: Changes in gdcm: - rename of gdcm-libgdcm3_0 to libgdcm3_0 (proposal S. Br?ns) - version 3.0.18 no changelog - version 3.0.12 * support for poppler 22.03 added Changes in orthanc-gdcm: - changed dependency gdcm-libgdcm3_0 -> libgdcm3_0 Changes in orthanc: - version 1.11.2 * Added support for RGBA64 images in tools/create-dicom and /preview * New configuration 'MaximumStorageMode' to choose between recyling of old patients (default behavior) and rejection of new incoming data when the MaximumStorageSize has been reached. * New sample plugin: 'DelayedDeletion' that will delete files from disk asynchronously to speed up deletion of large studies. * Lua: new 'SetHttpTimeout' function * Lua: new 'OnHeartBeat' callback called at regular interval provided that you have configured 'LuaHeartBeatPeriod' > 0. * 'ExtraMainDicomTags' configuration now accepts Dicom Sequences. Sequences are stored in a dedicated new metadata 'MainDicomSequences'. This should improve DicomWeb QIDO-RS and avoid warnings like 'Accessing Dicom tags from storage when accessing series : 0040,0275'. Main dicom sequences can now be returned in 'MainDicomTags' and in 'RequestedTags'. * Fix the 'Never' option of the 'StorageAccessOnFind' that was sill accessing files (bug introduced in 1.11.0). * Fix the Storage Cache for compressed files (bug introduced in 1.11.1). * Fix the storage cache that was not used by the Plugin SDK. This fixes the DicomWeb plugin '/rendered' route performance issues. * DelayedDeletion plugin: Fix leaking of symbols * SQLite now closes and deletes WAL and SHM files on exit. This should improve handling of SQLite DB over network drives. * Fix static compilation of boost 1.69 on Ubuntu 22.04 * Upgraded dependencies for static builds: - boost 1.80.0 - dcmtk 3.6.7 (fixes CVE-2022-2119 and CVE-2022-2120) - openssl 3.0.5 * Housekeeper plugin: Fix resume of previous processing * Added missing MOVEPatientRootQueryRetrieveInformationModel in DicomControlUserConnection::SetupPresentationContexts() * Improved HttpClient error logging (add method + url) * API version upgraded to 18 * /system is now reporting 'DatabaseServerIdentifier' * Added an Asynchronous mode to /modalities/../move. * 'RequestedTags' option can now include DICOM sequences. * New function in the SDK: 'OrthancPluginGetDatabaseServerIdentifier' * DicomMap::ParseMainDicomTags has been deprecated -> retrieve 'full' tags and use DicomMap::FromDicomAsJson instead Changes in orthanc-webviewer: - version 2.8 * Fix XSS inside DICOM in Orthanc Web Viewer (as reported by Stuart Kurutac, NCC Group) * framework190.diff removed (covered in actual version) Important CVE-2022-2119 CVE-2022-2120 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 106.0.5249.119 (boo#1204223): * CVE-2022-3445: Use after free in Skia * CVE-2022-3446: Heap buffer overflow in WebSQL * CVE-2022-3447: Inappropriate implementation in Custom Tabs * CVE-2022-3448: Use after free in Permissions API * CVE-2022-3449: Use after free in Safe Browsing * CVE-2022-3450: Use after free in Peer Connection Important SUSE bug 1204223 CVE-2022-3445 CVE-2022-3446 CVE-2022-3447 CVE-2022-3448 CVE-2022-3449 CVE-2022-3450 cpe:/o:opensuse:leap:15.4 Security update for libosip2 (Important) openSUSE Leap 15.4 This update for libosip2 fixes the following issues: - CVE-2022-41550: Fixed an integer overflow in the header parser (boo#1204225) Important SUSE bug 1204225 CVE-2022-41550 cpe:/o:opensuse:leap:15.4 Security update for roundcubemail (Important) openSUSE Leap 15.4 This update for roundcubemail fixes the following issues: roundcubemail was updated to 1.5.3 * Enigma: Fix initial synchronization of private keys * Enigma: Fix double quoted-printable encoding of pgp-signed messages with no attachments (#8413) * Fix various PHP8 warnings (#8392) * Fix mail headers injection via the subject field on mail compose (#8404) * Fix bug where small message/rfc822 parts could not be decoded (#8408) * Fix setting HTML mode on reply/forward of a signed message (#8405) * Fix handling of RFC2231-encoded attachment names inside of a message/rfc822 part (#8418) * Fix bug where some mail parts (images) could have not be listed as attachments (#8425) * Fix bug where attachment icons were stuck at the top of the messages list in Safari (#8433) * Fix handling of message/rfc822 parts that are small and are multipart structures with a single part (#8458) * Fix bug where session could time out if DB and PHP timezone were different (#8303) * Fix bug where DSN flag state wasn't stored with a draft (#8371) * Fix broken encoding of HTML content encapsulated in a RTF attachment (#8444) * Fix problem with aria-hidden=true on toolbar menus in the Elastic skin (#8517) * Fix bug where title tag content was displayed in the body if it contained HTML tags (#8540) * Fix support for DSN specification without host e.g. pgsql:///dbname (#8558) update to 1.5.2 * OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214) * OAuth: fix expiration of short-lived oauth tokens (#8147) * OAuth: fix relative path to assets if /index.php/foo/bar url is used (#8144) * OAuth: no auto-redirect on imap login failures (#8370) * OAuth: refresh access token in 'refresh' plugin hook (#8224) * Fix so folder search parameters are honored by subscriptions_option plugin (#8312) * Fix password change with Directadmin driver (#8322, #8329) * Fix so css files in plugins/jqueryui/themes will be minified too (#8337) * Fix handling of unicode/special characters in custom From input (#8357) * Fix some PHP8 compatibility issues (#8363) * Fix chpass-wrapper.py helper compatibility with Python 3 (#8324) * Fix scrolling and missing Close button in the Select image dialog in Elastic/mobile (#8367) * Security: fix cross-site scripting (XSS) via HTML messages with malicious CSS content - added Suggests: php-sqlite - use the virtual provides from each PHP module, to allow the installation of roundcubemail with various PHP versions. The only problem, we are currently facing is the automatic enablement of the PHP apache module during post-installation: Trying to evaluate the correct PHP module now during post as well, which should eleminate the pre-definition of the required PHP-Version during build completely. See https://build.opensuse.org/request/show/940859 for the initial discussion. update to 1.5.1 * Fix importing contacts with no email address (#8227) * Fix so session's search scope is not used if search is not active (#8199) * Fix some PHP8 warnings (#8239) * Fix so dark mode state is retained after closing the browser (#8237) * Fix bug where new messages were not added to the list on refresh if skip_deleted=true (#8234) * Fix colors on 'Show source' page in dark mode (#8246) * Fix handling of dark_mode_support:false setting in skins meta.json - also when devel_mode=false (#8249) * Fix database initialization if db_prefix is a schema prefix (#8221) * Fix undefined constant error in Installer on Windows (#8258) * Fix installation/upgrade on MySQL 5.5 - Index column size too large (#8231) * Fix regression in setting of contact listing name (#8260) * Fix bug in Larry skin where headers toggle state was reset on full page preview (#8203) * Fix bug where \u200b characters were added into the recipient input preventing mail delivery (#8269) * Fix charset conversion errors on PHP < 8 for charsets not supported by mbstring (#8252) * Fix bug where adding a contact to trusted senders via 'Always allow from...' button didn't work (#8264, #8268) * Fix bug with show_images setting where option 1 and 3 were swapped (#8268) * Fix PHP fatal error on an undefined constant in contacts import action (#8277) * Fix fetching headers of multiple message parts at once in rcube_imap_generic::fetchMIMEHeaders() (#8282) * Fix bug where attachment download could sometimes fail with a CSRF check error (#8283) * Fix an infinite loop when parsing environment variables with float/integer values (#8293) * Fix so 'small-dark' logo has more priority than the 'small' logo (#8298) update to 1.5.0 + full PHP8 support + Dark mode for Elastic skin + OAuth2/XOauth support (with plugin hooks) + Collected recipients and trusted senders + Moving recipients between inputs with drag & drop + Full unicode support with MySQL database + Support of IMAP LITERAL- extension RFC 7888 <https://datatracker.ietf.org/doc/html/rfc7888> + Support of RFC 2231 <https://datatracker.ietf.org/doc/html/rfc2231> encoded names + Cache refactoring More at https://github.com/roundcube/roundcubemail/releases/tag/1.5.0 + added SECURITY.md to documentation + mark the whole documentation directory as documentation instead of listing some files and others not (avoid duplicate entries in RPM-DB) + adjust requirements: php-intl is now required update to 1.4.11 with security fix: - Fix cross-site scripting (XSS) via HTML messages with malicious CSS content - add PHP version to Requires: and Recommends: to make sure the same version is installed as used during packaging - drop Requires: http_daemon (fixes boo#1180132) and Suggests: apache2 (which is already required though mod_php_any) update to 1.4.10: * Stored cross-site scripting (XSS) via HTML or plain text messages with malicious content ( CVE-2020-35730 boo#1180399 ) * Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655) * Fix folder list issue when special folder is a subfolder (#7647) * Fix Elastic's folder subscription toggle in search result (#7653) * Fix state of subscription toggle on folders list after changing folder state from the search result (#7653) * Security: Fix cross-site scripting (XSS) via HTML or plain text messages with malicious content update to 1.4.9: * Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11 (#7615) * Add missing localization for some label/legend elements in userinfo plugin (#7478) * Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD) * Fix restoring Cc/Bcc fields from local storage (#7554) * Fix jstz.min.js installation, bump version to 1.0.7 * Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564) * Fix link to closure compiler in bin/jsshrink.sh script (#7567) * Fix bug where some parts of a message could have been missing in a reply/forward body (#7568) * Fix empty space on mail printouts in Chrome (#7604) * Fix empty output from HTML5 parser when content contains XML tag (#7624) * Fix scroll jump on key press in plain text mode of the HTML editor (#7622) * Fix so autocompletion list does not hide on scroll inside it (#7592) update to 1.4.8 with security fixes: * Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145) * Fix cross-site scripting (XSS) via HTML messages with malicious math content update to 1.4.7 with security fix: * Fix bug where subfolders of special folders could have been duplicated on folder list * Increase maximum size of contact jobtitle and department fields to 128 characters * Fix missing newline after the logged line when writing to stdout (#7418) * Elastic: Fix context menu (paste) on the recipient input (#7431) * Fix problem with forwarding inline images attached to messages with no HTML part (#7414) * Fix problem with handling attached images with same name when using database_attachments/redundant_attachments (#7455) - add http.inc file * include one file for php5/php7 admin flags/values update to 1.4.5 Security fixes * Fix XSS issue in template object 'username' (#7406) * Fix cross-site scripting (XSS) via malicious XML attachment * Fix a couple of XSS issues in Installer (#7406) * Better fix for CVE-2020-12641 Other changes * Fix bug in extracting required plugins from composer.json that led to spurious error in log (#7364) * Fix so the database setup description is compatible with MySQL 8 (#7340) * Markasjunk: Fix regression in jsevent driver (#7361) * Fix missing flag indication on collapsed thread in Larry and Elastic (#7366) * Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367) * Password: Fix issue with Modoboa driver (#7372) * Mailvelope: Use sender's address to find pubkeys to check signatures (#7348) * Mailvelope: Fix Encrypt button hidden in Elastic (#7353) * Fix PHP warning: count(): Parameter must be an array or an object... in ID command handler (#7392) * Fix error when user-configured skin does not exist anymore (#7271) * Elastic: Fix aspect ratio of a contact photo in mail preview (#7339) * Fix bug where PDF attachments marked as inline could have not been attached on mail forward (#7382) * Security: Fix a couple of XSS issues in Installer (#7406) * Security: Better fix for CVE-2020-12641 update to 1.4.4 * Fix bug where attachments with Content-Id were attached to the message on reply (#7122) * Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211) * Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230) * Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231) * Elastic: Fix color of a folder with recent messages (#7281) * Elastic: Restrict logo size in print view (#7275) * Fix invalid Content-Type for messages with only html part and inline images * Mail_Mime-1.10.7 (#7261) * Fix missing contact display name in QR Code data (#7257) * Fix so button label in Select image/media dialogs is 'Close' not 'Cancel' (#7246) * Fix regression in testing database schema on MSSQL (#7227) * Fix cursor position after inserting a group to a recipient input using autocompletion (#7267) * Fix string literals handling in IMAP STATUS (and various other) responses (#7290) * Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293) * Fix handling keyservers configured with protocol prefix (#7295) * Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189) * Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206) * Fix so imap error message is displayed to the user on folder create/update (#7245) * Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147) * Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312) * Fix characters encoding in group rename input after group creation/rename (#7330) * Fix bug where some message/rfc822 parts could not be attached on forward (#7323) * Make install-jsdeps.sh script working without the 'file' program installed (#7325) * Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331) * Fix so Print button for PDF attachments works on Firefox >= 75 (#5125) update to 1.4.3 * Enigma: Fix so key list selection is reset when opening key creation form (#7154) * Enigma: Fix so using list checkbox selection does not load the key preview frame * Enigma: Fix generation of key pairs for identities with IDN domains (#7181) * Enigma: Display IDN domains of key users and identities in UTF8 * Enigma: Fix bug where 'Send unencrypted' button didn't work in Elastic skin (#7205) * Managesieve: Fix bug where it wasn't possible to save flag actions (#7188) * Markasjunk: Fix bug where marking as spam/ham didn't work on moving messages with drag-and-drop (#7137) * Password: Make chpass-wrapper.py Python 3 compatible (#7135) * Elastic: Fix disappearing sidebar in mail compose after clicking Mail button * Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button in mail compose * Elastic: Fix bug where it was possible to switch editor mode when 'htmleditor' was in 'dont_override' (#7143) * Elastic: Fix text selection in recipient inputs (#7129) * Elastic: Fix missing Close button in 'more recipients' dialog * Elastic: Fix non-working folder subscription checkbox for newly added folders (#7174) * Fix regression where 'Open in new window' action didn't work (#7155) * Fix PHP Warning: array_filter() expects parameter 1 to be array, null given in subscriptions_option plugin (#7165) * Fix unexpected error message when mail refresh involves folder auto-unsubscribe (#6923) * Fix recipient duplicates in print-view when the recipient list has been expanded (#7169) * Fix bug where files in skins/ directory were listed on skins list (#7180) * Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list (#7117) * Fix display issues with mail subject that contains line-breaks (#7191) * Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170) * Fix regression where using an absolute path to SQLite database file on Windows didn't work (#7196) * Fix using unix:///path/to/socket.file in memcached driver (#7210) - prefer brotli over gzip if brotli is available: + enable mod_brotli in roundcubemail-httpd.conf (after deflate) + enable brotli via a2enmod for new installations update to 1.4.2: * Plugin API: Make actionbefore, before, actionafter and after events working with plugin actions (#7106) * Managesieve: Replace 'Filter disabled' with 'Filter enabled' (#7028) * Managesieve: Fix so modifier type select wasn't hidden after hiding modifier select on header change * Managesieve: Fix filter selection after removing a first filter (#7079) * Markasjunk: Fix marking more than one message as spam/ham with email_learn driver (#7121) * Password: Fix kpasswd and smb drivers' double-escaping bug (#7092) * Enigma: Add script to import keys from filesystem to the db storage (for multihost) * Installer: Fix DB Write test on SQLite database ('database is locked' error) (#7064) * Installer: Fix so SQLite DSN with a relative path to the database file works in Installer * Elastic: Fix contrast of warning toasts (#7058) * Elastic: Simple search in pretty selects (#7072) * Elastic: Fix hidden list widget on mobile/tablet when selecting folder while search menu is open (#7120) * Fix so type attribute on script tags is not used on HTML5 pages (#6975) * Fix unread count after purge on a folder that is not currently selected (#7051) * Fix bug where Enter key didn't work on messages list in 'List' layout (#7052) * Fix bug where deleting a saved search in addressbook caused display issue on sources/groups list (#7061) * Fix bug where a new saved search added after removing all searches wasn't added to the list (#7061) * Fix bug where a new contact group added after removing all groups from addressbook wasn't added to the list * Fix so install-jsdeps.sh removes Bootstrap's sourceMappingURL (#7035) * Fix so use of Ctrl+A does not scroll the list (#7020) * Fix/remove useless keyup event handler on username input in logon form (#6970) * Fix bug where cancelling switching from HTML to plain text didn't set the flag properly (#7077) * Fix bug where HTML reply could add an empty line with extra indentation above the original message (#7088) * Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107) * Fix so displayed maximum attachment size depends also on 'max_message_size' (#7105) * Fix bug where 'skins_allowed' option didn't enforce user skin preference (#7080) * Fix so contact's organization field accepts up to 128 characters (it was 50) * Fix bug where listing tables in PostgreSQL database with db_prefix didn't work (#7093) * Fix bug where 'text' attribute on body tag was ignored when displaying HTML message (#7109) * Fix bug where next message wasn't displayed after delete in List mode (#7096) * Fix so number of contacts in a group is not limited to 200 when redirecting to mail composer from Contacts (#6972) * Fix malformed characters in HTML message with charset meta tag not in head (#7116) - php documentor is not needed on a productive system -> remove - also fix /usr/bin/env calls for two vendor scripts - skins now have some configurable files in their directories: move those files over to /etc/roundcubemail/skins/ - move other text files (incl. vendor ones) out of the root directory (and handle the LICENSE file a bit different) - enable mod_filter and add AddOutputFilterByType for common media types like html, javascript or xml - enable php7 on newer openSUSE versions - enable deflate, expires, filter, headers and setenvif on a new installation - do not enable any module in case of an update - recommend php-imagick for additional features - fixed most of the shell scripts to contain /usr/bin/php Upgrade to version 1.4.1: * new defaults for smtp_* config options * changed default password_charset to UTF-8 * login page returning 401 Unauthorized status Upgrade to version 1.4.0: * Update to jQuery 3.4.1 * Update to TinyMCE 4.8.2 * Update to jQuery-MiniColors 2.3.4 * Clarified 'address_book_type' option behavior (#6680) * Added cookie mismatch detection, display an error message informing the user to clear cookies * Renamed 'log_session' option to 'session_debug' * Removed 'delete_always' option (#6782) * Don't log full session identifiers in userlogins log (#6625) * Support $HasAttachment/$HasNoAttachment keywords (#6201) * Support PECL memcached extension as a session and cache storage driver (experimental) * Switch to IDNA2008 variant (#6806) * installto.sh: Add possibility to run the update even on the up-to-date installation (#6533) * Plugin API: Add 'render_folder_selector' hook * Added 'keyservers' option to define list of HKP servers for Enigma/Mailvelope (#6326) * Added flag to disable server certificate validation via Mysql DSN argument (#6848) * Select all records on the current list page with CTRL + A (#6813) * Use Left/Right Arrow keys to faster move over threaded messages list (#6399) * Changes in display_next setting (#6795): * * Move it to Preferences > User Interface > Main Options * * Make it apply to Contacts interface too * * Make it apply only if deleting/moving a previewed message/contact * Redis: Support connection to unix socket * Put charset meta specification before a title tag, add page title automatically (#6811) * Elastic: Various internal refactorings * Elastic: Add Prev/Next buttons on message page toolbar (#6648) * Elastic: Close search options on Enter key press in quick-search input (#6660) * Elastic: Changed some icons (#6852) * Elastic: Changed read/unread icons (#6636) * Elastic: Changed 'Move to...' icon (#6637) * Elastic: Add hide/show for advanced preferences (#6632) * Elastic: Add default icon on Settings/Preferences lists for external plugins (#6814) * Elastic: Add indicator for popover menu items that open a submenu (#6868) * Elastic: Move compose attachments/options to the right side (#6839) * Elastic: Add border/background to attachments list widget (#6842) * Elastic: Add 'Show unread messages' button to the search bar (#6587) * Elastic: Fix bug where toolbar disappears on attachment menu use in Chrome (#6677) * Elastic: Fix folders list scrolling on touch devices (#6706) * Elastic: Fix non-working pretty selects in Chrome browser (#6705) * Elastic: Fix issue with absolute positioned mail content (#6739) * Elastic: Fix bug where some menu actions could cause a browser popup warning * Elastic: Fix handling mailto: URL parameters in contact menu (#6751) * Elastic: Fix keyboard navigation in some menus, e.g. the contact menu * Elastic: Fix visual issue with long buttons in .boxwarning (#6797) * Elastic: Fix handling new-line in text pasted to a recipient input * Elastic: Fix so search is not reset when returning from the message preview page (#6847) * Larry: Fix regression where menu actions didn't work with keyboard (#6740) * ACL: Display user/group names (from ldap) instead of acl identifier * Password: Added ldap_exop driver (#4992) * Password: Added support for SSHA512 password algorithm (#6805) * Managesieve: Fix bug where global includes were requested for vacation (#6716) * Managesieve: Use RFC-compliant line endings, CRLF instead of LF (#6686) * Managesieve: Fix so 'Create filter' option does not show up when Filters menu is disabled (#6723) * Enigma: For verified signatures, display the user id associated with the sender address (#5958) * Enigma: Fix bug where revoked users/keys were not greyed out in key info * Enigma: Fix error message when trying to encrypt with a revoked key (#6607) * Enigma: Fix 'decryption oracle' bug [CVE-2019-10740] (#6638) * Enigma: Fix bug where signature verification could have been skipped for some message structures (#6838) * Fix language selection for spellchecker in html mode (#6915) * Fix css styles leak from replied/forwarded message to the rest of the composed text (#6831) * Fix invalid path to 'add contact' icon when using assets_path setting * Fix invalid path to blocked.gif when using assets_path setting (#6752) * Fix so advanced search dialog is not automatically displayed on searchonly addressbooks (#6679) * Fix so an error is logged when more than one attachment plugin has been enabled, initialize the first one (#6735) * Fix bug where flag change could have been passed to a preview frame when not expected * Fix bug in HTML parser that could cause missing text fragments when there was no head/body tag (#6713) * Fix bug where HTML messages with a xml:namespace tag were not rendered (#6697) * Fix TinyMCE download location (#6694) * Fix so 'Open in new window' consistently displays 'external window' interface (#6659) * Fix bug where next row wasn't selected after deleting a collapsed thread (#6655) * Fix bug where external content (e.g. mail body) was passed to templates parsing code (#6640) * Fix bug where attachment preview didn't work with x_frame_options=deny (#6688) * Fix so bin/install-jsdeps.sh returns error code on error (#6704) * Fix bug where bmp images couldn't be displayed on some systems (#6728) * Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744) * Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758) * Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746) * Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793) * Fix bug where selection of columns on messages list wasn't working * Fix bug in converting multi-page Tiff images to Jpeg (#6824) * Fix bug where handling multiple messages from multi-folder search result could not work (#6845) * Fix bug where unread count wasn't updated after moving multi-folder result (#6846) * Fix wrong messages order after returning to a multi-folder search result (#6836) * Fix some PHP 7.4 compat. issues (#6884, #6866) * Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898) * Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) * Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) * Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896) * Changed 'password_charset' default to 'UTF-8' (#6522) * Add skins_allowed option (#6483) * SMTP GSSAPI support via krb_authentication plugin (#6417) * Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385) * Removed 'referer_check' option (#6440) * Use constant prefix for temp file names, don't remove temp files from other apps (#6511) * Ignore 'Sender' header on Reply-All action (#6506) * deluser.sh: Add option to delete users who have not logged in for more than X days (#6340) * HTML5 Upload Progress - as a replacement for the old server-side solution (#6177) * Prevent from using deprecated timezone names from jsTimezoneDetect * Force session.gc_probability=1 when using custom session handlers (#6560) * Support simple field labels (e.g. LetterHub examples) in csv imports (#6541) * Add cache busters also to images used by templates (#6610) * Plugin API: Added 'raise_error' hook (#6199) * Plugin API: Added 'common_headers' hook (#6385) * Plugin API: Added 'ldap_connected' hook * Enigma: Update to OpenPGPjs 4.2.1 - fixes user name encoding issues in key generation (#6524) * Enigma: Fixed multi-host synchronization of private and deleted keys and pubring.kbx file * Managesieve: Added support for 'editheader' extension - RFC5293 (#5954) * Managesieve: Fix bug where custom header or variable could be lost on form submission (#6594) * Markasjunk: Integrate markasjunk2 features into markasjunk - marking as non-junk + learning engine (#6504) * Password: Added 'modoboa' driver (#6361) * Password: Fix bug where password_dovecotpw_with_method setting could be ignored (#6436) * Password: Fix bug where new users could skip forced password change (#6434) * Password: Allow drivers to override default password comparisons (eg new is not same as current) (#6473) * Password: Allow drivers to override default strength checks (eg allow for 'not the same as last x passwords') (#246) * Passowrd: Allow drivers to define password strength rules displayed to the user * Password: Allow separate password saving and strength drivers for use of strength checking services (#5040) * Password: Add zxcvbn driver for checking password strength (#6479) * Password: Disallow control characters in passwords * Password: Add support for Plesk >= 17.8 (#6526) * Elastic: Improved datepicker displayed always in parent window * Elastic: On touch devices display attachment icons on messages list (#6296) * Elastic: Make menu button inactive if all subactions are inactive (#6444) * Elastic: On mobile/tablet jump to the list on folder selection (#6415) * Elastic: Various improvements on mail compose screen (#6413) * Elastic: Support new-line char as a separator for pasted recipients (#6460) * Elastic: Improved UX of search dialogs (#6416) * Elastic: Fix unwanted thread expanding when selecting a collapsed thread in non-mobile mode (#6445) * Elastic: Fix too small height of mailvelope mail preview frame (#6600) * Elastic: Add 'status bar' for mobile in mail composer * Elastic: Add selection options on contacts list (#6595) * Elastic: Fix unintentional layout preference overwrite (#6613) * Elastic: Fix bug where Enigma options in mail compose could sometimes be ignored (#6515) * Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433) * Fix regression where drafts were not deleted after sending the message (#6756) * Fix so max_message_size limit is checked also when forwarding messages as attachments (#6580) * Fix so performance stats are logged to the main console log also when per_user_logging=true * Fix malformed message saved into Sent folder when using big attachments and low memory limit (#6498) * Fix incorrect IMAP SASL GSSAPI negotiation (#6308) * Fix so unicode in local part of the email address is also supported in recipient inputs (#6490) * Fix bug where autocomplete list could be displayed out of screen (#6469) * Fix style/navigation on error page depending on authentication state (#6362) * Fix so invalid smtp_helo_host is never used, fallback to localhost (#6408) * Fix custom logo size in Elastic (#6424) * Fix listing the same attachment multiple times on forwarded messages * Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494) * Fix inconsistent offset for various time zones - always display Standard Time offset (#6531) * Fix dummy Message-Id when resuming a draft without Message-Id header (#6548) * Fix handling of empty entries in vCard import (#6564) * Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577) * Fix PHP 7.2 compatibility in debug_logger plugin (#6586) * Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581) * Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599) * Fix missing CSRF token on a link to download too-big message part (#6621) * Fix bug when aborting dragging with ESC key didn't stop the move action (#6623) * Improved Mailvelope integration * * Added private key listing and generating to identity settings * * Enable encrypt & sign option if Mailvelope supports it * Allow contacts without an email address (#5079) * Support SMTPUTF8 and relax email address validation to support unicode in local part (#5120) * Support for IMAP folders that cannot contain both folders and messages (#5057) * Remove sample PHP configuration from .htaccess and .user.ini files (#5850) * Extend skin_logo setting to allow per skin logos (#6272) * Use Masterminds/HTML5 parser for better HTML5 support (#5761) * Add More actions button in Contacts toolbar with Copy/Move actions (#6081) * Display an error when clicking disabled link to register protocol handler (#6079) * Add option trusted_host_patterns (#6009, #5752) * Support additional connect parameters in PostgreSQL database wrapper * Use UI dialogs instead of confirm() and alert() where possible * Display value of the SMTP message size limit in the error message (#6032) * Show message flagged status in message view (#5080) * Skip redundant INSERT query on successful logon when using PHP7 * Replace display_version with display_product_version (#5904) * Extend disabled_actions config so it accepts also button names (#5903) * Handle remote stylesheets the same as remote images, ask the user to allow them (#5994) * Add Message-ID to the sendmail log (#5871) * Add option to hide folders in share/other-user namespace or outside of the personal namespace root (#5073) * Archive: Fix archiving by sender address on cyrus-imap * Archive: Style Archive folder also on folder selector and folder manager lists * Archive: Add Thunderbird compatible Month option (#5623) * Archive: Create archive folder automatically if it's configured, but does not exist (#6076) * Enigma: Add button to send mail unencrypted if no key was found (#5913) * Enigma: Add options to set PGP cipher/digest algorithms (#5645) * Enigma: Multi-host support * Managesieve: Add ability to disable filter sets and other actions (#5496, #5898) * Managesieve: Add option managesieve_forward to enable settings dialog for simple forwarding (#6021) * Managesieve: Support filter action with custom IMAP flags (#6011) * Managesieve: Support 'mime' extension tests - RFC5703 (#5832) * Managesieve: Support GSSAPI authentication with krb_authentication plugin (#5779) * Managesieve: Support enabling the plugin for specified hosts only (#6292) * Password: Support host variables in password_db_dsn option (#5955) * Password: Automatic virtualmin domain setting, removed password_virtualmin_format option (#5759) * Password: Added password_username_format option (#5766) * subscriptions_option: show \Noselect folders greyed out (#5621) * zipdownload: Added option to define size limit for multiple messages download (#5696) * vcard_attachments: Add possibility to send contact vCard from Contacts toolbar (#6080) * Changed defaults for smtp_user (%u), smtp_pass (%p) and smtp_port (587) * Composer: Fix certificate validation errors by using packagist only (#5148) * Add --get and --extract arguments and CACHEDIR env-variable support to install-jsdeps.sh (#5882) * Support _filter and _scope as GET arguments for opening mail UI (#5825) * Various improvements for templating engine and skin behaviours * * Support conditional include * * Support for 'link' objects * * Support including files with path relative to templates directory * * Use instead of for submit button on logon screen * Support skin localization (#5853) * Reset onerror on images if placeholder does not exist to prevent from requests storm * Unified and simplified code for loading content frame for responses and identities * Display contact import and advanced search in popup dialogs * Display a dialog for mail import with supported format description and upload size hint * Make possible to set (some) config options from a skin * Added optional checkbox selection for the list widget * Make 'compose' command always enabled * Add .log suffix to all log file names, add option log_file_ext to control this (#313) * Return '401 Unauthorized' status when login fails (#5663) * Support both comma and semicolon as recipient separator, drop recipients_separator option (#5092) * Plugin API: Added 'show_bytes' hook (#5001) * Add option to not indent quoted text on top-posting reply (#5105) * Removed global $CONFIG variable * Removed debug_level setting * Support AUTHENTICATE LOGIN for IMAP connections (#5563) * Support LDAP GSSAPI authentication (#5703) * Localized timezone selector (#4983) * Use 7bit encoding for ISO-2022-* charsets in sent mail (#5640) * Handle inline images also inside multipart/mixed messages (#5905) * Allow style tags in HTML editor on composed/reply messages (#5751) * Use Github API as a fallback to fetch js dependencies to workaround throttling issues (#6248) * Show confirm dialog when moving folders using drag and drop (#6119) * Fix bug where new_user_dialog email check could have been circumvented by deleting / abandoning session (#5929) * Fix skin extending for assets (#5115) * Fix handling of forwarded messages inside of a TNEF message (#5632) * Fix bug where attachment size wasn't visible when the filename was too long (#6033) * Fix checking table columns when there's more schemas/databases in postgres/mysql (#6047) * Fix css conflicts in user interface and e-mail content (#5891) * Fix duplicated signature when using Back button in Chrome (#5809) * Fix touch event issue on messages list in IE/Edge (#5781) * Fix so links over images are not removed in plain text signatures converted from HTML (#4473) * Fix various issues when downloading files with names containing non-ascii chars, use RFC 2231 (#5772) Upgrade to version 1.3.10: * Enigma: Fix 'decryption oracle' bug [CVE-2019-10740] (#6638) Upgrade to version 1.3.9: * Fix TinyMCE download location(s) (#6694) * Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599) Upgrade to version 1.3.8: * Fix support for 'allow-from ' in x_frame_options config option (#6449) - add files with .log entry to logrotate config enhance apache configuration by: + disable mbstring function overload (http://bugs.php.net/bug.php?id=30766) + do not allow to see README*, INSTALL, LICENSE or CHANGELOG files + set additional headers: + Content-Security-Policy: ask browsers to not set the referrer + Cache-Control: ask not to cache the content + Strict-Transport-Security: set HSTS rules for SSL traffic + X-XSS-Protection: configure built in reflective XSS protection adjust README.openSUSE: + db.inc.php is not used any longer + flush privileges after creating/changing users in mysql Important SUSE bug 1180132 SUSE bug 1180399 CVE-2019-10740 CVE-2020-12641 CVE-2020-16145 CVE-2020-35730 cpe:/o:opensuse:leap:15.4 Security update for virtualbox (Important) openSUSE Leap 15.4 This update for virtualbox fixes the following issues: - Version bump to 6.1.38r86 released by Oracle September 02 2022 This is a maintenance release. The following items were fixed and/or added: - GUI: Improvements in Native Language Support area - Main: OVF Export: Added support for exporting VMs containing Virtio-SCSI controllers - Recording settings: Fixed a regression which could cause not starting the COM server (VBoxSVC) under certain circumstances (bug #21034) - Recording: More deterministic naming for recorded files (will now overwrite old .webm files if present) - Linux Host and Guest Additions installer: Improved check for systemd presence in the system (bug #19033) - Linux Guest Additions: Introduced initial support for kernel 6.0 - Linux Guest Additions: Additional fixes for kernel RHEL 9.1 (bug #21065) - Windows Guest Additions: Improvements in Drag and Drop area Fixes permission problem with /dev/vboxuser (boo#1203370) Fixes missing firewall opening (boo#1203086) - Fixes boo#1201720 CVE items for CVE-2022-21571, CVE-2022-21554 - Add a 'Provides: virtualbox-guest-x11' to virtualbox-guest-tools. (boo#1203735) - Fixed VBoxClient: VbglR3InitUser failed: VERR_ACCESS_DENIED (boo#1204019) Important SUSE bug 1201720 SUSE bug 1203086 SUSE bug 1203306 SUSE bug 1203370 SUSE bug 1203735 SUSE bug 1204019 CVE-2022-21554 CVE-2022-21571 cpe:/o:opensuse:leap:15.4 Security update for enlightenment (Important) openSUSE Leap 15.4 This update for enlightenment fixes the following issues: Update to 0.25.4 Bugfix release * Fix shape handling in various cases that affected apps with shaped input * Fix procstats popup and dangling icon for fullscreen windows * Fix a vianishing pointer in some cases * Workaround Qt issue where it does not remove WM_STATE on withdraw * Fix fullscreen focus toggle flicker * Fix pointer sticking case * Fix tap-to-click props * Fix gadgcon disabled items * Fix config fallback handling that means no fallback happened * Fix gtk frame prop handling * Fix first map handling that affected energyxt * Fix CVE-2022-37706 (boo#1203631) * Harden enlightenment_sys when mis-packaged without sysactions.conf Important SUSE bug 1203631 CVE-2022-37706 cpe:/o:opensuse:leap:15.4 Security update for pngcheck (Moderate) openSUSE Leap 15.4 This update for pngcheck fixes the following issues: pngcheck was updated to 3.0.3: Version 3.0.1: * fixed a crash bug (and probable vulnerability) in large (MNG) LOOP chunks Version 3.0.2: * fixed a divide-by-zero crash bug (and probable vulnerability) in interlaced images with extra compressed data beyond the nominal end of the image data (found by 'chiba of topsec alpha lab') Moderate cpe:/o:opensuse:leap:15.4 Security update for v4l2loopback (Moderate) openSUSE Leap 15.4 This update for v4l2loopback fixes the following issues: - Fix string format vulnerability (boo#1202156, CVE-2022-2652) Moderate SUSE bug 1202156 CVE-2022-2652 cpe:/o:opensuse:leap:15.4 Security update for exim (Important) openSUSE Leap 15.4 This update for exim fixes the following issues: - CVE-2022-3559: Fixed a use after free in processing of the component Regex Handler (boo#1204427, Bug 2915) Important SUSE bug 1204427 CVE-2022-3559 cpe:/o:opensuse:leap:15.4 Security update for cacti, cacti-spine (Moderate) openSUSE Leap 15.4 This update for cacti, cacti-spine fixes the following issues: cacti-spine 1.2.22, delivering a number of bug fixes: * When polling time is exceed, spine does not always exit as expected * Spine logging at `-V 5` includes an extra line feed * Incorrect SNMP responses can cause spine to crash * Properly handle devices that timeout responding to the Extended Uptime * MariaDB can cause spine to abort prematurely despite error handling * Spine should log the error time when exiting via signal cacti-spine 1.2.21: * Disable DES if Net-SNMP doesn't have it cacti 1.2.22, providing one security fix, a number of bug fixes and a collection of improvements: * When creating new graphs, cross site injection is possible (boo#1203952) * When creating user from template, multiple Domain FullName and Mail are not propagated * Nectar Aggregate 95th emailed report broken * Boost may not find archive tables correctly * Users may be unable to change their password when forced during a login * Net-SNMP Memory Graph Template has Wrong GPRINT * Search in tree view unusable on larger installations * Increased bulk insert size to avoid partial inserts and potential data loss. * Call to undefined function boost_debug in Cacti log * When no guest template is set, login cookies are not properly set * Later RRDtool releases do not need to check last_update time * Regex filters are not always long enough * Domains based LDAP and AD Fullname and Email not auto-populated * Cacti polling and boost report the wrong number of Data Sources when Devices are disabled * When editing Graph Template Items there are cases where VDEF's are hidden when they should be shown * Database SSL setting lacks default value * Update default path cacti under *BSD by xmacan * Web Basic authentication not creating template user * Unable to change the Heartbeat of a Data Source Profile * Tree Search Does Not Properly Search All Trees * When structured paths are setup, RRDfiles may not always be created when possible * When parsing the logs, caching would help speed up processing * Deprecation warnings when attempting real-time Graphs with PHP8.1 * Custom Timespan is lost when clicking other tree branches * Non device based Data Sources not being polled * When Resource XML file inproperly formatted, graph creation can fail with errors * Update code style to support PHP 8 requirements * None' shows all graphs * Realtime popup window experiences issues on some browsers * Auth settings do not always properly reflect the options selected by ddb4github * MySQL can cause cacti to become stalled due to locking issues * Boost process can get hung under rare conditions until the poller times out * Exporting graphs under PHP 8 can cause errors * Host table has wrong default for disabled and deleted columns * RRD storage paths do not scale properly * When importing, make it possible to only import certain components * Update change_device script to include new features by bmfmancini * Make help pages use latest online version wherever possible * Cacti should show PHP INI locations during install * Detect PHP INI values that are different in the INI vs running config * Added Gradient Color support for AREA charts by thurban * Update CDEF functions for RRDtool * When boost is running, it's not clear which processes are running and how long they have to complete cacti 1.2.21: * Add a CLI script to install/enable/disable/uninstall plugins * Add log message when purging DS stats and poller repopulate * A collection of bug fixes Moderate SUSE bug 1203952 cpe:/o:opensuse:leap:15.4 Security update for pdns-recursor (Important) openSUSE Leap 15.4 This update for pdns-recursor fixes the following issues: pdns-recursor was updated to 4.6.3: * fixes incomplete exception handling related to protobuf message generation (boo#1202664, CVE-2022-37428) pdns-recursor was updated to 4.6.2: * Reject non-apex NSEC(3)s that have both the NS and SOA bits set * A CNAME answer on DS query should abort DS retrieval * Allow disabling of processing the root hints * If we get NODATA on an AAAA in followCNAMERecords, try native dns64 Important SUSE bug 1202664 CVE-2022-37428 cpe:/o:opensuse:leap:15.4 Security update for jhead (Important) openSUSE Leap 15.4 This update for jhead fixes the following issues: - CVE-2022-41751: Fixed shell injection via filenames (boo#1204409) Important SUSE bug 1204409 CVE-2022-41751 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 107.0.5304.87 (boo#1204819) * CVE-2022-3723: Type Confusion in V8 Chromium 107.0.5304.68 (boo#1204732) * CVE-2022-3652: Type Confusion in V8 * CVE-2022-3653: Heap buffer overflow in Vulkan * CVE-2022-3654: Use after free in Layout * CVE-2022-3655: Heap buffer overflow in Media Galleries * CVE-2022-3656: Insufficient data validation in File System * CVE-2022-3657: Use after free in Extensions * CVE-2022-3658: Use after free in Feedback service on Chrome OS * CVE-2022-3659: Use after free in Accessibility * CVE-2022-3660: Inappropriate implementation in Full screen mode * CVE-2022-3661: Insufficient data validation in Extensions Important SUSE bug 1204732 SUSE bug 1204819 CVE-2022-3652 CVE-2022-3653 CVE-2022-3654 CVE-2022-3655 CVE-2022-3656 CVE-2022-3657 CVE-2022-3658 CVE-2022-3659 CVE-2022-3660 CVE-2022-3661 CVE-2022-3723 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: Update to 92.0.4561.21 - CHR-9037 Update chromium on desktop-stable-106-4561 to 106.0.5249.119 - DNA-102295 Missing GX.games section in settings - DNA-102308 Presubmit errors - DNA-102329 [Consent flow] clicking on 'Customize settings' doesn't resize the popup - DNA-102340 Sidebar control panel doesn't hide - DNA-102348 Replace old Dify url with a new one - DNA-102430 Translations for O92 - DNA-102534 Allow staging RH Agent extension to use VPN Pro API - DNA-102548 Rich hints extension crashes on Linux - DNA-102551 Promote O92 to stable - Complete Opera 92.0 changelog at: https://blogs.opera.com/desktop/changelog-for-92/ - The update to chromium 106.0.5249.119 fixes following issues: CVE-2022-3445, CVE-2022-3446, CVE-2022-3447, CVE-2022-3448, CVE-2022-3449, CVE-2022-3450 Update to 91.0.4516.77 - DNA-101988 Implement dark mode for consent flow popups - DNA-102348 Replace old Dify url with a new one Update to 91.0.4516.65 - DNA-101240 Save “remind in 3 days” setting - DNA-101622 Add a way to check if browser is connected to webenv - DNA-101838 Unfiltered dropdown disabled by default on stable - DNA-101990 Boost sites into top sites - DNA-101998 flag tiktok-panel doesn’t work - DNA-102075 Crash at extensions::ExtensionApiFrameIdMap:: OnRenderFrameDeleted(content::RenderFrameHost*) Important CVE-2022-3445 CVE-2022-3446 CVE-2022-3447 CVE-2022-3448 CVE-2022-3449 CVE-2022-3450 cpe:/o:opensuse:leap:15.4 Security update for pyenv (Moderate) openSUSE Leap 15.4 This update for pyenv fixes the following issues: Update to 2.3.5 - Add CPython 3.10.7 by @edgarrmondragon in #2454 - Docs: update Fish PATH update by @gregorias in #2449 - Add CPython 3.7.14, 3.8.14 and 3.9.14 by @edgarrmondragon in #2456 - Update miniconda3-3.9-4.12.0 by @Tsuki in #2460 - Add CPython 3.11.0rc2 by @ViktorHaag in #2459 - Add patches for 3.7.14 to support Apple Silicon by @samdoran in #2463 - Add ability to easily skip all use of Homebrew by @samdoran in #2464 - Drop Travis integration by @sobolevn in #2468 - Build CPython 3.12+ with --with-dsymutil in MacOS by @native-api in #2471 - Add Pyston 2.3.5 by @scop in #2476 Full Changelog: https://github.com/pyenv/pyenv/compare/v2.3.4...v2.3.5 Update to 2.3.4 - Add CPython 3.11.0rc1 by @edgarrmondragon in #2434 - Add support for multiple versions in pyenv uninstall by @hardikpnsp in #2432 - Add micropython 1.18 and 1.19.1 by @dmitriy-serdyuk in #2443 - CI: support Micropython, deleted scripts; build with -v by @native-api in #2447 - Re-allow paths in .python-version while still preventing CVE-2022-35861 by @comrumino in #2442 - CI: Bump OS versions by @native-api in #2448 - Add Cinder 3.8 by @filips123 in #2433 - Add support for multiple versions in pyenv uninstall in #2432 - Add micropython 1.18 and 1.19.1 in #2443 - Add Cinder 3.8 in #2433 Update to 2.3.3 - Use version sort in pyenv versions by @fofoni in #2405 - Add CPython 3.11.0b4 by @majorgreys in #2411 - Python-build: Replace deprecated git protocol use with https in docs by @ssbarnea in #2413 - Fix relative path traversal due to using version string in path by @comrumino in #2412 - Allow pypy2 and pypy3 patching by @brogon in #2421, #2419 - Add CPython 3.11.0b5 by @edgarrmondragon in #2420 - Add GraalPython 22.2.0 by @msimacek in #2425 - Add CPython 3.10.6 by @edgarrmondragon in #2428 - Add CPython 3.11.0b4 by @majorgreys in #2411 - Replace deprecated git protocol use with https by @ssbarnea in docs #2413 - Fix relative path traversal due to using version string in path by @comrumino in #2412 - Fix patterns for pypy2.*/pypy3.* versions by @brogon in #2419 Update to 2.3.2 - Add CPython 3.11.0b2 by @saaketp in #2380 - Honor CFLAGS_EXTRA for MicroPython #2006 by @yggdr in #2007 - Add post-install checks for curses, ctypes, lzma, and tkinter by @aphedges in #2353 - Add CPython 3.11.0b3 by @edgarrmondragon in #2382 - Add flags for Homebrew into python-config --ldflags by @native-api in #2384 - Add CPython 3.10.5 by @illia-v in #2386 - Add Anaconda 2019.10, 2021.04, 2022.05; support Anaconda in add_miniconda.py by @native-api in #2385 - Add Pyston-2.3.4 by @dand-oss in #2390 - Update Anaconda3-2022.05 MacOSX arm64 md5 by @bkbncn in #2391 - Fix boo#1201582 to fix CVE-2022-35861 (from commit 22fa683, file pyenv-CVE-2022-35861.patch) Update to 2.3.0 - Bump openssl 1.1 to 1.1.1n for CPython 3.7 3.8 3.9 by @tuzi3040 in #2276 - Doc Fix: Escape a hash character causing unwanted GitHub Issue linking by @edrogers in #2282 - Add CPython 3.9.12 by @saaketp in #2296 - Add CPython 3.10.4 by @saaketp in #2295 - Add patch for 3.6.15 to support Xcode 13.3 by @nshine in #2288 - Add patch for 3.7.12 to support Xcode 13.3 by @samdoran in #2292 - Add CONTRIBUTING.md by @native-api in #2287 - Add PyPy 7.3.9 release 2022-03-30 by @dand-oss in #2308 - Add Pyston 2.3.3 by @scop in #2316 - Add CPython 3.11.0a7 by @illia-v in #2315 - Add 'nogil' Python v3.9.10 by @colesbury in #2342 - Support XCode 13.3 in all releases that officially support MacOS 11 by @native-api in #2344 - Add GraalPython 22.1.0 by @msimacek in #2346 - Make PYENV_DEBUG imply -v for pyenv install by @native-api in #2347 - Simplify init scheme by @native-api in #2310 - Don't use Homebrew outside of MacOS by @native-api in #2349 - Add :latest syntax to documentation for the install command by @hay in #2351 Update to 2.2.5 - fix issue 2236 for CPython 3.6.15 and 3.7.12 by @fofoni in #2237 - python-build: add URL for get-pip for Python 3.6 by @fofoni in #2238 - Add pyston-2.3.2 by @dmrlawson in #2240 - CPython 3.11.0a5 by @saaketp in #2241 - CPython 3.11.0a6 by @saaketp in #2266 - Add miniconda 4.11.0 by @aphedges in #2268 - docs(pyenv-prefix): note support for multiple versions by @scop in #2270 - pypy 7.3.8 02/20/2022 release by @dand-oss in #2253 Moderate SUSE bug 1201582 CVE-2022-35861 cpe:/o:opensuse:leap:15.4 Security update for EternalTerminal (Important) openSUSE Leap 15.4 This update for EternalTerminal fixes the following issues: Update to 6.2.1: * CVE-2022-24949: Fixed race condition allows local attacker to hijack IPC socket (boo#1202435) * CVE-2022-24950: Fixed privilege escalation to root (boo#1202434) * CVE-2022-24951: Fixed DoS triggered remotely by invalid sequence numbers (boo#1202433) * CVE-2022-24952: Fixed race condition allows authenticated attacker to hijack other users' SSH authorization socket (boo#1202432) Important SUSE bug 1202432 SUSE bug 1202433 SUSE bug 1202434 SUSE bug 1202435 CVE-2022-24949 CVE-2022-24950 CVE-2022-24951 CVE-2022-24952 cpe:/o:opensuse:leap:15.4 Security update for privoxy (Important) openSUSE Leap 15.4 This update for privoxy fixes the following issues: privoxy was updated to 3.0.33 (boo#1193584): * CVE-2021-44543: Encode the template name to prevent XSS (cross-side scripting) when Privoxy is configured to servce the user-manual itself * CVE-2021-44540: Free memory of compiled pattern spec before bailing * CVE-2021-44541: Free header memory when failing to get the request destination. * CVE-2021-44542: Prevent memory leaks when handling errors * Disable fast-redirects for a number of domains * Update default block lists * Many bug fixes and minor enhancements Important SUSE bug 1193584 CVE-2021-44540 CVE-2021-44541 CVE-2021-44542 CVE-2021-44543 cpe:/o:opensuse:leap:15.4 Security update for deluge (Moderate) openSUSE Leap 15.4 This update for deluge fixes the following issues: Update to version 2.1.1: - CVE-2021-3427: Fixed a XSS in webui via crafted torrent file (boo#1203162). Moderate SUSE bug 1203162 CVE-2021-3427 cpe:/o:opensuse:leap:15.4 Security update for libmodbus (Important) openSUSE Leap 15.4 This update for libmodbus fixes the following issues: - CVE-2022-0367: Fixed heap-based Buffer Overflow in modbus_reply (boo#1195124). Important SUSE bug 1195124 CVE-2022-0367 cpe:/o:opensuse:leap:15.4 Security update for autotrace (Important) openSUSE Leap 15.4 This update for autotrace fixes the following issues: - CVE-2022-32323: Fixed Heap overflow in ReadImage() (boo#1201529). Important SUSE bug 1201529 CVE-2022-32323 cpe:/o:opensuse:leap:15.4 Security update for varnish (Important) openSUSE Leap 15.4 This update for varnish fixes the following issues: Update to 7.2.1: - CVE-2022-45059: Fixed a HTTP request smuggling via hop-by-hop headers (boo#1205243). - CVE-2022-45060: Fixed a HTTP request forgery via character injection through HTTP/2 pseudo-headers (boo#1205242). Important SUSE bug 1205242 SUSE bug 1205243 CVE-2022-45059 CVE-2022-45060 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: - Chromium 107.0.5304.110 (boo#1205221) * CVE-2022-3885: Use after free in V8 * CVE-2022-3886: Use after free in Speech Recognition * CVE-2022-3887: Use after free in Web Workers * CVE-2022-3888: Use after free in WebCodecs * CVE-2022-3889: Type Confusion in V8 * CVE-2022-3890: Heap buffer overflow in Crashpad Important SUSE bug 1205221 CVE-2022-3885 CVE-2022-3886 CVE-2022-3887 CVE-2022-3888 CVE-2022-3889 CVE-2022-3890 cpe:/o:opensuse:leap:15.4 Security update for jhead (Important) openSUSE Leap 15.4 This update for jhead fixes the following issues: * CVE-2021-34055: Fix out of bounds write in ClearOrientation() due to unchecked error (boo#1205167) Important SUSE bug 1205167 CVE-2021-34055 cpe:/o:opensuse:leap:15.4 Security update for tumbler (Moderate) openSUSE Leap 15.4 This update for tumbler fixes the following issues: tumbler was updated to version 4.16.1 (boo#1205210) * gst-thumbnailer: Add mime type check (gxo#xfce/tumbler#65) * desktop-thumbnailer: Guard against null path * Fix typo in gthread version (gxo#xfce/tumbler!14) Moderate SUSE bug 1203644 SUSE bug 1205210 cpe:/o:opensuse:leap:15.4 Security update for tor (Moderate) openSUSE Leap 15.4 This update for tor fixes the following issues: tor 0.4.7.11: * Improve security of DNS cache by randomly clipping the TTL value (boo#1205307, TROVE-2021-009) * Improved defenses against network-wide DoS, multiple counters and metrics added to MetricsPorts * Apply circuit creation anti-DoS defenses if the outbound circuit max cell queue size is reached too many times. This introduces two new consensus parameters to control the queue size limit and number of times allowed to go over that limit. * Directory authority updates * IPFire database and geoip updates * Bump the maximum amount of CPU that can be used from 16 to 128. The NumCPUs torrc option overrides this hardcoded maximum. * onion service: set a higher circuit build timeout for opened client rendezvous circuit to avoid timeouts and retry load * Make the service retry a rendezvous if the circuit is being repurposed for measurements Moderate SUSE bug 1205307 cpe:/o:opensuse:leap:15.4 Security update for Botan (Moderate) openSUSE Leap 15.4 This update for Botan fixes the following issues: - CVE-2022-43705: Fixed validation of embedded certificates was when checking OCSP responses (boo#1205509). Moderate SUSE bug 1205509 CVE-2022-43705 cpe:/o:opensuse:leap:15.4 Security update for xtrabackup (Moderate) openSUSE Leap 15.4 This update for xtrabackup fixes the following issues: Update xtrabackup to version 2.4.26: - CVE-2020-10997: Information exposure via cmd line output and table history (boo#1170644) - CVE-2020-29488: Changes in how absolute paths are handled (boo#1205581) Moderate SUSE bug 1125418 SUSE bug 1135095 SUSE bug 1170644 SUSE bug 1205581 CVE-2020-10997 CVE-2020-29488 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: Update to 93.0.4585.11 - CHR-9051 Update chromium on desktop-stable-107-4585 to 107.0.5304.88 - DNA-95965 Add support for more UD TLDs - DNA-102960 Replace messengers icons - DNA-102964 Crash at -[FramedBrowserWindow sendEvent:] - DNA-103125 Translations for O93 - DNA-103287 Bump O93 to stable Important CVE-2022-3723 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 107.0.5304.121 (boo#1205736) * CVE-2022-4135: Heap buffer overflow in GPU Important SUSE bug 1205736 CVE-2022-4135 cpe:/o:opensuse:leap:15.4 Security update for rxvt-unicode (Important) openSUSE Leap 15.4 This update for rxvt-unicode fixes the following issues: Update to 9.26 - ev_iouring.c was wrongly required during compilation, and wrongly not packaged. Update to 9.25 (boo#1186174 CVE-2021-33477) - for the 17.5th anniversary, and because many distributions seem to remove rxvt in favour of urxvt, this release resurrects rclock as urclock. - add support for systemd socket-based activation - debian bug #917105, freebsd bug #234276. - do not destruct perl on exit anymore: this might fail for a variety of reasons, and takes unneccessary time. - remove any macros from urxvtperl manpage(s), should fix debian bug 858385. - the old bg image resources are now provided by the background extension, and perl is thus required for bg image support. No configuration change is needed: urxvt autoloads the background ext if any bg image resource/option is present (for OSC sequences to work you need to enable it explicity). The old bg image resources are also now deprecated; users are encouraged to switch to the new bg image interface (see man urxvt-background). - confirm-paste now checks for any ctlchars, not just newlines. - searchable scrollback will now ignore bracketed paste mode sequences (prompted by Daniel Gr?ber's patch). - drop ISO 2022 locale support. ISO 2022 encodings are not supported in POSIX locales and clash with vt100 charset emulation (the luit program can be used as a substitute). - perl didn't parse rgba colours specified as an array correctly, only allowing 0 and 100% intensity for each component (this affected fill and tint). - when iterating over resources, urxvt will now try to properly handle multipart resources (such as '*background.expr'), for the benefit of autoloading perl extensions. - ESC G (query rxvt graphics mode) has been disabled due to security implications. The rxvt graphics mode was removed in rxvt-unicode 1.5, and no programs relying on being able to query the mode are known. - work around API change breakage in perl 5.28, based on a patch by Roman Bogorodskiy. - improved security: rob nation's (obsolete) graphics mode queries no longer reply with linefeed in secure/default mode. - ISO 8613-3 direct colour SGR sequences (patch by Fengguang Wu). - xterm focus reporting mode (patch by Daniel Hahler). - xterm SGR mouse mode. - implement DECRQM. Patch by Přemysl Eric Janouch. - add missing color index parameter to OSC 4 response. Patch by Přemysl Eric Janouch. - in some window managers, if smart resize was enabled, urxvt erroneously moved the window on font change - awesome bug #532, arch linux bug ##34807 (patch by Uli Schlachter). - fix urxvtd crash when using a background expression. - properly restore colors when using fading and reverse video is enabled while urxvt is focused and then disabled while it is not focused, or vice versa (patch by Daniel Hahler). - fix high memory usage when an extension repeatedly hides and shows an overlay (reported by Marcel Lautenbach). - expose priv_modes member and constants to perl extensions (patch by Rastislav Barlik). - fix a whole slew of const sillyness, unfortunately forced upon us by ISO C++. - update to libecb 0x00010006. - disable all thread support in ecb.h as we presumably don't need it. - slightly improve Makefile source dependencies. - work around bugs in newer Pod::Xhtml versions (flags incorrect formatting codes in xhtml/html sections but does not interpret correct ones). - New file: /usr/bin/urclock - restore the -256color binaries Important SUSE bug 1186174 CVE-2008-1142 CVE-2021-33477 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 108.0.5359.71 (boo#1205871) - CVE-2022-4174: Type Confusion in V8. - CVE-2022-4175: Use after free in Camera Capture. - CVE-2022-4176: Out of bounds write in Lacros Graphics. - CVE-2022-4177: Use after free in Extensions. - CVE-2022-4178: Use after free in Mojo. - CVE-2022-4179: Use after free in Audio. - CVE-2022-4180: Use after free in Mojo. - CVE-2022-4181: Use after free in Forms. - CVE-2022-4182: Inappropriate implementation in Fenced Frames. - CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. - CVE-2022-4184: Insufficient policy enforcement in Autofill. - CVE-2022-4185: Inappropriate implementation in Navigation. - CVE-2022-4186: Insufficient validation of untrusted input in Downloads. - CVE-2022-4187: Insufficient policy enforcement in DevTools. - CVE-2022-4188: Insufficient validation of untrusted input in CORS. - CVE-2022-4189: Insufficient policy enforcement in DevTools. - CVE-2022-4190: Insufficient data validation in Directory. - CVE-2022-4191: Use after free in Sign-In. - CVE-2022-4192: Use after free in Live Caption. - CVE-2022-4193: Insufficient policy enforcement in File System API. - CVE-2022-4194: Use after free in Accessibility. - CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Important SUSE bug 1205871 CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177 CVE-2022-4178 CVE-2022-4179 CVE-2022-4180 CVE-2022-4181 CVE-2022-4182 CVE-2022-4183 CVE-2022-4184 CVE-2022-4185 CVE-2022-4186 CVE-2022-4187 CVE-2022-4188 CVE-2022-4189 CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193 CVE-2022-4194 CVE-2022-4195 cpe:/o:opensuse:leap:15.4 Security update for cherrytree (Moderate) openSUSE Leap 15.4 cherrytree was updated to version 0.99.49+3: * Legacy_canonicalize_filename: manage empty filename, (gh#giuspen/cherrytree#2118) * added command line option '--anchor AnchorName' that in addition to existing '--node NodeName' allows to open a document focusing an anchor in a node. * Changed non configurable keyboard shortcuts for codebox width and table column width to use parenthesis open instead of backslash, (gh#giuspen/cherrytree#2113). * Fixed crash on double exit from systray icon right click menu, (gh#giuspen/cherrytree#2114). * Added keyboard shortcuts to toolbar tooltips, (gh#giuspen/cherrytree#2106). * Fixed export to HTML crash, (gh#giuspen/cherrytree#2109). * Force turning off portal usage since it does not work on all distros, (gh#giuspen/cherrytree#2111). * Improved dialog confirmation before executing the code. * Additonal changes for core22, (gh#giuspen/cherrytree#2110). * Allow to disable the dialog asking for confirmation before executing the code. * Fixed bulleted list unindent (Shift+Tab) crash, (gh#giuspen/cherrytree#2103). * Add home plug, (gh#giuspen/cherrytree#2101 and gh#giuspen/cherrytree#2102). * Linux menu launcher run cherrytree in a new instance, (gh#giuspen/cherrytree#2077). * Fixed crash on print/export as pdf of a sequence of characters without spaces longer that the page width, such as a very long URL, (gh#giuspen/cherrytree#2045). * Fixed wrongly entering column mode when using keyboard shortcuts with <Ctrl><Alt> such as insert codebox, (gh#giuspen/cherrytree#2075). * Added syntax highlighting support for GDScript. * Fixed tooltip and cursor not reset after hovering link and then navigating to non rich text node. * Support for accent insensitive search - added letters with subordinate dots, (gh#giuspen/cherrytree#1981). * Translation updates. - Developer advised fixed cross-site scripting (XSS) vulnerability that allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node, (boo#1202513, gh#giuspen/cherrytree#2099 and CVE-2022-35133). Update to version 0.99.48: * Added support for right to left languages in export to html and pdf (gh#giuspen/cherrytree#2044, gh#giuspen/cherrytree#1668 and gh#giuspen/cherrytree# #698). * In order to support the right to left languages in export to html, the resulting html text lines are no longer LINE<br/> but <p>LINE</p>. * Fixed in export to pdf the link to node+anchor with non ascii anchor name. * Improved detection of missing executables required for rendering LatexBoxes. These dependencies are no longer mandatory (gh#giuspen/cherrytree#2033). * Added help to the user to show again a hidden menubar (gh#giuspen/cherrytree#1927 and gh#giuspen/cherrytree#2054). * Pressing Tab on the very latest table cell now adds a new table line and moves to its first cell. * Fixed issue with relative links to files and folders and documents moved between linux and windows. * In export to html and txt multiple files, now appending the node id to the file names to support multiple nodes with the same name. * Added syntax highlight support for solidity (gh#giuspen/cherrytree#2030). * After issues with the domain giuspen.com, the domain changed to giuspen.net and giuspen.com will eventually go. Update to version 0.99.47+2: * Added support for latex math equations. * Added copy/paste of tree nodes and subnodes between multiple opened files. * Restored support for drag and drop of text selection. Now rich text content is preserved. * Added syntax highlighting for HCL. * Fixed issue at reset toolbar in preferences dialog when menubar in titlebar. * Added command line option (-S/--secondary_session) to run in isolation from a possibly already running main instance. * Updated flatpak script. Update to version 0.99.46+6: * Fixed time created/modified filter on searches for node name and tags. * Changed default keyboard shortcuts using Ctrl+Period to Ctrl+Backslash for clash with latest linux desktops. * Fixed restore window position on Windows and dual screen. * Added strip trailing spaces action to rich text right click menu. * Fixed issue restoring hpaned tree/text position with tree on the right. * Added command line option to pass the password to open an encrypted document. Update to version 0.99.45+10: * added language Arabic * fixed time created/modified filter on searches for node name and tags * just ninja build debug print * added strip trailing spaces action to rich text right click menu * minor improvement to previous commit * fixed copy fromm codebox and pasting to rich text unwanted additional characters Moderate SUSE bug 1202513 CVE-2022-35133 cpe:/o:opensuse:leap:15.4 Security update for matio (Important) openSUSE Leap 15.4 This update for matio fixes the following issues: Update to version 1.5.23: * Fixed testsuite regression from version 1.5.22. Changes from version 1.5.22: * Added support for reading large MAT file. * Updated cmake-conan to version 0.17.0. * Fixed CMake build with Conan (MATIO_USE_CONAN:BOOL=ON). * Fixed data type when reading 16-bit character data from HDF5 MAT file. * Fixed heap-based buffer overflows when reading (crafted) MAT file (CVE-2020-36428, CVE-2021-36977). * Confirmed compatibility with HDF5 v1.13.0 and v1.13.1. * Several other fixes, for example for memory leaks. Important SUSE bug 1193873 SUSE bug 1193874 CVE-2020-36428 CVE-2021-36977 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 108.0.5359.94 (boo#1205999) - CVE-2022-4262: Type Confusion in V8 Important SUSE bug 1205999 CVE-2022-4262 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: Update to 93.0.4585.37 - DNA-102885 Turn on #sidebar-autohide on all streams - DNA-103020 Turn on #start-page-redesign on developer - DNA-103042 Fix import from Firefox - DNA-103222 [Speed Dial Suggestions] All opera.com subpages suggestions lead to the opera.com homepage - DNA-103368 TikTok videos starting to play automaticly - DNA-103535 Startpage preview is not visible - DNA-103665 Reduce Tik Tok pane width Changes in 93.0.4585.21 - CHR-9067 Update chromium on desktop-stable-107-4585 to 107.0.5304.110 - DNA-102365 Turn off opera://dify-cards page - DNA-102689 [GX] Create GX widgets section in Easy Setup - DNA-102768 [Easy setup] Sidebar options not animated - DNA-102872 No animation for opening sidebar while sidebar is closing - DNA-102929 [Weather][Private window] Weather widget appears in private window - DNA-103032 Messenger sidebar icon doesn’t look great - DNA-103046 Opera crash with flag –with-feature:sidebar-autohide=off - DNA-103107 Automatic video popout for popular sports sites – World Cup - DNA-103310 hideOperaObject() in browser.js stopped working on public builds - DNA-103320 Crash at chrome::FindBrowserByType(absl::optional) - DNA-103321 Tab preview causes freeze when dragging tabs - DNA-103375 [Workspaces] Crash at absl::raw_log_internal:: RawLog(absl::LogSeverity, char const*, int, char const*, …) - DNA-103395 Remove unused resources - DNA-103396 Internal translations - The update to chromium 107.0.5304.110 fixes following issues: CVE-2022-3885, CVE-2022-3886, CVE-2022-3887, CVE-2022-3888, CVE-2022-3889, CVE-2022-3889 Important CVE-2022-3885 CVE-2022-3886 CVE-2022-3887 CVE-2022-3888 CVE-2022-3889 cpe:/o:opensuse:leap:15.4 Security update for python-slixmpp (Moderate) openSUSE Leap 15.4 This update for python-slixmpp fixes the following issues: - CVE-2022-45197: Fixed certificate hostname validation (boo#1205433) Moderate SUSE bug 1205433 CVE-2022-45197 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Update to version 108.0.5359.124 (boo#1206403): - CVE-2022-4436: Use after free in Blink Media - CVE-2022-4437: Use after free in Mojo IPC - CVE-2022-4438: Use after free in Blink Frames - CVE-2022-4439: Use after free in Aura - CVE-2022-4440: Use after free in Profiles Important SUSE bug 1205433 CVE-2022-4436 CVE-2022-4437 CVE-2022-4438 CVE-2022-4439 CVE-2022-4440 cpe:/o:opensuse:leap:15.4 Security update for multimon-ng (Moderate) openSUSE Leap 15.4 This update for multimon-ng fixes the following issues: - Update to new upstream release 1.2.0 * Separated FLEX and FLEX_NEXT. The former is identical to 1.1.9, while FLEX_NEXT gained new features, as well as known regressions. (See #168) * Fix CVE-2020-36619 (boo#1206542) * Several smaller POCSAG fixes. * Fix for opening large wav files with improper header. Moderate SUSE bug 1206542 CVE-2020-36619 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: - Update to 94.0.4606.38 - CHR-9133 Update chromium on desktop-stable-108-4606 to 108.0.5359.125 - DNA-103624 Create JS API to open Search tabs feature - DNA-104004 Improve welcome pop-up - DNA-104053 Right mouse click open speed dial instead of context menu - DNA-104055 News article opens in active tab - DNA-104084 [Suggestion] Introduce a way to remove the Lucid Mode button - DNA-104089 No crashes reported in soccoro for Linux - The update to chromium 108.0.5359.125 fixes following issues: CVE-2022-4436, CVE-2022-4437, CVE-2022-4438, CVE-2022-4439, CVE-2022-4440 - Update to 94.0.4606.26 - CHR-9125 Update chromium on desktop-stable-108-4606 to 108.0.5359.99 - DNA-99207 WebUI popup/dropdown could be empty due to lack of memory - DNA-102882 [SD][News][Continue on][Suggestion] Do not focus on opened page when opening in new tab - DNA-103076 Release installer consent flow globally - DNA-103137 Fix positioning in Web UI component - DNA-103240 Re-use logic from popup for consent not set in settings - DNA-103540 Implement Autostart for Opera Desktop (except Poland) - DNA-103636 Implement Lucid Mode for Videos - DNA-103637 Implement Lucid Mode button on top of videos - DNA-103638 Make Lucid Mode button on top of videos work - DNA-103641 Implement Lucid Mode for Images - DNA-103642 Updated design and animation for Lucid Mode button on top of videos - DNA-103650 Add Lucid Mode to Easy Setup - DNA-103701 Move User Styles loading/saving to a separate component - DNA-103718 Record 'consent_given' stat for every session - DNA-103724 Video detach button wont go away - DNA-103757 Add click animation for Lucid Mode button on top of videos - DNA-103765 Console error with lucid mode flag off - DNA-103770 Easy Setup switch doesn't get updated - DNA-103771 Click animation should only show when turning on Lucid Mode - DNA-103773 Unable to access lucid mode settings section directly - DNA-103784 Investigate video buttons 'escaping' - DNA-103800 Adapt Lucid Mode button to new design - DNA-103836 Translations for O94 - DNA-103850 Label on detach button cut off - DNA-103924 Popup windows of type TYPE_APP_POPUP have incorrectly set minimum size - DNA-103931 Wrong sidebar detection. - DNA-103935 Change Lucid Mode Video (Sharpen videos) to default off - DNA-103949 Lucid Mode doesn't work in a private window - DNA-103959 Unable to scroll down on player home page - DNA-103962 [Settings] Remove 'Safety Check' - DNA-104011 Turn on Lucid Mode on all streams - DNA-104052 Hide Lucid Mode video button on Google Meet - DNA-103930 Promote O94 to stable - The update to chromium 108.0.5359.99 fixes following issues: CVE-2022-4262 - Update to 93.0.4585.64 - DNA-102836 Make 1st screen of Consent Popup a little taller to have more space under 'You can adjust your choices' label - DNA-102934 Turn on building testlist on GOTH instead of Buildbot - DNA-102969 On some pages search popup don't work - DNA-103053 Put consent flow settings in separate feature flag - DNA-103054 Update consent settings to new design - DNA-103062 Add opauto tests for consent flow settings - DNA-103099 Set testlist_from in testlist generating script - DNA-103240 Re-use logic from popup for consent not set in settings - DNA-103296 Force dark page break QR code in whats app - DNA-103298 Stat for recording adblock whitelist is not sent in every session - DNA-103522 Missing translations for IDS_CONSENT_FLOW_DATA_DESC_INTERESTS - DNA-103526 search popup doesn't recognize some currencies shortcut - DNA-103530 Replace icons in sidebar setup - DNA-103636 Implement Lucid Mode for Videos - DNA-103637 Implement Lucid Mode button on top of videos - DNA-103638 Make Lucid Mode button on top of videos work - DNA-103641 Implement Lucid Mode for Images - DNA-103642 Updated design and animation for Lucid Mode button on top of videos - DNA-103650 Add Lucid Mode to Easy Setup - DNA-103701 Move User Styles loading/saving to a separate component - DNA-103718 Record 'consent_given' stat for every session - DNA-103724 Video detach button wont go away - DNA-103757 Add click animation for Lucid Mode button on top of videos - DNA-103765 Console error with lucid mode flag off - DNA-103770 Easy Setup switch doesn't get updated - DNA-103771 Click animation should only show when turning on Lucid Mode - DNA-103773 Unable to access lucid mode settings section directly - DNA-103784 Investigate video buttons 'escaping' - DNA-103800 Adapt Lucid Mode button to new design - DNA-103850 Label on detach button cut off - DNA-103924 Popup windows of type TYPE_APP_POPUP have incorrectly set minimum size - DNA-103935 Change Lucid Mode Video (Sharpen videos) to default off - DNA-104011 Turn on Lucid Mode on all streams Important CVE-2022-4262 CVE-2022-4436 CVE-2022-4437 CVE-2022-4438 CVE-2022-4439 CVE-2022-4440 cpe:/o:opensuse:leap:15.4 Security update for vlc (Important) openSUSE Leap 15.4 This update for vlc fixes the following issues: - Update to version 3.0.18 (CVE-2022-41325, boo#1206142): + macOS: Fix audio device listing with non-latin names. + Misc: Fix rendering and performance issue with older GPUs. + Updated translations. - Changes from version 3.0.18-rc2: + Codec/Demux: - Add support for Y16 chroma. - Fix build of gme plugin. + Lua: - Fix script for vocaroo. - Fix script for youtube to allow throttled playback. + Service Discovery: Fix UPnP regression on Windows. + Video Output: Fix video placement with caopengllayer. + Misc: Fix password search in kwallet module. - Changes from version 3.0.18-rc: + Demux: - Major adaptive streaming update, notably for multiple timelies and webvtt. - Fix seeking with some fragmented MP4 files. - Add support for DVBSub inside MKV. - Fix some Flac files that could not be played. - Improve seeking in Ogg files. + Decoders: - Fix DxVA/D3D11 crashes on HEVC files with bogus references. - Fix libass storage size and crash. - Fix decoding errors on macOS hw decoding on some HEVC files. + Video Output: - Fix color regression with VAAPI/iOS and OpenGL output. - Fix some resizing issues with OpenGL on GLX/EGL/X11/XV. - Fix Direct3d9 texture stretching. - Fix 10-bit accelerated video filters on macOS. + Playlist: Avoid playlist liveloop on failed/tiny items (temporize EOS bursts). + Misc: - Misc fixes for the extension UI on macOS. - Improve SMBv1 and SMBv2 behaviours. - Improve FTP compatibility. - Support RISC-V. - Fix AVI muxing for Windows Media Player compatibility. - Fix seeking speed on macOS. Important SUSE bug 1200944 SUSE bug 1206142 CVE-2022-41325 cpe:/o:opensuse:leap:15.4 Security update for mbedtls (Important) openSUSE Leap 15.4 This update for mbedtls fixes the following issues: - CVE-2022-46393: Fixed potential heap buffer overread and overwrite in DTLS (boo#1206576). Important SUSE bug 1206576 CVE-2022-46393 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: Update to 85.0.4341.28 - CHR-8816 Update chromium on desktop-stable-99-4341 to 99.0.4844.84 - DNA-98092 Crash at views::MenuItemView::GetMenuController() - DNA-98278 Translations for O85 - DNA-98320 [Mac] Unable to delete recent search entries - DNA-98614 Show recent searches for non-BABE users - DNA-98615 Allow removal of recent searches - DNA-98616 Add recent searches to ‘old’ BABE - DNA-98617 Make it possible to disable ad-blocker per-country - DNA-98651 Remove Instagram and Facebook Messenger in Russia - DNA-98653 Add flag #recent-searches - DNA-98696 smoketest PageInfoHistoryDataSourceTest.FormatTimestampString failing - DNA-98703 Port Chromium issue 1309225 to Opera Stable - The update to chromium 99.0.4844.84 fixes following issues: CVE-2022-1096 - Changes in 85.0.4341.18 - CHR-8789 Update chromium on desktop-stable-99-4341 to 99.0.4844.51 - DNA-98059 [Linux] Crash at opera::FreedomSettingsImpl::IsBypassForDotlessDomainsEnabled - DNA-98349 [Linux] Crash at bluez::BluezDBusManager::Get() - DNA-98126 System crash dialog shown on macOS <= 10.15 - DNA-98331 [Snap] Meme generator cropping / resizing broken - DNA-98394 Audio tab indicator set to 'muted' on videoconferencing sites - DNA-98481 Report errors in opauto_collector - The update to chromium 99.0.4844.51 fixes following issues: CVE-2022-0789, CVE-2022-0790, CVE-2022-0791, CVE-2022-0792, CVE-2022-0793, CVE-2022-0794, CVE-2022-0795, CVE-2022-0796, CVE-2022-0797, CVE-2022-0798, CVE-2022-0799, CVE-2022-0800, CVE-2022-0801, CVE-2022-0802, CVE-2022-0803, CVE-2022-0804, CVE-2022-0805, CVE-2022-0806, CVE-2022-0807, CVE-2022-0808, CVE-2022-0809 - Changes in 85.0.4341.13 - DNA-94119 Upgrade curl to 7.81.0 - DNA-97849 [Mac monterey] System shortcut interfere with Opera’s `ToggleSearchInOpenTabs` shortcut - DNA-98204 Automatic popout happens when video is paused - DNA-98231 Shortcuts are blocked by displayed tab tooltip when triggered quickly after tooltip appears - DNA-98321 Add thinlto-cache warnings to suppression list - DNA-98395 Promote O85 to stable - Complete Opera 85.0 changelog at: https://blogs.opera.com/desktop/changelog-for-85/ - Update to 84.0.4316.42 - DNA-94119 Upgrade curl to 7.81.0 - DNA-98092 Crash at views::MenuItemView::GetMenuController() - DNA-98204 Automatic popout happens when video is paused - DNA-98231 Shortcuts are blocked by displayed tab tooltip when triggered quickly after tooltip appears - Update to 84.0.4316.31 - CHR-8772 Update chromium on desktop-stable-98-4316 to 98.0.4758.109 - DNA-97573 [Win][Lin]”Close tab” button is not displayed on tabs playing media when many tabs are open - DNA-97729 cancelling the process uploading custom Wallpaper crashes the browser - DNA-97871 Google meet tab’s icons don’t fit on pinned tab - DNA-97872 Tab is being unpinned when video conferencing button is clicked - DNA-98039 Dark theme top sites have black background - DNA-98117 Clicking current tab information should hide tooltip - Update to 84.0.4316.21 - CHR-8762 Update chromium on desktop-stable-98-4316 to 98.0.4758.102 - DNA-97333 ‘Add a site’ label on start page tile barely visible - DNA-97691 Opera 84 translations - DNA-97767 Wrong string in FR - DNA-97855 Crash at ScopedProfileKeepAlive::~ScopedProfileKeepAlive() - DNA-97982 Enable #snap-upstream-implementation on all streams - The update to chromium 98.0.4758.102 fixes following issues: CVE-2022-0603, CVE-2022-0604, CVE-2022-0605, CVE-2022-0606, CVE-2022-0607, CVE-2022-0608, CVE-2022-0609, CVE-2022-0610 - Update to 84.0.4316.14 - CHR-8753 Update chromium on desktop-stable-98-4316 to 98.0.4758.82 - DNA-97177 Battery saver – the icon looks bad for DPI!=100% - DNA-97614 automatic video pop-out for most popular websites broadcasting Winter Olympic Games 2022 - DNA-97804 Promote O84 to stable - The update to chromium 98.0.4758.82 fixes following issues: CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0455, CVE-2022-0456, CVE-2022-0457, CVE-2022-0458, CVE-2022-0459, CVE-2022-0460, CVE-2022-0461, CVE-2022-0462, CVE-2022-0463, CVE-2022-0464, CVE-2022-0465, CVE-2022-0466, CVE-2022-0467, CVE-2022-0468, CVE-2022-0469, CVE-2022-0470 - Complete Opera 84.0 changelog at: https://blogs.opera.com/desktop/changelog-for-84/ - Update to 83.0.4254.54 - DNA-96581 Fast tab tooltip doesn’t always show related sites with scrollable tab strip - DNA-96608 Cannot drag a tab to create a new window - DNA-96657 Do not make tab tooltip hoverable if there’s no list of tabs - DNA-97291 Crash at opera::flow::FlowSessionImpl::RegisterDevice(base::OnceCallback) - DNA-97468 Incorrect number of restored tabs when video-popout is detached - DNA-97476 Add retry to stapling during signing - DNA-97609 Failing MetricsReporterTest.TimeSpent* smoketests - Update to 83.0.4254.27 - CHR-8737 Update chromium on desktop-stable-97-4254 to 97.0.4692.99 - DNA-96336 [Mac] Translate new network installer slogan - DNA-96678 Add battery level monitoring capability to powerSavePrivate - DNA-96939 Crash at opera::ExternalVideoService::MarkAsManuallyClosed() - DNA-97276 Enable #static-tab-audio-indicator on all streams - The update to chromium 97.0.4692.99 fixes following issues: CVE-2022-0289, CVE-2022-0290, CVE-2022-0291, CVE-2022-0292, CVE-2022-0293, CVE-2022-0294, CVE-2022-0295, CVE-2022-0296, CVE-2022-0297, CVE-2022-0298, CVE-2022-0300, CVE-2022-0301, CVE-2022-0302, CVE-2022-0304, CVE-2022-0305, CVE-2022-0306, CVE-2022-0307, CVE-2022-0308, CVE-2022-0309, CVE-2022-0310, CVE-2022-0311 - Update to 83.0.4254.19 - DNA-96079 Turn on #automatic-video-popout on developer - DNA-97070 Opera 83 translations - DNA-97119 [LastCard] Stop showing used burner cards - DNA-97131 Enable automatic-video-popout on all streams from O84 on - DNA-97257 Crash at views::ImageButton::SetMinimumImageSize(gfx::Size const&) - DNA-97259 Promote O83 to stable - Complete Opera 83.0 changelog at: https://blogs.opera.com/desktop/changelog-for-83/ - Update to 83.0.4254.16 - DNA-96968 Fix alignment of the 'Advanced' button in Settings - Update to 83.0.4254.14 - CHR-8701 Update chromium on desktop-stable-97-4254 to 97.0.4692.45 - CHR-8713 Update chromium on desktop-stable-97-4254 to 97.0.4692.56 - CHR-8723 Update chromium on desktop-stable-97-4254 to 97.0.4692.71 - DNA-96780 Crash at ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*) - DNA-96822 Tab close resize behavior change - DNA-96861 Create Loomi Options menu - DNA-96904 Support Win11 snap layout popup - DNA-96951 Tab close animation broken - DNA-96991 Tab X button doesn’t work correctly - DNA-97027 Incorrect tab size after tab close - The update to chromium 97.0.4692.71 fixes following issues: CVE-2022-0096, CVE-2022-0097, CVE-2022-0098, CVE-2022-0099, CVE-2022-0100, CVE-2022-0101, CVE-2022-0102, CVE-2022-0103, CVE-2022-0104, CVE-2022-0105, CVE-2022-0105, CVE-2022-0106, CVE-2022-0107, CVE-2022-0108, CVE-2022-0109, CVE-2022-0110, CVE-2022-0111, CVE-2022-0111, CVE-2022-0112, CVE-2022-0113, CVE-2022-0114, CVE-2022-0115, CVE-2022-0116, CVE-2022-0117, CVE-2022-0118, CVE-2022-0120 - Update to version 82.0.4227.58 - DNA-96780 Crash at ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*) - DNA-96890 Settings default browser not working for current user on Windows 7 - Update to version 82.0.4227.43 - CHR-8705 Update chromium on desktop-stable-96-4227 to 96.0.4664.110 - DNA-93284 Unstable obj/opera/desktop/common/installer_rc_generated/installer.res - DNA-95908 Interstitial/internal pages shown as NOT SECURE after visiting http site - DNA-96404 Opera doesn’t show on main screen when second screen is abruptly disconnected - The update to chromium 96.0.4664.110 fixes following issues: CVE-2021-4098, CVE-2021-4099, CVE-2021-4100, CVE-2021-4101, CVE-2021-4102 - Update to version 82.0.4227.33 - CHR-8689 Update chromium on desktop-stable-96-4227 to 96.0.4664.93 - DNA-96559 Tooltip popup looks bad in dark theme - DNA-96570 [Player] Tidal logging in via PLAY doesn’t work - DNA-96594 Unnecessary extra space in fullscreen mode on M1 Pro MacBooks - DNA-96649 Update Meme button - DNA-96676 Add Icon in the Sidebar Setup - DNA-96677 Add default URL - The update to chromium 96.0.4664.93 fixes following issues: CVE-2021-4052, CVE-2021-4053, CVE-2021-4079, CVE-2021-4054, CVE-2021-4078, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057, CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062, CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066, CVE-2021-4067, CVE-2021-4068 - Update to version 82.0.4227.23 - DNA-95632 With new au-logic UUID is set with delay and may be not set for pb-builds (when closing fast) - DNA-96349 Laggy tooltip animation - DNA-96483 [Snap][Linux] Video not working / wrong ffmpeg snap version for Opera 82 - DNA-96493 Create 'small' enticement in credit card autofill - DNA-96533 Opera 82 translations - DNA-96535 Make the URL configurable - DNA-96553 Add switch to whitelist test pages - DNA-96557 Links not opened from panel - DNA-96558 AdBlock bloks some trackers inside the panel - DNA-96568 [Player] Tidal in sidebar Player opens wrong site when logging in - DNA-96659 Siteprefs not applied after network service crash - DNA-96593 Promote O82 to stable - Complete Opera 82.0 changelog at: https://blogs.opera.com/desktop/changelog-for-82/ - Update to version 82.0.4227.13 - CHR-8668 Update chromium on desktop-stable-96-4227 to 96.0.4664.45 - DNA-76987 [Mac] Update desktop EULA with geolocation split - DNA-93388 Problem with symlinks on windows when creating file list - DNA-95734 Discarded Recently Closed items get revived after restart - DNA-96134 'Your profile has been updated' does not disappear - DNA-96190 Opera freezes when trying to drag expanded bookmark folder with nested subfolders - DNA-96223 Easy Files not working in Full Screen - DNA-96274 Checkout autofill shouldn't show used burner card - DNA-96275 Change the notification message for pausing multi-use cards - DNA-96295 'Video pop out' setting doesn't sync - DNA-96316 Highlight text wrong colour on dark mode - DNA-96326 Wrong translation Private Mode > Turkish - DNA-96351 macOS window controls are missing in full screen - DNA-96440 Update video URL - DNA-96448 add option to pin extension via rich hints - DNA-96453 Register user-chosen option on client-side, read on hint side - DNA-96454 Choosing an option from the settings menu should close the popup - DNA-96484 Enable AB test for a new autoupdater logic (for 50%) - DNA-96500 Add 'don't show me again' prefs to allowed whitelist - DNA-96538 Inline audiocomplete for www.mediaexpert.pl incorrectly suggested - The update to chromium 96.0.4664.45 fixes following issues: CVE-2021-38005, CVE-2021-38006, CVE-2021-38007, CVE-2021-38008, CVE-2021-38009, CVE-2021-38010, CVE-2021-38011, CVE-2021-38012, CVE-2021-38013, CVE-2021-38014, CVE-2021-38015, CVE-2021-38016, CVE-2021-38017, CVE-2021-38019, CVE-2021-38020, CVE-2021-38021, CVE-2021-38022 - Update to version 81.0.4196.54 - CHR-8644 Update chromium on desktop-stable-95-4196 to 95.0.4638.69 - DNA-95773 ExtensionWebRequestApiTest crashes on mac - DNA-96062 Opera 81 translations - DNA-96134 “Your profile has been updated’ does not disappear - DNA-96274 Checkout autofill shouldn’t show used burner card - DNA-96275 Change the notification message for pausing multi-use cards - DNA-96440 Update video URL - The update to chromium 95.0.4638.69 fixes following issues: CVE-2021-37997, CVE-2021-37998, CVE-2021-37999, CVE-2021-37980, CVE-2021-38001, CVE-2021-38002, CVE-2021-38003, CVE-2021-38004 - Update to version 81.0.4196.37 - DNA-96008 Crash at content::WebContentsImpl::OpenURL(content::OpenURLParams const&) - DNA-96032 Closing the videoconference pop-up force leaving the meeting - DNA-96092 Crash at void opera::ModalDialogViews::OnWidgetClosing(opera::ModalDialog::Result) - DNA-96142 [Yat] Emoji icon cut off in URL for Yat - Update to version 81.0.4196.31 - DNA-95733 Implement the “Manage” menu in card details view - DNA-95736 Update UI for paused card - DNA-95791 Crash at base::operator< - DNA-95794 Sometimes the sidebar UI fails to load - DNA-95812 Retrieve cards info when showing autofill - DNA-96035 Cannot create virtual card on Sandbox environment - DNA-96147 “Buy” button does not work - DNA-96168 Update contributors list - DNA-96211 Enable #fast-tab-tooltip on all streams - DNA-96231 Promote O81 to stable - Complete Opera 80.1 changelog at: https://blogs.opera.com/desktop/changelog-for-81/ - Update to version 81.0.4196.27 - CHR-8623 Update chromium on desktop-stable-95-4196 to 95.0.4638.54 - DNA-92384 Better segmenting of hint users - DNA-95523 Allow sorting in multi-card view - DNA-95659 Flow of Lastcard on first login - DNA-95735 Implement the button that reveals full card details - DNA-95747 Better way to handle expired funding card - DNA-95949 [Mac Retina] Clicking active tab should scroll to the top - DNA-95993 Update icon used for Yat in address bar dropdown - DNA-96021 Cleared download item view is never deleted - DNA-96036 Occupation field in 'Account – Edit' is shown twice - DNA-96127 Upgrade plan button does nothing - DNA-96138 'Add Card' button does not change to 'Upgrade Plan' after adding card - The update to chromium 95.0.4638.54 fixes following issues: CVE-2021-37981, CVE-2021-37982, CVE-2021-37983, CVE-2021-37984, CVE-2021-37985, CVE-2021-37986, CVE-2021-37987, CVE-2021-37988, CVE-2021-37989, CVE-2021-37990, CVE-2021-37991, CVE-2021-37992, CVE-2021-37993, CVE-2021-37994, CVE-2021-37995, CVE-2021-37996 - Update to version 80.0.4170.72 - DNA-95522 Change card view to show all types of cards - DNA-95523 Allow sorting in multi-card view - DNA-95524 Allow searching for cards by name - DNA-95658 Allow user to add a card - DNA-95659 Flow of Lastcard on first login - DNA-95660 Implement editing card details - DNA-95699 Add card details view - DNA-95733 Implement the “Manage” menu in card details view - DNA-95735 Implement the button that reveals full card details - DNA-95736 Update UI for paused card - DNA-95747 Better way to handle expired funding card - DNA-95794 Sometimes the sidebar UI fails to load - DNA-95812 Retrieve cards info when showing autofill - DNA-96036 Occupation field in ‘Account – Edit’ is shown twice - DNA-96127 Upgrade plan button does nothing - DNA-96138 “Add Card” button does not change to “Upgrade Plan” after adding card - Update to version 80.0.4170.63 - CHR-8612 Update chromium on desktop-stable-94-4170 to 94.0.4606.81 - DNA-95434 Crash at opera::ThemesService::UpdateCurrentTheme() - The update to chromium 94.0.4606.81 fixes following issues: CVE-2021-37977, CVE-2021-37978, CVE-2021-37979, CVE-2021-37980 - Update to version 80.0.4170.40 - CHR-8598 Update chromium on desktop-stable-94-4170 to 94.0.4606.71 - DNA-95221 Emoji button stuck in address bar - DNA-95325 Make y.at navigations to be reported with page_views events - DNA-95327 Add “Emojis” context menu option in address bar field - DNA-95339 Add YAT emoji url suggestion to search? dialog - DNA-95416 Remove emoji button from address bar - DNA-95439 Enable #yat-emoji-addresses on developer stream - DNA-95441 [Mac big sur] Emoji are not shown in address bar url - DNA-95514 Crash at resource_coordinator::TabLifecycleUnitSource ::TabLifecycleUnit::OnLifecycleUnitStateChanged(mojom:: LifecycleUnitState, mojom::LifecycleUnitStateChangeReason) - DNA-95746 Enable #reader-mode everywhere - DNA-95865 Numbers are recognized as emojis - DNA-95866 Change Yat text in selection popup - DNA-95867 Show that buttons are clickable in selection popup - The update to chromium 94.0.4606.71 fixes following issues: CVE-2021-37974, CVE-2021-37975, CVE-2021-37976 - Update to version 80.0.4170.16 - CHR-8590 Update chromium on desktop-stable-94-4170 to 94.0.4606.61 - DNA-95347 Make InstallerStep::Run async - DNA-95420 First suggestion in address field is often not highlighted - DNA-95613 Browser closing itself after closing SD/first tab and last opened tab - DNA-95725 Promote O80 to stable - DNA-95781 Import fixes for CVE-2021-37975, CVE-2021-37976 and CVE-2021-37974 to desktop-stable-94-4170 - Complete Opera 80.0 changelog at: https://blogs.opera.com/desktop/changelog-for-80/ - Drop Provides/Obsoletes for opera-gtk and opera-kde4 opera-gtk and opera-kde4 were last used in openSUSE 13.1 - Drop post/postun for desktop_database_post and icon_theme_cache_post because were last used before openSUSE 15.0 - Update to version 79.0.4143.72 - DNA-94933 Add emoji panel to address bar - DNA-95210 Add emoji YAT address bar suggestions - DNA-95221 Emoji button stuck in address bar - DNA-95325 Make y.at navigations to be reported with page_views events - DNA-95327 Add “Emojis” context menu option in address bar field - DNA-95339 Add YAT emoji url suggestion to search? dialog - DNA-95364 Add browser feature flag - DNA-95416 Remove emoji button from address bar - DNA-95439 Enable #yat-emoji-addresses on developer stream - DNA-95441 [Mac big sur] Emoji are not shown in address bar url - DNA-95445 Crash when removing unsynced pinboard bookmark with sync enabled - DNA-95512 Allow to show title and timer for simple banners - DNA-95516 Wrong label in settings for themes - DNA-95679 Temporarily disable AB test for a new autoupdater logic - Update to version 79.0.4143.50 - CHR-8571 Update chromium on desktop-stable-93-4143 to 93.0.4577.82 - DNA-94104 ContinueShoppingOnEbayBrowserTest.ShouldDisplayOffers TilesStartingWithMostActiveOnes fails - DNA-94894 [Rich Hint] Agent API permissions - DNA-94989 Wrong color and appearance of subpages in the settings - DNA-95241 “Switch to tab” button is visible only on hover - DNA-95286 Add unit tests to pinboard sync related logic in browser - DNA-95372 [Mac retina screen] Snapshot doesnt capture cropped area - DNA-95526 Some webstore extensions are not verified properly - The update to chromium 93.0.4577.82 fixes following issues: CVE-2021-30625, CVE-2021-30626, CVE-2021-30627, CVE-2021-30628, CVE-2021-30629, CVE-2021-30630, CVE-2021-30631, CVE-2021-30632, CVE-2021-30633 - Update to version 79.0.4143.22 - CHR-8550 Update chromium on desktop-stable-93-4143 to 93.0.4577.58 - CHR-8557 Update chromium on desktop-stable-93-4143 to 93.0.4577.63 - DNA-94641 [Linux] Proprietary media codecs not working in snap builds - DNA-95076 [Linux] Page crash with media content - DNA-95084 [Mac] Cannot quit through menu with snapshot editor open - DNA-95138 Add setting to synchronize Pinboards - DNA-95157 Crash at -[OperaCrApplication sendEvent:] - DNA-95204 Opera 79 translations - DNA-95240 The pinboard thumbnail cannot be generated anymore - DNA-95278 Existing Pinboards might be missing - DNA-95292 Enable #bookmarks-trash-cleaner on all streams - DNA-95293 Enable #easy-files-downloads-folder on all streams - DNA-95383 Promote O79 to stable - Complete Opera 79.0 changelog at: https://blogs.opera.com/desktop/changelog-for-79/ - The update to chromium 93.0.4577.58 fixes following issues: CVE-2021-30606, CVE-2021-30607, CVE-2021-30608, CVE-2021-30609, CVE-2021-30610, CVE-2021-30611, CVE-2021-30612, CVE-2021-30613, CVE-2021-30614, CVE-2021-30615, CVE-2021-30616, CVE-2021-30617, CVE-2021-30618, CVE-2021-30619, CVE-2021-30620, CVE-2021-30621, CVE-2021-30622, CVE-2021-30623, CVE-2021-30624 - Update to version 78.0.4093.184 - CHR-8533 Update chromium on desktop-stable-92-4093 to 92.0.4515.159 - DNA-93472 Reattaching to other browsers - DNA-93741 Multiple hint slots - DNA-93742 Allow displaying unobtrusive external hints - DNA-93744 Add slots in toolbar action view - DNA-94230 Improve text contrast for Speed Dials - DNA-94724 [Mac] Add macOS dark theme wallpaper with easy setup - DNA-94786 Crash at base::SupportsUserData:: SetUserData(void const*, std::__1::unique_ptr) - DNA-94807 Allow scripts access opera version and product info - DNA-94862 Continue on shopping Amazon doesn’t work correct - DNA-94870 Add an addonsPrivate function to install with permissions dialog first - DNA-95064 Revert DNA-93714 on stable - The update to chromium 92.0.4515.159 fixes following issues: CVE-2021-30598, CVE-2021-30599, CVE-2021-30600, CVE-2021-30601, CVE-2021-30602, CVE-2021-30603, CVE-2021-30604 - Update to version 78.0.4093.147 - CHR-8251 Update chromium on desktop-stable-92-4093 to 92.0.4515.131 - DNA-93036 Opera not starting after closing window. Processes still working. - DNA-94516 Add ‘Detach tab’ entry to tab menu - DNA-94584 [Mac] Sidebar setup not closed after press ‘Add extensions’ button - DNA-94761 Crash when trying to record “Chrome developer” trace - DNA-94790 Crash at opera::VideoConferenceTabDetachController:: OnBrowserAboutToStartClosing(Browser*) - The update to chromium 92.0.4515.131 fixes following issues: CVE-2021-30590, CVE-2021-30591, CVE-2021-30592, CVE-2021-30593, CVE-2021-30594, CVE-2021-30596, CVE-2021-30597 - Update to version 78.0.4093.112 - DNA-94466 Implement sorting Pinboards in overview - DNA-94582 Add access to APIs for showing pinboard icon in sidebar - DNA-94603 Suspicious pinboards events - DNA-94625 Disable opr.pinboardPrivate.getThumbnail() for local files - DNA-94640 Promote O78 to stable - DNA-94661 Missing translations for some languages - Complete Opera 78.0 changelog at: https://blogs.opera.com/desktop/changelog-for-78/ - Update to version 77.0.4054.277 - CHR-8502 Update chromium on desktop-stable-91-4054 to 91.0.4472.164 - DNA-94291 Video conference popout doesnt remember its size after resizing - DNA-94399 Incorrect icon for wp.pl in address bar dropdown - DNA-94462 Low quality of default wallpaper on windows - The update to chromium 91.0.4472.164 fixes following issues: CVE-2021-30541, CVE-2021-30560, CVE-2021-30561, CVE-2021-30562, CVE-2021-30563, CVE-2021-30564 - Update to version 77.0.4054.254 - DNA-92344 Windows 10 Implementation - DNA-92486 Replace ⓧ icon with “settings” icon - DNA-92487 Close individual item - DNA-92496 Create separate entry in settings for BABE - DNA-93275 Implement cycles size according to design - DNA-93280 The system theme has only half a checkmark - DNA-93728 Whatsapp notification is not refreshed - DNA-94047 Remove pinboard WebUI integration - DNA-94118 Write test for ThumbnailTabHelper changes in DNA-94100 - DNA-94120 Fix Welcome popup layout - DNA-94140 Crash at base::TaskRunner ::PostTask(base::Location const&, base::OnceCallback) - DNA-94205 Consider setting pinboard display URL in address_field_helper.cc - DNA-94211 Easy Files don’t show thumbnails - DNA-94309 Pinboards URLs don’t get lighter color treatment - DNA-94318 Wrong ‘Transparency’ word translation in Swedish - DNA-94321 AB test: google suggestions on top – bigger test - DNA-94341 Make pinboard popup testable on web page - DNA-94381 Disabling Pinboards doesn’t remove item from menu / sidebar - DNA-94392 Add u2f-devices interface to snap packages - DNA-94461 Enable #system-theme on all streams - Update to version 77.0.4054.203 - CHR-8475 Update chromium on desktop-stable-91-4054 to 91.0.4472.124 - DNA-93523 Crash at extensions::TabHelper::WebContentsDestroyed() - DNA-93917 Upload snap to edge while preparing repository package - DNA-94157 Crash at gfx::ICCProfile::operator=(gfx::ICCProfile const&) - DNA-94159 Crash at opera::auth::AuthAccountServiceImpl::GetAuthAccount() - DNA-94161 [Add tabs]Unexpected symbols instead of Workspace name - DNA-94241 Implement better process killing for timeout - DNA-94248 Allow retry on tests that timed-out - DNA-94251 heap-use-after-free in VideoConference - DNA-94315 Crash at class std::__1::basic_string ui::ResourceBundle:: LoadLocaleResources(const class std::__1::basic_string& const, bool) - DNA-94357 Fix issue in scripts - Update to version 77.0.4054.172 - DNA-93078 Do not display ‘share tab’ sliding toolbar on detached tab - DNA-93358 The red underline extends beyond the Google meets conference tab outline - DNA-93404 Crash in test when destroying BABE’s webcontents - DNA-93637 ctrl+9 shortcut is inconsistent with other browsers - DNA-93661 Add opauto test to cover new shortcut from DNA-93637 - DNA-93867 Use version from package instead of repository - DNA-93993 Pinboard translations from Master - DNA-94099 Increase new-autoupdater-logic AB test to cover 50% of new installations - DNA-94100 Thumbnail doesn’t update - DNA-94178 Automatic popout should not happen after manually closing a popout - Update to version 77.0.4054.146 - CHR-8458 Update chromium on desktop-stable-91-4054 to 91.0.4472.114 - DNA-92171 Create active linkdiscovery service - DNA-92388 Fix and unskip WorkspacesEmoji.testChooseEmojiAsWorkspaceIcon when possible - DNA-93101 Tabs are being snoozed when tab snoozing is disabled - DNA-93386 Update pinboard view when item changes - DNA-93448 Make browser ready for Developer release - DNA-93491 Fix failing tests after enabling #pinboard flag - DNA-93498 Add additional music services - DNA-93503 Blank popup on clicking toolbar icon with popup open - DNA-93561 Do not allow zoom different from 100% in Pinboard popup - DNA-93637 ctrl+9 shortcut is inconsistent with other browsers - DNA-93644 Create route for `import open tabs` to `pinboard` - DNA-93664 Adapt popup to design - DNA-93702 Turn on flags on developer - DNA-93737 [Pinboard] Remove Mock API - DNA-93745 Unable to open the popup after opening it several times - DNA-93776 Popup closes and reopens when clicking the toolbar button - DNA-93786 DCHECK after opening popup - DNA-93802 Crash at views::Widget::GetNativeView() const - DNA-93810 Add pinboard icon to sidebar - DNA-93825 Add pinboard to Opera menu - DNA-93833 [Player] Implement seeking for new services - DNA-93845 Do not log output of snapcraft on console - DNA-93864 Create feature flag for start page sync banner - DNA-93865 Implement start page banner - DNA-93867 Use version from package instead of repository - DNA-93878 [Player] Crash when current player service becomes unavailable when user location changes - DNA-93953 ‘Send image to Pinboard’ has the wrong position in the context menu - DNA-93987 Disable zooming popup contents like in other popups - DNA-93989 Change internal URL to opera://pinboards - DNA-93990 Update strings to reflect new standards - DNA-93992 Add Pinboards to Opera settings - DNA-93993 Pinboard translations from Master - DNA-94011 Enable feature flags for Reborn 5 on stable - DNA-94019 Add a direct link to settings - DNA-94088 Internal pages provoke not saving other pages to the Pinboard - DNA-94111 [O77] Sidebar setup does not open - DNA-94139 Crash at opera::(anonymous namespace)::PinboardPopupWebView::RemovedFromWidget() - The update to chromium 91.0.4472.114 fixes following issues: CVE-2021-30554, CVE-2021-30555, CVE-2021-30556, CVE-2021-30557 - Update to version 77.0.4054.90 - CHR-8446 Update chromium on desktop-stable-91-4054 to 91.0.4472.101 - The update to chromium 91.0.4472.101 fixes following issues: CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547, CVE-2021-30548, CVE-2021-30549, CVE-2021-30550, CVE-2021-30551, CVE-2021-30552, CVE-2021-30553 - Update to version 77.0.4054.80 - DNA-93656 Active cards in checkout Auto-fill - DNA-93805 Create snap packages in buildsign - DNA-93823 archive_opera_snap failures on Linux - DNA-93844 Fix AttributeError in package_type.py - Update to version 77.0.4054.64 - DNA-93159 Implement image(preview) of each created pinboard - DNA-93273 ‘Send image to Pinboard’ doesn’t work correct on staging server - DNA-93277 Add/update opauto tests for the System Theme WP1 implementation p.1 - DNA-93286 [BigSur] YT not being reloaded when opened from link - DNA-93296 Opera 77 translations - DNA-93372 Build new edition for Axel Springer - DNA-93376 Write unittests for PinboardImageCollector - DNA-93401 [LastCard] Do not change user state if not needed - DNA-93409 Animation with hat and glasses is missing in Private mode - DNA-93443 API opr.pinboardPrivate.getThumbnail() returns old thumbnail image - DNA-93509 Add Opera switch for pinboard staging backend and use it for tests - DNA-93519 [Sidebar] WhatsApp ‘Log out’ doesn’t work - DNA-93634 Fix errors in Slovak translations - DNA-93724 Some webstore extensions are not verified properly - Complete Opera 77.0 changelog at: https://blogs.opera.com/desktop/changelog-for-77/ - Update to version 76.0.4017.177 - DNA-92597 Sound controller doesn’t work after pressing ‘Next’ button - DNA-93405 Import vmp_signer instead of starting new python process - DNA-93406 [Mac] Import plist_util instead of calling script in _generateAppEntitlements - DNA-93442 Make GX Control panel attachable by webdriver - DNA-93554 [AdBlock] Find a fix for blocking ‘new’ YouTube ads - DNA-93587 Pre-refactor solution - Update to version 76.0.4017.154 - CHR-8420 Update chromium on desktop-stable-90-4017 to 90.0.4430.212 - DNA-92411 Bookmarks breadcrumbs wrong color when pressed in dark mode - DNA-92587 Sync settings: “Use old password” button doesn’t work - DNA-92672 Make it possible for agent to inject scripts into startpage - DNA-92712 Add SD reload API - DNA-93190 The bookmark can’t be opened in Workspace 5-6 - DNA-93247 Reopen last closed tab shortcut opens random tab on new window - DNA-93294 Binary diff for opera_browser.dll is not created on 32-bit builds - DNA-93313 Add opauto test to cover DNA-93190 - DNA-93368 Fix an error in Polish translation - DNA-93408 [Windows] widevine_cdm_component_installer does not compile on desktop-stable-90-4017 - The update to chromium 90.0.4430.212 fixes following issues: CVE-2021-30506, CVE-2021-30507, CVE-2021-30508, CVE-2021-30509, CVE-2021-30510, CVE-2021-30511, CVE-2021-30512, CVE-2021-30513, CVE-2021-30514, CVE-2021-30515, CVE-2021-30516, CVE-2021-30517, CVE-2021-30518, CVE-2021-30519, CVE-2021-30520 Important CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520 CVE-2021-30541 CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547 CVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551 CVE-2021-30552 CVE-2021-30553 CVE-2021-30554 CVE-2021-30555 CVE-2021-30556 CVE-2021-30557 CVE-2021-30560 CVE-2021-30561 CVE-2021-30562 CVE-2021-30563 CVE-2021-30564 CVE-2021-30590 CVE-2021-30591 CVE-2021-30592 CVE-2021-30593 CVE-2021-30594 CVE-2021-30596 CVE-2021-30597 CVE-2021-30598 CVE-2021-30599 CVE-2021-30600 CVE-2021-30601 CVE-2021-30602 CVE-2021-30603 CVE-2021-30604 CVE-2021-30606 CVE-2021-30607 CVE-2021-30608 CVE-2021-30609 CVE-2021-30610 CVE-2021-30611 CVE-2021-30612 CVE-2021-30613 CVE-2021-30614 CVE-2021-30615 CVE-2021-30616 CVE-2021-30617 CVE-2021-30618 CVE-2021-30619 CVE-2021-30620 CVE-2021-30621 CVE-2021-30622 CVE-2021-30623 CVE-2021-30624 CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30629 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022 CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4078 CVE-2021-4079 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098 CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 CVE-2022-0120 CVE-2022-0289 CVE-2022-0290 CVE-2022-0291 CVE-2022-0292 CVE-2022-0293 CVE-2022-0294 CVE-2022-0295 CVE-2022-0296 CVE-2022-0297 CVE-2022-0298 CVE-2022-0300 CVE-2022-0301 CVE-2022-0302 CVE-2022-0304 CVE-2022-0305 CVE-2022-0306 CVE-2022-0307 CVE-2022-0308 CVE-2022-0309 CVE-2022-0310 CVE-2022-0311 CVE-2022-0452 CVE-2022-0453 CVE-2022-0454 CVE-2022-0455 CVE-2022-0456 CVE-2022-0457 CVE-2022-0458 CVE-2022-0459 CVE-2022-0460 CVE-2022-0461 CVE-2022-0462 CVE-2022-0463 CVE-2022-0464 CVE-2022-0465 CVE-2022-0466 CVE-2022-0467 CVE-2022-0468 CVE-2022-0469 CVE-2022-0470 CVE-2022-0603 CVE-2022-0604 CVE-2022-0605 CVE-2022-0606 CVE-2022-0607 CVE-2022-0608 CVE-2022-0609 CVE-2022-0610 CVE-2022-0789 CVE-2022-0790 CVE-2022-0791 CVE-2022-0792 CVE-2022-0793 CVE-2022-0794 CVE-2022-0795 CVE-2022-0796 CVE-2022-0797 CVE-2022-0798 CVE-2022-0799 CVE-2022-0800 CVE-2022-0801 CVE-2022-0802 CVE-2022-0803 CVE-2022-0804 CVE-2022-0805 CVE-2022-0806 CVE-2022-0807 CVE-2022-0808 CVE-2022-0809 CVE-2022-1096 cpe:/o:opensuse:leap:15.4 Security update for varnish (Important) openSUSE Leap 15.4 This update for varnish fixes the following issues: varnish was updated to release 7.1.0 [boo#1195188] [CVE-2022-23959] * VCL: It is now possible to assign a BLOB value to a BODY variable, in addition to STRING as before. * VMOD: New STRING strftime(TIME time, STRING format) function for UTC formatting. Important SUSE bug 1195188 CVE-2022-23959 cpe:/o:opensuse:leap:15.4 Security update for libredwg (Moderate) openSUSE Leap 15.4 This update for libredwg fixes the following issues: Update to release 0.12.5 [boo#1193372] [CVE-2021-28237] * Restricted accepted DXF objects to all stable and unstable classes, minus MATERIAL, ARC_DIMENSION, SUN, PROXY*. I.e. most unstable objects do not allow unknown DXF codes anymore. This fixed most oss-fuzz errors. Moderate SUSE bug 1193372 CVE-2021-28237 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: Update to 87.0.4390.25: - CHR-8870 Update chromium on desktop-stable-101-4390 to 101.0.4951.64 - DNA-99209 Enable #easy-files-multiupload on all streams - DNA-99325 Use a preference to set number of recent searches and recently closed in unfiltered dropdown - DNA-99353 Translations for O87 - DNA-99365 Adding title to the first category duplicates categories titles in the dropdown - DNA-99385 Feedback button in filtered dropdown can overlap with other web buttons for highlighted suggestion - DNA-99391 Add bookmarks at the bottom of a bookmarks bar folder - DNA-99491 Suggestion is not immediately removed form recent searches view in dropdown. - DNA-99501 Promote O87 to stable - DNA-99504 “Switch to tab” button is not aligned to the right for some categories in dropdown - The update to chromium 101.0.4951.64 fixes following issues: CVE-2022-1633, CVE-2022-1634, CVE-2022-1635, CVE-2022-1636, CVE-2022-1637, CVE-2022-1638, CVE-2022-1639, CVE-2022-1640, CVE-2022-1641 - Complete Opera 87.0 changelog at: https://blogs.opera.com/desktop/changelog-for-87/ - Update to 86.0.4363.59 - DNA-99021 Crash in sidebar when extension of sidebar item was uninstalled - DNA-99359 Crash at opera:: ContinueShoppingExpiredProductRemoverImpl::RemoveExpiredProducts() - Update to 86.0.4363.50 - DNA-68493 Opera doesn’t close address field drop-down when dragging text from the address field - DNA-99003 Crash at views::Widget::GetNativeView() const - DNA-99133 BrowserSidebarWithProxyAuthTest.PreloadWithWebModalDialog fails - DNA-99230 Switching search engine with shortcut stopped working after DNA-99178 - DNA-99317 Make history match appear on top - Update to 86.0.4363.32 - DNA-98510 Blank icon in sidebar setup - DNA-98525 Unable to drag tab to far right - DNA-98893 Sound indicator is too precise in Google Meet - DNA-98919 Shopping corner internal API access update - DNA-98924 Tab tooltip gets stuck on screen - DNA-98981 Enable easy-files-multiupload on developer stream - DNA-99041 Move Shopping Corner to sidebar entry - DNA-99061 Enable #address-bar-dropdown-categories on all streams - DNA-99062 Create flag to show top sites and recently closed in unfiltered suggestions - DNA-99064 Hard to drag & drop current URL to a specific folder on bookmarks bar when unfiltered dropdown is displayed - DNA-99070 Make scroll button in Continue On scroll multiple items - DNA-99089 Shopping corner tab is not preserved after restart - DNA-99115 Request updating the Avro schema for sidebar event - DNA-99117 Make sure shopping corner is enabled by default - DNA-99178 Left/right not working in address bar dropdown - DNA-99204 Hide Shopping Corner by default - Update to 86.0.4363.23 - CHR-8843 Update chromium on desktop-stable-100-4363 to 100.0.4896.127 - DNA-98236 Turn on #snap-text-selection on all streams - DNA-98507 DCHECK at address_bar_controller.cc(547) - DNA-98528 Suggestions for internal pages disappear when typing their full name - DNA-98538 Change name of 'Opera Crypto Wallet' to 'Crypto Wallet' - DNA-98540 Booking.com used instead of custom search engine - DNA-98587 Favicon of booking suggestion in the city category is unexpectedly changing - DNA-98605 City suggestions should show URL in address field when selected - DNA-98608 #address-bar-dropdown-categories expired - DNA-98616 Add recent searches to 'old' BABE - DNA-98668 Switch to tab button leads to wrong tab - DNA-98673 Improve suggestion removal handling in suggestion providers - DNA-98681 Remove unused suggestion consumers - DNA-98684 Have a dedicated SuggestionList for the new address bar dropdown - DNA-98685 Enable #native-crypto-wallet on developer - DNA-98688 'Disable this feature' mini-menu settings is non-intuitive - DNA-98690 Autocompleted text stayed in address field after removing suggestion - DNA-98738 Inline autocomplete suggestion for SD disappears after typing 3rd letter of SD name - DNA-98743 Blank dropdown after pressing space key - DNA-98783 Improve showing suggestions with long URLs or page titles - DNA-98785 'Switch to tab' button not shown for suggestions with www subdomain when typing domain text - DNA-98879 'Disable suggestions before typing' mini-menu option should change to 'Enable suggestions before typing' when being selected - DNA-98917 Translations for O86 - DNA-98975 Turn on #snap-crop-tool on all channels - DNA-98980 Enable #native-crypto-wallet on all streams - DNA-99005 The sidebar item is not visible for already active crypto wallet users when #native-crypto-wallet flag is enabled. - DNA-99007 Crash at TemplateURLRef::ParseIfNecessary(SearchTermsData const&) const - DNA-99047 Promote O86 to stable - The update to chromium 100.0.4896.127 fixes following issues: CVE-2022-1364 - Complete Opera 86.0 changelog at: https://blogs.opera.com/desktop/changelog-for-86/ - Update to 85.0.4341.60 - DNA-98666 Set baidu as default search engine in China - DNA-98707 Hint is not displayed for new crypto wallet sidebar icon - DNA-98775 RichHintsSearchEngineCondition.testSogouSearchEngine errors - Update to 85.0.4341.47 - DNA-98249 Add feature flag #native-crypto-wallet - DNA-98250 Install extension on startup - DNA-98251 Make Crypto Wallet setting enable / disable extension - DNA-98252 Deactivate old desktop crypto wallet - DNA-98253 Always show “Crypto Wallet” in Sidebar Setup - DNA-98497 Crash when installing extension - DNA-98506 Enable opera_feature_crypto_wallet_encryption on desktop - DNA-98510 Blank icon in sidebar setup - DNA-98538 Change name of 'Opera Crypto Wallet' to 'Crypto Wallet' - DNA-98685 Enable #native-crypto-wallet on developer - DNA-98766 Crash at opera::AddressBarControllerImpl::OpenNativeDropdown() - DNA-98768 Crash at extensions::ContentFilterPrivateIsWhitelistedFunction::Run() - DNA-98770 Recent searches stay in address field after selecting entry from dropdown - DNA-98772 Screen sharing broken - DNA-98803 Autofilled part appended after selecting address bar using shortcut Important CVE-2022-1364 CVE-2022-1633 CVE-2022-1634 CVE-2022-1635 CVE-2022-1636 CVE-2022-1637 CVE-2022-1638 CVE-2022-1639 CVE-2022-1640 CVE-2022-1641 cpe:/o:opensuse:leap:15.4 Security update for libxls (Moderate) openSUSE Leap 15.4 This update for libxls fixes the following issues: - CVE-2021-27836: Fixed possible NULL pointer dereference via crafted XLS file (boo#1192323) Moderate SUSE bug 1192323 CVE-2021-27836 cpe:/o:opensuse:leap:15.4 Security update for sphinx (Moderate) openSUSE Leap 15.4 sphinx was updated to fix the following issues: - CVE-2020-29050: SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). (boo#1195227) Moderate SUSE bug 1195227 CVE-2020-29050 cpe:/o:opensuse:leap:15.4 Security update for minetest (Important) openSUSE Leap 15.4 This update for minetest fixes the following issues: Update to version 5.6.0 * Fix CVE-2022-35978 ( boo#1202423 ): Mod scripts can escape sandbox in single player mode * `name` in game.conf is deprecated for the game title, use `title` instead * Add depth sorting for node faces * Various bug fixes * Full changes: https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0 - Introduced mbranch-protection=none CXX flag to resolve boo#1193141 (aarch64). Update to version 5.5.0 & 5.5.1: * Full log for version 5.5.0: https://dev.minetest.net/Changelog#5.4.0_.E2.86.92_5.5.0 * This release switches from Irrlicht to our own fork called IrrlichtMt. * Full log for version 5.5.1: https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.5.1 * This is a maintenance release based on 5.5.0, it contains bugfixes but no new features. - Added hardening to systemd service(s) (boo#1181400). - Update to version 5.4.1: * This is a maintenance release based on 5.4.0, it contains bugfixes but no new features. - Update to version 5.4.0 * Full log: https://dev.minetest.net/Changelog#5.3.0_.E2.86.92_5.4.0 * Removed support for bumpmapping, generated normal maps and parallax occlusion * By default, the crosshair will now change to an 'X' when pointing to objects * Prevent players accessing inventories of other players * Prevent interacting with items out of the hotbar * Prevent players from being able to modify ItemStack meta - Update to version 5.3.0. (see https://dev.minetest.net/Changelog#5.2.0_.E2.86.92_5.3.0) * Formspec improvements, including a scrolling GUI element * Performance improvements to the Server and API * Many bug fixes and small features - Now requires desktop-file-utils version >= 0.25. Important SUSE bug 1181400 SUSE bug 1193141 SUSE bug 1202423 CVE-2022-35978 cpe:/o:opensuse:leap:15.4 Security update for pdns-recursor (Important) openSUSE Leap 15.4 This update for pdns-recursor fixes the following issues: pdns-recursor was updated to 4.6.6: * fixes deterred spoofing attempts can lead to authoritative servers being marked unavailable (boo#1209897, CVE-2023-26437) Fixes in 4.6.5: * When an expired NSEC3 entry is seen, move it to the front of the expiry queue * Log invalid RPZ content when obtained via IXFR * Detect invalid bytes in makeBytesFromHex() * Timeout handling for IXFRs as a client Fixes in 4.6.4: * Check qperq limit if throttling happened, as it increases counters * Failure to retrieve DNSKEYs of an Insecure zone should not be fatal * Resize answer length to actual received length in udpQueryResponse Important SUSE bug 1209897 CVE-2023-26437 cpe:/o:opensuse:leap:15.4 Security update for editorconfig-core-c (Important) openSUSE Leap 15.4 This update for editorconfig-core-c fixes the following issues: Update to version 0.12.6: - CVE-2023-0341: Fixed a buffer overflow in ec_blob (boo#1211032) - Update property key, value length limits per spec change Important SUSE bug 1211032 CVE-2023-0341 cpe:/o:opensuse:leap:15.4 Security update for dcmtk (Moderate) openSUSE Leap 15.4 This update for dcmtk fixes the following issues: - CVE-2022-43272: Fixed memory leak via the T_ASC_Association object (boo#1206070) - Update to 3.6.7 (boo#1208639, boo#1208638, boo#1208637, CVE-2022-2121, CVE-2022-2120, CVE-2022-2119) - CVE-2022-2121: Fixed possible DoS via NULL pointer dereference - CVE-2022-2120: Fixed relative path traversal vulnerability - CVE-2022-2119: Fixed path traversal vulnerability See DOCS/CHANGES.367 for the full list of changes * Updated code definitions for DICOM 2022b * Fixed possible NULL pointer dereference Moderate SUSE bug 1206070 SUSE bug 1208637 SUSE bug 1208638 SUSE bug 1208639 CVE-2022-2119 CVE-2022-2120 CVE-2022-2121 CVE-2022-43272 cpe:/o:opensuse:leap:15.4 Security update for qt6-svg (Moderate) openSUSE Leap 15.4 This update for qt6-svg fixes the following issues: - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont m_unitsPerEm (boo#1211298) Moderate SUSE bug 1211298 CVE-2023-32573 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: - Update to 99.0.4788.13 * CHR-9290 Update Chromium on desktop-stable-113-4788 to 113.0.5672.127 * DNA-107317 __delayLoadHelper2 crash in crashreporter - The update to chromium 113.0.5672.127 fixes following issues: CVE-2023-2721, CVE-2023-2722, CVE-2023-2723, CVE-2023-2724, CVE-2023-2725, CVE-2023-2726 - Update to 99.0.4788.9 * CHR-9283 Update Chromium on desktop-stable-113-4788 to 113.0.5672.93 * DNA-107638 Translations for O99 * DNA-107678 Crash Report [@ BrowserContextKeyedServiceFactory:: BrowserContextKeyedServiceFactory(char const*, BrowserContextDependencyManager*) ] * DNA-107795 Fix wrong german translation of 'Close All Duplicate Tabs' * DNA-107800 Fonts on section#folder and AddSitePanel not readable when animated wallpaper chosen * DNA-107840 Promote O99 to stable - Update to 98.0.4759.39 * DNA-102363 ChromeFileSystemAccessPermissionContextTest. ConfirmSensitiveEntryAccess_DangerousFile fails * DNA-105534 [Add to Opera] Incorrect scroll on modal when browser window size is too small * DNA-106649 Opening new tab when pinned tab is active gives 2 active tabs * DNA-107226 Speed Dial freezes and empty space remains after Continue booking tile dragging * DNA-107435 Building archive_source_release target fails * DNA-107441 [Start page] Right mouse click on tile in continue on section opens target site in current tab * DNA-107508 Crash at permissions::PermissionRecoverySuccessRate Tracker::TrackUsage(ContentSettingsType) * DNA-107528 Handle real-time SD impression reporting * DNA-107546 Context menus broken with one workspace * DNA-107548 Paste from Context Menu doesn’t work for Search on StartPage * DNA-107560 Optimize real-time SD impression reporting - Update to 98.0.4759.15 * CHR-9259 Update Chromium on desktop-stable-112-4759 to 112.0.5615.121 * CHR-9264 Update Chromium on desktop-stable-112-4759 to 112.0.5615.165 * DNA-104949 Cleanup reauthorizer and permission * DNA-106748 Presubmit problems * DNA-107262 Delete faulty translations - The update to chromium 112.0.5615.165 fixes following issues: CVE-2023-2133, CVE-2023-2134, CVE-2023-2135, CVE-2023-2136, CVE-2023-2137 - Changes in 98.0.4759.6 * CHR-9255 Update Chromium on desktop-stable-112-4759 to 112.0.5615.87 * DNA-106342 Crash when blocking cookies in sidebar web.infobars::InfoBarManager::AddInfoBar(std::Cr::unique_ptr, bool) * DNA-107054 Apply patch for CVE-2023-2033 * DNA-107141 Promote O98 to stable * DNA-107142 Translations for O98 - Update to 97.0.4719.83 * DNA-106342 Crash when blocking cookies in sidebar web. infobars::InfoBarManager::AddInfoBar(std::Cr::unique_ptr, bool) * DNA-106550 [SD][Drag&Drop] Create a static manual layout for speed dials * DNA-106791 Run smoketests on mac arm builds * DNA-107054 Apply patch for CVE-2023-2033 - Remove setup_repo.sh, fix non-executable-script rpmlint warning and we do not want create a repo - Update to 97.0.4719.63 * CHR-9245 Update Chromium on desktop-stable-111-4719 to 111.0.5563.147 * DNA-105919 Set new Baidu search string * DNA-106168 EasySetup update - Update to 97.0.4719.43 * CHR-9236 Update Chromium on desktop-stable-111-4719 to 111.0.5563.111 * DNA-105141 Tabs to the right of the currently active one swap their position with another when clicked * DNA-106044 Translations for O97 * DNA-106300 Fix rule for generating archive_browser_sym_files on crossplatform builds * DNA-106412 Content of popup not generated for some extensions when using more then one worksapce * DNA-106433 Extend Easy Setup API * DNA-106435 Increase timeout for the welcome page * DNA-106453 Public build from desktop-stable-111-4719 do not compile - The update to chromium 111.0.5563.111 fixes following issues: CVE-2023-1528, CVE-2023-1529, CVE-2023-1530, CVE-2023-1531, CVE-2023-1532, CVE-2023-1533, CVE-2023-1534 - Update to 97.0.4719.28 * DNA-106303 Extension should get proper parent window id from the sidebar API * DNA-106366 Opera crypto crashes on startup during session restore - Changes in 97.0.4719.26 * CHR-9225 Update Chromium on desktop-stable-111-4719 to 111.0.5563.65 * DNA-102778 Goth reports error for utils_api test * DNA-104983 Missing encryption option in sync settings * DNA-105293 add RateMe feature to Speed Dials and Suggested Speed Dials section * DNA-105299 Opera crash when closing tab by middle mouse button * DNA-105712 Update linux sandbox dependency for browsertests * DNA-105787 Settings extended with the AI section * DNA-105865 Add reload option for panels in opr.browserSidebarPrivate namespace * DNA-105944 Update checking of widevine certificate expiration to be independent from dateformat * DNA-105959 Update texts – native part * DNA-105961 Import translated texts – native part * DNA-105967 Crash at base::ObserverList::RemoveObserver(PrefObserver const*) * DNA-105973 Turn on #tab-tooltip-close-tabs on all streams * DNA-106061 Hide extension popup * DNA-106062 [Stable A/B Test] React Start Page for Austria, Italy, Spain and France 50% * DNA-106068 Extension shows if developer mode is enabled * DNA-106070 Feedback window for highlight popup displayed in wrong place * DNA-106079 EasySetup Disclaimer – Reduce size * DNA-106085 Crash at TabHoverCardController::OnViewIsDeleting(views::View*) * DNA-106086 Player home page does not show images in dark mode * DNA-106096 Increase prompt window in AB width * DNA-106109 Teasers on start page don’t show transparency * DNA-106114 AI Prompts button is after Reader Mode icon * DNA-106168 EasySetup update * DNA-106212 Promote O97 to stable * DNA-106225 Enable #shodan-extension for all streams * DNA-106229 Update J5 texts - The update to chromium 111.0.5563.65 fixes following issues: CVE-2023-1213, CVE-2023-1214, CVE-2023-1215, CVE-2023-1216, CVE-2023-1217, CVE-2023-1218, CVE-2023-1219, CVE-2023-1220, CVE-2023-1221, CVE-2023-1222, CVE-2023-1223, CVE-2023-1224, CVE-2023-1225, CVE-2023-1226, CVE-2023-1227, CVE-2023-1228, CVE-2023-1229, CVE-2023-1230, CVE-2023-1231, CVE-2023-1232, CVE-2023-1233, CVE-2023-1234, CVE-2023-1235, CVE-2023-1236 - Update to 96.0.4693.80 * CHR-9221 Update Chromium on desktop-stable-110-4693 to 110.0.5481.192 * DNA-104501 Opera don’t work with #high-efficiency-mode-available flag * DNA-105860 Enable #google-suggest-entities on all streams * DNA-106062 [Stable A/B Test] React Start Page for Austria, Italy, Spain and France 50% - Update to 96.0.4693.50 * DNA-104420 Creating mechanism to detect specific shortcut * DNA-104742 Wrong button place in opera tools section in sidebar menu * DNA-105141 Tabs to the right of the currently active one swap their position with another when clicked * DNA-105426 Add provisioning profiles during builds signing * DNA-105506 Replace all references to opera-api.com domain with opera-api2.com * DNA-105536 Enable kFeatureExtendedUnstoppableDomains for desktop * DNA-105727 [Rich Hints] Screenshot event must not collide with native PrtScr notification. * DNA-105740 [Rich Hints] Add event_user_survey to the whitelist Important CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1223 CVE-2023-1224 CVE-2023-1225 CVE-2023-1226 CVE-2023-1227 CVE-2023-1228 CVE-2023-1229 CVE-2023-1230 CVE-2023-1231 CVE-2023-1232 CVE-2023-1233 CVE-2023-1234 CVE-2023-1235 CVE-2023-1236 CVE-2023-1528 CVE-2023-1529 CVE-2023-1530 CVE-2023-1531 CVE-2023-1532 CVE-2023-1533 CVE-2023-1534 CVE-2023-2033 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 CVE-2023-2721 CVE-2023-2722 CVE-2023-2723 CVE-2023-2724 CVE-2023-2725 CVE-2023-2726 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: - build with llvm15 on Leap - Chromium 113.0.5672.126 (boo#1211442): * CVE-2023-2721: Use after free in Navigation * CVE-2023-2722: Use after free in Autofill UI * CVE-2023-2723: Use after free in DevTools * CVE-2023-2724: Type Confusion in V8 * CVE-2023-2725: Use after free in Guest View * CVE-2023-2726: Inappropriate implementation in WebApp Installs * Various fixes from internal audits, fuzzing and other initiatives - Chromium 113.0.5672.92 (boo#1211211) - Multiple security fixes (boo#1211036): * CVE-2023-2459: Inappropriate implementation in Prompts * CVE-2023-2460: Insufficient validation of untrusted input in Extensions * CVE-2023-2461: Use after free in OS Inputs * CVE-2023-2462: Inappropriate implementation in Prompts * CVE-2023-2463: Inappropriate implementation in Full Screen Mode * CVE-2023-2464: Inappropriate implementation in PictureInPicture * CVE-2023-2465: Inappropriate implementation in CORS * CVE-2023-2466: Inappropriate implementation in Prompts * CVE-2023-2467: Inappropriate implementation in Prompts * CVE-2023-2468: Inappropriate implementation in PictureInPicture Important SUSE bug 1211036 SUSE bug 1211211 SUSE bug 1211442 CVE-2023-2459 CVE-2023-2460 CVE-2023-2461 CVE-2023-2462 CVE-2023-2463 CVE-2023-2464 CVE-2023-2465 CVE-2023-2466 CVE-2023-2467 CVE-2023-2468 CVE-2023-2721 CVE-2023-2722 CVE-2023-2723 CVE-2023-2724 CVE-2023-2725 CVE-2023-2726 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: - Chromium 114.0.5735.106 (boo#1212044): * CVE-2023-3079: Type Confusion in V8 - Chromium 114.0.5735.90 (boo#1211843): * CSS text-wrap: balance is available * Cookies partitioned by top level site (CHIPS) * New Popover API - Security fixes: * CVE-2023-2929: Out of bounds write in Swiftshader * CVE-2023-2930: Use after free in Extensions * CVE-2023-2931: Use after free in PDF * CVE-2023-2932: Use after free in PDF * CVE-2023-2933: Use after free in PDF * CVE-2023-2934: Out of bounds memory access in Mojo * CVE-2023-2935: Type Confusion in V8 * CVE-2023-2936: Type Confusion in V8 * CVE-2023-2937: Inappropriate implementation in Picture In Picture * CVE-2023-2938: Inappropriate implementation in Picture In Picture * CVE-2023-2939: Insufficient data validation in Installer * CVE-2023-2940: Inappropriate implementation in Downloads * CVE-2023-2941: Inappropriate implementation in Extensions API Important SUSE bug 1211843 SUSE bug 1212044 CVE-2023-2929 CVE-2023-2930 CVE-2023-2931 CVE-2023-2932 CVE-2023-2933 CVE-2023-2934 CVE-2023-2935 CVE-2023-2936 CVE-2023-2937 CVE-2023-2938 CVE-2023-2939 CVE-2023-2940 CVE-2023-2941 CVE-2023-3079 cpe:/o:opensuse:leap:15.4 Security update for chromium (Critical) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 114.0.5735.133 (boo#1212302): - CVE-2023-3214: Use after free in Autofill payments - CVE-2023-3215: Use after free in WebRTC - CVE-2023-3216: Type Confusion in V8 - CVE-2023-3217: Use after free in WebXR - Various fixes from internal audits, fuzzing and other initiatives Critical SUSE bug 1212302 CVE-2023-3214 CVE-2023-3215 CVE-2023-3216 CVE-2023-3217 cpe:/o:opensuse:leap:15.4 Security update for guile1, lilypond (Important) openSUSE Leap 15.4 This update for guile1, lilypond fixes the following issues: guile1: - Add service file to download release from git excluding the directory with commercial non free files. - Update to version 2.2.6 to enable lilypond to be updated to 2.24.1 to fix boo#1210502 and CVE-2020-17354. lilypond: - Update to version lilypond-2.24.1 to fix boo#1210502 - CVE-2020-17354: lilypond: Lilypond allows attackers to bypass the -dsafe protection mechanism. Important SUSE bug 1210502 CVE-2016-8605 CVE-2020-17354 cpe:/o:opensuse:leap:15.4 Security update for keepass (Important) openSUSE Leap 15.4 This update for keepass fixes the following issues: Update to 2.54 * Security: + Improved process memory protection of secure edit controls (CVE-2023-32784, boo#1211397). * New Features: + Triggers, global URL overrides, password generator profiles and a few more settings are now stored in the enforced configuration file. + Added dialog 'Enforce Options (All Users)' (menu 'Tools' → 'Advanced Tools' → 'Enforce Options'), which facilitates storing certain options in the enforced configuration file. + In report dialogs, passwords (and other sensitive data) are now hidden using asterisks by default (if hiding is activated in the main window); the hiding can be toggled using the new '***' button in the toolbar. + The 'Print' command in most report dialogs now requires the 'Print' application policy flag, and the master key must be entered if the 'Print - No Key Repeat' application policy flag is deactivated. + The 'Export' command in most report dialogs now requires the 'Export' application policy flag, and the master key must be entered. + Single line edit dialogs now support hiding the value using asterisks. + Commands that require elevation now have a shield icon like on Windows. + TrlUtil: added 'Move Selected Unused Text to Dialog Control' command. * Improvements: * The content mode of the configuration elements '/Configuration/Application/TriggerSystem', '/Configuration/Integration/UrlSchemeOverrides' and '/Configuration/PasswordGenerator/UserProfiles' is now 'Replace' by default. * The built-in override for the 'ssh' URI scheme is now deactivated by default (it can be activated in the 'URL Overrides' dialog). * When opening the password generator dialog without a derived profile, the '(Automatically generated passwords for new entries)' profile is now selected by default, if profiles are enabled (otherwise the default profile is used). * The clipboard workarounds are now disabled by default (they are not needed anymore on most systems). * Improved clipboard clearing. * Improved starting of an elevated process. * Bugfixes: + In report dialogs, the 'Print' and 'Export' commands now always use the actual data (in previous versions, asterisks were printed/exported when the application policy flag 'Unhide Passwords' was turned off). - Update to 2.53.1 * When testing a KDF ('Test' button in the database settings dialog), KeePass now spawns a child process that performs the KDF computation (which allows to cancel the test more cleanly in the case of excessive parameters; security is unaffected, because dummy data is used for the test). * Removed the 'Export - No Key Repeat' application policy flag; KeePass now always asks for the current master key when trying to export data. * Minor other improvements. - Update to 2.53 * New Features: + For each entry listed on the 'History' tab page of the entry dialog, the fields modified with respect to the previous entry are displayed. + Added 'Compare' button on the 'History' tab page of the entry dialog; when two (not necessarily consecutive) history entries are selected, clicking the button shows a detailed comparison (with values, etc.). + When editing an entry, the history entry list of the entry dialog now contains an entry called 'Dialog (unsaved)', which represents all data entered in the current dialog (other tab pages). + When editing an entry, the history entry list of the entry dialog now contains an entry called 'Current (TIME)', which is the entry that is currently stored in the database (without any changes made in the current dialog). + Added 'History' command in the 'Find' main menu; it lists all entry modifications (sorted by time). + Added filter box in most report dialogs (last modified entries, history, large entries, similar password clusters, password quality, history entry comparison, database file search, ...). + Added 'Print' button in most report dialogs. + Added 'Export' button in most report dialogs; supported formats are CSV and HTML. + Added {EDGE} placeholder, which is replaced by the executable path of the new (Chromium-based) Microsoft Edge, if installed. + Added URL override suggestion for Microsoft Edge in private mode in the URL override suggestions drop-down list of the entry dialog. + Added optional built-in global URL overrides for opening HTTP/HTTPS URLs with Microsoft Edge in private mode. + When trying to rearrange entries while automatic sorting is activated, KeePass now asks whether to deactivate automatic sorting. + Added access keys in the tags button drop-down menu of the entry/group dialogs. + Added access keys in the 'View' → 'Sort By' menu. + Added access keys in the entry templates menu. + Added access keys in the 'Perform Auto-Type' menu (which is displayed if the 'Show additional auto-type menu commands' option is turned on). + Added {HMACOTP} and {TIMEOTP} in the 'Perform Auto-Type' menu. + Added keyboard shortcut Ctrl+T for the 'Copy Time-Based OTP' entry data command. + Added keyboard shortcut Ctrl+Shift+T for the 'Show Time-Based OTP' entry data command. + Enhanced Password Depot XML import module to support the new format (added support for the new node names, group icons, recycle bin, tags, favorites, auto-type delay conversion, history, enhanced icon mapping, enhanced date/time parsing, ...). + Added border for headings in HTML exports/printouts. + Added support for running KeePass in FIPS mode. * Improvements: + History entries listed on the 'History' tab page of the entry dialog are now sorted from newest to oldest. + The icons in the list on the 'History' tab page of the entry dialog now indicate the type of the entry. + History entry controls of the entry dialog are now disabled when creating a new entry. + The history entry 'Restore' button is now disabled when any change has been made in the current dialog. + The 'Password modified' time is now updated immediately when deleting a history entry. + Improved URL override suggestion for Microsoft Edge in the URL override suggestions drop-down list of the entry dialog (changed from 'microsoft-edge:{URL}' to 'cmd://{EDGE} '{URL}''). + Improved optional built-in global URL overrides for opening HTTP/HTTPS URLs with Microsoft Edge (changed from 'microsoft-edge:{BASE}' to 'cmd://{EDGE} '{BASE}''). + Reordered web browser URL overrides alphabetically. + Improved dynamic menu item access key assignment. + Improved item separation in the entry details view. + In most places, groups in a group path are now separated by right arrows instead of hyphens. + Improved last modification time comparison for plugin data dictionaries. + Unified generation of common HTML parts. + The 'Copy Initial Password' command in the 'Tools' menu of the entry dialog now requires the 'Copy' application policy flag. + Various UI text improvements. + Various code optimizations. + Minor other improvements. * Bugfixes: + The history entry 'Restore' button now always works as expected. - Update to 2.52 * New Features: + Added 'Copy Initial Password' command in the tools menu of the entry dialog; it copies (to the clipboard) the password that was current when the dialog was opened. + When multiple entries are selected (containing at least one attachment), the number of attachments is now displayed in the 'Attachments' submenu of the entry menu. + Added option 'Alt. item background color' (supporting the states 'Off', 'On, default color' and 'On, custom color'); this combines the previous two options 'Use alternating item background colors' and 'Custom alt. item color'. + Comment placeholders ({C:...}) may now contain balanced braces. + In the auto-type entry selection dialog, values in the 'Sequence - Comments' column are dereferenced now. + The time when the password of an entry was last changed is now displayed in the entry dialog on the 'History' tab page. + Added support for importing 1Password 8.7 1PUX files. + Added support for importing Key Folder 1.22 XML files. + Sticky Password XML import: added support for importing groups and expiry dates. + Steganos Password Manager CSV import: added support for the new encoding of double quotes. + Bitwarden JSON import: time-based one-time password generator settings are converted automatically now. + KeePass now checks the 'KeePass.exe.config' file and shows a warning message when finding a problem. + For development builds: added command for showing GC information. + Plugins can now load the header of a database file more easily. + Plugins can now subscribe to a master key change event. + TrlUtil: added workaround for .NET tab control focus bug. * Improvements: + Moved the command 'Save Attached File(s) To' into the 'Attachments' submenu of the entry menu and renamed it to 'Save File(s) To'. + The command for saving attached files is now available only if at least one of the selected entries has at least one attachment. + The {APPACTIVATE ...} auto-type command now ignores the options 'Cancel auto-type when the target window changes' and 'Cancel auto-type when the target window title changes'. + {APPACTIVATE ...} auto-type command: if the specified window does not exist or cannot be focused, auto-type is aborted now. + Unified creation of fields with indices. + Improved database modification state and UI updating after imports/synchronizations. + In the master key creation/prompt dialogs, the [OK] button is now disabled when checking the 'Key file/provider' check box and selecting '(None)' in the combo box. + Improved drop-down menu width adjustment for certain combo boxes in the options dialog. + Improved hashing performance of protected binaries, UUIDs, ... + Performance improvements related to empty arrays. + Improved Mono framework version detection. + TrlUtil: improved preview dialog update performance. + Various UI text improvements. + Various code optimizations. + Minor other improvements. * Bugfixes: * Fixed a bug that caused a minimized main window to be restored to a normal window instead of a maximized window in certain situations. * The 'Help' menu item in the entry dialog and the 'Help' button in the entry string field dialog now open the correct help sections. - Update to 2.51.1 * New Features: + Most dialogs with fixed size now detect whether they fit onto the current screen, and when a dialog does not fit (e.g. due to a very high DPI factor), its size is reduced and scroll bars are displayed. + Added plural entry command names in the main window (e.g. the command for editing the currently selected entry/entries is now called either 'Edit Entry' or 'Edit Entries', depending on the number of selected entries). + Added tooltip for the main part of the status bar of the main window. + Enhanced color buttons (tooltips, accessible names, ...) in the entry dialog, in the database settings dialog and in the options dialog. + Added 'Interface (2)' tab page in the options dialog, renamed the existing 'Interface' tab page to 'Interface (1)', moved some controls from 'Interface (1)' to 'Interface (2)'. + Enhanced font selection controls (with a checkbox that allows to return to the default, the button shows the currently selected font, tooltip, improved accessibility, ...) in the options dialog. + Added help links 'Dark theme' and 'Main font (size)' in the options dialog. + The options 'Custom alt. item color' and 'Esc keypress in main window' are now disabled if they are enforced (by an enforced configuration file). + Added support for opening URLs with Waterfox in private mode. + Added dialog for editing (HMAC-based and time-based) one-time password generator settings (can be opened using the 'OTP Generator Settings' commands in the entry dialog or in the 'Edit Entry (Quick)' menu of the main window). + Added entry commands 'Copy HMAC-Based OTP', 'Show HMAC-Based OTP', 'Copy Time-Based OTP' and 'Show Time-Based OTP' (in the 'Other Data' menu). + Added entry commands 'Copy Title' and 'Copy Notes' (in the 'Other Data' menu). + When switching to the 'Generate' tab page of the password generator dialog (no database open), the entropy collection dialog is displayed now, if the option 'Show dialog for collecting user input as additional entropy' is turned on. + Added option 'Colorize password characters' in the HTML export/print dialog; the colors are customizable. + Added options 'Custom main font' and 'Custom password font' in the HTML export/print dialog. + Added horizontal entry separator lines in tabular HTML exports/printouts. + In the plugins dialog, the 'Delete old files from cache automatically' option and the 'Clear' button are now disabled if they are enforced (by an enforced configuration file). + Plugins can now change the expiry date of an entry more easily. * Improvements: + Improved main window initialization performance. + Improved initial emergence of a minimized or maximized main window (less flickering, improved performance, ...). + Improved names/tooltips of the database toolbar buttons in the main window. + Improved handling of bold/italic list fonts. + Improved entry list update performance in certain situations. + Improved dynamic menu deconstruction performance. + Fields starting with 'HmacOtp-' or 'TimeOtp-' are not shown in the entry string copy menu anymore. + Improved tooltips and accessibility of password repetition text boxes. + When a dark theme is active, the error background color of text boxes is darker now. + Improved accessibility of expiry control groups. + The title of the master key creation/change dialog is now adjusted to the context. + Improved 'Compression' tab page of the database settings dialog (extended 'None' option description, improved accessibility, ...). + If no color has been specified, the 'Custom alt. item color' button in the options dialog now shows the default color. + Improved HTML generation for HTML exports/printouts. + Improved default fonts used when printing or exporting to HTML. + In block HTML exports/printouts, field names are not italic anymore (unless the user has selected an italic main font). + In HTML exports/printouts, all field values except passwords are trimmed now. + HTML exports/printouts: improved encoding of white-space characters in passwords. + Improved horizontal entry separator lines in block HTML exports/printouts. + TrlUtil: improved control classification. + Increased Authenticode certificate key length. + Improved entry list update performance when duplicating entries. + Various CHM/help improvements. + Various UI text improvements. + Various code optimizations. + Minor other improvements. * Bugfixes: + The option 'Use alternating item background colors' is now compatible with automatic sorting again. + The command line parameter '-preselect:' now works as expected when the option 'Clear master key command line parameters after using them once' is turned on. + Font selections in the options dialog are now applied only when closing the dialog with [OK]. + Fixed an entry list scrolling bug. - Update to 2.50 * New Features: + On most Linux systems, AES-KDF is now about 4 times as fast as before, if the 'libgcrypt' library is installed. + On most Linux systems, Argon2d and Argon2id are now about 3 times as fast as before (for default parameters), if the 'libargon2' library is installed. + The option 'Enter master key on secure desktop' is now also supported by master key prompt dialogs shown during imports, confirmations (before exporting, printing, changing the master key, ...) and trigger actions. + The option 'Enter master key on secure desktop' is now also supported by master key creation/change dialogs. + The key file/provider combo boxes in the master key dialogs now have a tooltip that shows the current value, if the value is very long. + Added password generation button in the entry string field dialog. + When double-clicking the title cell of an entry in the main entry list while holding down the Shift key, the title is now copied to the clipboard. + Added support for detecting the latest versions of Chromium on Unix-like systems (for 'Open with ...' commands in the 'URL(s)' menu, for the {GOOGLECHROME} placeholder, ...). + In the 'URL(s)' menu, there now are separate commands for Google Chrome and Chromium, if both are installed. + Enhanced support for detecting Vivaldi, Brave, Pale Moon and Epiphany. + Added support for importing Kaspersky Password Manager 9.0.2 TXT files. + Bitwarden import module: added support for importing subfolders, and collection names are now imported as tags. + In the 'About KeePass' dialog, each item in the components list now has a tooltip that shows the file/folder path of the component, if it is installed. + In the 'About KeePass' dialog, a double-click onto a component now shows the component file/folder with the file manager. + In the 'About KeePass' dialog, the components list now has a context menu that provides the following new commands: 'Show with File Manager', 'Copy Version/Status' and 'Copy Path'. * Improvements: + If the option 'An entry matches if one of its tags is contained in the target window title' is turned on, auto-type now additionally considers tags inherited from groups. + The built-in password generation patterns 'Hex Key - *-Bit' now use upper-case hexadecimal symbols. + Improved Spr variance check of the password generator (custom string references, ...). + All commands in the password generator menu (shown by the password generator buttons in entry/string dialogs) support the option 'Show dialog for collecting user input as additional entropy' now. * Bugfixes: + Column header context menus are not shown for non-report list views anymore. + When copying a URL to the clipboard fails, the main entry list is updated now. + Toggling the password generator option 'Show dialog for collecting user input as additional entropy' now causes a switch to the '(Custom)' profile. + In the TAN wizard dialog, group names containing ampersands are displayed correctly now. - Add recommends to libargon2-1 and libgrypt20 as Keepass can use those for faster operations. Important SUSE bug 1211397 CVE-2023-32784 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: - Chromium 114.0.5735.198 (boo#1212755): * CVE-2023-3420: Type Confusion in V8 * CVE-2023-3421: Use after free in Media * CVE-2023-3422: Use after free in Guest View - Install Qt5 library & prepare for Qt6 in 115 Important SUSE bug 1212755 CVE-2023-3420 CVE-2023-3421 CVE-2023-3422 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Update to version 109.0.5414.74 (boo#1207018): - CVE-2023-0128: Use after free in Overview Mode - CVE-2023-0129: Heap buffer overflow in Network Service - CVE-2023-0130: Inappropriate implementation in Fullscreen API - CVE-2023-0131: Inappropriate implementation in iframe Sandbox - CVE-2023-0132: Inappropriate implementation in Permission prompts - CVE-2023-0133: Inappropriate implementation in Permission prompts - CVE-2023-0134: Use after free in Cart - CVE-2023-0135: Use after free in Cart - CVE-2023-0136: Inappropriate implementation in Fullscreen API - CVE-2023-0137: Heap buffer overflow in Platform Apps - CVE-2023-0138: Heap buffer overflow in libphonenumber - CVE-2023-0139: Insufficient validation of untrusted input in Downloads - CVE-2023-0140: Inappropriate implementation in File System API - CVE-2023-0141: Insufficient policy enforcement in CORS - Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1207018 CVE-2023-0128 CVE-2023-0129 CVE-2023-0130 CVE-2023-0131 CVE-2023-0132 CVE-2023-0133 CVE-2023-0134 CVE-2023-0136 CVE-2023-0137 CVE-2023-0138 CVE-2023-0139 CVE-2023-0140 CVE-2023-0141 cpe:/o:opensuse:leap:15.4 Security update for gifsicle (Important) openSUSE Leap 15.4 This update for gifsicle fixes the following issues: - Update to version 1.94: * Fix some bugs, including fix for CVE-2023-36193: heap buffer overflow (read) via the ambiguity_error component at /src/clp.c (boo#1212645). Important SUSE bug 1212645 CVE-2023-36193 cpe:/o:opensuse:leap:15.4 Security update for xonotic (Moderate) openSUSE Leap 15.4 This update for xonotic fixes the following issues: Update to version 0.8.6 SECURITY ALERT: A bug was discovered in versions older than 0.8.6 that is believed to be exploitable by malicious server admins to crash clients or, if they defeat mitigations, execute arbitrary code. (boo#1212632) update to 0.8.5: * https://xonotic.org/posts/2022/xonotic-0-8-5-release/ Moderate SUSE bug 1212632 cpe:/o:opensuse:leap:15.4 Security update for virtualbox (Important) openSUSE Leap 15.4 This update for virtualbox fixes the following issues: - Fix Vagrant/virtualbox startup problems boo#1209727 - VirtualBox 7.0.8 (released April 18 2023) This is a maintenance release. The following items were fixed and/or added: - VMM: Introduced general improvements in nested visualization area - GUI: Brought back Restore current snapshot checkbox of Close VM dialog (bugs #21189, #21491) - GUI: Fixes and validation for VM settings USB filters editor, filter port value is now properly saved/restored - GUI: Fixes for VM name and OS type embedded editors of Details pane - GUI: Cloud related wizards should now propose enabled profiles before disabled - Oracle VM VirtualBox Extension Pack: Fixed shipping the cryptographic support module for full VM encryption - E1000: Fixed possible guru meditation when changing network attachments (bug #21488) - virtio-net: Follow up fixes for FreeBSD 12.3 and pfSense 2.6.0 (bug #21201) - 3D: Fixed various graphics issues with Windows 7 guests (bugs #21129, #21196, #21208, #21521) - Main/UefiVariableStore: Added API to add signatures to the MOK list (Machine Owner Key) - VBoxManage: Introduced modifynvram enrollmok sub-command to enroll Machine Owner Key into NVRAM, so Linux guest kernel can pick it up in order to verify signature of modules signed with this key - Guest Control/Main: Fixed deleting files via built-in toolbox - Linux host: Added possibility to bypass kernel modules signature verification once VBOX_BYPASS_MODULES_SIGNATURE_CHECK='1' is specified in /etc/vbox/vbox.cfg, useful in case if Linux distribution does not provide necessary tools to verify kernel module signature - Linux Guest Additions and host Installer: Improved detection if system is running systemd as the init process - Linux Guest Additions and host drivers: Introduce initial support for kernel 6.3 - Linux Guest Additions: Added possibility to bypass kernel modules signature verification once VBOX_BYPASS_MODULES_SIGNATURE_CHECK='1' is specified in /etc/virtualbox-guest-additions.conf, useful in case if Linux distribution does not provide necessary tools to verify kernel module signature - Linux Guest Additions: Added experimental support for kernel modules and user services reloading in the end of installation process, thus guest system reboot after Guest Additions (7.0.8 and newer) upgrade is no longer required in general case - Linux Guest Additions: Fixed vboxvideo build issue with RHEL 8.7, 9.1 and 9.2 kernels (bugs #21446 and #21450) - Security Fixes for VirtualBox (boo#1210616): - CVE-2023-21990 Oracle VM VirtualBox Core None No 8.2 Prior to 6.1.44, Prior to 7.0.8 - CVE-2023-21987 Oracle VM VirtualBox Core None No 7.8 Prior to 6.1.44, Prior to 7.0.8 - CVE-2023-22002 Oracle VM VirtualBox Core None No 6.0 Prior to 6.1.44, Prior to 7.0.8 - CVE-2023-21989 Oracle VM VirtualBox Core None No 6.0 Prior to 6.1.44, Prior to 7.0.8 - CVE-2023-21998 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 - CVE-2023-22000 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 - CVE-2023-22001 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 - CVE-2023-21988 Oracle VM VirtualBox Core None No 3.8 Prior to 6.1.44, Prior to 7.0.8 - CVE-2023-21999 Oracle VM VirtualBox Core None No 3.6 Prior to 6.1.44, Prior to 7.0.8 - CVE-2023-21991 Oracle VM VirtualBox Core None No 3.2 Prior to 6.1.44, Prior to 7.0.8 - Fix bug in /usr/bin/VirtualBox, aka 'virtualbox-wrapper.sh'. The wrapper failed whenever the user declined USB passthru. boo#1208941. Important SUSE bug 1207468 SUSE bug 1208941 SUSE bug 1209529 SUSE bug 1209727 SUSE bug 1210616 SUSE bug 1211941 CVE-2023-21987 CVE-2023-21988 CVE-2023-21989 CVE-2023-21990 CVE-2023-21991 CVE-2023-21998 CVE-2023-21999 CVE-2023-22000 CVE-2023-22001 CVE-2023-22002 cpe:/o:opensuse:leap:15.4 Security update for python-Django (Important) openSUSE Leap 15.4 This update for python-Django fixes the following issues: - CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator (boo#1212742) Important SUSE bug 1212742 CVE-2023-36053 cpe:/o:opensuse:leap:15.4 Security update for python-Django1 (Important) openSUSE Leap 15.4 This update of python-Django1 fixes the following issue: - CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator (boo#1212742) Important SUSE bug 1212742 CVE-2023-36053 cpe:/o:opensuse:leap:15.4 Security update for apptainer (Moderate) openSUSE Leap 15.4 This update for apptainer fixes the following issues: Updated to 1.1.2 which fixed CVE-2022-39237 * CVE-2022-39237: The sif dependency included in Apptainer before this release does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. This release updates to sif v2.8.1 which corrects this issue. See the linked advisory for references and a workaround. Updated to version 1.1.0 * added squashfuse-0.1.105.tar.gz and 70.patch for the build of squashfuse_ll which will be removed as soon as the multithread patch is incoperated * Change squash mounts to prefer to use squashfuse_ll instead of squashfuse, if available, for improved performance. squashfuse_ll is not available in factory. * Also, for even better parallel performance, include a patched multithreaded version of squashfuse_ll in * Imply adding ${prefix}/libexec/apptainer/bin to the binary path in apptainer.conf, which is used for searching for helper executables. It is implied as the first directory of $PATH if present (which is at the beginning of binary path by default) or just as the first directory if $PATH is not included in binary path. ${prefix}/libexec/apptainer/bin. * Add --unsquash action flag to temporarily convert a SIF file to a sandbox before running. In previous versions this was the default when running a SIF file without setuid or with fakeroot, but now the default is to instead mount with squashfuse. * Add --sparse flag to overlay create command to allow generation of a sparse ext3 overlay image. * Support for a custom hashbang in the %test section of an Apptainer recipe (akin to the runscript and start sections). * When using fakeroot in setuid mode, have the image drivers first enter the the container's user namespace to avoid write errors with overlays. * Skip trying to use kernel overlayfs when using writable overlay and the lower layer is FUSE, because of a kernel bug introduced in kernel 5.15. * Add additional hidden options to the action command for testing different fakeroot modes with --fakeroot: --ignore-subuid, --ignore-fakeroot-command, and --ignore-userns. - Updated to version 1.1.0-rc2 with following changes: * Fixed longstanding bug in the underlay logic when there are nested bind points separated by more than one path level, for example /var and /var/lib/yum, and the path didn't exist in the container image. The bug only caused an error when there was a directory in the container image that didn't exist on the host. * Improved wildcard matching in the %files directive of build definition files by replacing usage of sh with the mvdan.cc library. * Replaced checks for compatible filesystem types when using fuse-overlayfs with an INFO message when an incompatible filesystem type causes it to be unwritable by a fakeroot user. * The --nvccli option now works without --fakeroot. In that case the option can be used with --writable-tmpfs instead of --writable, and --writable-tmpfs is implied if neither option is given. Note that also /usr/bin has to be writable by the user, so without --fakeroot that probably requires a sandbox image that was built with --fix-perms. * The --nvccli option implies --nv. * Configure squashfuse to always show files to be owned by the current user. That's especially important for fakeroot to prevent most of the files from looking like they are owned by user 65534. * The fakeroot command can now be used even if $PATH is empty in the environment of the apptainer command. * Allow the newuidmap command to be missing if the current user is not listed in /etc/subuid. * Require the uidmap package in Debian packaging. * Improved error handling of unsupported pass protected PEM files with encrypted containers. * Ensure bootstrap_history directory is populated with previous definition files, present in source containers used in a build. * Add additional options to the build command for testing different fakeroot modes: --userns like the action flag and hidden options --ignore-subuid, --ignore-fakeroot-command, and --ignore-userns. * Require root user early when building an encrypted container. - removed upstream incorated patch fix-32bit-compilation.patch - Updated to version 1.1.0-rc1 which enables apptainer to run without suid and additional groups. Although this is a prerelease this is a major advantage justifying its use. * Added a squashfuse image driver that enables mounting SIF files without using setuid-root. Requires the squashfuse command and unprivileged user namespaces. * Added a fuse2fs image driver that enables mounting EXT3 files and EXT3 SIF overlay partitions without using setuid-root. Requires the fuse2fs command and unprivileged user namespaces. * Added the ability to use persistent overlay (--overlay) and --writable-tmpfs without using setuid-root. This requires unprivileged user namespaces and either a new enough kernel (>= 5.11) or the fuse-overlayfs command. Persistent overlay works when the overlay path points to a regular filesystem (known as 'sandbox' mode, which is not allowed when in setuid mode), or when it points to an EXT3 image. Does not work with a SIF partition because that requires privileges to mount as an ext3 image. * Extended the --fakeroot option to be useful when /etc/subuid and /etc/subgid mappings have not been set up. If they have not been set up, a root-mapped unprivileged user namespace (the equivalent of unshare -r) and/or the fakeroot command from the host will be tried. Together they emulate the mappings pretty well but they are simpler to administer. This feature is especially useful with the --overlay and --writable-tmpfs options and for building containers unprivileged, because they allow installing packages that assume they're running as root. A limitation on using it with --overlay and --writable-tmpfs however is that when only the fakeroot command can be used (because there are no user namespaces available, in suid mode) then the base image has to be a sandbox. This feature works nested inside of an apptainer container, where another apptainer command will also be in the fakeroot environment without requesting the --fakeroot option again, or it can be used inside an apptainer container that was not started with --fakeroot. However, the fakeroot command uses LD_PRELOAD and so needs to be bound into the container which requires a compatible libc. For that reason it doesn't work when the host and container operating systems are of very different vintages. If that's a problem and you want to use only an unprivileged root-mapped namespace even when the fakeroot command is installed, just run apptainer with unshare -r. * Made the --fakeroot option be implied when an unprivileged user builds a container from a definition file. When /etc/subuid and /etc/subgid mappings are not available, all scriptlets are run in a root-mapped unprivileged namespace (when possible) and the %post scriptlet is additionally run with the fakeroot command. When unprivileged user namespaces are not available, such that only the fakeroot command can be used, the --fix-perms option is implied to allow writing into directories. * Added a --fakeroot option to the apptainer overlay create command to make an overlay EXT3 image file that works with the fakeroot that comes from unprivileged root-mapped namespaces. This is not needed with the fakeroot that comes with /etc/sub[ug]id mappings nor with the fakeroot that comes with only the fakeroot command in suid flow. * $HOME is now used to find the user's configuration and cache by default. If that is not set it will fall back to the previous behavior of looking up the home directory in the password file. The value of $HOME inside the container still defaults to the home directory in the password file and can still be overridden by the --home option. * When starting a container, if the user has specified the cwd by using the --pwd flag, if there is a problem an error is returned instead of defaulting to a different directory. * Nesting of bind mounts now works even when a --bind option specified a different source and destination with a colon between them. Now the APPTAINER_BIND environment variable makes sure the bind source is from the bind destination so it will be succesfully re-bound into a nested apptainer container. * The warning about more than 50 bind mounts required for an underlay bind has been changed to an info message. * oci mount sets Process.Terminal: true when creating an OCI config.json, so that oci run provides expected interactive behavior by default. The default hostname for oci mount containers is now apptainer instead of mrsdalloway. * systemd is now supported and used as the default cgroups manager. Set systemd cgroups = no in apptainer.conf to manage cgroups directly via the cgroupfs. * Added a new action flag --no-eval which: + Prevents shell evaluation of APPTAINERENV_ / --env / --env-file environment variables as they are injected in the container, to match OCI behavior. Applies to all containers. + Prevents shell evaluation of the values of CMD / ENTRYPOINT and command line arguments for containers run or built directly from an OCI/Docker source. Applies to newly built containers only, use apptainer inspect to check version that container was built with. * Added --no-eval to the list of flags set by the OCI/Docker --compat mode. * sinit process has been renamed to appinit. * Added --keysdir to key command to provide an alternative way of setting local keyring path. The existing reading of the keyring path from environment variable 'APPTAINER_KEYSDIR' is untouched. * apptainer key push will output the key server's response if included in order to help guide users through any identity verification the server may require. * ECL no longer requires verification for all signatures, but only when signature verification would alter the expected behavior of the list: + At least one matching signature included in a whitelist must be validated, but other unvalidated signatures do not cause ECL to fail. + All matching signatures included in a whitestrict must be validated, but unvalidated signatures not in the whitestrict do not cause ECL to fail. + Signature verification is not checked for a blacklist; unvalidated signatures can still block execution via ECL, and unvalidated signatures not in the blacklist do not cause ECL to fail. - New features / functionalities * Non-root users can now use --apply-cgroups with run/shell/exec to limit container resource usage on a system using cgroups v2 and the systemd cgroups manager. * Native cgroups v2 resource limits can be specified using the [unified] key in a cgroups toml file applied via --apply-cgroups. * Added --cpu*, --blkio*, --memory*, --pids-limit flags to apply cgroups resource limits to a container directly. Added instance stats command. * The --no-mount flag & APPTAINER_NO_MOUNT env var can now be used to disable a bind path entry from apptainer.conf by specifying the absolute path to the destination of the bind. * Apptainer now supports the riscv64 architecture. * remote add --insecure may now be used to configure endpoints that are only accessible via http. Alternatively the environment variable APPTAINER_ADD_INSECURE can be set to true to allow http remotes to be added wihtout the --insecure flag. Specifying https in the remote URI overrules both --insecure and APPTAINER_ADD_INSECURE. * Gpu flags --nv and --rocm can now be used from an apptainer nested inside another apptainer container. * Added --public, --secret, and --both flags to the key remove command to support removing secret keys from the apptainer keyring. * Debug output can now be enabled by setting the APPTAINER_DEBUG env var. * Debug output is now shown for nested apptainer calls, in wrapped unsquashfs image extraction, and build stages. - Bug fixes * Remove warning message about SINGULARITY and APPTAINER variables having different values when the SINGULARITY variable is not set. * Add specific error for unreadable image / overlay file. * Pass through a literal \n in host environment variables to the container. * Fix loop device creation with loop-control when running inside docker containers. * Fix the issue that the oras protocol would ignore the --no-https/--nohttps flag. - File changes * Removed useful_error_message.patch as not needed any more * Added fix-32bit-compilation.patch from upstream - Update to version 1.0.3: * Process redirects that can come from sregistry with a library:// URL. * Fix inspect --deffile and inspect --all to correctly show definition files in sandbox container images instead of empty output. This has a side effect of also fixing the storing of definition files in the metadata of sif files built by Apptainer, because that metadata is constructed by doing inspect --all. - Update to version 1.0.2: + Fixed `FATAL` error thrown by user configuration migration code that caused users with inaccessible home directories to be unable to use `apptainer` commands. + Do not truncate environment variables with commas. + Use HEAD request when checking digest of remote OCI image sources, with GET as a fall-back. Greatly reduces Apptainer's impact on Docker Hub API limits. - Updated to v1.0.1 with following bug fixes * Don't prompt for y/n to overwrite an existing file when build is called from a non-interactive environment. Fail with an error. * Preload NSS libraries prior to mountspace name creation to avoid circumstances that can cause loading those libraries from the container image instead of the host, for example in the startup environment. * Fix race condition where newly created loop devices can sometimes not be opened. * Support nvidia-container-cli v1.8.0 and above, via fix to capability set. - Updated to v1.0.0-rc1 changes to singularity 3.9.5 are * The primary executable has been changed from singularity to apptainer. However, a singularity command symlink alias has been created pointing to the apptainer command. The contents of containers are unchanged and continue to use the singularity name for startup scripts, etc. * The per-user configuration directory has changed from ~/.singularity to ~/.apptainer. The first time the apptainer command accesses the user configuration directory, relevant configuration is automatically imported from the old directory to the new one. * Environment variables have all been changed to have an APPTAINER prefix instead of a SINGULARITY prefix. However, SINGULARITY prefix variables are still recognized. If only a SINGULARITY prefix variable exists, a warning will be printed about deprecated usage and then the value will be used. If both prefixes exist and the value is the same, no warning is printed; this is the recommended method to set environment variables for those who need to support both apptainer and singularity. If both prefixes exist for the same variable and the value is different then a warning is also printed. * The default SylabsCloud remote endpoint has been removed and replaced by one called DefaultRemote which has no defined server for the library:// URI. System administrators may restore the old default if they wish by adding it to /etc/apptainer/remote.yaml with a URI of cloud.sylabs.io and setting it there as the Active remote, or users can add it to their own configuration with the commands apptainer remote add SylabsCloud cloud.sylabs.io and apptainer remote use SylabsCloud. * The DefaultRemote's key server is https://keys.openpgp.org instead of the Sylabs key server * The apptainer build --remote option has been removed because there is no standard protocol or non-commercial service that supports it. - New Features: * Honor image binds and user binds in the order they're given instead of always doing image binds first. * Experimental support for checkpointing of instances using DMTCP has been added. Additional flags --dmtcp-launch and --dmtcp-restart has been added to the apptainer instance start command, and a checkpoint command group has been added to manage the checkpoint state. A new /etc/apptainer/dmtcp-conf.yaml configuration file is also added. Limitations are that it can only work with dynamically linked applications and the container has to be based on glibc. * --writable-tmpfs can be used with apptainer build to run the %test section of the build with a ephemeral tmpfs overlay, permitting tests that write to the container filesystem. * The --compat flag for actions is a new short-hand to enable a number of options that increase OCI/Docker compatibility. Infers --containall, --no-init, --no-umask, --writable-tmpfs. Does not use user, uts, or network namespaces as these may not be supported on many installations. * The experimental --nvccli flag will use nvidia-container-cli to setup the container for Nvidia GPU operation. Apptainer will not bind GPU libraries itself. Environment variables that are used with Nvidia's docker-nvidia runtime to configure GPU visibility / driver capabilities & requirements are parsed by the --nvccli flag from the environment of the calling user. By default, the compute and utility GPU capabilities are configured. The use nvidia-container-cli option in apptainer.conf can be set to yes to always use nvidia-container-cli when supported. --nvccli is not supported in the setuid workflow, and it requires being used in combination with --writable in user namespace mode. Please see documentation for more details. * The --apply-cgroups flag can be used to apply cgroups resource and device restrictions on a system using the v2 unified cgroups hierarchy. The resource restrictions must still be specified in the v1 / OCI format, which will be translated into v2 cgroups resource restrictions, and eBPF device restrictions. * A new --mount flag and APPTAINER_MOUNT environment variable can be used to specify bind mounts in type=bind,source=<src>,destination=<dst>[,options...] format. This improves CLI compatibility with other runtimes, and allows binding paths containing : and , characters (using CSV style escaping). * Perform concurrent multi-part downloads for library:// URIs. Uses 3 concurrent downloads by default, and is configurable in apptainer.conf or via environment variables. - Explicit dependcy on go1.16.12 or go1.17.5 which fix (CVE-2021-44717) and (CVE-2021-44716) that may affect singualrity - inital commit of apptainer which is a singularity fork Moderate CVE-2021-44716 CVE-2021-44717 CVE-2022-39237 cpe:/o:opensuse:leap:15.4 Security update for iniparser (Moderate) openSUSE Leap 15.4 This update for iniparser fixes the following issues: - CVE-2023-33461: Fixed a NULL pointer dereference in iniparser_getboolean() (boo#1211889) Moderate SUSE bug 1211889 CVE-2023-33461 cpe:/o:opensuse:leap:15.4 Security update for libheimdal (Important) openSUSE Leap 15.4 This update for libheimdal fixes the following issues: Update to version 7.8.0 - CVE-2022-42898 PAC parse integer overflows - CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour - CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array - CVE-2021-44758 A null pointer de-reference DoS in SPNEGO acceptors - CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ - CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec - CVE-2019-14870: Validate client attributes in protocol-transition Important CVE-2019-14870 CVE-2021-3671 CVE-2021-44758 CVE-2022-3437 CVE-2022-41916 CVE-2022-42898 CVE-2022-44640 cpe:/o:opensuse:leap:15.4 Security update for zabbix (Moderate) openSUSE Leap 15.4 This update for zabbix fixes the following issues: Updated to latest release 4.0.47, this version fixes CVE-2023-29454 (boo#1213338): - New Features and Improvements + ZBXNEXT-7694 Added 'utf8mb3' character set support for MySQL database + ZBX-20946 Enabled Bulgarian, Chinese (zh_TW), German, Greek, Indonesian, Romanian, Spanish and Vietnamese languages in frontend - Bug Fixes + ZBX-22987 Fixed inefficient URL schema validation + ZBX-22688 Fixed AlertScriptPath not allowing links + ZBX-22386 Fixed encoding of HTML entities in the user interface + ZBX-22858 Fixed xss vulnerability in graph item properties + ZBX-22859 Fixed validation of input parameters in action configuration form + ZBX-22622 Fixed alert script path validation + ZBX-22520 Fixed versions of integrations + ZBX-22026 Fixed SNMP agent item going to unsupported state on NULL result + ZBX-22050 Fixed spoofing X-Forwarded-For request header allowing to access Zabbix frontend in maintenance mode + ZBX-21416 Fixed check now not working on calculated items, aggregate checks and some internal items + ZBX-21449 Fixed accessibility attributes + ZBX-21306 Fixed xss in discovery rules + ZBX-21305 Fixed xss in graph + ZBX-20600 Fixed vmware hv.datastore.latency item when multiple datastores with duplicate name + ZBX-20844 Fixed external check becoming unsupported when Zabbix server or Zabbix proxy is stopped + ZBX-19789 Added SourceIP support to ldap simple checks + ZBX-20680 Fixed reflected XSS issues + ZBX-20387 Fixed default language of the setup routine for logged in superadmin users + ZBX-19652 Fixed JavaScript syntax for Internet Explorer 11 compatibility Moderate SUSE bug 1213338 CVE-2023-29454 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 115.0.5790.102: * stability fix Chromium 115.0.5790.98: * Security: The Storage, Service Worker, and Communication APIs are now partitioned in third-party contexts to prevent certain types of side-channel cross-site tracking * HTTPS: Automatically and optimistically upgrade all main-frame navigations to HTTPS, with fast fallback to HTTP. * CSS: accept multiple values of the display property * CSS: support boolean context style container queries * CSS: support scroll-driven animations * Increase the maximum size of a WebAssembly.Module() on the main thread to 8 MB * FedCM: Support credential management mediation requirements for auto re-authentication * Deprecate the document.domain setter * Deprecate mutation events * Security fixes (boo#1213462): - CVE-2023-3727: Use after free in WebRTC - CVE-2023-3728: Use after free in WebRTC - CVE-2023-3730: Use after free in Tab Groups - CVE-2023-3732: Out of bounds memory access in Mojo - CVE-2023-3733: Inappropriate implementation in WebApp Installs - CVE-2023-3734: Inappropriate implementation in Picture In Picture - CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts - CVE-2023-3736: Inappropriate implementation in Custom Tabs - CVE-2023-3737: Inappropriate implementation in Notifications - CVE-2023-3738: Inappropriate implementation in Autofill - CVE-2023-3740: Insufficient validation of untrusted input in Themes - Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1213462 CVE-2023-3727 CVE-2023-3728 CVE-2023-3730 CVE-2023-3732 CVE-2023-3733 CVE-2023-3734 CVE-2023-3735 CVE-2023-3736 CVE-2023-3737 CVE-2023-3738 CVE-2023-3740 cpe:/o:opensuse:leap:15.4 Security update for amanda (Moderate) openSUSE Leap 15.4 This update for amanda fixes the following issues: - CVE-2023-30577: Fixed improper argument checking for runtar.c [boo#1213701], Moderate SUSE bug 1213701 CVE-2023-30577 cpe:/o:opensuse:leap:15.4 Security update for trytond (Moderate) openSUSE Leap 15.4 This update for trytond fixes the following issues: - Version 6.0.34 - Security Bugfix Release see https://discuss.tryton.org/t/security-release-for-issue-12428/6397 - Version 6.0.33 - Bugfix Release Moderate SUSE bug 1213869 cpe:/o:opensuse:leap:15.4 Security update for perl-Net-Netmask (Moderate) openSUSE Leap 15.4 This update for perl-Net-Netmask fixes the following issues: * CVE-2021-29424: Leading zeros are no longer allowed for IPv4 octets. This (in some situations) allows attackers to bypass access control that is based on IP addresses.(boo#1184425) Moderate SUSE bug 1184425 CVE-2021-29424 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 115.0.5790.170 (boo#1213920) * CVE-2023-4068: Type Confusion in V8 * CVE-2023-4069: Type Confusion in V8 * CVE-2023-4070: Type Confusion in V8 * CVE-2023-4071: Heap buffer overflow in Visuals * CVE-2023-4072: Out of bounds read and write in WebGL * CVE-2023-4073: Out of bounds memory access in ANGLE * CVE-2023-4074: Use after free in Blink Task Scheduling * CVE-2023-4075: Use after free in Cast * CVE-2023-4076: Use after free in WebRTC * CVE-2023-4077: Insufficient data validation in Extensions * CVE-2023-4078: Inappropriate implementation in Extensions - Specify re2 build dependency in a way that makes Leap packages build in devel project and in Maintenance Important SUSE bug 1213920 CVE-2023-4068 CVE-2023-4069 CVE-2023-4070 CVE-2023-4071 CVE-2023-4072 CVE-2023-4073 CVE-2023-4074 CVE-2023-4075 CVE-2023-4076 CVE-2023-4077 CVE-2023-4078 cpe:/o:opensuse:leap:15.4 Security update for perl-HTTP-Tiny (Moderate) openSUSE Leap 15.4 This update for perl-HTTP-Tiny fixes the following issues: perl-HTTP-Tiny was updated to 0.086: see /usr/share/doc/packages/perl-HTTP-Tiny/Changes 0.086 2023-06-22 10:06:37-04:00 America/New_York - Fix code to use `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` as documented. 0.084 2023-06-14 06:35:01-04:00 America/New_York - No changes from 0.083-TRIAL. 0.083 2023-06-11 07:05:45-04:00 America/New_York (TRIAL RELEASE) [!!! SECURITY !!!] - Changes the `verify_SSL` default parameter from `0` to `1`. Fixes CVE-2023-31486 (boo#1211002) - `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` can be used to restore the old default if required. 0.081 2022-07-17 09:01:51-04:00 America/New_York (TRIAL RELEASE) [FIXED] - No longer deletes the 'headers' key from post_form arguments hashref. [DOCS] - Noted that request/response content are handled as raw bytes. 0.079 2021-11-04 12:33:43-04:00 America/New_York (TRIAL RELEASE) [FIXED] - Fixed uninitialized value warnings on older Perls when the REQUEST_METHOD environment variable is set and CGI_HTTP_PROXY is not. 0.077 2021-07-22 13:07:14-04:00 America/New_York (TRIAL RELEASE) [ADDED] - Added a `patch` helper method for the HTTP `PATCH` verb. - If the REQUEST_METHOD environment variable is set, then CGI_HTTP_PROXY replaces HTTP_PROXY. [FIXED] - Unsupported scheme errors early without giving an uninitialized value warning first. - Sends Content-Length: 0 on empty body PUT/POST. This is not in the spec, but some servers require this. - Allows optional status line reason, as clarified in RFC 7230. - Ignore SIGPIPE on reads as well as writes, as IO::Socket::SSL says that SSL reads can also send writes as a side effect. - Check if a server has closed a connection before preserving it for reuse. [DOCS] - Clarified that exceptions/errors result in 599 status codes. [PREREQS] - Optional IO::Socket::IP prereq must be at least version 0.32 to be used. This ensures correct timeout support. 0.076 2018-08-05 21:07:38-04:00 America/New_York - No changes from 0.075-TRIAL. 0.075 2018-08-01 07:03:36-04:00 America/New_York (TRIAL RELEASE) [CHANGED] - The 'peer' option now also can take a code reference 0.073 2018-07-24 11:33:53-04:00 America/New_York (TRIAL RELEASE) [DOCS] - Documented 'protocol' field in response hash. 0.071 2018-04-22 14:45:43+02:00 Europe/Oslo (TRIAL RELEASE) [DOCS] - Documented that method argument to request() is case-sensitive. Moderate SUSE bug 1211002 CVE-2023-31486 cpe:/o:opensuse:leap:15.4 Security update for opensuse-welcome (Moderate) openSUSE Leap 15.4 This update for opensuse-welcome fixes the following issues: - CVE-2023-32184: Fixed possible security issues when using the feature to change the Xfce desktop layout, caused by a fixed temporary file path used in /tmp/layout (boo#1213708) Moderate SUSE bug 1213708 CVE-2023-32184 cpe:/o:opensuse:leap:15.4 Security update for python-mitmproxy (Moderate) openSUSE Leap 15.4 This update for python-mitmproxy fixes the following issues: - CVE-2021-39214: Fixed HTTP smuggling attacks (boo#1190603) Moderate SUSE bug 1190603 CVE-2021-39214 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 116.0.5845.96 * New CSS features: Motion Path, and 'display' and 'content-visibility' animations * Web APIs: AbortSignal.any(), BYOB support for Fetch, Back/ forward cache NotRestoredReason API, Document Picture-in- Picture, Expanded Wildcards in Permissions Policy Origins, FedCM bundle: Login Hint API, User Info API, and RP Context API, Non-composed Mouse and Pointer enter/leave events, Remove document.open sandbox inheritance, Report Critical-CH caused restart in NavigationTiming This update fixes a number of security issues (boo#1214301): * CVE-2023-2312: Use after free in Offline * CVE-2023-4349: Use after free in Device Trust Connectors * CVE-2023-4350: Inappropriate implementation in Fullscreen * CVE-2023-4351: Use after free in Network * CVE-2023-4352: Type Confusion in V8 * CVE-2023-4353: Heap buffer overflow in ANGLE * CVE-2023-4354: Heap buffer overflow in Skia * CVE-2023-4355: Out of bounds memory access in V8 * CVE-2023-4356: Use after free in Audio * CVE-2023-4357: Insufficient validation of untrusted input in XML * CVE-2023-4358: Use after free in DNS * CVE-2023-4359: Inappropriate implementation in App Launcher * CVE-2023-4360: Inappropriate implementation in Color * CVE-2023-4361: Inappropriate implementation in Autofill * CVE-2023-4362: Heap buffer overflow in Mojom IDL * CVE-2023-4363: Inappropriate implementation in WebShare * CVE-2023-4364: Inappropriate implementation in Permission Prompts * CVE-2023-4365: Inappropriate implementation in Fullscreen * CVE-2023-4366: Use after free in Extensions * CVE-2023-4367: Insufficient policy enforcement in Extensions API * CVE-2023-4368: Insufficient policy enforcement in Extensions API - Fix crash with extensions (boo#1214003) Important SUSE bug 1214003 SUSE bug 1214301 CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359 CVE-2023-4360 CVE-2023-4361 CVE-2023-4362 CVE-2023-4363 CVE-2023-4364 CVE-2023-4365 CVE-2023-4366 CVE-2023-4367 CVE-2023-4368 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 116.0.5845.110 (boo#1214487): * CVE-2023-4427: Out of bounds memory access in V8 * CVE-2023-4428: Out of bounds memory access in CSS * CVE-2023-4429: Use after free in Loader * CVE-2023-4430: Use after free in Vulkan * CVE-2023-4431: Out of bounds memory access in Fonts Important SUSE bug 1214487 CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430 CVE-2023-4431 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Update to version 116.0.5845.140 (boo#1214758): * CVE-2023-4572: Use after free in MediaStream Important SUSE bug 1214758 CVE-2023-4572 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 116.0.5845.179 (boo#1215023): * CVE-2023-4761: Out of bounds memory access in FedCM * CVE-2023-4762: Type Confusion in V8 * CVE-2023-4763: Use after free in Networks * CVE-2023-4764: Incorrect security UI in BFCache Important SUSE bug 1215023 CVE-2023-4761 CVE-2023-4762 CVE-2023-4763 CVE-2023-4764 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Update to version 116.0.5845.187 (boo#1215231): * CVE-2023-4863: Heap buffer overflow in WebP Important SUSE bug 1215231 CVE-2023-4863 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: - CVE-2023-4863: temporary build with the bundled library on Leap (boo#1215231) Important SUSE bug 1215231 CVE-2023-4863 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Update to verion 117.0.5938.88 (boo#1215279): - CVE-2023-4900: Inappropriate implementation in Custom Tabs - CVE-2023-4901: Inappropriate implementation in Prompts - CVE-2023-4902: Inappropriate implementation in Input - CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs - CVE-2023-4904: Insufficient policy enforcement in Downloads - CVE-2023-4905: Inappropriate implementation in Prompts - CVE-2023-4906: Insufficient policy enforcement in Autofill - CVE-2023-4907: Inappropriate implementation in Intents - CVE-2023-4908: Inappropriate implementation in Picture in Picture - CVE-2023-4909: Inappropriate implementation in Interstitials Important SUSE bug 1215279 CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904 CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909 cpe:/o:opensuse:leap:15.4 Security update for cacti, cacti-spine (Important) openSUSE Leap 15.4 This update for cacti, cacti-spine fixes the following issues: cacti-spine 1.2.23: * Fix unexpected reindexing when using uptime as the reindex method * Spine should prevent the script server from connecting to remote when offline * Improve Script Server Timeout Logging * Add SQL_NO_CACHE to Spine Queries cacti 1.2.23, providing security fixes, feature improvements and bug fixes: * CVE-2022-46169: Unauthenticated Command Injection in Remote Agent (boo#1206185) * Security: Add .htaccess file to scripts folder * When using Single Sign-on Frameworks, revocation was not always detected in callbacks * Fixes to the installer, and compatibility with PHP and MySQL * Performance improvements for certain conditions * Various UI fixes * Bug fixes related to SNMP, RRDtools, and agents Important SUSE bug 1206185 CVE-2022-46169 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: - Update to 102.0.4880.40 * DNA-111203 Prepare translations for home button in settings - Changes in 102.0.4880.38 * DNA-110720 [Sidebar] Sidebar app increase size every time it's reopened * DNA-110723 Music logo in light mode of 'Select service' unreadable on hover * DNA-110821 Run-if-alive callback missing in WMFDecoderImpl * DNA-110835 Search/copy popup issues * DNA-111038 Disable profile migration * DNA-111263 Tab island animation incorrect when tabstrip full - Update to 102.0.4880.33 * CHR-9411 Update Chromium on desktop-stable-116-4880 to 116.0.5845.141 * DNA-110172 [BUG] Images inside popup does not get rounded corner * DNA-110828 Update chess.com build * DNA-110834 Crash at opera::component_based:: TabAnimationController::StartAnimatedLayout(opera:: component_based::TabAnimationController::AnimationInfo, base::OnceCallback) * DNA-111144 Enable a new version of the extension. - The update to chromium 116.0.5845.141 fixes following issues: CVE-2023-4572 - Update to 102.0.4880.29 * DNA-109498 Splash screen is shown on every restart of the browser * DNA-109698 Test Amazon Music support * DNA-109840 Amazon music logo is very small and unreadable * DNA-109841 Amazon music logo in player mode is too wide * DNA-109842 [opauto] Add tests for Amazon Music in Player * DNA-109937 Crash at opera::ComponentTabStripController:: SetGroupCollapsed(tab_groups::TabGroupId const&, bool) * DNA-110107 Clicking roblox link on page closes the tab * DNA-110110 [Tab strip][Tab island] Middle/right mouse click on top of the screen have no/wrong efect * DNA-110125 [Win/Lin] New design for default scrollbars on web page * DNA-110130 Capture mouse events on the 1-pixel edge to the right of the web view * DNA-110586 Shadow is clipped if first tab is selected * DNA-110637 Revert removal of start page button * DNA-110684 Add bookmarks permissions * DNA-110702 [Scrollable] Pin group is not aligned with address bar * DNA-110737 [OMenu] Menu button looks weird * DNA-110788 No 1-pixel edge in full screen mode * DNA-110828 Update chess.com build * DNA-110842 [Tab strip] Make ‘+’ button round(er) again * DNA-110874 Bring back Home button * DNA-110876 Search box on Start page without transparency * DNA-110878 Turn on Amazon Music on developer * DNA-110905 Amazon Music for all given locales * DNA-110961 [WinLin] Remove 1-pixel edge in full screen mode * DNA-111038 Disable profile migration * DNA-111079 Improve user-profile migration * DNA-111092 Disable profile migration flag for desktop-stable-116-4880 - Update to 102.0.4880.16 * CHR-9396 Update Chromium on desktop-stable-116-4880 to 116.0.5845.97 * DNA-110040 Crash at crash_reporter::(anonymous namespace):: AbslAbortHook(char const*, int, char const*, char const*, char const*) * DNA-110315 O-menu opening after pressing alt on site which have action for Alt press * DNA-110440 [Tab strip] Tab favicon not cropped when it does not fit in tab size * DNA-110469 Move Shopping corner and Loomi to 'Special Features' section * DNA-110510 [Tab strip] Mute icon displayed over tab title * DNA-110526 If group is first the tab bar is not aligned with address bar * DNA-110828 Update chess.com build * DNA-110836 Promote 102 to stable * DNA-110892 Translations for O102 * DNA-110962 Fix ab_tests.json preferences override not working - The update to chromium 116.0.5845.97 fixes following issues: CVE-2023-2312, CVE-2023-4349, CVE-2023-4350, CVE-2023-4351, CVE-2023-4352, CVE-2023-4353, CVE-2023-4354, CVE-2023-4355, CVE-2023-4356, CVE-2023-4357, CVE-2023-4358, CVE-2023-4359, CVE-2023-4360, CVE-2023-4361, CVE-2023-4362, CVE-2023-4362, CVE-2023-4363, CVE-2023-4364, CVE-2023-4365, CVE-2023-4366, CVE-2023-4367, CVE-2023-4368 - Complete Opera 102 changelog at: https://blogs.opera.com/desktop/changelog-for-102/ - Update to 101.0.4843.43 * CHR-9381 Update Chromium on desktop-stable-115-4843 to 115.0.5790.171 * DNA-108919 Tab Island 'Move To Island' highlight color is the same as island color * DNA-109202 Often extension popup is not displayed * DNA-109454 Wallpaper customization with remote resource * DNA-109679 Fix typo in flags schema * DNA-109927 Add tooltips for visual or incomplete items in context menu * DNA-110225 Replace Twitter logo in Sidebar with the new one X * DNA-110244 Translations for O101 * DNA-110276 Fix race condition in DeferredInstalledWallpapers * DNA-110400 teaser_event_impression counted when user closes baner - The update to chromium 115.0.5790.171 fixes following issues: CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071, CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-4075, CVE-2023-4076, CVE-2023-4077, CVE-2023-4078 - Update to 101.0.4843.23 * DNA-109400 Enable #adblocker-anticv on developer stream * DNA-109423 Add histograms to help track #platform-h264-decoder-in-gpu quality * DNA-109861 Crash on expading folder on bookmark bar containing unnamed subfolder * DNA-109872 WMFAudioDecoder reports spurious dry run if initialized during pipeline shutdown * DNA-109908 Crash at opera::(anonymous namespace):: AddNewTabToWorkspaceIfCurrent(Browser*, opera::WorkspaceId) (.llvm.13400399341940007321) * DNA-110005 Duplicated tabs indicator is not shown on tab bar * DNA-110062 [Linux] QT6 dependency issue with .rpm package * DNA-110210 Enable #adblocker-anticv on all streams * DNA-110244 Translations for O101 - Update to 101.0.4843.25 * CHR-9357 Update Chromium on desktop-stable-115-4843 to 115.0.5790.90 * CHR-9362 Update Chromium on desktop-stable-115-4843 to 115.0.5790.102 * DNA-104841 Create a smooth corner background * DNA-108012 [Opera One] Misaligned inner bookmarks menu in Opera Menu * DNA-109129 Crash at opera::component_based:: OperaOneIntroductionAnimationController::AnimateHideVisibility() * DNA-109209 Dragged island falls under island its being dragged over * DNA-109266 Crash at content::WebContentsImpl:: SetDelegate(content::WebContentsDelegate*) * DNA-109310 Broken session files are not automatically recovered * DNA-109448 [AdBlock] Images from ads are missing with AA enabled * DNA-109587 'Show bookmarks bar' checkbox on bookmarks feature(Dark Mode) * DNA-109674 Closing the tabs in the workspace in the other window will close Opera * DNA-109694 Smooth corners on active tab * DNA-109774 Log when trying to switch workspace while closing browser * DNA-110005 Duplicated tabs indicator is not shown on tab bar * DNA-110244 Translations for O101 - Complete Opera 101 changelog at: https://blogs.opera.com/desktop/changelog-for-101/ - Update to 100.0.4815.76 * DNA-109129 Crash at opera::component_based::Opera OneIntroductionAnimationController::AnimateHideVisibility() * DNA-109233 Crash at crash_reporter::(anonymous namespace):: AbslAbortHook(char const*, int, char const*, char const*, char const*) * DNA-109673 Session stat event teaser_tile_click is not sent * DNA-109897 Session is lost when new session file is created - Changes in 100.0.4815.54 * DNA-109148 Allow AI extension to change permissions during update * DNA-109172 WMFAudioDecoder fails with #platform-aac-decoder-in-gpu enabled * DNA-109633 Do not send TabStripEmpty multiple times * DNA-109674 Closing the tabs in the workspace in the other window will close Opera * DNA-109774 Log when trying to switch workspace while closing browser - Changes in 100.0.4815.47 * DNA-108456 WMFAudioDecoder dry run should include decoding one buffer * DNA-108478 Disable extension icon on the right side (where all normal extensions are) * DNA-108791 Give access to feedbackPopupPrivate * DNA-109134 Crash at media::FFmpegDemuxer:: OnFindStreamInfoDone(int) if LD_PRELOAD set by user * DNA-109137 SD images/icons/logo not loading or loading really slow * DNA-109182 Please add an event when popup closes * DNA-109231 Extended click area does not work for groups * DNA-109242 Session unload kDisablePageLoadsOnStartup not working * DNA-109310 Broken session files are not automatically recovered * DNA-109618 Crash logger RestartAction should be set only after crash - Update to 100.0.4815.30 * CHR-9339 Update Chromium on desktop-stable-114-4815 to 114.0.5735.199 * DNA-106986 [Tab strip][Tab islands] Reduce size of tab island handle * DNA-107205 Disable banner on fresh installation 'Back up your Opera Browser' * DNA-107306 Update Contributors list Opera One * DNA-107337 NotReached in Browser::CloseContents * DNA-107673 Crash at static void opera::ComponentTabStripController::ShowHoverCardForGroup() * DNA-108461 Distribute Aria with the Opera build * DNA-108540 [Rich Hints] Tab islands – a trigger and anchor * DNA-108545 Track accelerated video decoding support * DNA-108606 [Mac] Opening context menu closes subfolders menu on bookmark bar * DNA-108664 Set minimum and maximum width for Aria extension * DNA-108702 Tab falls outside island with specific number of tabs on tab strip * DNA-108731 Add 'aria' stat to the schema * DNA-108760 Record tab islands events * DNA-108761 Implement ‘Later' functionality * DNA-108763 Implement ‘Quit while showing onboarding' * DNA-108806 Command Line not activated when sidebar panel is opened * DNA-108858 [Linux] Browser window corners are not rounded perfectly * DNA-108863 Sidebar panel isn't properly aligned with sidebar * DNA-108882 [Icon change] Sync icon without custom image * DNA-108898 [Autohide] Sidebar panel title bar is not tall enough * DNA-108906 Turn on #component-based-context-menu on all streams * DNA-108907 Empty text (button inactive) button color is wrong * DNA-108912 Implement rotating animation for Aria command line * DNA-108921 Enable #opera-one-introduction on all streams * DNA-108928 Show overlay only if command-line parameter was given * DNA-108933 Update repack script to handle introduction extension * DNA-108938 Translations for O100 * DNA-108942 Remove Shopping Corner from the sidebar by default * DNA-108943 Crash at opera::AriaCommandLineController::~AriaCommandLineController() * DNA-108949 Make opera://intro display introduction page from extension * DNA-108952 Implement splash screen * DNA-108955 Aria extension is moved to the right after sending prompt from Command Line when sidebar is set to autohide * DNA-108957 Opera crashes during shutdown after opera-one-introduction hid * DNA-108958 Commandline disappears after clicking Aria logo on Commandline bar * DNA-108959 Commandline does not have hover effect on Send button * DNA-108980 Add Control+Shift+7 / Command+Shift+7 as alternative shortcut for Aria command line * DNA-108992 Opera One introduction appears in every New Window * DNA-109009 Crash at opera::component_based::ComponentTabGroup::UpdateTabAppearances() * DNA-109021 [Stable] No Shopping corner icon in sidebar setup * DNA-109031 [Tab islands] Island can automatically re-collapse when clicking handle button to expand it * DNA-109036 [Private Mode] [Light Team] Icons in address bar flashed white when pressed * DNA-109037 [Private Mode][Light] Folders name are not readable in BB when highlighted * DNA-109085 Two separators after ‘Search with' option * DNA-109091 Can't change tab when window is maximized on second display * DNA-109096 'Move to workspaces” doesn't fit all workspaces * DNA-109099 [WinLin] Add Aria command line to Opera menu * DNA-109102 [O-menu][History] Wrong layout of elements without icon in history submenu * DNA-109129 Crash at opera::component_based::OperaOneIntroduction AnimationController::AnimateHideVisibility() * DNA-109199 DCHECK when pinning tabs * DNA-108893 Promote 100 to stable - Complete Opera 100 changelog at: https://blogs.opera.com/desktop/changelog-for-100/ - The update to chromium 114.0.5735.199 fixes following issues: CVE-2023-3420, CVE-2023-3421, CVE-2023-3422 - Update to 99.0.4788.31 * DNA-107338 NotReached in SadTabView::OnPaint * DNA-107689 Crash at extensions:: ShodanPrivateShowPopupForSelectedTextFunction::Run() Important CVE-2023-2312 CVE-2023-3420 CVE-2023-3421 CVE-2023-3422 CVE-2023-4068 CVE-2023-4069 CVE-2023-4070 CVE-2023-4071 CVE-2023-4072 CVE-2023-4073 CVE-2023-4074 CVE-2023-4075 CVE-2023-4076 CVE-2023-4077 CVE-2023-4078 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359 CVE-2023-4360 CVE-2023-4361 CVE-2023-4362 CVE-2023-4363 CVE-2023-4364 CVE-2023-4365 CVE-2023-4366 CVE-2023-4367 CVE-2023-4368 CVE-2023-4572 cpe:/o:opensuse:leap:15.4 Security update for tcpreplay (Moderate) openSUSE Leap 15.4 This update for tcpreplay fixes the following issues: Update to 4.4.4: * overflow check fix for parse_mpls. * tcpreplay-edit: prevent L2 flooding of ipv6 unicast packets. * CVE-2023-27786: bugs caused by strtok_r. (boo#1209416) * CVE-2023-27783 reachable assert in tcpedit_dlt_cleanup (boo#1209413) * reachable assert in fast_edit_packet. Moderate SUSE bug 1209413 SUSE bug 1209416 CVE-2023-27783 CVE-2023-27786 cpe:/o:opensuse:leap:15.4 Security update for modsecurity (Moderate) openSUSE Leap 15.4 This update for modsecurity fixes the following issues: Update to version 3.0.10: * Security impacting issue (fix boo#1213702, CVE-2023-38285) - Fix: worst-case time in implementation of four transformations - Additional information on this issue is available at https://www.trustwave.com/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/ * Enhancements and bug fixes - Add TX synonym for MSC_PCRE_LIMITS_EXCEEDED - Make MULTIPART_PART_HEADERS accessible to lua - Fix: Lua scripts cannot read whole collection at once - Fix: quoted Include config with wildcard - Support isolated PCRE match limits - Fix: meta actions not applied if multiMatch in first rule of chain - Fix: audit log may omit tags when multiMatch - Exclude CRLF from MULTIPART_PART_HEADER value - Configure: use AS_ECHO_N instead echo -n - Adjust position of memset from 2890 Update to version 3.0.9: * Add some member variable inits in Transaction class (possible segfault) * Fix: possible segfault on reload if duplicate ip+CIDR in ip match list * Resolve memory leak on reload (bison-generated variable) * Support equals sign in XPath expressions * Encode two special chars in error.log output * Add JIT support for PCRE2 * Support comments in ipMatchFromFile file via '#' token * Use name package name libmaxminddb with pkg-config * Fix: FILES_TMP_CONTENT collection key should use part name * Use AS_HELP_STRING instead of obsolete AC_HELP_STRING macro * During configure, do not check for pcre if pcre2 specified * Use pkg-config to find libxml2 first * Fix two rule-reload memory leak issues * Correct whitespace handling for Include directive - Fix CVE-2023-28882, a segfault and a resultant crash of a worker process in some configurations with certain inputs, boo#1210993 Update to version 3.0.8 * Adjust parser activation rules in modsecurity.conf-recommended [#2796] * Multipart parsing fixes and new MULTIPART_PART_HEADERS collection [#2795] * Prevent LMDB related segfault [#2755, #2761] * Fix msc_transaction_cleanup function comment typo [#2788] * Fix: MULTIPART_INVALID_PART connected to wrong internal variable [#2785] * Restore Unique_id to include random portion after timestamp [#2752, #2758] Update to version 3.0.7 * Support PCRE2 * Support SecRequestBodyNoFilesLimit * Add ctl:auditEngine action support * Move PCRE2 match block from member variable * Add SecArgumentsLimit, 200007 to modsecurity.conf-recommended * Fix memory leak when concurrent log includes REMOTE_USER * Fix LMDB initialization issues * Fix initcol error message wording * Tolerate other parameters after boundary in multipart C-T * Add DebugLog message for bad pattern in rx operator * Fix misuses of LMDB API * Fix duplication typo in code comment * Fix multiMatch msg, etc, population in audit log * Fix some name handling for ARGS_*NAMES: regex SecRuleUpdateTargetById, etc. * Adjust confusing variable name in setRequestBody method * Multipart names/filenames may include single quote if double-quote enclosed * Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended Update to version 3.0.6 * Security issue: Support configurable limit on depth of JSON parsing, possible DoS issue. CVE-2021-42717 Update to version 3.0.5 * New: Having ARGS_NAMES, variables proxied * Fix: FILES variable does not use multipart part name for key * GeoIP: switch to GEOIP_MEMORY_CACHE from GEOIP_INDEX_CACHE * Support configurable limit on number of arguments processed * Adds support to lua 5.4 * Add support for new operator rxGlobal * Fix: Replaces put with setenv in SetEnv action * Fix: Regex key selection should not be case-sensitive * Fix: Only delete Multipart tmp files after rules have run * Fixed MatchedVar on chained rules * Fix IP address logging in Section A * Fix: rx: exit after full match (remove /g emulation); ensure capture groups occuring after unused groups still populate TX vars * Fix rule-update-target for non-regex * Fix Security Impacting Issues: * Handle URI received with uri-fragment, CVE-2020-15598 Update to version 3.0.4: * Fix: audit log data omitted when nolog,auditlog * Fix: ModSecurity 3.x inspectFile operator does not pass * XML: Remove error messages from stderr * Filter comment or blank line for pmFromFile operator * Additional adjustment to Cookie header parsing * Restore chained rule part H logging to be more like 2.9 behaviour * Small fixes in log messages to help debugging the file upload * Fix Cookie header parsing issues * Fix rules with nolog are logging to part H * Fix argument key-value pair parsing cases * Fix: audit log part for response body for JSON format to be E * Make sure m_rulesMessages is filled after successfull match * Fix @pm lookup for possible matches on offset zero. * Regex lookup on the key name instead of COLLECTION:key * Missing throw in Operator::instantiate * Making block action execution dependent of the SecEngine status * Making block action execution dependent of the SecEngine status * Having body limits to respect the rule engine state * Fix SecRuleUpdateTargetById does not match regular expressions * Adds missing check for runtime ctl:ruleRemoveByTag * Adds a new operator verifySVNR that checks for Austrian social security numbers. * Fix variables output in debug logs * Correct typo validade in log output * fix/minor: Error encoding hexa decimal. * Limit more log variables to 200 characters. * parser: fix parsed file names * Allow empty anchored variable * Fixed FILES_NAMES collection after the end of multipart parsing * Fixed validateByteRange parsing method * Removes a memory leak on the JSON parser * Enables LMDB on the regression tests. * Fix: Extra whitespace in some configuration directives causing error * Refactoring on Regex and SMatch classes. * Fixed buffer overflow in Utils::Md5::hexdigest() * Implemented merge() method for ConfigInt, ConfigDouble, ConfigString * Adds initially support to the drop action. * Complete merging of particular rule properties * Replaces AC_CHECK_FILE with 'test -f' * Fix inet addr handling on 64 bit big endian systems * Fix tests on FreeBSD * Changes ENV test case to read the default MODSECURTIY env var * Regression: Sets MODSECURITY env var during the tests execution * Fix setenv action to strdup key=variable * Allow 0 length JSON requests. * Fix 'make dist' target to include default configuration * Replaced log locking using mutex with fcntl lock * Correct the usage of modsecurity::Phases::NUMBER_OF_PHASES * Adds support to multiple ranges in ctl:ruleRemoveById * Rule variable interpolation broken * Make the boundary check less strict as per RFC2046 * Fix buffer size for utf8toUnicode transformation * Fix double macros bug * Override the default status code if not suitable to redirect action * parser: Fix the support for CRLF configuration files * Organizes the server logs * m_lineNumber in Rule not mapping with the correct line number in file * Using shared_ptr instead of unique_ptr on rules exceptions * Changes debuglogs schema to avoid unecessary str allocation * Fix the SecUnicodeMapFile and SecUnicodeCodePage * Changes the timing to save the rule message * Fix crash in msc_rules_add_file() when using disruptive action in chain * Fix memory leak in AuditLog::init() * Fix RulesProperties::appendRules() * Fix RULE lookup in chained rules * @ipMatch 'Could not add entry' on slash/32 notation in 2.9.0 * Using values after transformation at MATCHED_VARS * Adds support to UpdateActionById. * Add correct C function prototypes for msc_init and msc_create_rule_set * Allow LuaJIT 2.1 to be used * Match m_id JSON log with RuleMessage and v2 format * Adds support to setenv action. * Adds new transaction constructor that accepts the transaction id as parameter. * Adds request IDs and URIs to the debug log * Treating variables exception on load-time instead of run time. * Fix: function m.setvar in Lua scripts and add testcases * Fix SecResponseBodyAccess and ctl:requestBodyAccess directives * Fix parser to support GeoLookup with MaxMind * parser: Fix simple quote setvar in the end of the line * modsec_rules_check: uses the gnu `.la' instead of `.a' file * good practices: Initialize variables before use it * Fix utf-8 character encoding conversion * Adds support for ctl:requestBodyProcessor=URLENCODED * Add LUA compatibility for CentOS and try to use LuaJIT first if available * Allow LuaJIT to be used * Implement support for Lua 5.1 * Variable names must match fully, not partially. Match should be case insensitive. * Improves the performance while loading the rules * Allow empty strings to be evaluated by regex::searchAll * Adds basic pkg-config info * Fixed LMDB collection errors * Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors * Fix ip tree lookup on netmask content * Changes the behavior of the default sec actions * Refactoring on {global,ip,resources,session,tx,user} collections * Fix race condition in UniqueId::uniqueId() * Fix memory leak in error message for msc_rules_merge C APIs * Return false in SharedFiles::open() when an error happens * Use rvalue reference in ModSecurity::serverLog * Build System: Fix when multiple lines for curl version. * Checks if response body inspection is enabled before process it * Fix setvar parsing of quoted data * Adds time stamp back to the audit logs * Disables skip counter if debug log is disabled * Cosmetics: Represents amount of skipped rules without decimal * Add missing escapeSeqDecode, urlEncode and trimLeft/Right tfns to parser * Fix STATUS var parsing and accept STATUS_LINE var for v2 backward comp. * Fix memory leak in modsecurity::utils::expandEnv() * Initialize m_dtd member in ValidateDTD class as NULL * Fix broken @detectxss operator regression test case * Fix utils::string::ssplit() to handle delimiter in the end of string * Fix variable FILES_TMPNAMES * Fix memory leak in Collections * Fix lib version information while generating the .so file * Adds support for ctl:ruleRemoveByTag * Fix SecUploadDir configuration merge * Include all prerequisites for 'make check' into dist archive * Fix: Reverse logic of checking output in @inspectFile * Adds support to libMaxMind * Adds capture action to detectXSS * Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator * Adds capture action to detectSQLi * Adds capture action to rbl * Adds capture action to verifyCC * Adds capture action to verifySSN * Adds capture action to verifyCPF * Prettier error messages for unsupported configurations (UX) * Add missing verify*** transformation statements to parser * Fix a set of compilation warnings * Check for disruptive action on SecDefaultAction. * Fix block-block infinite loop. * Correction remove_by_tag and remove_by_msg logic. * Fix LMDB compile error * Fix msc_who_am_i() to return pointer to a valid C string * Added some cosmetics to autoconf related code * Fix 'make dist' target to include necessary headers for Lua * Fix 'include /foo/*.conf' for single matched object in directory * Add missing Base64 transformation statements to parser * Fixed resource load on ip match from file * Fixed examples compilation while using disable-shared * Fixed compilation issue while xml is disabled * Having LDADD and LDFLAGS organized on Makefile.am * Checking std::deque size before use it * perf improvement: Added the concept of RunTimeString and removed all run time parser. * perf improvement: Checks debuglog level before format debug msg * perf. improvement/rx: Only compute dynamic regex in case of macro * Fix uri on the benchmark utility * disable Lua on systems with liblua5.1 Moderate SUSE bug 1210993 SUSE bug 1213702 CVE-2020-15598 CVE-2021-42717 CVE-2023-28882 CVE-2023-38285 cpe:/o:opensuse:leap:15.4 Security update for tor (Moderate) openSUSE Leap 15.4 This update for tor fixes the following issues: tor 0.4.7.13: * fix SafeSocks option to avoid DNS leaks (boo#1207110, TROVE-2022-002) * improve congestion control * fix relay channel handling tor 0.4.7.12: * new key for moria1 * new metrics are exported on the MetricsPort for the congestion control subsystem Moderate SUSE bug 1207110 cpe:/o:opensuse:leap:15.4 Security update for Cadence (Moderate) openSUSE Leap 15.4 This update for Cadence fixes the following issues: - Fix security bugs related to use of Fixed Temporary Files. (boo#1213330, boo#1213983, boo#1213985) Moderate SUSE bug 1213330 SUSE bug 1213983 SUSE bug 1213985 cpe:/o:opensuse:leap:15.4 Security update for python-GitPython (Moderate) openSUSE Leap 15.4 This update for python-GitPython fixes the following issues: - CVE-2023-41040: Fixed directory traversal attack vulnerability (boo#1214810) Moderate SUSE bug 1214810 CVE-2023-41040 cpe:/o:opensuse:leap:15.4 Security update for python-CairoSVG (Moderate) openSUSE Leap 15.4 This update for python-CairoSVG fixes the following issues: - CVE-2023-27586: Don't allow fetching external files unless explicitly asked for. (boo#1209538) - Update to version 2.5.2 * Fix marker path scale - Update to version 2.5.1 (boo#1180648, CVE-2021-21236): * Security fix: When processing SVG files, CairoSVG was using two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provided a malicious SVG, it could make CairoSVG get stuck processing the file for a very long time. * Fix marker positions for unclosed paths * Follow hint when only output_width or output_height is set * Handle opacity on raster images * Don’t crash when use tags reference unknown tags * Take care of the next letter when A/a is replaced by l * Fix misalignment in node.vertices - Updates for version 2.5.0. * Drop support of Python 3.5, add support of Python 3.9. * Add EPS export * Add background-color, negate-colors, and invert-images options * Improve support for font weights * Fix opacity of patterns and gradients * Support auto-start-reverse value for orient * Draw images contained in defs * Add Exif transposition support * Handle dominant-baseline * Support transform-origin Moderate SUSE bug 1180648 SUSE bug 1209538 CVE-2021-21236 CVE-2023-27586 cpe:/o:opensuse:leap:15.4 Security update for cacti, cacti-spine (Important) openSUSE Leap 15.4 This update for cacti, cacti-spine fixes the following issues: cacti-spine 1.2.25: * Spine should see if script to be executed is executable * Enhance number recognition * When polling devices, sort by larger number of items first * Log format may be corrupted when timeout occurs * Compile warning appears due to GCC flag on RHEL7/RHEL8 * Downed device detection only checks one of the two uptime OIDs * Compile error appears due to execinfo.h on FreeBSD * Bootstrap shell script contains some PHP cruft * Padding is not always removed from the start of non-numeric strings * Improve SNMP result handling for non-numeric results * Further improve SNMP result handling for non-numeric results * Remove check for the max_oids column which has been present since Cacti v1.0 * Minimize Sorting when fetching poller records for maximum performance * Spine should see if script to be executed is executable cacti-spine 1.2.24: * Fix segfault when ignoring older OIDs cacti 1.2.25: * CVE-2023-30534: Protect against Insecure deserialization of filter data (boo#1215082) * CVE-2023-39360: Cross-Site Scripting vulnerability when creating new graphs (boo#1215044) * CVE-2023-39361: Unauthenticated SQL Injection when viewing graphs (boo#1215045) * CVE-2023-39357: SQL Injection when saving data with sql_save() (boo#1215040) * CVE-2023-39362: Authenticated command injection when using SNMP options (boo#1215047) * CVE-2023-39359: Authenticated SQL injection vulnerability when managing graphs (boo#1215043) * CVE-2023-39358: Authenticated SQL injection vulnerability when managing reports (boo#1215042) * CVE-2023-39365: SQL Injection when using regular expressions (boo#1215051) * CVE-2023-39364: redirect in change password functionality (boo#1215050) * CVE-2023-39366: Cross-Site Scripting vulnerability with Device Name when managing Data Sources (boo#1215052) * CVE-2023-39510: Cross-Site Scripting vulnerability with Device Name when administrating Reports (boo#1215053) * CVE-2023-39511: Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports (boo#1215081) * CVE-2023-39512: Cross-Site Scripting vulnerability with Device Name when managing Data Sources (boo#1215054) * CVE-2023-39513: Cross-Site Scripting vulnerability with Device Name when debugging data queries (boo#1215055) * CVE-2023-39514: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs (boo#1215056) * CVE-2023-39515: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries (boo#1215058) * CVE-2023-39516: Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources (boo#1215059) * When rebuilding the Poller Cache from command line, allow it to be multi-threaded * When searching tree or list views, the URL does not update after changes * When creating a Data Source Template with a specific snmp port, the port is not always applied * When a Data Query references a file, the filename should be trimmed to remove spurious spaces * THold plugin may not always install or upgrade properly * RRD file structures are not always updated properly, if there are more Data Sources in the Data Template than the Graph Template * When reindexing devices, errors may sometimes be shown * Boost may loose data when the database server is overloaded * Boost can sometimes output unexpected or invalid values * Boost should not attempt to start if there are no items to process * Rebuilding the poller cache does not always work as expected * Host CPU items may not work poll as expected when on a remote data collector where hmib is also enabled * When creating new graphs, invalid offset errors may be generated * When importing packages, SQL errors may be generated * When managing plugins from command line, the --plugin option is not properly handled * When automating an install of Cacti, error messages can be appear * When performing automated install of a plugin, warnings can be thrown * Automation references the wrong table name causing errors * Data Source Info Mode produces invalid recommendations * Data Source Debug 'Run All' generates too many log messages * The description of rebuild poller cache in utilities does not display properly * When reindexing a device, debug information may not always display properly * Upon displaying a form with errors, the session error fields variable isn't cleared * MariaDB clusters will no longer support exclusive locks * RRDtool can fail to update when sources in Data Template and Graph Template data sources do not match * Compatibility improvements for Boost under PHP 8.x * When searching the tree, increase the time before querying for items * Device Location drop down does not always populate correctly * When viewing Realtime graphs, undefined variable errors may be reported * SNMP Uptime is not always ignored for spikekills * Improve detection of downed Devices * When reporting missing functions from Plugins, ensure messages do not occur too often * When starting the Cacti daemon, database errors may be reported when there is no problem * When reporting from RRDcheck, ensure prefix is in the correct casing * Improve Orphaned Data Source options and display * Parsing the PHP Configuration may sometimes produce errors * Security processes attempt to check for a user lockout even if there is no user logged in * When attempting to edit a tree, the search filter for Graphs remains disabled * When reindexing, a Data Source that could be un-orphaned may not always be unorphaned * When parsing a date value, there could be more than 30 chars * Untemplated Data Sources can fail to update due to lack of an assigned Graph * When processing items to check, do not include disabled hosts * When saving a Data Source Template, SQL errors may be reported * When importing a Template, errors may be recorded * Some display strings have invalid formatting that cannot be parsed * When filtering with regular expressions, the 'does not match' option does not always function as expected * When enabling a plugin, sometimes it can appear as if nothing happens * Ensure the Rows Per Page option shows limitations set by configuration * Plugins are unable to modify fields in the setting 'Change Device Settings' * When reporting emails being sent, ensure BCC addresses are also included * Improve compatibility of SNMP class trim handling under PHP 8.x * When importing legacy Data Query Templates, the Template can become unusable * Provide ability to raise an event when extending the settings form * Prevent unsupported SQL Mode flags from being set * The DSStats summary does not always display expected values * When performing a fresh install, device classification may be missing. * Duplication functions for Graph/Template and Data Source/Template do not return and id * Duplication of Device Templates should be an API call * Unable to convert database to latin1 instead of utf8 if desired * When creating Graphs, the process may become slower over time as more items exist * When a bulk walk size is set to automatic, this is not always set to the optimal value * Update copyright notice on import packages * When viewing Orphan Graphs, SQL errors may be reported * When reindexing hosts from command line, ensure only one process runs at once * When a Data Query has no Graphs, it may not be deletable * When duplicating a Graph Template, provide an option to not duplicate Data Query association * When duplicating a Data Template errors can appear in the Cacti log * When importing a Package, previewing makes unexpected changes to Cacti Templates * When enabling boost on a fresh install, an error may be reported * Improve compatibility for backtrace logging under PHP 8.x * Improve compatibility for Advanced Ping under PHP 8.x * Provide new templates for Fortigate and Aruba Cluster to be available during install * Provide new template for SNMP Printer to be available during install * When importing devices, allow a device classification to be known * Extend length of maximum name in settings table * Extend length of maximum name in user settings table * Data Queries do not have a Duplication function * Upgrade d3.js v7.8.2 and billboard.js v3.7.4 * Upgrade ua-parser.js to version 1.0.35 * Update Cisco Device Template to include HSRP graph template * New hook for device template change 'device_template_change' cacti 1.2.24 * Fix: Unable to import Local Linux Machine template * Fix multiple charting and display issues * Compatibility changes for SNMP under PHP 8.2, and other PHP compatibility updates * Fix multiple issues editing settings * timeout fixes for Basic Auth * multiple data poller bug fixes Important SUSE bug 1215040 SUSE bug 1215042 SUSE bug 1215043 SUSE bug 1215044 SUSE bug 1215045 SUSE bug 1215047 SUSE bug 1215050 SUSE bug 1215051 SUSE bug 1215052 SUSE bug 1215053 SUSE bug 1215054 SUSE bug 1215055 SUSE bug 1215056 SUSE bug 1215058 SUSE bug 1215059 SUSE bug 1215081 SUSE bug 1215082 CVE-2023-30534 CVE-2023-39357 CVE-2023-39358 CVE-2023-39359 CVE-2023-39360 CVE-2023-39361 CVE-2023-39362 CVE-2023-39364 CVE-2023-39365 CVE-2023-39366 CVE-2023-39510 CVE-2023-39511 CVE-2023-39512 CVE-2023-39513 CVE-2023-39514 CVE-2023-39515 CVE-2023-39516 cpe:/o:opensuse:leap:15.4 Security update for chromium (Critical) openSUSE Leap 15.4 This update for chromium fixes the following issues: - Chromium 117.0.5938.132 (boo#1215776): * CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx (boo#1215778) * CVE-2023-5186: Use after free in Passwords * CVE-2023-5187: Use after free in Extensions - Chromium 117.0.5938.92: * stability improvements Critical SUSE bug 1215776 SUSE bug 1215778 CVE-2023-5186 CVE-2023-5187 CVE-2023-5217 cpe:/o:opensuse:leap:15.4 Security update for python-bugzilla (Important) openSUSE Leap 15.4 This update for python-bugzilla fixes the following issues: - Fixed potential API Key leak (boo#1215718). Important SUSE bug 1215718 cpe:/o:opensuse:leap:15.4 Security update for exim (Critical) openSUSE Leap 15.4 This update for exim fixes the following issues: * CVE-2023-42114: NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability (boo#1215784) * CVE-2023-42115: AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability (boo#1215785) * CVE-2023-42116: SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability (boo#1215786) Critical SUSE bug 1215784 SUSE bug 1215785 SUSE bug 1215786 CVE-2023-42114 CVE-2023-42115 CVE-2023-42116 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: - Update to 103.0.4928.16 * CHR-9416 Updating Chromium on desktop-stable-* branches * CHR-9433 Update Chromium on desktop-stable-117-4928 to 117.0.5938.89 * CHR-9449 Update Chromium on desktop-stable-117-4928 to 117.0.5938.132 * DNA-110337 Opera Intro extension custom versions * DNA-111454 Player animations visual adjustments * DNA-111618 Turn on #password-generator on all streams * DNA-111645 Turn on flag #player-service-react on developer stream * DNA-111708 Player home page is shown while music service is being loaded * DNA-111722 [Tab strip][Tab island] Add tab in tab island button appears after size of tabs is changed * DNA-111727 JsonPrefStore is created twice for Local State file * DNA-111838 Promote 103.0 to stable * DNA-111845 Turn on flag #player-service-react on all streams * DNA-111868 Translations for O103 * DNA-111874 OMenu and Context Menus has transparent few px border - The update to chromium 117.0.5938.89 fixes following issues: CVE-2023-5217, CVE-2023-5186, CVE-2023-5187 - Complete Opera 103 changelog at: https://blogs.opera.com/desktop/changelog-for-103/ - Update to 102.0.4880.78 * DNA-110952 Crash at base::subtle::RefCountedBase:: ReleaseImpl() const - Update to 102.0.4880.70 * DNA-105016 Do not open file selector when closing easy files dialog with 'close this popup' option * DNA-110437 Extensions font color in dark mode makes the text not visible * DNA-110443 Crash at EasyFilesView::ShowFileSelector * DNA-111231 Amazon Music logo update in sidebar Player * DNA-111280 Make import from Crypto Browser to Opera Browser easier * DNA-111355 [Sidebar] DevTools is not working correctly in with sidebar panel * DNA-111708 Player home page is shown while music service is being loaded * DNA-111162 Refresh Player home page * DNA-111164 Implement animation in Player home page - Update to 102.0.4880.56 * DNA-110785 Crash at static void base::allocator:: UnretainedDanglingRawPtrDetectedDumpWithoutCrashing (unsigned __int64) * DNA-110973 Crash after dragging tab from island to another screen * DNA-111199 Disable user_education tests from component_unittests * DNA-111369 Crash at views::View::DoRemoveChildView(views:: View*, bool, bool, views::View*) * DNA-111538 All new open windows don`t have a close button 'x' in the right upper corner. - Changes in 102.0.4880.51 * CHR-9416 Automatic tries of updating Chromium on desktop-stable-* branches * DNA-110101 [Linux] Maximize/restore button does not work properly * DNA-110669 duplicated hints on system buttons * DNA-110823 Uninstallation Survey Countries * DNA-110881 Scroll bar doesn't change color in dark mode * DNA-110930 Capture mouse events on the 1-pixel edge for DevTools * DNA-110935 ChatSonic colors are unreadable in Dark Mode * DNA-111034 Dynamic icon does not look good in edit-tile-modal * DNA-111035 Removal custom-image should restore dynamic icon * DNA-111177 [Start page] Letter in SD is black on light wallpaper * DNA-111488 Improve profile migration for desktop-stable-116-4880 - Update to 102.0.4880.46 * CHR-9416 Automatic tries of updating Chromium on desktop-stable-* branches * DNA-110216 [Sidebar] Straight lines instead of rounded corners * DNA-110539 [LIN] Crash at content::WebContentsImpl:: GetLastCommittedURL() * DNA-110631 AB test mechanism for Speed Dial * DNA-110656 [TabStrip] Memory leak for tab group * DNA-111322 Only show splash screen on major version update * DNA-111417 Crash at opera::component_based:: TabAnimationController::StartAnimatedLayout(opera:: component_based::TabAnimationController::AnimationInfo, base::OnceCallback) * DNA-111420 Update continue on link for euro rtv agd * DNA-111440 Crash at opera::component_based:: ComponentTabBar::GetActiveTab() Important CVE-2023-5186 CVE-2023-5187 CVE-2023-5217 cpe:/o:opensuse:leap:15.4 Security update for python-mechanize (Moderate) openSUSE Leap 15.4 This update for python-mechanize fixes the following issues: Update to version 0.4.8: - CVE-2021-32837: Fixed a denial of service via regular expression (boo#1207242). - Fixed mechanize not found during build (boo#1202003). Moderate SUSE bug 1202003 SUSE bug 1207242 CVE-2021-32837 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 118.0.5993.70 (boo#1216111) - CVE-2023-5218: Use after free in Site Isolation - CVE-2023-5487: Inappropriate implementation in Fullscreen - CVE-2023-5484: Inappropriate implementation in Navigation - CVE-2023-5475: Inappropriate implementation in DevTools - CVE-2023-5483: Inappropriate implementation in Intents - CVE-2023-5481: Inappropriate implementation in Downloads - CVE-2023-5476: Use after free in Blink History - CVE-2023-5474: Heap buffer overflow in PDF - CVE-2023-5479: Inappropriate implementation in Extensions API - CVE-2023-5485: Inappropriate implementation in Autofill - CVE-2023-5478: Inappropriate implementation in Autofill - CVE-2023-5477: Inappropriate implementation in Installer - CVE-2023-5486: Inappropriate implementation in Input - CVE-2023-5473: Use after free in Cast Important SUSE bug 1216111 CVE-2023-5218 CVE-2023-5473 CVE-2023-5474 CVE-2023-5475 CVE-2023-5476 CVE-2023-5477 CVE-2023-5478 CVE-2023-5479 CVE-2023-5481 CVE-2023-5483 CVE-2023-5484 CVE-2023-5485 CVE-2023-5486 CVE-2023-5487 cpe:/o:opensuse:leap:15.4 Security update for exim (Critical) openSUSE Leap 15.4 This update for exim fixes the following issues: - CVE-2023-42117: Fixes Improper Neutralization of Special Elements Remote Code Execution Vulnerability (boo#1215787) - CVE-2023-42119: Fixes dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability (boo#1215789) Critical SUSE bug 1215787 SUSE bug 1215789 CVE-2023-42117 CVE-2023-42119 cpe:/o:opensuse:leap:15.4 Security update for rxvt-unicode (Moderate) openSUSE Leap 15.4 This update for rxvt-unicode fixes the following issues: - Update to version 9.31: (CVE-2022-4170 boo#1206069) - implement a fix for CVE-2022-4170 (reported and analyzed by David Leadbeater). While present in version 9.30, it should not be exploitable. It is exploitable in versions 9.25 and 9.26, at least, and allows anybody controlling output to the terminal to execute arbitrary code in the urxvt process. - the background extension no longer requires off focus fading support to be compiled in. - the confirm-paste extension now offers a choice betwene pasting the original or a sanitized version, and also frees up memory used to store the paste text immediately. - fix compiling without frills. - fix rewrapMode: never. - fix regression that caused urxvt to no longer emit responses to OSC color queries other than OSC 4 ones. - fix regression that caused urxvt to no longer process OSC 705. - restore CENTURY to be 1900 to 'improve' year parsing in urclock (or at least go back to the old interpretation) (based on an analysis by Tommy Pettersson). - exec_async (used e.g. by the matcher extension to spawn processes) now sets the URXVT_EXT_WINDOWID variable to the window id of the terminal. - implement -fps option/refreshRate resource to change the default 60 Hz maximum refresh limiter. I always wanted an fps option, but had to wait for a user requesting it. - new clickthrough extension. - perl now also requires Xext. - X region and shape extension functionality has been exposed to perl extensions. - RENDER extension no longer depends on ENABLE_XIM_ONTHESPOT. Moderate SUSE bug 1206069 CVE-2022-4170 cpe:/o:opensuse:leap:15.4 Security update for chromium (Critical) openSUSE Leap 15.4 This update for chromium fixes the following issues: - Chromium 118.0.5993.88: * unspecified security fix (boo#1216392) Critical SUSE bug 1216392 cpe:/o:opensuse:leap:15.4 Security update for upx (Moderate) openSUSE Leap 15.4 upx was updated to fix the following issues: - CVE-2023-23457: Fixed a segmentation fault when processing malicious elf files (boo#1207122) Update to release 4.0.1 * Fix crash when a linux/armeb LZMA-packed binary unpacks itself. * Resolve 'CantPackException: bad ElfXX_Shdrs' with staticly-linked programs. * Resolve 'CantPackException: need DT_INIT;...' when attempting to re-compress an already packed binary. Update to release 4.0 * Add support for EFI files Moderate SUSE bug 1207122 CVE-2023-23457 cpe:/o:opensuse:leap:15.4 Security update for python-Django (Moderate) openSUSE Leap 15.4 This update for python-Django fixes the following issues: - CVE-2023-43665: Denial-of-service in django.utils.text.Truncator (boo#1215978). Moderate SUSE bug 1215978 CVE-2023-43665 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 109.0.5414.119 (boo#1207512): * CVE-2023-0471: Use after free in WebTransport * CVE-2023-0472: Use after free in WebRTC * CVE-2023-0473: Type Confusion in ServiceWorker API * CVE-2023-0474: Use after free in GuestView * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1207512 CVE-2023-0471 CVE-2023-0472 CVE-2023-0473 CVE-2023-0474 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: - Chromium 118.0.5993.117 (boo#1216549) * CVE-2023-5472: Use after free in Profiles * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1216549 CVE-2023-5472 cpe:/o:opensuse:leap:15.4 Security update for sox (Important) openSUSE Leap 15.4 This update for sox fixes the following issues: - Apply various fix patches taken from Debian package; it fixes also other entries (CVE-2022-31650 boo#1212060 CVE-2023-34318 boo#1212062 CVE-2023-34432 boo#1212063) - Fix floating point exception in src/voc.c (CVE-2023-32627 boo#1212061) Important SUSE bug 1212060 SUSE bug 1212061 SUSE bug 1212062 SUSE bug 1212063 CVE-2019-13590 CVE-2021-23159 CVE-2021-33844 CVE-2021-3643 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651 CVE-2023-32627 CVE-2023-34318 CVE-2023-34432 cpe:/o:opensuse:leap:15.4 Security update for virtualbox (Important) openSUSE Leap 15.4 This update for virtualbox fixes the following issues: VirtualBox 7.0.6 (released January 17 2023) This is a maintenance release. The following items were fixed and/or added: [1] - VMM: Fixed guru running the FreeBSD loader on older Intel CPUs without unrestricted guest support (bug #21332) - GUI: Fixed virtual machines grouping when VM was created or modified in command line (bugs #11500, #20933) - GUI: Introduced generic changes in settings dialogs - VirtioNet: Fixed broken network after loading saved state (bug #21172) - Storage: Added support for increasing the size of the following VMDK image variants: monolithicFlat, monolithicSparse, twoGbMaxExtentSparse, twoGbMaxExtentFlat - VBoxManage: Added missing --directory switch for guestcontrol mktemp command - Mouse Integration: Guest was provided with extended host mouse state (bug #21139) - DnD: Introduced generic improvements - Guest Control: Fixed handling creation mode for temporary directories (bug #21394) - Linux Host and Guest: Added initial support for building UEK7 kernel on Oracle Linux 8 - Linux Host and Guest: Added initial support for RHEL 9.1 kernel - Linux Guest Additions: Added initial support for kernel 6.2 for vboxvideo - Audio: The '--audio' option in VBoxManage is now marked as deprecated; please use '--audio-driver' and '--audio-enabled' instead. This will allow more flexibility when changing the driver and/or controlling the audio functionality Additionally, it fixes 6 CVE's: CVE-2023-21886, CVE-2023-21898, CVE-2023-21899, CVE-2023-21884, CVE-2023-21885, CVE-2023-21889 Links: [1] https://www.virtualbox.org/wiki/Changelog-7.0#v6 [2] https://www.oracle.com/security-alerts/cpujan2023.html#AppendixOVIR Important CVE-2023-21884 CVE-2023-21885 CVE-2023-21886 CVE-2023-21889 CVE-2023-21898 CVE-2023-21899 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: - Update to 104.0.4944.23 * DNA-110465 [Scrollable tab strip] Weird animation when closing tab * DNA-112021 Favicons disappear from history after being hovered over * DNA-112310 Put opening animation on start page behind a flag * DNA-112462 Crash at opera::SidebarItemViewImpl:: StateChanged(views::Button::ButtonState) * DNA-112464 Crash at anonymous namespace::SwitchToTabButton:: OnThemeChanged() * DNA-112518 Force Default as last used Profile * DNA-112534 Set profiles_order to Default dir - Changes in 104.0.4944.18 * CHR-9471 Update Chromium on desktop-stable-118-4944 to 118.0.5993.71 * DNA-111704 chrome.webRequest.onHeadersReceived event is not fired for extension if page opened from SpeedDial tile * DNA-111878 Highlighting of tabs and bookmarks in dark mode is almost invisible. * DNA-111883 [Address bar] Hover effect on page is placed too high * DNA-111922 [Linux] Change Opera beta application icon * DNA-111955 Reduce colors used in Opera as much as possible * DNA-112075 Rename palette colors in theme for better reusability * DNA-112108 Fix dangling WebContents ptr bound to TabSnoozeInfobarDelegate::Show callback * DNA-112222 Tab in island not marked as active * DNA-112242 Disable feature flag #platform-h264-decoder-in-gpu by default on stable channel * DNA-112265 Promote 104 to stable * DNA-112312 Turn on #wallet-selector on all streams * DNA-112313 Enable #pinboard-popup-refresh on all streams * DNA-112426 [profile migration] Renaming invalid Default to Default.old is not needed anymore - The update to chromium 118.0.5993.71 fixes following issues: CVE-2023-5218, CVE-2023-5487, CVE-2023-5484, CVE-2023-5475, CVE-2023-5483, CVE-2023-5481, CVE-2023-5476, CVE-2023-5474, CVE-2023-5479, CVE-2023-5485, CVE-2023-5478, CVE-2023-5477, CVE-2023-5486, CVE-2023-5473 - Complete Opera 104 changelog at: https://blogs.opera.com/desktop/changelog-for-104/ - Update to 103.0.4928.34 * DNA-111680 Fix highlight of bookmarks bar folder elements * DNA-111703 O icon moves upon opening menu * DNA-111883 [Address bar] Hover effect on page is placed too high * DNA-111940 OMenu text displaced to the right without any indentation * DNA-112118 Crash at history::URLDatabase:: CreateContinueOnIndexIfNeeded(std::__Cr::vector) - Update to 103.0.4928.26 * DNA-111681 Disappearing icons of bookmarks bar folders elements * DNA-112020 Enable #address-bar-dropdown-cities on all streams Important CVE-2023-5218 CVE-2023-5473 CVE-2023-5474 CVE-2023-5475 CVE-2023-5476 CVE-2023-5477 CVE-2023-5478 CVE-2023-5479 CVE-2023-5481 CVE-2023-5483 CVE-2023-5484 CVE-2023-5485 CVE-2023-5486 CVE-2023-5487 cpe:/o:opensuse:leap:15.4 Security update for virtualbox (Important) openSUSE Leap 15.4 This update for virtualbox fixes the following issues: - Version bump to VirtualBox 7.0.12 (released October 17 2023 by Oracle) Fixes the following: - CVE-2023-22098 (boo#1216363) - CVE-2023-22099 (boo#1216364) - CVE-2023-22100 (boo#1216365) This is a maintenance release. The following items were fixed and/or added: - VMM: Fixed using a debugger inside the guest under certain circumstances (bugs #21413 and #21546) - VMM: Fixed detection of VT-x being used by other hypervisors (bug #21867) - VMM: Introduced additional improvements in Split Lock Detection feature of recent Intel CPUs on Linux hosts (bug #20180) - GUI: Fixed issue when the nested hardware virtualization setting was not displayed in the VM details panel (bug #21707) - GUI: Introduced NLS update for Croatian, Indonesian, Italian, Japanese, Korean, Dutch and Turkish languages as well as added general look-and-feel improvements - Devices: Fixed black screen in Windows guests with multiple guest screens when 3D is disabled (7.0.10 regression) - Devices: Fixed PCI device identifiers for the VirtIO network interface (bug #21516) - Devices: Fixed VLAN support for the VirtIO network interface (bug #21778) - Devices: Fixed loading saved states when a TPM is configured (7.0.10 regression, bug #21773) - Networking: Fixed memory leaks in the VBoxIntNetSwitch process on macOS (bug #21752) - Networking: Fixed TCP connections with IP addresses ending on .2 when the NAT network attachment is used (bug #21513) - VRDP: Added general improvements - VBoxManage: Added improvements for 'list usbfilters' command - Unattended: Added kick start file support for Oracle Linux 8 and Oracle Linux 9. - Main: Added more Linux OS subtypes - Host Services: Fixed Guest Properties service crash under rare circumstance - Linux Host and Guest: Fixed few 'field-spanning write' kernel warnings (bugs #21410 and #21862) - Linux Guest Additions: Added more fixes for RHEL 8.9 and 9.3 kernel - Linux Guest Additions: Added more fixes for kernel 6.4 - Linux Guest Additions: Added initial support for OpenSUSE 15.5 kernel - Linux Guest Additions: Added initial support for kernels 6.5 and 6.6 - Linux Guest Additions: Added version reporting for 'rcvboxadd status-kernel' and 'rcvboxadd status-user' commands - BIOS: Restored support for ISA SCSI HBAs in the BIOS (bug #21736) - Convert to systemd-sysusers Important SUSE bug 1216363 SUSE bug 1216364 SUSE bug 1216365 CVE-2023-22098 CVE-2023-22099 CVE-2023-22100 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: - Update to 104.0.4944.36 * CHR-9492 Update Chromium on desktop-stable-118-4944 to 118.0.5993.118 * DNA-112757 [Tab close button] Close button is cutted when a lot tabs are opened - The update to chromium 118.0.5993.118 fixes following issues: CVE-2023-5472 - Update to 104.0.4944.33 * CHR-9487 Update Chromium on desktop-stable-118-4944 to 118.0.5993.96 * DNA-111963 Show duplicate indicator when hovering tab in tab tooltip - Changes in 104.0.4944.28 * DNA-112454 [Start Page] No context menu in Search bar using right button of mouse * DNA-112053 Context menu is too large on Mac * DNA-111989 Favicons are displayed too close to titles in history menu Important CVE-2023-5472 cpe:/o:opensuse:leap:15.4 Security update for tor (Moderate) openSUSE Leap 15.4 This update for tor fixes the following issues: - tor 0.4.8.8: * Mitigate an issue when Tor compiled with OpenSSL can crash during handshake with a remote relay. (TROVE-2023-004, boo#1216873) * Regenerate fallback directories generated on November 03, 2023. * Update the geoip files to match the IPFire Location Database, as retrieved on 2023/11/03 * directory authority: Look at the network parameter 'maxunmeasuredbw' with the correct spelling * vanguards addon support: Count the conflux linked cell as valid when it is successfully processed. This will quiet a spurious warn in the vanguards addon - tor 0.4.8.7: * Fix an issue that prevented us from pre-building more conflux sets after existing sets had been used - tor 0.4.8.6: * onion service: Fix a reliability issue where services were expiring their introduction points every consensus update. This caused connectivity issues for clients caching the old descriptor and intro points * Log the input and output buffer sizes when we detect a potential compression bomb * Disable multiple BUG warnings of a missing relay identity key when starting an instance of Tor compiled without relay support * When reporting a pseudo-networkstatus as a bridge authority, or answering 'ns/purpose/*' controller requests, include accurate published-on dates from our list of router descriptors * Use less frightening language and lower the log-level of our run-time ABI compatibility check message in our Zstd compression subsystem - tor 0.4.8.5: * bugfixes creating log BUG stacktrace - tor 0.4.8.4: * Extend DoS protection to partially opened channels and known relays * Dynamic Proof-Of-Work protocol to thwart flooding DoS attacks against hidden services. Disabled by default, enable via 'HiddenServicePoW' in torrc * Implement conflux traffic splitting * Directory authorities and relays now interact properly with directory authorities if they change addresses - tor 0.4.7.14: * bugfix affecting vanguards (onion service), and minor fixes - Enable support for scrypt() Moderate SUSE bug 1216873 cpe:/o:opensuse:leap:15.4 Security update for vlc (Moderate) openSUSE Leap 15.4 This update for vlc fixes the following issues: Update to version 3.0.20: + Video Output: - Fix green line in fullscreen in D3D11 video output - Fix crash with some AMD drivers old versions - Fix events propagation issue when double-clicking with mouse wheel + Decoders: - Fix crash when AV1 hardware decoder fails + Interface: - Fix annoying disappearance of the Windows fullscreen controller + Demuxers: - Fix potential security issue (OOB Write) on MMS:// by checking user size bounds Update to version 3.0.19: + Core: - Fix next-frame freezing in most scenarios + Demux: - Support RIFF INFO tags for Wav files - Fix AVI files with flipped RAW video planes - Fix duration on short and small Ogg/Opus files - Fix some HLS/TS streams with ID3 prefix - Fix some HLS playlist refresh drift - Fix for GoPro MAX spatial metadata - Improve FFmpeg-muxed MP4 chapters handling - Improve playback for QNap-produced AVI files - Improve playback of some old RealVideo files - Fix duration probing on some MP4 with missing information + Decoders: - Multiple fixes on AAC handling - Activate hardware decoding of AV1 on Windows (DxVA) - Improve AV1 HDR support with software decoding - Fix some AV1 GBRP streams, AV1 super-resolution streams and monochrome ones - Fix black screen on poorly edited MP4 files on Android Mediacodec - Fix rawvid video in NV12 - Fix several issues on Windows hardware decoding (including 'too large resolution in DxVA') - Improve crunchyroll-produced SSA rendering + Video Output: - Super Resolution scaling with nVidia and Intel GPUs - Fix for an issue when cropping on Direct3D9 - Multiple fixes for hardware decoding on D3D11 and OpenGL interop - Fix an issue when playing -90?rotated video - Fix subtitles rendering blur on recent macOS + Input: - Improve SMB compatibility with Windows 11 hosts + Contribs: - Update of fluidlite, fixing some MIDI rendering on Windows - Update of zlib to 1.2.13 (CVE-2022-37434) - Update of FFmpeg, vpx (CVE-2023-5217), ebml, dav1d, libass + Misc: - Improve muxing timestamps in a few formats (reset to 0) - Fix some rendering issues on Linux with the fullscreen controller - Fix GOOM visualization - Fixes for Youtube playback - Fix some MPRIS inconsistencies that broke some OS widgets on Linux - Implement MPRIS TrackList signals - Fix opening files in read-only mode - Fix password search using the Kwallet backend - Fix some crashes on macOS when switching application - Fix 5.1/7.1 output on macOS and tvOS - Fix several crashes and bugs in the macOS preferences panel - Improvements on the threading of the MMDevice audio output on Windows - Fix a potential security issue on the uninstaller DLLs - Fix memory leaks when using the media_list_player libVLC APIs + Translations: - Update of most translations - New translations to Esperanto, Interlingue, Lao, Macedonian, Burmese, Odia, Samoan and Swahili Moderate CVE-2022-37434 CVE-2023-5217 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 119.0.6045.123 (boo#1216978) * CVE-2023-5996: Use after free in WebAudio Chromium 119.0.6045.105 (boo#1216783) * CVE-2023-5480: Inappropriate implementation in Payments * CVE-2023-5482: Insufficient data validation in USB * CVE-2023-5849: Integer overflow in USB * CVE-2023-5850: Incorrect security UI in Downloads * CVE-2023-5851: Inappropriate implementation in Downloads * CVE-2023-5852: Use after free in Printing * CVE-2023-5853: Incorrect security UI in Downloads * CVE-2023-5854: Use after free in Profiles * CVE-2023-5855: Use after free in Reading Mode * CVE-2023-5856: Use after free in Side Panel * CVE-2023-5857: Inappropriate implementation in Downloads * CVE-2023-5858: Inappropriate implementation in WebApp Provider * CVE-2023-5859: Incorrect security UI in Picture In Picture gn was updated to version 0.20231023: * many updates to support Chromium 119 build Important SUSE bug 1216783 SUSE bug 1216978 CVE-2023-5480 CVE-2023-5482 CVE-2023-5849 CVE-2023-5850 CVE-2023-5851 CVE-2023-5852 CVE-2023-5853 CVE-2023-5854 CVE-2023-5855 CVE-2023-5856 CVE-2023-5857 CVE-2023-5858 CVE-2023-5859 CVE-2023-5996 cpe:/o:opensuse:leap:15.4 Security update for connman (Important) openSUSE Leap 15.4 This update for connman fixes the following issues: - Update to 1.42 * Fix issue with iwd and signal strength calculation. * Fix issue with iwd and handling service removal. * Fix issue with iwd and handling new connections. * Fix issue with handling default online check URL. * Fix issue with handling nameservers refresh. * Fix issue with handling proxy from DHCP lease. (boo#1210395 CVE-2023-28488) * Fix issue with handling multiple proxies from PAC. * Fix issue with handling manual time update changes. * Fix issue with handling invalid gateway routes. * Fix issue with handling hidden WiFi agent requests. * Fix issue with handling WiFi SAE authentication failure. * Fix issue with handling DNS Proxy and TCP server replies. * Add support for regulatory domain following timezone. * Add support for localtime configuration option. Important SUSE bug 1210395 CVE-2023-28488 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 119.0.6045.159 (boo#1217142) * CVE-2023-5997: Use after free in Garbage Collection * CVE-2023-6112: Use after free in Navigation * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1217142 CVE-2023-5997 CVE-2023-6112 cpe:/o:opensuse:leap:15.4 Security update for gstreamer-plugins-bad (Important) openSUSE Leap 15.4 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-37329: Fixed GStreamer SRT File Parsing Heap-based Buffer Overflow (bsc#1213126). Important SUSE bug 1213126 CVE-2023-37329 cpe:/o:opensuse:leap:15.4 Security update for python-django-grappelli (Moderate) openSUSE Leap 15.4 This update for python-django-grappelli fixes the following issues: Update to 2.14.4: - CVE-2021-46898: Fixed views/switch.py vulnerable to protocol-relative URL attacks (boo#1216481) - Fixed: Redirect with switch user. - Improved: Remove extra filtering in AutocompleteLookup. - Improved: Added import statement with URLs for quickstart docs. - Improved: Added additional blocks with inlines to allow override. - Fixed: Compatibility with Django 3.1. - Fixed: Docs about adding Grappelli documentation URLS. Moderate SUSE bug 1216481 CVE-2021-46898 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: - Update to 105.0.4970.21 * DNA-112425 Choosing Workspace Icons doesn’t work as expected * DNA-112787 glow around tiles in Top Sites section in BABE in dark theme - The update to chromium 119.0.6045.159 fixes following issues: CVE-2023-5997, CVE-2023-6112 - Update to 105.0.4970.16 * CHR-9416 Updating Chromium on desktop-stable-* branches * DNA-111903 [Lin] [Component-based-scrollbar] Old design is displayed on Ubuntu 20.04 * DNA-112914 Visual glitch with HWA enabled in some random places * DNA-113137 [WinLin][Sidebar autohide] Sidebar panel is not connected with sidebar - Update to 105.0.4970.13 * CHR-9416 Updating Chromium on desktop-stable-* branches * DNA-111885 [Address bar] Hover effect on padlock icon is not rounded * DNA-112411 Active Tab in Tab Island in Dark Mode should have different colour * DNA-112431 Dragging tab quickly past last island on the right, causes tab to be dropped at the end of tab strip instead of at location of the cursor * DNA-112878 [Tab strip] Detached tab not restored after restarting browser * DNA-112900 Crash at opera::component_based:: ComponentTabDragController::StopViewDragging * DNA-112996 Translations for O105 * DNA-113213 Promote 105 to stable - Complete Opera 105 changelog at: https://blogs.opera.com/desktop/changelog-for-105/ - Update to 104.0.4944.54 * DNA-111938 Option 'Automatically hide sidebar' and Full screen makes Opera freeze * DNA-112241 Stuttering video on some systems with OOP SW H.264 decoding * DNA-112636 [Tab strip] Detach button on meeting tabs moves on hover and is replaced by close tab * DNA-112862 Crash at extensions::BookmarksPrivateAPI:: OnListenerAdded(extensions::EventListenerInfo const&) * DNA-112990 Crash when closing tab tooltip and opening Search tabs Important CVE-2023-5997 CVE-2023-6112 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for Chromium fixes the following issue: Chromium 119.0.6045.199 (boo#1217616) * CVE-2023-6348: Type Confusion in Spellcheck * CVE-2023-6347: Use after free in Mojo * CVE-2023-6346: Use after free in WebAudio * CVE-2023-6350: Out of bounds memory access in libavif (boo#1217614) * CVE-2023-6351: Use after free in libavif (boo#1217615) * CVE-2023-6345: Integer overflow in Skia * Various fixes from internal audits, fuzzing and other initiatives. Important SUSE bug 1217614 SUSE bug 1217615 SUSE bug 1217616 CVE-2023-6345 CVE-2023-6346 CVE-2023-6347 CVE-2023-6348 CVE-2023-6350 CVE-2023-6351 cpe:/o:opensuse:leap:15.4 Security update for optipng (Moderate) openSUSE Leap 15.4 This update for optipng fixes the following issues: Update to 0.7.8: * CVE-2023-43907: Fixed a global-buffer-overflow vulnerability in the GIF reader (boo#1215937). * Fixed a stack-print-after-scope defect in the error handler. * Fixed an assertion failure in the image reduction module. * Fixed the command-line wildargs expansion in the Windows port. * Refactored the structured exception handling. Moderate SUSE bug 1215937 CVE-2023-43907 cpe:/o:opensuse:leap:15.4 Security update for python-Django1 (Moderate) openSUSE Leap 15.4 This update for python-Django1 fixes the following issues: - CVE-2023-43665: Fixed Denial-of-service vulnerability in django.utils.text.Truncator (boo#1215978). Moderate SUSE bug 1215978 CVE-2023-43665 cpe:/o:opensuse:leap:15.4 Security update for libtorrent-rasterbar, qbittorrent (Moderate) openSUSE Leap 15.4 This update for libtorrent-rasterbar, qbittorrent fixes the following issues: Changes in libtorrent-rasterbar: - Update to version 2.0.9 * fix issue with web seed connections when they close and re-open * fallocate() not supported is not a fatal error * fix proxying of IPv6 connections via IPv4 proxy * treat CGNAT address range as local IPs * add stricter checking of piece layers when loading torrents * add stricter checking of v1 and v2 hashes being consistent * cache failed DNS lookups as well as successful ones * add an i2p torrent state to control interactions with clear swarms * fix i2p SAM protocol parsing of quoted messages * expose i2p peer destination in peer_info * fix i2p tracker announces * fix issue with read_piece() stopping torrent on pieces not yet downloaded * improve handling of allow_i2p_mixed setting to work for magnet links * fix web seed request for renamed single-file torrents * fix issue where web seeds could disappear from resume data * extend save_resume with additional conditional flags * fix issue with retrying trackers in tiers > 0 * fix last_upload and last_download resume data fields to use posix time * improve error messages for no_connect_privileged_ports, by untangle it from the port filter * fix I2P issue introduced in 2.0.0 * add async tracker status query, post_trackers() * add async torrent status query, post_status() * support loading version 2 of resume data format * fix issue with odd piece sizes * add async piece availability query, post_piece_availability() * add async download queue query, post_download_queue() * add async file_progress query, post_file_progress() * add async peer_info query, post_peer_info() - Update to version 2.0.8 * fix uTP streams timing out instead of closing cleanly * add write_torrent_file_buf() overload for generating .torrent files * add create_torrent::generate_buf() function to generate into a buffer * fix copy_file when the file ends with a sparse region * uTP performance, fix packet loss when sending is stalled * fix trackers being stuck after session pause/resume * fix bug in hash_picker with empty files * uTP performance, prevent premature timeouts/resends * add option to not memory map files below a certain size * settings_pack now returns default values when queried for missing settings * fix copy_file fall-back when SEEK_HOL/SEEK_DATA is not supported * improve error reporting from file copy and move * tweak pad file placement to match reference implementation (tail-padding) * uTP performance, more lenient nagle's algorithm to always allow one outstanding undersized packet * uTP performance, piggy-back held back undersized packet with ACKs * uTP performance, don't send redundant deferred ACKs * support incoming SOCKS5 packets with hostnames as source address, for UDP trackers * ignore duplicate network interface change notifications on linux * fix total_want/want accounting when forcing a recheck * fix merging metadata with magnet links added on top of existing torrents * add torrent_flag to default all file priorities to dont_download * fix &so= feature in magnet links * improve compatibility of SOCKS5 UDP ASSOCIATE * fix madvise range for flushing cache in mmap_storage * open files with no_cache set in O_SYNC mode - Update to version 2.0.7 * fix issue in use of copy_file_range() * avoid open-file race in the file_view_pool * fix issue where stop-when-ready would not close files * fix issue with duplicate hybrid torrent via separate v1 and v2 magnet links * added new function to load torrent files, load_torrent_*() * support sync_file_range() * fix issue in write_torrent_file() when file size is exactly piece size * fix file_num_blocks() and file_num_pieces() for empty files * add new overload to make_magnet_uri() * add missing protocol version to tracker_reply_alert and tracker_error_alert * fix privilege issue with SetFileValidData() * add asynchronous overload of torrent_handle::add_piece() * default to a single hashing thread, for full checks * Fix bug when checking files and the first piece is invalid Changes in qbittorrent, qbittorrent: - Update to version 4.6.2 Bug fixes: * Do not apply share limit if the previous one was applied * Show Add new torrent dialog on main window screen Web UI: * Fix JS memory leak * Disable stdout buffering for qbt-nox Wayland: * Fix parent widget of 'Lock qBittorrent' submenu - Also fixes boo#1217677 (CVE-2023-30801, upstream reference gh#qbittorrent/qBittorrent#19738) - Update to version 4.6.1 New features: * Add option to enable previous Add new torrent dialog behavior Fixed bugs: * Prevent crash due to race condition when adding magnet link * Fix Enter key behavior when add new torrent * Add missing main window icon * Update size of selected files when selection is changed * Correctly handle changing save path of torrent w/o metadata * Use appropriate icon for 'moving' torrents in transfer list Web UI: * Drop WebUI default credentials * Add I2P settings to WebUI * Fix duplicate scrollbar on Transfer List * Fix incorrect subcategory sorting * Correctly set save path in RSS rules * Allow to request torrents count via WebAPI * Improve performance of getting torrent numbers via WebAPI * Improve free disk space checking for WebAPI Misc: * Fix invisible tray icon with Qt5 in Linux - Update to version 4.6.0 New features: * Add (experimental) I2P support * Provide UI editor for the default theme * Various UI theming improvements * Implement torrent tags editing dialog * Revamp 'Watched folder options' and 'Automated RSS downloader' dialog * Allow to use another icons in dark mode * Allow to add new torrents to queue top * Allow to filter torrent list by save path * Expose 'socket send/receive buffer size' options * Expose 'max torrent file size' setting * Expose 'bdecode limits' settings * Add options to adjust behavior of merging trackers to existing torrent * Add option to stop seeding when torrent has been inactive * Allow to use proxy per subsystem * Expand the scope of 'Proxy hostname lookup' option * Add shortcut for 'Ban peer permanently' function * Add option to auto hide zero status filters * Allow to disable confirmation of Pause/Resume All * Add alternative shortcut CTRL+E for CTRL+F * Show filtered port numbers in logs * Add button to copy library versions to clipboard Bug fixes: * Ensure ongoing storage moving job will be completed when shutting down * Refactored many areas to call non UI blocking code * Various improvements to the SQLite backend * Improve startup window state handling * Use tray icon from system theme only if option is set * Inhibit system sleep while torrents are moving * Use hostname instead of domain name in tracker filter list * Visually validate input path in torrent creator dialog * Disable symlink resolving in Torrent creator * Change default value for `file pool size` and `stop tracker timeout` settings * Log when duplicate torrents are being added * Inhibit suspend instead of screen idle * Ensure file name is valid when exporting torrents * Open 'Save path' if torrent has no metadata * Prevent torrent starting unexpectedly edge case with magnet * Better ergonomics of the 'Add new torrent' dialog WebUI: * Add log viewer * WebAPI: Allow to specify session cookie name * Improve sync API performance * Add filelog settings * Add multi-file renaming * Add 'Add to top of queue' option * Implement subcategories * Set 'SameSite=None' if CSRF Protection is disabled * Show only hosts in tracker filter list * Set Connection status and Speed limits tooltips * set Cross Origin Opener Policy to `same-origin` * Fix response for HTTP HEAD method * Preserve the network interfaces when connection is down * Add 'Add Tags' field for RSS rules * Fix missing error icon RSS: * Add 'Rename rule' button to RSS Downloader * Allow to edit RSS feed URL * Allow to assign priority to RSS download rule Search: * Use python isolate mode * Bump python version minimum requirement to 3.7.0 Other: * Numerous code improvements and refactorings - Update to version 4.5.5 Bug fixes: * Fix transfer list tab hotkey * Don't forget to enable the Apply button in the Options dialog * Immediately update torrent status on moving files * Improve performance when scrolling the file list of large torrents * Don't operate on random torrents when multiple are selected and a sort/filter is applied RSS: * Fix overwriting feeds.json with an incomplete load of it - Update to version 4.5.4 Bug fixes: * Allow to disable confirmation of Pause/Resume All * Sync flag icons with upstream Web UI: * Fix category save path - Update to version 4.5.3 Bug fixes: * Correctly check if database needs to be updated * Prevent incorrect log message about torrent content deletion * Improve finished torrent handling * Correctly initialize group box children as disabled in Preferences * Don't miss saving 'download path' in SQLite storage * Improve logging of running external program Web UI: * Disable UPnP for web UI by default * Use workaround for IOS file picker * Work around Chrome download limit * Improve 'exporting torrent' behavior - Update to version 4.5.2 Bug fixes: * Don't unexpectedly activate queued torrents when prefetching metadata for added magnets * Update the cached torrent state once recheck is started * Be more likely to allow the system to use power saving modes Web UI: * Migrate away from unsafe function * Blacklist bad ciphers for TLS in the server * Allow only TLS 1.2+ in the server * Allow to set read-only directory as torrent location * Reject requests that contain backslash in path RSS: * Prevent RSS folder from being moved into itself - Update to version 4.5.1 New features: * Re-allow to use icons from system theme Bug fixes: * Fix Speed limit icon size * Revise and fix some text colors * Correctly load folder based UI theme * Fix crash due to invalid encoding of tracker URLs * Don't drop !qB extension when renaming incomplete file * Correctly count the number of torrents in subcategories * Use 'additional trackers' when metadata retrieving * Apply correct tab order to Category options dialog * Add all torrents passed via the command line * Fix startup performance on Qt5 * Automatic move will now overwrite existing files * Some fixes for loading Chinese locales * New Pause icon color for toolbar/menu * Adjust env variable for PDB discovery Web UI: * Fix missing 'queued' icon * Return paths using platform-independent separator format * Change order of accepted types of file input * Add missing icons * Add 'Resume data storage type' option * Make rename file dialog resizable * Prevent incorrect line breaking * Improve hotkeys * Remove suggestions while searching for torrents * Expose 'IS PRIVATE' flag * Return name/hash/infohash_v1/infohash_v2 torrent properties Other: * Fix tray icon issues - Update to version 4.5.0 New features: * Add `Auto resize columns` functionality * Allow to use Category paths in `Manual` mode * Allow to disable Automatic mode when default 'temp' path changed * Add tuning options related to performance warnings * Add right click menu for status filters * Allow setting the number of maximum active checking torrents * Add option to toggle filters sidebar * Allow to set `working set limit` on non-Windows OS * Add `Export .torrent` action * Add keyboard navigation keys * Allow to use POSIX-compliant disk IO type * Add `Filter files` field in new torrent dialog * Implement new icon/color theme * Add file name filter/blacklist * Add support for custom SMTP ports * Split the OS cache settings into Disk IO read/write modes * When duplicate torrent is added set metadata to existing one * Greatly improve startup time with many torrents * Add keyboard shortcut to Download URL dialog * Add ability to run external program on torrent added * Add infohash and download path columns * Allow to set torrent stop condition * Add a `Moving` status filter * Change color palettes for both dark, light themes * Add a `Use proxy for hostname lookup` option * Introduce a `change listen port` cmd option * Implement `Peer ID Client` column for `Peers` tab * Add port forwarding option for embedded tracker Bug fixes: * Store hybrid torrents using `torrent ID` as basename * Enable Combobox editor for the `Mixed` file download priority * Allow shortcut folders for the Open and Save directory dialogs * Rename content tab `Size` column to `Total Size` * Fix scrolling to the lowermost visible torrent * Allow changing file priorities for finished torrents * Focus save path when Manual mode is selected initially * Disable force reannounce when it is not possible * Add horizontal scrolling for tracker list and torrent content * Enlarge 'speed limits' icons * Change Downloaded to Times Downloaded in trackers tab * Remove artificial max limits from `Torrent Queueing` related options * Preserve `skip hash check` when there is no metadata * Fix DHT/PeX/LSD status when it is globally disabled * Fix rate calculation when interval is too low * Add tooltip message when system tray icon isn't available * Improve sender field in mail notifications * Fix 'Add torrent dialog' spill-over on smaller screens * Fix peer count issue when tracker responds with zero figure * Don't merge trackers by default * Don't inhibit system sleep/auto shutdown for torrents stuck at downloading metadata * Allow to pause a checking torrent from context menu * Allow to use subnet notation in reverse proxy list * Fine tune translations loading for Chinese locales * Fix torrent content checkboxes not updated properly * Correctly load state of `Use another path for incomplete torrents` in Watched folders * Add confirmation to resume/pause all * Fix wrong count of errored trackers WebUI: * Allow blank lines in multipart form-data input * Make various dialogs resizable * Fix wrong v2 hash string displayed * WebAPI: return correct status * Fix empty selection in language combobox * Store WebUI port setting in human readable number * Add support for exporting .torrent * WebAPI: Add endpoint to set speed limit mode * Improve progress bar rendering * Add transfer list refresh interval settings * Use natural sort * Apply i18n translation only to built-in WebUI * Alert when HTTPS settings are incomplete * Handle drag and drop events * Fix wrong behavior for shutdown action * Don't disable combobox for file priority RSS: * Increase limit of maximum number of articles per feed Other: * Mark as single window app in .desktop file * Add Dockerfile * Remove option of using icons from system theme - Update to version 4.4.5 Bug fixes: * Fix missing trackers when adding magnet link. Affects libtorrent 2.0.x builds. - Update to version 4.4.4. * Improve D-Bus notifications handling Bug fixes: * Correctly handle data decompression with Qt 6.3 * Fix wrong file names displayed in tooltip * Fix incorrect 'max outgoing port' setting * Make working set limit available only on libtorrent 2.0.x builds * Try to recover missing tags RSS: * Clear RSS parsing error after use Web API: * Set HTTP method restriction on WebAPI actions - Update to version 4.4.3.1 Bug fixes: * Fix broken translations - Update to version 4.4.3 Bug fixes: * Correctly handle changing of temp save path * Fix storage in SQLite * Correctly apply content layout when 'Skip hash check' is enabled * Don't corrupt IDs of v2 torrents * Reduce the number of hashing threads by default (improves hashing speed on HDDs) * Prevent the 'update dialog' from blocking input on other windows * Add trackers in exported .torrent files * Fix wrong GUI behavior in 'Optional IP address to bind to' setting Web UI: * Fix WebUI crash due to missing tags from config * Show correct location path Moderate SUSE bug 1217677 CVE-2023-30801 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: - Update to 105.0.4970.34 * DNA-112796 [Import] Import bookmarks and history don't work * DNA-113147 Add strength setting for Lucid Mode * DNA-113148 Update 'Lucid Mode' button on videos to enable / disable split preview * DNA-113287 Add strength setting for Lucid Mode in Easy Setup * DNA-113310 Remove Lucid Mode for Images * DNA-113360 [Lucid Mode] Shadow around lucid mode button * DNA-113447 Split preview line should be white * DNA-113630 Lucid Mode strength should default to highest (in desktop) - Changes in 105.0.4970.29 * CHR-9416 Updating Chromium on desktop-stable-* branches * DNA-113292 Extension icons not shown after restart - The update to chromium 119.0.6045.199 fixes following issues: CVE-2023-6348, CVE-2023-6347, CVE-2023-6346, CVE-2023-6350, CVE-2023-6351, CVE-2023-6345 Important CVE-2023-6345 CVE-2023-6346 CVE-2023-6347 CVE-2023-6348 CVE-2023-6350 CVE-2023-6351 cpe:/o:opensuse:leap:15.4 Security update for syslog-ng (Moderate) openSUSE Leap 15.4 This update for syslog-ng fixes the following issues: - CVE-2022-38725: Fixed integer overflow in parsers that allowed a remote denial of service (boo#1207460) Moderate SUSE bug 1207460 CVE-2022-38725 cpe:/o:opensuse:leap:15.4 Security update for fish (Moderate) openSUSE Leap 15.4 This update for fish fixes the following issues: - CVE-2023-49284: Fixed shell expansion triggered by command substitution output (boo#1217808). Moderate SUSE bug 1217808 CVE-2023-49284 cpe:/o:opensuse:leap:15.4 Security update for gstreamer-plugins-bad (Important) openSUSE Leap 15.4 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796). - CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793). Important SUSE bug 1215793 SUSE bug 1215796 CVE-2023-40474 CVE-2023-40476 cpe:/o:opensuse:leap:15.4 Security update for EternalTerminal (Important) openSUSE Leap 15.4 This update for EternalTerminal fixes the following issues: EternalTerminal was updated to 6.2.4: * CVE-2022-48257, CVE-2022-48258 remedied * fix readme regarding port forwarding #522 * Fix test failures that started appearing in CI #526 * Add documentation for the EternalTerminal protocol #523 * ssh-et: apply upstream updates #527 * docs: write gpg key to trusted.gpg.d for APT #530 * Support for ipv6 addresses (with or without port specified) #536 * ipv6 abbreviated address support #539 * Fix launchd plist config to remove daemonization. #540 * Explicitly set verbosity from cxxopts value. #542 * Remove daemon flag in systemd config #549 * Format all source with clang-format. #552 * Fix tunnel parsing exception handling. #550 * Fix SIGTERM behavior that causes systemd control of etserver to timeout. #554 * Parse telemetry ini config as boolean and make telemetry opt-in. #553 * Logfile open mode and permission plus location configurability. #556 - boo#1207123 (CVE-2022-48257) Fix predictable logfile names in /tmp - boo#1207124 (CVE-2022-48258) Fix etserver and etclient have world-readable logfiles - Note: Upstream released 6.2.2 with fixes then 6.2.4 and later removed 6.2.2 and redid 6.2.4 Important SUSE bug 1207123 SUSE bug 1207124 CVE-2022-48257 CVE-2022-48258 cpe:/o:opensuse:leap:15.4 Security update for zabbix (Important) openSUSE Leap 15.4 This update for zabbix fixes the following issues: Updated to latest release 4.0.50: - CVE-2023-32727: Fixed potential arbitrary code execution in icmpping (boo#1218199) Important SUSE bug 1218199 CVE-2023-32727 cpe:/o:opensuse:leap:15.4 Security update for proftpd (Important) openSUSE Leap 15.4 This update for proftpd fixes the following issues: Update to version 1.3.8a * Implemented mitigations for 'Terrapin' SSH attack (CVE-2023-48795). * http://proftpd.org/docs/NEWS-1.3.8b Important CVE-2023-48795 cpe:/o:opensuse:leap:15.4 Security update for deepin-compressor (Moderate) openSUSE Leap 15.4 This update for deepin-compressor fixes the following issues: - CVE-2023-50255: Fix Zip Path Traversal (boo#1218428) Moderate SUSE bug 1218428 CVE-2023-50255 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: Update to 95.0.4635.25 * CHR-9173 Update Chromium on desktop-stable-109-4635 to 109.0.5414.120 * DNA-104150 Turn on #consent-flow-settings on master * DNA-104733 Crash at extensions::SyncPrivateGetSyncStateFunction::Run() * DNA-104761 Translations for O95 * DNA-104814 [StartPage] Inline autocomplete messes up selection * DNA-104887 Promote O95 to stable * DNA-104908 Enable #consent-flow-settings on all streams - Complete Opera 95.0 changelog at: https://blogs.opera.com/desktop/changelog-for-95/ - The update to chromium 109.0.5414.120 fixes following issues: CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0474 - Update to 94.0.4606.76 * DNA-104276 News categories layers messed up in other languages - Update to 94.0.4606.65 * DNA-102726 [SD][Folder] When trying to drop SD from folder back to folder, new folder is created * DNA-102730 [SD][Add to Opera] Remove strip at the top of modal and move 'x' button to be in line with ‘Add to Opera' text * DNA-102732 [SD][Folders] Add option to merge folders by drag and drop * DNA-102747 [SD][Folders] Empty SD folder is not visible * DNA-102763 [SD] Animate changing between Use bigger tiles on and off * DNA-102847 [SD][Folders] SD displayed on folder tile should be aligned to left * DNA-102855 [SD] Add SD by drag and dropping link * DNA-102882 [SD][News][Continue on][Suggestion] Do not focus on opened page when opening in new tab * DNA-102936 [News Categories] Categories become invisible after minimizing browser window * DNA-102988 [News categories] Only games category displayed after changing browser language * DNA-103000 [News Categories] Selected categories not saved after restarting browser * DNA-103001 [News Categories] 'x' button invisible in 'Choose language and country' on light theme * DNA-103002 [News Categories] Changes in 'Choose language and country' modal not saved on esc or clicking outside of modal * DNA-103015 [News locales] Pref startpage.news_locales udated only when close/done the moda, initial value not set * DNA-103097 [Settings] Enable 'Adjust Speed Dial animations for slower hardware' settings option to have effect * DNA-103098 [SD] No big icon for decathlon.pl * DNA-103110 Strange animation when dragging tiles * DNA-103112 [Continue on] Offers opened on current tab * DNA-103116 [Continue on] Not possible to drag tiles from continue on section * DNA-103131 [Feedback] Implement 'Rate Opera' element and modal * DNA-103193 [SD][Edit] Set OK button to read only when typed in address is invalid * DNA-103293 [SD][Add to Opera] '/' added in autocomplete for URL * DNA-103360 [SD][Add to Opera] Tile graphic does not update automatically when adding suggestion through Add to Opera modal * DNA-103393 [Continue on] Start page needs to be reloaded in order to show 'Continue on' section * DNA-103545 [Banner] Wide banner have no background * DNA-103550 [Banners] Black Friday deals promoted on Start Page with related settings off * DNA-103569 No margin under suggested speed dials * DNA-103578 [SD] Impressions should be reported every time user comes back to start page tab * DNA-103593 [Navigation] Change which elements on start page are possible to navigate through with keyboard shortcuts * DNA-103595 [Navigation] Show which element is focused when navigating with keyboard shortcuts * DNA-103605 Dark stripe blinks in Speed Dial Search box when changing color mode * DNA-103618 [SD][Folder] Not possible to drag SD into empty folder * DNA-103619 [SD][Suggestions] Blue border on tile when it is being dragged * DNA-103678 Font modification from themes not applied * DNA-103723 [SD][Folders][Edit] Confirm change to SD folder name with Enter key * DNA-103738 Disable Updater diagnostic metrics that surpass session lifetime and verify if it solves DNA-102940 * DNA-103739 Try to record metrics disabled in DNA-103738 in histograms. * DNA-103759 [SD][Add to Opera] Wrong position of Add to Opera button * DNA-103781 [News Categories] Choose language and country shows options in 2 columns instead of adapting to wider window * DNA-103787 [Continue on] No margin between search box and continue on section * DNA-103908 [Search box] Blurred text in search box suggestions in dark theme * DNA-103909 [SD] Not possible to drop SD in empty place when hovering over edge of other tile * DNA-103911 [SD][Add to Opera] Modal dialog stays open after adding suggestion to SD * DNA-103915 [SD][Folders] Difficult to drop SD from start page between SD in folder * DNA-103932 [SD][Add to Opera] Remove https://www and / from tile title when adding SD * DNA-103933 [SD][Add to Opera] Do not return focus to the end of the URL after pressing backspace when editing it * DNA-104005 Change activation pop-up * DNA-104035 [SD] Browser crashes when dragging tiles with fresh profile * DNA-104040 Can not drag tile to open folder * DNA-104049 Can not drag suggestion when only [+] tile and no speed dials * DNA-104053 Right mouse click open speed dial instead of context menu * DNA-104055 News article opens in active tab * DNA-104080 Tab not activated after opening speed dial folder in new tabs * DNA-104088 Create new welcome pop-up for Rich Hints * DNA-104139 [Weather] Long time to load Weather widget after browser was running for some time * DNA-104141 [News] Improve news loading UX * DNA-104167 Add feature flag #speed-dial-custom-image * DNA-104168 Allow setting custom image for Speed Dial * DNA-104196 [News Categories] News categories do not work * DNA-104201 Set back Baidu as default search engine in China * DNA-104218 [Search box] Search engine icon does not change * DNA-104251 Add option to reset to default icon * DNA-104256 [Suggestions][ContinueOn][AMG] Scroll button does not update its visibility when resizing window * DNA-104313 Search bar on Speed Dials doesn't fit it size * DNA-104382 Shopping corner is unredible in light theme and dark wallpaper - Changes in 94.0.4606.54 * CHR-1854 Run gn hooks in gyp_chromium * DNA-102035 [Settings] Shortcut search does not work * DNA-103451 Add impression and click events for VPN keyword suggestion * DNA-103643 Prepare for showing Lucid Mode button without text * DNA-103675 URL shown for promoted VPN suggestion * DNA-104201 Set back Baidu as default search engine in China * DNA-104234 Opera update resets all consents to False value * DNA-104278 Don’t show Lucid Mode button on videos when hardware acceleration is off Important CVE-2023-0471 CVE-2023-0472 CVE-2023-0473 CVE-2023-0474 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 110.0.5481.77 (boo#1208029): * CVE-2023-0696: Type Confusion in V8 * CVE-2023-0697: Inappropriate implementation in Full screen mode * CVE-2023-0698: Out of bounds read in WebRTC * CVE-2023-0699: Use after free in GPU * CVE-2023-0700: Inappropriate implementation in Download * CVE-2023-0701: Heap buffer overflow in WebUI * CVE-2023-0702: Type Confusion in Data Transfer * CVE-2023-0703: Type Confusion in DevTools * CVE-2023-0704: Insufficient policy enforcement in DevTools * CVE-2023-0705: Integer overflow in Core * Various fixes from internal audits, fuzzing and other initiatives - build with bundled libavif Important SUSE bug 1208029 CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705 cpe:/o:opensuse:leap:15.4 Security update for timescaledb (Important) openSUSE Leap 15.4 This update for timescaledb fixes the following issues: Update to version 2.9.3 - https://github.com/timescale/timescaledb/releases/tag/2.9.3 - https://github.com/timescale/timescaledb/releases/tag/2.9.2 - https://github.com/timescale/timescaledb/releases/tag/2.9.1 - https://github.com/timescale/timescaledb/releases/tag/2.9.0 - https://github.com/timescale/timescaledb/releases/tag/2.8.1 - https://github.com/timescale/timescaledb/releases/tag/2.8.0 - https://github.com/timescale/timescaledb/releases/tag/2.7.1 - https://github.com/timescale/timescaledb/releases/tag/2.7.2 - https://github.com/timescale/timescaledb/releases/tag/2.7.0 - https://github.com/timescale/timescaledb/releases/tag/2.6.1 - CVE-2022-24128: Fixed privilege escalation during extension installation (boo#1197063) - https://github.com/timescale/timescaledb/releases/tag/2.6.0 - https://github.com/timescale/timescaledb/releases/tag/2.5.2 - https://github.com/timescale/timescaledb/releases/tag/2.5.1 - https://github.com/timescale/timescaledb/releases/tag/1.7.5 - https://github.com/timescale/timescaledb/releases/tag/2.0.0 - https://github.com/timescale/timescaledb/releases/tag/2.0.1 - https://github.com/timescale/timescaledb/releases/tag/2.0.2 - https://github.com/timescale/timescaledb/releases/tag/2.1.0 - https://github.com/timescale/timescaledb/releases/tag/2.1.1 - https://github.com/timescale/timescaledb/releases/tag/2.2.0 - https://github.com/timescale/timescaledb/releases/tag/2.2.1 - https://github.com/timescale/timescaledb/releases/tag/2.3.0 - https://github.com/timescale/timescaledb/releases/tag/2.3.1 - https://github.com/timescale/timescaledb/releases/tag/2.4.0 - https://github.com/timescale/timescaledb/releases/tag/2.4.1 - https://github.com/timescale/timescaledb/releases/tag/2.4.2 - https://github.com/timescale/timescaledb/releases/tag/2.5.0 - enable postgresql14 - https://github.com/timescale/timescaledb/releases/tag/1.7.2 - https://github.com/timescale/timescaledb/releases/tag/1.7.3 - https://github.com/timescale/timescaledb/releases/tag/1.7.4 Important SUSE bug 1197063 CVE-2022-24128 cpe:/o:opensuse:leap:15.4 Security update for phpMyAdmin (Important) openSUSE Leap 15.4 This update for phpMyAdmin fixes the following issues: phpMyAdmin was updated to 5.2.1 This is a security and bufix release. * Security: - Fix (PMASA-2023-01, CWE-661, boo#1208186, CVE-2023-25727) Fix an XSS attack through the drag-and-drop upload feature. * Bugfixes: - issue #17522 Fix case where the routes cache file is invalid - issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick - issue Fix blank page when some error occurs - issue #17519 Fix Export pages not working in certain conditions - issue #17496 Fix error in table operation page when partitions are broken - issue #17386 Fix system memory and system swap values on Windows - issue #17517 Fix Database Server panel not getting hidden by ShowServerInfo configuration directive - issue #17271 Fix database names not showing on Processes tab - issue #17424 Fix export limit size calculation - issue #17366 Fix refresh rate popup on Monitor page - issue #17577 Fix monitor charts size on RTL languages - issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing - issue #17586 Fix statistics not showing for empty databases - issue #17592 Clicking on the New index link on the sidebar does not throw an error anymore - issue #17584 It's now possible to browse a database that includes two % in its name - issue Fix PHP 8.2 deprecated string interpolation syntax - issue Some languages are now correctly detected from the HTTP header - issue #17617 Sorting is correctly remembered when $cfg['RememberSorting'] is true - issue #17593 Table filtering now works when action buttons are on the right side of the row - issue #17388 Find and Replace using regex now makes a valid query if no matching result set found - issue #17551 Enum/Set editor will not fail to open when creating a new column - issue #17659 Fix error when a database group is named tables, views, functions, procedures or events - issue #17673 Allow empty values to be inserted into columns - issue #17620 Fix error handling at phpMyAdmin startup for the JS SQL console - issue Fixed debug queries console broken UI for query time and group count - issue Fixed escaping of SQL query and errors for the debug console - issue Fix console toolbar UI when the bookmark feature is disabled and sql debug is enabled - issue #17543 Fix JS error on saving a new designer page - issue #17546 Fix JS error after using save as and open page operation on the designer - issue Fix PHP warning on GIS visualization when there is only one GIS column - issue #17728 Some select HTML tags will now have the correct UI style - issue #17734 PHP deprecations will only be shown when in a development environment - issue #17369 Fix server error when blowfish_secret is not exactly 32 bytes long - issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page - issue #16418 Fix FAQ 1.44 about manually removing vendor folders - issue #12359 Setup page now sends the Content-Security-Policy headers - issue #17747 The Column Visibility Toggle will not be hidden by other elements - issue #17756 Edit/Copy/Delete row now works when using GROUP BY - issue #17248 Support the UUID data type for MariaDB >= 10.7 - issue #17656 Fix replace/change/set table prefix is not working - issue Fix monitor page filter queries only filtering the first row - issue Fix 'Link not found!' on foreign columns for tables having no char column to show - issue #17390 Fix 'Create view' modal doesn't show on results and empty results - issue #17772 Fix wrong styles for add button from central columns - issue #17389 Fix HTML disappears when exporting settings to browser's storage - issue #17166 Fix 'Warning: #1287 'X' is deprecated [...] Please use ST_X instead.' on search page - issue Use jquery-migrate.min.js (14KB) instead of jquery-migrate.min.js (31KB) - issue #17842 Use jquery.validate.min.js (24 KB) instead of jquery.validate.js (50 KB) - issue #17281 Fix links to databases for information_schema.SCHEMATA - issue #17553 Fix Metro theme unreadable links above navigation tree - issue #17553 Metro theme UI fixes and improvements - issue #17553 Fix Metro theme login form with - issue #16042 Exported gzip file of database has first ~73 kB uncompressed and rest is gzip compressed in Firefox - issue #17705 Fix inline SQL query edit FK checkbox preventing submit buttons from working - issue #17777 Fix Uncaught TypeError: Cannot read properties of null (reading 'inline') on datepickers when re-opened - issue Fix Original theme buttons style and login form width - issue #17892 Fix closing index edit modal and reopening causes it to fire twice - issue #17606 Fix preview SQL modal not working inside 'Add Index' modal - issue Fix PHP error on adding new column on create table form - issue #17482 Default to 'Full texts' when running explain statements - issue Fixed Chrome scrolling performance issue on a textarea of an 'export as text' page - issue #17703 Fix datepicker appears on all fields, not just date - issue Fix space in the tree line when a DB is expanded - issue #17340 Fix 'New Table' page -> 'VIRTUAL' attribute is lost when adding a new column - issue #17446 Fix missing option for STORED virtual column on MySQL and PERSISTENT is not supported on MySQL - issue #17446 Lower the check for virtual columns to MySQL>=5.7.6 nothing is supported on 5.7.5 - issue Fix column names option for CSV Export - issue #17177 Fix preview SQL when reordering columns doesn't work on move columns - issue #15887 Fixed DROP TABLE errors ignored on multi table select for DROP - issue #17944 Fix unable to create a view from tree view button - issue #17927 Fix key navigation between select inputs (drop an old Firefox workaround) - issue #17967 Fix missing icon for collapse all button - issue #18006 Fixed UUID columns can't be moved - issue Add `spellcheck='false'` to all password fields and some text fields to avoid spell-jacking data leaks - issue Remove non working 'Analyze Explain at MariaDB.org' button (MariaDB stopped this service) - issue #17229 Add support for Web Authentication API because Chrome removed support for the U2F API - issue #18019 Fix 'Call to a member function fetchAssoc() on bool' with SQL mode ONLY_FULL_GROUP_BY on monitor search logs - issue Add back UUID and UUID_SHORT to functions on MySQL and all MariaDB versions - issue #17398 Fix clicking on JSON columns triggers update query - issue Fix silent JSON parse error on upload progress - issue #17833 Fix 'Add Parameter' button not working for Add Routine Screen - issue #17365 Fixed 'Uncaught Error: regexp too big' on server status variables page Update to 5.2.0 * Bugfix - issue #16521 Upgrade Bootstrap to version 5 - issue #16521 Drop support for Internet Explorer and others - issue Upgrade to shapefile 3 - issue #16555 Bump minimum PHP version to 7.2 - issue Remove the phpseclib dependency - issue Upgrade Symfony components to version 5.2 - issue Upgrade to Motranslator 4 - issue #16005 Improve the performance of the Export logic - issue #16829 Add NOT LIKE %...% operator to Table search - issue #16845 Fixed some links not passing through url.php - issue #16382 Remove apc upload progress method (all upload progress code was removed from the PHP extension) - issue #16974 Replace zxcvbn by zxcvbn-ts - issue #15691 Disable the last column checkbox in the column list dropdown instead of not allowing un-check - issue #16138 Ignore the length of integer types and show a warning on MySQL >= 8.0.18 - issue Add support for the Mroonga engine - issue Double click column name to directly copy to clipboard - issue #16425 Add DELETE FROM table on table operations page - issue #16482 Add a select all link for table-specific privileges - issue #14276 Add support for account locking - issue #17143 Use composer/ca-bundle to manage the CA cert file - issue #17143 Require the openssl PHP extension - issue #17171 Remove the printview.css file from themes - issue #17203 Redesign the export and the import pages - issue #16197 Replace the master/slave terminology - issue #17257 Replace libraries/vendor_config.php constants with an array - issue Add the Bootstrap theme - issue #17499 Remove stickyfilljs JavaScript dependency Update to 5.1.3 This is a security and bufix release. * Security - Fix for boo#1197036 (CVE-2022-0813) - Fix for path disclosure under certain server configurations (if display_errors is on, for instance) * Bugfix - issue #17308 Fix broken pagination links in the navigation sidebar - issue #17331 Fix MariaDB has no support for system variable 'disabled_storage_engines' - issue #17315 Fix unsupported operand types in Results.php when running 'SHOW PROCESSLIST' SQL query - issue #17288 Fixed importing browser settings question box after login when having no pmadb - issue #17288 Fix 'First day of calendar' user override has no effect - issue #17239 Fixed repeating headers are not working - issue #17298 Fixed import of email-adresses or links from ODS results in empty contents - issue #17344 Fixed a type error on ODS import with non string values - issue #17239 Fixed header row show/hide columns buttons on each line after hover are shown on each row Update to 5.1.2 This is a security and bufix release. * Security - Fix boo#1195017 (CVE-2022-23807, PMASA-2022-1, CWE-661) Two factor authentication bypass - Fix boo#1195018 (CVE-2022-23808, PMASA-2022-2, CWE-661) Multiple XSS and HTML injection attacks in setup script * Bugfixes - Revert a changed to $cfg['CharTextareaRows'] allow values less than 7 - Fix encoding of enum and set values on edit value - Fixed possible 'Undefined index: clause_is_unique' error - Fixed some situations where a user is logged out when working with more than one server - Fixed a problem with assigning privileges to a user using the multiselect list when the database name has an underscore - Enable cookie parameter 'SameSite' when the PHP version is 7.3 or newer - Correctly handle the removal of 'innodb_file_format' in MariaDB and MySQL Important SUSE bug 1195017 SUSE bug 1195018 SUSE bug 1197036 SUSE bug 1208186 CVE-2022-0813 CVE-2022-23807 CVE-2022-23808 CVE-2023-25727 cpe:/o:opensuse:leap:15.4 Security update for gssntlmssp (Moderate) openSUSE Leap 15.4 This update for gssntlmssp fixes the following issues: Update to version 1.2.0 * Implement gss_set_cred_option. * Allow to gss_wrap even if NEGOTIATE_SEAL is not negotiated. * Move HMAC code to OpenSSL EVP API. * Fix crash bug when acceptor credentials are NULL. * Translations update from Fedora Weblate. Fix security issues: * CVE-2023-25563 (boo#1208278): multiple out-of-bounds read when decoding NTLM fields. * CVE-2023-25564 (boo#1208279): memory corruption when decoding UTF16 strings. * CVE-2023-25565 (boo#1208280): incorrect free when decoding target information. * CVE-2023-25566 (boo#1208281): memory leak when parsing usernames. * CVE-2023-25567 (boo#1208282): out-of-bounds read when decoding target information. Update to version 1.1 * various build fixes and better compatibility when a MIC is requested. Update to version 1.0 * Fix test_gssapi_rfc5587. * Actually run tests with make check. * Add two tests around NTLMSSP_NEGOTIATE_LMKEY. * Refine LM compatibility level logic. * Refactor the gssntlm_required_security function. * Implement reading LM/NT hashes. * Add test for smpasswd-like user files. * Return confidentiality status. * Fix segfault in sign/seal functions. * Fix dummy signature generation. * Use UCS16LE instead of UCS-2LE. * Provide a zero lm key if the password is too long. * Completely omit CBs AV pairs when no CB provided. * Change license to the more permissive ISC. * Do not require cached users with winbind. * Add ability to pass keyfile via cred store. * Remove unused parts of Makefile.am. * Move attribute names to allocated strings. * Adjust serialization for name attributes. * Fix crash in acquiring credentials. * Fix fallback to external_creds interface. * Introduce parse_user_name() function. * Add test for parse_user_name. * Change how we assemble user names in ASC. * Use thread local storage for winbind context. * Make per thread winbind context optional. * Fixed memleak of usr_cred. * Support get_sids request via name attributes. * Fixed memory leaks found by valgrind. - Update to version 0.9 * add support for getting session key. * Add gss_inquire_attrs_for_mech(). * Return actual data for RFC5587 API. * Add new Windows version flags. * Add Key exchange also when wanting integrity only. * Drop support for GSS_C_MA_NOT_DFLT_MECH. Moderate SUSE bug 1208278 SUSE bug 1208279 SUSE bug 1208280 SUSE bug 1208281 SUSE bug 1208282 CVE-2023-25563 CVE-2023-25564 CVE-2023-25565 CVE-2023-25566 CVE-2023-25567 cpe:/o:opensuse:leap:15.4 Security update for jhead (Moderate) openSUSE Leap 15.4 This update for jhead fixes the following issues: - Fixed autorotation problem caused by CVE-2022-41751 patch. [boo#1207150] Moderate SUSE bug 1207150 CVE-2022-41751 cpe:/o:opensuse:leap:15.4 Security update for python-Django (Moderate) openSUSE Leap 15.4 This update for python-Django fixes the following issues: - CVE-2023-23969: Fixed potential denial-of-service via Accept-Language headers (boo#1207565) - CVE-2022-41323: Fixed potential denial-of-service vulnerability in internationalized URLs (boo#1203793) Moderate SUSE bug 1203793 SUSE bug 1207565 CVE-2022-41323 CVE-2023-23969 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 110.0.5481.177 (boo#1208589) * CVE-2023-0927: Use after free in Web Payments API * CVE-2023-0928: Use after free in SwiftShader * CVE-2023-0929: Use after free in Vulkan * CVE-2023-0930: Heap buffer overflow in Video * CVE-2023-0931: Use after free in Video * CVE-2023-0932: Use after free in WebRTC * CVE-2023-0933: Integer overflow in PDF * CVE-2023-0941: Use after free in Prompts * Various fixes from internal audits, fuzzing and other initiatives Chromium 110.0.5481.100 * fix regression on SAP Business Objects web UI * fix date formatting behavior change from ICU 72 Important SUSE bug 1208589 CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 CVE-2023-0941 cpe:/o:opensuse:leap:15.4 Security update for python-Django (Moderate) openSUSE Leap 15.4 python-Django was updated to fix a security issues: - CVE-2023-24580: prevent DOS in file uploads (bsc#1208082) Moderate CVE-2023-24580 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: Update to 96.0.4693.20 * CHR-9191 Update Chromium on desktop-stable-110-4693 to 110.0.5481.78 * CHR-9197 Update Chromium on desktop-stable-110-4693 to 110.0.5481.100 * DNA-105308 Translations for O96 * DNA-105395 Fix missing resources errors on About and Update & Recovery pages - Complete Opera 96.0 changelog at: https://blogs.opera.com/desktop/changelog-for-96/ - The update to chromium 110.0.5481.78 fixes following issues: CVE-2023-0696, CVE-2023-0697, CVE-2023-0698, CVE-2023-0699, CVE-2023-0700, CVE-2023-0701, CVE-2023-0702, CVE-2023-0703, CVE-2023-0704, CVE-2023-0705 Update to 95.0.4635.46 * DNA-104601 Crash at opera::EasyShareButtonControllerTabHelper::StartOnboarding() * DNA-104936 Set new Baidu search string * DNA-105084 Prepare to turning on 'Rich entities' Update to 95.0.4635.37 * DNA-104366 Turn #speed-dial-custom-image on developer * DNA-104370 Pictures in news don’t show * DNA-104384 [News] Change News to be disabled by default * DNA-104393 [Continue on] Weird look of item counter in collapsed Continue shopping after refreshing page * DNA-104394 [Continue on] Continue shopping show up collapsed * DNA-104421 Mechanism to detect installed player * DNA-104439 Merge with GX implementation * DNA-104492 [Stable A/B Test] React Start Page for Austria 50% * DNA-104523 [Add to Opera][Folders][Edit] Black font on dark background in modals when light theme with dark wallpaper is selected * DNA-104525 [Choose language and country] Modal does not adapt when wallpaper does not match theme * DNA-104609 [SD][Folders] Incorrect order of tiles in folder when merging folder with single tile * DNA-104612 [News] Invisible button in news category. * DNA-104614 Do not allow to create folder with the same name to prevent automerging * DNA-104898 [Edit tile] Adjust icon size of tile in edit-form-modal Important CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705 cpe:/o:opensuse:leap:15.4 Security update for trivy (Moderate) openSUSE Leap 15.4 This update for trivy fixes the following issues: Update to version 0.37.3 (boo#1208091, CVE-2023-25165): * chore(helm): update Trivy from v0.36.1 to v0.37.2 (#3574) * ci: quote pros in c++ for semantic pr (#3605) * fix(image): check proxy settings from env for remote images (#3604) Update to version 0.37.2: * BREAKING: use normalized trivy-java-db (#3583) * fix(image): add timeout for remote images (#3582) * fix(misconf): handle dot files better (#3550) Update to version 0.37.1: * fix(sbom): download the Java DB when generating SBOM (#3539) * fix: use cgo free sqlite driver (#3521) * ci: fix path to dist folder (#3527) Update to version 0.37.0: * fix(image): close layers (#3517) * refactor: db client changed (#3515) * feat(java): use trivy-java-db to get GAV (#3484) * docs: add note about the limitation in Rekor (#3494) * docs: aggregate targets (#3503) * deps: updates wazero to 1.0.0-pre.8 (#3510) * docs: add alma 9 and rocky 9 to supported os (#3513) * chore: add missing target labels (#3504) * docs: add java vulnerability page (#3429) * feat(image): add support for Docker CIS Benchmark (#3496) * feat(image): secret scanning on container image config (#3495) * chore(deps): Upgrade defsec to v0.82.8 (#3488) * feat(image): scan misconfigurations in image config (#3437) * chore(helm): update Trivy from v0.30.4 to v0.36.1 (#3489) * feat(k8s): add node info resource (#3482) * perf(secret): optimize secret scanning memory usage (#3453) * feat: support aliases in CLI flag, env and config (#3481) * fix(k8s): migrate rbac k8s (#3459) * feat(java): add implementationVendor and specificationVendor fields to detect GroupID from MANIFEST.MF (#3480) * refactor: rename security-checks to scanners (#3467) * chore: display the troubleshooting URL for the DB denial error (#3474) * docs: yaml tabs to spaces, auto create namespace (#3469) * docs: adding show-and-tell template to GH discussions (#3391) * fix: Fix a temporary file leak in case of error (#3465) * fix(test): sort cyclonedx components (#3468) * docs: fixing spelling mistakes (#3462) * ci: set paths triggering VM tests in PR (#3438) * docs: typo in --skip-files (#3454) * feat(custom-forward): Extended advisory data (#3444) * docs: fix spelling error (#3436) * refactor(image): extend image config analyzer (#3434) * fix(nodejs): add ignore protocols to yarn parser (#3433) * fix(db): check proxy settings when using insecure flag (#3435) * feat(misconf): Fetch policies from OCI registry (#3015) * ci: downgrade Go to 1.18 and use stable and oldstable go versions for unit tests (#3413) * ci: store URLs to Github Releases in RPM repository (#3414) * feat(server): add support of `skip-db-update` flag for hot db update (#3416) * fix(image): handle wrong empty layer detection (#3375) * test: fix integration tests for spdx and cycloneDX (#3412) * feat(python): Include Conda packages in SBOMs (#3379) * feat: add support pubspec.lock files for dart (#3344) * fix(image): parsePlatform is failing with UNAUTHORIZED error (#3326) * fix(license): change normalize for GPL-3+-WITH-BISON-EXCEPTION (#3405) * feat(server): log errors on server side (#3397) * docs: rewrite installation docs and general improvements (#3368) * chore: update code owners (#3393) * chore: test docs separately from code (#3392) * docs: use the formula maintained by Homebrew (#3389) * docs: add `Security Management` section with SonarQube plugin Update to version 0.36.1: * fix(deps): fix errors on yarn.lock files that contain local file reference (#3384) * feat(flag): early fail when the format is invalid (#3370) * docs(aws): fix broken links (#3374) Update to version 0.36.0: * docs: improve compliance docs (#3340) * feat(deps): add yarn lock dependency tree (#3348) * fix: compliance change id and title naming (#3349) * feat: add support for mix.lock files for elixir language (#3328) * feat: add k8s cis bench (#3315) * test: disable SearchLocalStoreByNameOrDigest test for non-amd64 arch (#3322) * revert: cache merged layers (#3334) * feat(cyclonedx): add recommendation (#3336) * feat(ubuntu): added support ubuntu ESM versions (#1893) * fix: change logic to build relative paths for skip-dirs and skip-files (#3331) * feat: Adding support for Windows testing (#3037) * feat: add support for Alpine 3.17 (#3319) * docs: change PodFile.lock to Podfile.lock (#3318) * fix(sbom): support for the detection of old CycloneDX predicate type (#3316) * feat(secret): Use .trivyignore for filtering secret scanning result (#3312) * chore(go): remove experimental FS API usage in Wasm (#3299) * ci: add workflow to add issues to roadmap project (#3292) * fix(vuln): include duplicate vulnerabilities with different package paths in the final report (#3275) * feat(sbom): better support for third-party SBOMs (#3262) * docs: add information about languages with support for dependency locations (#3306) * feat(vm): add `region` option to vm scan to be able to scan any region's ami and ebs snapshots (#3284) * fix(vuln): change severity vendor priority for ghsa-ids and vulns from govuln (#3255) * docs: remove comparisons (#3289) * feat: add support for Wolfi Linux (#3215) * ci: add go.mod to canary workflow (#3288) * feat(python): skip dev dependencies (#3282) * chore: update ubuntu version for Github action runnners (#3257) * fix(go): skip dep without Path for go-binaries (#3254) * feat(rust): add ID for cargo pgks (#3256) * feat: add support for swift cocoapods lock files (#2956) * fix(sbom): use proper constants (#3286) * test(vm): import relevant analyzers (#3285) * feat: support scan remote repository (#3131) * docs: fix typo in fluxcd (#3268) * docs: fix broken 'ecosystem' link in readme (#3280) * feat(misconf): Add compliance check support (#3130) * docs: Adding Concourse resource for trivy (#3224) * chore(deps): change golang from 1.19.2 to 1.19 (#3249) * fix(sbom): duplicate dependson (#3261) * chore(go): updates wazero to 1.0.0-pre.4 (#3242) * feat(report): add dependency locations to sarif format (#3210) * fix(rpm): add rocky to osVendors (#3241) * docs: fix a typo (#3236) * feat(dotnet): add dependency parsing for nuget lock files (#3222) * docs: add pre-commit hook to community tools (#3203) * feat(helm): pass arbitrary env vars to trivy (#3208) Update to version 0.35.0: * chore(vm): update xfs filesystem parser for change log (#3230) * feat: add virtual machine scan command (#2910) * docs: reorganize index and readme (#3026) * fix: `slowSizeThreshold` should be less than `defaultSizeThreshold` (#3225) * feat: Export functions for trivy plugin (#3204) * feat(image): add support wildcard for platform os (#3196) * fix: load compliance report from file system (#3161) * fix(suse): use package name to get advisories (#3199) * docs(image): space issues during image scan (#3190) * feat(containerd): scan image by digest (#3075) * fix(vuln): add package name to title (#3183) * fix: present control status instead of compliance percentage in compliance report (#3181) * perf(license): remove go-enry/go-license-detector. (#3187) * fix: workdir command as empty layer (#3087) * docs: reorganize ecosystem section (#3025) * feat(dotnet): add support dependency location for dotnet-core files (#3095) * feat(dotnet): add support dependency location for nuget lock files (#3032) * chore: update code owners for misconfigurations (#3176) * feat: add slow mode (#3084) * docs: fix typo in enable-builin-rules mentions (#3118) * feat: Add maintainer field to OS packages (#3149) * docs: fix some typo (#3171) * docs: fix links on Built-in Policies page (#3124) * fix: Perform filepath.Clean first and then filepath.ToSlash for skipFile/skipDirs settings (#3144) * chore: use newline for semantic pr (#3172) * fix(spdx): rename describes field in spdx (#3102) * chore: handle GOPATH with several paths in make file (#3092) * docs(flag): add 'rego' configuration file options (#3165) * chore(go): updates wazero to 1.0.0-pre.3 (#3090) * docs(license): fix typo inside quick start (#3134) * chore: update codeowners for docs (#3135) * fix(cli): exclude --compliance flag from non supported sub-commands (#3158) * fix: remove --security-checks none from image help (#3156) * fix: compliance flag description (#3160) * docs(k8s): fix a typo (#3163) Update to version 0.34.0: * feat(vuln): support dependency graph for RHEL/CentOS (#3094) * feat(vuln): support dependency graph for dpkg and apk (#3093) * perf(license): enable license classifier only with '--license-full' (#3086) * feat(report): add secret scanning to ASFF template (#2860) * feat: Allow override of containerd namespace (#3060) * fix(vuln): In alpine use Name as SrcName (#3079) * fix(secret): Alibaba AccessKey ID (#3083) Update to version 0.33.0: * refactor(k8s): custom reports (#3076) * fix(misconf): Bump in-toto-golang with correct CycloneDX predicate (#3068) * feat(image): add support for passing architecture and OS (#3012) * test: disable containerd integration tests for non-amd64 arch (#3073) * feat(server): Add support for client/server mode to rootfs command (#3021) * feat(vuln): support non-packaged binaries (#3019) * feat: compliance reports (#2951) * fix(flag): disable flag parsing for each plugin command (#3074) * feat(nodejs): add support dependency location for yarn.lock files (#3016) * chore: Switch github.com/liamg dependencies to github.com/aquasecurity (#3069) * feat: add k8s components (#2589) * fix(secret): update the regex for secrets scanning (#2964) * fix: bump trivy-kubernetes (#3064) * docs: fix missing 'image' subcommand (#3051) * chore: Patch golang x/text vulnerability (#3046) * chore: add licensed project logo (#3058) * feat(ubuntu): set Ubuntu 22.10 EOL (#3054) * refactor(analyzer): use strings.TrimSuffix instead of strings.HasSuffix (#3028) * feat(report): Use understandable value for shortDescription in SARIF reports (#3009) * docs(misconf): fix typo (#3043) * feat: add support for scanning azure ARM (#3011) * feat(report): add location.message to SARIF output (#3002) (#3003) * feat(nodejs): add dependency line numbers for npm lock files (#2932) * test(fs): add `--skip-files`, `--skip-dirs` (#2984) * docs: add Woodpecker CI integrations example (#2823) * fix(sbom): ref generation if serialNumber is empty when input is cyclonedx file (#3000) * fix(java): don't stop parsing jar file when wrong inner jar is found (#2989) * fix(sbom): use nuget purl type for dotnet-core (#2990) * perf: retrieve rekor entries in bulk (#2987) * feat(aws): Custom rego policies for AWS scanning (#2994) * docs: jq cli formatting (#2881) * docs(repo): troubleshooting $TMPDIR customization (#2985) * chore: run `go fmt` (#2897) * chore(go): updates wazero to 1.0.0-pre.2 (#2955) * fix(aws): Less function for slice sorting always returns false #2967 * fix(java): fix unmarshal pom exclusions (#2936) Update to version 0.32.1: * fix(java): use fields of dependency from dependencyManagement from upper pom.xml to parse deps (#2943) * chore: expat lib and go binary deps vulns (#2940) * wasm: Removes accidentally exported memory (#2950) * fix(sbom): fix package name separation for gradle (#2906) * docs(readme.md): fix broken integrations link (#2931) * fix(image): handle images with single layer in rescan mergedLayers cache (#2927) * fix(cli): split env values with ',' for slice flags (#2926) * fix(cli): config/helm: also take into account files with `.yml` (#2928) * fix(flag): add file-patterns flag for config subcommand (#2925) Update to version 0.32.0: * docs: add Rekor SBOM attestation scanning (#2893) * chore: narrow the owner scope (#2894) * fix: remove a patch number from the recommendation link (#2891) * fix: enable parsing of UUID-only rekor entry ID (#2887) * docs(sbom): add SPDX scanning (#2885) * docs: restructure docs and add tutorials (#2883) * feat(sbom): scan sbom attestation in the rekor record (#2699) * feat(k8s): support outdated-api (#2877) * fix(c): support revisions in Conan parser (#2878) * feat: dynamic links support for scan results (#2838) * docs: update archlinux commands (#2876) * feat(secret): add line from dockerfile where secret was added to secret result (#2780) * feat(sbom): Add unmarshal for spdx (#2868) * fix: revert asff arn and add documentation (#2852) * docs: batch-import-findings limit (#2851) * feat(sbom): Add marshal for spdx (#2867) * build: checkout before setting up Go (#2873) * docs: azure doc and trivy (#2869) * fix: Scan tarr'd dependencies (#2857) * chore(helm): helm test with ingress (#2630) * feat(report): add secrets to sarif format (#2820) * refactor: add a new interface for initializing analyzers (#2835) * fix: update ProductArn with account id (#2782) * feat(helm): make cache TTL configurable (#2798) * build(): Sign releaser artifacts, not only container manifests (#2789) * chore: improve doc about azure devops (#2795) * docs: don't push patch versions (#2824) * feat: add support for conan.lock file (#2779) * feat: cache merged layers * feat: add support for gradle.lockfile (#2759) * feat: move file patterns to a global level to be able to use it on any analyzer (#2539) * Fix url validaton failures (#2783) * fix(image): add logic to detect empty layers (#2790) * feat(rust): add dependency graph from Rust binaries (#2771) Update to version 0.31.3: * fix: handle empty OS family (#2768) * fix: fix k8s summary report (#2777) * fix: don't skip packages that don't contain vulns, when using --list-all-pkgs flag (#2767) * chore: bump trivy-kubernetes (#2770) * fix(secret): Consider secrets in rpc calls (#2753) * fix(java): check depManagement from upper pom's (#2747) * fix(php): skip `composer.lock` inside `vendor` folder (#2718) * fix: fix k8s rbac filter (#2765) * feat(misconf): skipping misconfigurations by AVD ID (#2743) * chore(deps): Upgrade Alpine to 3.16.2 to fix zlib issue (#2741) * docs: add MacPorts install instructions (#2727) * docs: typo (#2730) Update to version 0.31.2: * fix: Correctly handle recoverable AWS scanning errors (#2726) * docs: Remove reference to SecurityAudit policy for AWS scanning (#2721) Update to version 0.31.1: * fix: upgrade defsec to v0.71.7 for elb scan panic (#2720) Update to version 0.31.0: * fix(flag): add error when there are no supported security checks (#2713) * fix(vuln): continue scanning when no vuln found in the first application (#2712) * revert: add new classes for vulnerabilities (#2701) * feat(secret): detect secrets removed or overwritten in upper layer (#2611) * fix(cli): secret scanning perf link fix (#2607) * chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.12.0 (#2650) * feat: Add AWS Cloud scanning (#2493) * docs: specify the type when verifying an attestation (#2697) * docs(sbom): improve SBOM docs by adding a description for scanning SBOM attestation (#2690) * fix(rpc): scanResponse rpc conversion for custom resources (#2692) * feat(rust): Add support for cargo-auditable (#2675) * feat: Support passing value overrides for configuration checks (#2679) * feat(sbom): add support for scanning a sbom attestation (#2652) * chore(image): skip symlinks and hardlinks from tar scan (#2634) * fix(report): Update junit.tpl (#2677) * fix(cyclonedx): add nil check to metadata.component (#2673) * docs(secret): fix missing and broken links (#2674) * refactor(cyclonedx): implement json.Unmarshaler (#2662) * feat(kubernetes): add option to specify kubeconfig file path (#2576) * docs: follow Debian's 'instructions to connect to a third-party repository' (#2511) * feat(alma): set AlmaLinux 9 EOL (#2653) * fix(misconf): Allow quotes in Dockerfile WORKDIR when detecting relative dirs (#2636) * test(misconf): add tests for misconf handler for dockerfiles (#2621) * feat(oracle): set Oracle Linux 9 EOL (#2635) * BREAKING: add new classes for vulnerabilities (#2541) * fix(secret): add newline escaping for asymmetric private key (#2532) * docs: improve formatting (#2572) * feat(helm): allows users to define an existing secret for tokens (#2587) * docs(mariner): use tdnf in fs usage example (#2616) * docs: remove unnecessary double quotation marks (#2609) * fix: Fix --file-patterns flag (#2625) * feat(report): add support for Cosign vulnerability attestation (#2567) * docs(mariner): use v2.0 in examples (#2602) * feat(report): add secrets template for codequality report (#2461) Moderate SUSE bug 1208091 CVE-2023-25165 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: Update to 96.0.4693.31 * CHR-9206 Update Chromium on desktop-stable-110-4693 to 110.0.5481.178 * DNA-104492 [Stable A/B Test] React Start Page for Austria 50% * DNA-104660 Browser crash when calling window.opr.authPrivate API in a private mode * DNA-105000 Crash at non-virtual thunk to SadTabView::OnBoundsChanged(gfx::Rect const&) * DNA-105138 Hang-up button is red in video popout * DNA-105211 Johnny5 – Prepare extension to be usable in Desktop * DNA-105377 Add API for extension to be able to open sidebar panel * DNA-105378 Add 'AI Shorten' functionality to search/copy tooltip * DNA-105410 Change Popup functionality depending on number of words selected * DNA-105429 Fix privileges for Shodan api * DNA-105434 Change popup depending on number of words * DNA-105442 Fix Update & Recovery page styling * DNA-105455 [Search box] Search box does not resize dynamically * DNA-105606 Enabling news by default on SP test- 2 The update to chromium 110.0.5481.178 fixes following issues: CVE-2023-0927, CVE-2023-0928, CVE-2023-0929, CVE-2023-0930, CVE-2023-0931, CVE-2023-0932, CVE-2023-0933, CVE-2023-0941 Important CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 CVE-2023-0941 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 111.0.5563.64 * New View Transitions API * CSS Color Level 4 * New developer tools in style panel for color functionality * CSS added trigonometric functions, additional root font units and extended the n-th child pseudo selector. * previousslide and nextslide actions are now part of the Media Session API * A number of security fixes (boo#1209040) * CVE-2023-1213: Use after free in Swiftshader * CVE-2023-1214: Type Confusion in V8 * CVE-2023-1215: Type Confusion in CSS * CVE-2023-1216: Use after free in DevTools * CVE-2023-1217: Stack buffer overflow in Crash reporting * CVE-2023-1218: Use after free in WebRTC * CVE-2023-1219: Heap buffer overflow in Metrics * CVE-2023-1220: Heap buffer overflow in UMA * CVE-2023-1221: Insufficient policy enforcement in Extensions API * CVE-2023-1222: Heap buffer overflow in Web Audio API * CVE-2023-1223: Insufficient policy enforcement in Autofill * CVE-2023-1224: Insufficient policy enforcement in Web Payments API * CVE-2023-1225: Insufficient policy enforcement in Navigation * CVE-2023-1226: Insufficient policy enforcement in Web Payments API * CVE-2023-1227: Use after free in Core * CVE-2023-1228: Insufficient policy enforcement in Intents * CVE-2023-1229: Inappropriate implementation in Permission prompts * CVE-2023-1230: Inappropriate implementation in WebApp Installs * CVE-2023-1231: Inappropriate implementation in Autofill * CVE-2023-1232: Insufficient policy enforcement in Resource Timing * CVE-2023-1233: Insufficient policy enforcement in Resource Timing * CVE-2023-1234: Inappropriate implementation in Intents * CVE-2023-1235: Type Confusion in DevTools * CVE-2023-1236: Inappropriate implementation in Internals Important SUSE bug 1209040 CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1223 CVE-2023-1224 CVE-2023-1225 CVE-2023-1226 CVE-2023-1227 CVE-2023-1228 CVE-2023-1229 CVE-2023-1230 CVE-2023-1231 CVE-2023-1232 CVE-2023-1233 CVE-2023-1234 CVE-2023-1235 CVE-2023-1236 cpe:/o:opensuse:leap:15.4 Security update for amanda (Important) openSUSE Leap 15.4 This update for amanda fixes the following issues: - CVE-2022-37704: fix privilege escalation via rundump (boo#1208033, gh#zmanda/amanda#195) - CVE-2022-37705: fix privilege escalation via runtar suid binary (boo#1208032, gh#zmanda/amanda#194) Important SUSE bug 1208032 SUSE bug 1208033 CVE-2022-37704 CVE-2022-37705 cpe:/o:opensuse:leap:15.4 Security update for peazip (Moderate) openSUSE Leap 15.4 This update for peazip fixes the following issues: peazip was updated to 9.1.0: * Major restyle in application's look & feel and themes, and many usability improvements for the file manager, and archiving / extraction screens. * The scripting engine was refined, with the ability to adapt the syntax for a specific 7z version at runtime, and to export archive conversion tasks as scripts. * Support for TAR, Brotli, and Zstandard formats was improved. * Pea was updated to 1.12, fixing for CVE-2023-24785 (this fixes boo#1208468) Update to 9.0.0: BACKEND: * Pea 1.11. CODE: * Fixes, clean up of legacy code. * Improved speed and memory usage. FILE MANAGER: * GUI better adapts to size and preference changes. * Selecting one of the available tool bars (archive manager, file manager, image manager) restores its visibility if the Tool bar is hidden. EXTRACTION and ARCHIVING: * Added new options for 7z/p7zip backend. * Improved support for TAR format, and for formats used in combination with TAR. * Improved support for ZPAQ and *PAQ formats. * Updated compression preset scripts. * Updated plugin for PeaZip. - Update to 8.9.0: BACKEND * Pea 1.10 CODE * Password Manager is now re-set only from Options > Settings > Privacy, Reset Password Manager link * Various fixes and improvements * Correctly displays folder size inside ZIP archives if applicable * Cleanup of legacy code * Improved performances and memory management for browsing archives * Improved opening folders after task completition * Improved detecting root extraction directory * Archive conversion procedure now opens target directory only once, after final compression step * Task window can now show temporary extraction work path from context menu right-clicking on input and output links FILE MANAGER * Added progress bar while opening archive files supported through 7z backend; progress indicator is not visible when archive pre-browsing is disabled in Options > Settings > General, Performance group * Improved Clipboard panel, can display tems size and modification date * Improved quick navigation menu (on the left of the Address bar) * Can now set password/keyfile, and display if a password is set * Can now display info on current archive / selection / clipboard content duplicating function of staus bar; the new Info entry is also featured in main menu, Navigation group * Can now toggle bookmarks, history, and clipboard views in the Status bar * Improved Style button * Right-clicking Style shows main menu as context menu * Settings is now reachable from Style button in Tool / Address bar * Updated theming engine * Address bar color can now be changed separately from Address field color * Tab bar color has now more options * Improved existing Themes to take advantage of the new options * Updated Tuxedo theme * New Droid theme EXTRACTION and ARCHIVING * Changed default working directory to output path, as more consistent with behavior of similar applications on non-Windows systems * Added context menu entry for 'Add to separate archives' action, shown when applicable in file browser screen * Improved archiving and extraction context menu, to make easier to add files and folders (or open search) from bookmarks abd history items * Improved test after archiving * Empty archives are reported as warnings * It is now possible to set the sequence of tasks to stop for auto-test results (otherwise it will stop only in case of error) from Options > Settings > Advanced * More information is available clicking status bar string in archive creation and extraction screens: task type details, temp work path (if applicable), input zise, output path with total size and free space - Update to 8.8.0 (boo#1202690): BACKEND * 7z 22.01 * Pea 1.09 CODE * Various fixes and improvements FILE MANAGER * Improved GUI for more flexibility to better adapt to multiple environments with different visual styles EXTRACTION and ARCHIVING * Added option to test archive after creation, for formats supporting test routine, in Options > Settings, Archive manager tab * Added timestamp precision option in Archiving screen, Advanced tab, applies to ZIP and TAR/pax formats * Added timestamp precision option in Archiving screen, Advanced tab, applies to ZIP and TAR/pax formats * Added options to save owner/group ids and names, available in Archiving screen, Advanced tab - Set correct category in the desktop file (boo#1202690) - Update to 8.7.0: BACKEND * 7z 22.00 * Pea 1.08 CODE * Can now optionally check hash of backend binaries called by PeaZip in order to detect modified ones * Can now optionally hardcode paths of backend binaries, configuration, and non-binary resources directories as absoulte paths at compile time FILE MANAGER * Added 'Open in a new tab' to breadcrumb navigation menu * Can now export content of navigation/search filter as CSV, from column's header menu, and Main menu > Navigation submenu * CSV separator can now be customised from Options > Settings, General Tab, on the right of Localization selector * File manager now displays file size and compressed file size of directories inside archives, CRC column displays files and sub-directores count for directories * Many visual enhancements EXTRACTION and ARCHIVING * Can now remember default archive creation action (force new archive, add, update, sync...) * Improved displaying directory size in archive creation screen: items are now recursively enumerated asynchronously (non blocking) by default, so it is possible to proceed with archiving operations (confirm, cancel, modify parameters...) without needing the input count to be completed * Re-organized Archive manager settings page in Options > Settings * For Zpaq format now 'Absolute paths' extraction option is enabled by default (in Advanced tab of extraction screen) Moderate SUSE bug 1202690 SUSE bug 1208468 CVE-2023-24785 cpe:/o:opensuse:leap:15.4 Security update for python-Django (Moderate) openSUSE Leap 15.4 python-Django was update to fix: - CVE-2023-24580: Prevent DOS in file uploads. (bsc#1208082) Moderate SUSE bug 1208082 CVE-2023-24580 cpe:/o:opensuse:leap:15.4 Security update for squirrel (Moderate) openSUSE Leap 15.4 This update for squirrel fixes the following issues: - CVE-2021-41556: fix out-of-bounds read issue (boo#1201974) Moderate SUSE bug 1201974 CVE-2021-41556 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 111.0.5563.110 (boo#1209598) * CVE-2023-1528: Use after free in Passwords * CVE-2023-1529: Out of bounds memory access in WebHID * CVE-2023-1530: Use after free in PDF * CVE-2023-1531: Use after free in ANGLE * CVE-2023-1532: Out of bounds read in GPU Video * CVE-2023-1533: Use after free in WebProtect * CVE-2023-1534: Out of bounds read in ANGLE Important SUSE bug 1209598 CVE-2023-1528 CVE-2023-1529 CVE-2023-1530 CVE-2023-1531 CVE-2023-1532 CVE-2023-1533 CVE-2023-1534 cpe:/o:opensuse:leap:15.4 Security update for nextcloud (Important) openSUSE Leap 15.4 This update for nextcloud fixes the following issues: - Update to 23.0.12 See: https://nextcloud.com/changelog/#latest23 - This also fix security issues: - CVE-2022-35931: Password Policy app could generate passwords that would be block (boo#1203190) - CVE-2022-39346: Missing length validation of user displayname allows to generate an SQL error (boo#1205802) - CVE-2023-25579: Potential directory traversal in OC\Files\Node\Folder::getFullPath (boo#1208591) Important SUSE bug 1203190 SUSE bug 1205802 SUSE bug 1208591 CVE-2022-35931 CVE-2022-39346 CVE-2023-25579 cpe:/o:opensuse:leap:15.4 Security update for seamonkey (Important) openSUSE Leap 15.4 SeaMonkey was updated to 2.53.16: * No throbber in plaintext editor bug 85498. * Remove unused gridlines class from EdAdvancedEdit bug 1806632. * Remove ESR 91 links from debugQA bug 1804534. * Rename devtools/shim to devtools/startup bug 1812367. * Remove unused seltype=text|cell css bug 1806653. * Implement new shared tree styling bug 1807802. * Use `win.focus()` in macWindowMenu.js bug 1807817. * Remove WCAP provider bug 1579020. * Remove ftp/file tree view support bug 1239239. * Change calendar list tree to a list bug 1561530. * Various other updates to the calendar code. * Continue the switch from Python 2 to Python 3 in the build system. * Verified compatibility with Rust 1.66.1. * SeaMonkey 2.53.16 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.16 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 102.9 and Thunderbird 102.9 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. Important cpe:/o:opensuse:leap:15.4 Security update for upx (Important) openSUSE Leap 15.4 upx was updated to fix the following issues: Update to release 4.0.2 * Fix unpack of ELF x86-64 that failed with 'CantUnpackException: corrupt b_info' * Resolve SEGV on PackLinuxElf64::invert_pt_dynamic - CVE-2021-30500: Fixed Null pointer dereference in PackLinuxElf:canUnpack() in p_lx_elf.cpp - CVE-2021-30501: Fixed Assertion abort in function MemBuffer:alloc() - CVE-2021-43311: Fixed Heap-based buffer overflow in PackLinuxElf32:elf_lookup() at p_lx_elf.cpp - CVE-2021-43312: Fixed Heap-based buffer overflow in PackLinuxElf64:invert_pt_dynamic at p_lx_elf.cpp:5239 - CVE-2021-43313: Fixed Heap-based buffer overflow in PackLinuxElf32:invert_pt_dynamic at p_lx_elf.cpp:1688 - CVE-2021-43314: Fixed Heap-based buffer overflows in PackLinuxElf32:elf_lookup() at p_lx_elf.cp - CVE-2021-43315: Fixed Heap-based buffer overflows in PackLinuxElf32:elf_lookup() at p_lx_elf.cp - CVE-2021-43316: Fixed Heap-based buffer overflow in func get_le64() - CVE-2021-43317: Fixed Heap-based buffer overflows in PackLinuxElf64:elf_lookup() at p_lx_elf.cp - CVE-2023-23456: Fixed heap-buffer-overflow in PackTmt:pack() - CVE-2023-23457: Fixed SEGV on PackLinuxElf64:invert_pt_dynamic() in p_lx_elf.cpp Important SUSE bug 1183510 SUSE bug 1184701 SUSE bug 1184702 SUSE bug 1207121 SUSE bug 1207122 SUSE bug 1209765 SUSE bug 1209766 SUSE bug 1209767 SUSE bug 1209768 SUSE bug 1209769 SUSE bug 1209770 SUSE bug 1209771 CVE-2021-20285 CVE-2021-30500 CVE-2021-30501 CVE-2021-43311 CVE-2021-43312 CVE-2021-43313 CVE-2021-43314 CVE-2021-43315 CVE-2021-43316 CVE-2021-43317 CVE-2023-23456 CVE-2023-23457 cpe:/o:opensuse:leap:15.4 Security update for rubygem-activerecord-5.2 (Important) openSUSE Leap 15.4 This update for rubygem-activerecord-5.2 fixes the following issues: - CVE-2022-32224: Fixed possible remote code execution when using YAML serialized columns in Active Record (boo#1201465). Important SUSE bug 1201465 CVE-2022-32224 cpe:/o:opensuse:leap:15.4 Security update for nextcloud-desktop (Important) openSUSE Leap 15.4 This update for nextcloud-desktop fixes the following issues: nextcloud-desktop was updated to 3.8.0: - Resize WebView widget once the loginpage rendered - Feature/secure file drop - Check German translation for wrong wording - L10n: Correct word - Fix displaying of file details button for local syncfileitem activities - Improve config upgrade warning dialog - Only accept folder setup page if overrideLocalDir is set - Update CHANGELOG. - Prevent ShareModel crash from accessing bad pointers - Bugfix/init value for pointers - Log to stdout when built in Debug config - Clean up account creation and deletion code - L10n: Added dot to end of sentence - L10n: Fixed grammar - Fix 'Create new folder' menu entries in settings not working correctly on macOS - Ci/clang tidy checks init variables - Fix share dialog infinite loading - Fix edit locally job not finding the user account: wrong user id - Skip e2e encrypted files with empty filename in metadata - Use new connect syntax - Fix avatars not showing up in settings dialog account actions until clicked on - Always discover blacklisted folders to avoid data loss when modifying selectivesync list. - Fix infinite loading in the share dialog when public link shares are disabled on the server - With cfapi when dehydrating files add missing flag - Fix text labels in Sync Status component - Display 'Search globally' as the last sharees list element - Fix display of 2FA notification. - Bugfix/do not restore virtual files - Show server name in tray main window - Add Ubuntu Lunar - Debian build classification 'beta' cannot override 'release'. - Update changelog - Follow shouldNotify flag to hide notifications when needed - Bugfix/stop after creating config file - E2EE cut extra zeroes from derypted byte array. - When local sync folder is overriden, respect this choice - Feature/e2ee fixes - This also fix security issues: - (boo#1205798, CVE-2022-39331) - Arbitrary HyperText Markup Language injection in notifications - (boo#1205799, CVE-2022-39332) - Arbitrary HyperText Markup Language injection in user status and information - (boo#1205800, CVE-2022-39333) - Arbitrary HyperText Markup Language injection in desktop client application - (boo#1205801, CVE-2022-39334) - Client incorrectly trusts invalid TLS certificates - (boo#1207976, CVE-2023-23942) - missing sanitisation on qml labels leading to javascript injection - Update to 3.7.4 - check German translation for wrong wording - Fix 'Create new folder' menu entries in settings not working correctly on macOS - Clean up account creation and deletion code - Fix share dialog infinite loading - fix edit locally job not finding the user account: wrong user id - skip e2e encrypted files with empty filename in metadata - Always discover blacklisted folders to avoid data loss when modifying selectivesync list. - use new connect syntax - with cfapi when dehydrating files add missing flag - Fix avatars not showing up in settings dialog account actions until clicked on - Fix text labels in Sync Status component - Fix infinite loading in the share dialog when public link shares are disabled on the server - Ci/clang tidy checks init variables - Display 'Search globally' as the last sharees list element - Resize WebView widget once the loginpage rendered - Bugfix/do not restore virtual files - Fix display of 2FA notification. - Update to 3.7.3 - Revert 'Fix(l10n): capital_abcd Update translations from Transifex' - Revert 'Fix(l10n): capital_abcd Update translations from Transifex' - Revert 'Fix(l10n): capital_abcd Update translations from Transifex' - Update to 3.7.2 - No regular changelog from upstream. See instead: https://github.com/nextcloud/desktop/compare/v3.7.1...v3.7.2 - Update to 3.7.1 - Backport/5393/stable 3.7 by @mgallien in #5403 - Fix wrong estimated time when doing sync. in #4902 - Bugfix/selective sync abort error in #4903 - Set UnifiedSearchResultNothingFound visibility less messily in #4751 - Clean up QML type and singleton registration in #4817 - Simplify activity list delegates by making them ItemDelegates, clean up in #4786 - Improve activity list highlighting/keyboard item selection in #4781 - Replace private API QZipWriter with KArchive in #4768 - makes Qt WebEngine optional only on macOS in #4875 - Bugfix/conflict resolution when selecting folder in #4914 - Fix fileactivitylistmodel QML registration in #4920 - Updated link to documentation in #4792 - Fix menu bar height calculation on macOS in #4917 - Fix ActivityItem activityHover error in #4921 - Fix add account window text clipping, enlarge text in #4910 - Accept valid lsColJob reply XML content types in #4919 - Fix low-resolution file changed overlay icons in activities in #4930 - Refactor ActivityListModel population mechanisms in #4736 - Make account setup wizard's adjustWizardSize resize to current page size instead of largest wizard page in #4911 - Deallocate call notification dialog objects when closed by @claucambra in #4939 - Ensure that the file being processed has had its etag properly sanitised, log etag more in #4940 - Feature/syncjournaldb handle errors in #4819 - Do not format text in QML components as HTML in #4944 - Fix two factor auth notification: activity item was disabled. in #4961 - Add a placeholder item for empty activity list in #4959 - Ensure strings in main window QML are presented as plain text and not HTML by @claucambra in #4972 - Improve handling of file name clashes by @claucambra in #4970 - Add a QSortFilterProxyModel-based SortedActivityListModel by @claucambra in #4933 - Bring back .lnk files on Windows and always treat them as non-virtual files. by @allexzander in #4968 - Fix two factor authentication notification by @camilasan in #4967 - Ensure placeholder message in emoji picker wraps correctly in #4960 - Make activity action button an actual button, clean up contents in #4784 - Improve the error box QML component in #4976 - Fix 'Reply' primary property. in #4985 - Fix sync progress bar colours in dark mode in #4986 - Fix predefined status text formatting in #4987 - Don't set up tray context menu on macOS, even if not building app bundle in #4988 - Ci/check clang tidy in ci in #4995 - check our code with clang-tidy in #4999 - alway use constexpr for all text constants in #4996 - avoid possibly crashing static_cast in #4994 - switch AppImage CI to latest tag: client-appimage-6 in #5003 - configure a list of checks for clang-tidy in #5004 - Fix link shares default expire date being enforced as maximum expire date even when maximum date enforcement is disabled on the server in #4982 - apply modernize-use-using via clang-tidy in #4993 - Ci/use no discard in #4992 - Fix files not unlocking after lock time expired in #4962 - Update client image in #5002 - let's check the format via some github action in #4991 - Feature/vfs windows sharing and lock state in #4942 - Update after tx migrate in #5019 - Improve 'Handle local file editing' feature. Add loading popup. Add force sync before opening a file. in #4990 - Command-line client. Do not trust SSL certificates by default, unless '--trust' option is set. in #5022 - Bugfix/files lock fail metadata in #5024 - do not ignore return value in #4998 - improve logs when adding sync errors in activity list of main dialog in #5032 - Fix invisible user status selector button not being checked when user is in Offline mode in #5012 - use correct version copmparison on NSIS updater: fix update from rc in #4979 - Bugfix/check token for edit locally requests in #5039 - Fix the dismiss button: display it whenever possible. in #4989 - Fix account not found when doing local file editing. in #5040 - Improve 'pretty user name'-related strings, display in webflow credentials in #5013 - Update CHANGELOG with 3.6.1 changes. in #5066 - Fix call notification dialog buttons in #5074 - validate certificate for E2EE against private key in #4949 - emit missing signal to update folder sync status icon in #5087 - Update CMake usage in README build instructions in #5086 - Clean up methods in sync engine in #5071 - Make Systray's void methods slots in #5042 - Remove unneeded parameter from CleanupPollsJob constructor in #5070 - Add a 'Sync now' button to the sync status header in the tray window in #5018 - Modernise and improve code in AccountManager in #5026 - Fix macOS autoupdater settings in #5102 - Validate and sanitise edit locally token and relpath before sending to server in #5093 - Refactor FolderMan's 'Edit Locally' capabilities as separate class in #5107 - Modernise and improve code in AccountSettings in #5027 - Fix compatibility with newer python3-nautilus in #5105 - Only show Sync Now button if account is connected in #5097 - use new public API to open an edit locally URL in #5116 - Add a new file details window, unify file activity and sharing in #4929 - E2EE. Do not generate keypair without user request. in #5067 - Fix incorrect current user index when adding or removing a user account. Also fix incorrect user avatar lookup by id. in #5092 - Remove unused internal link widget from old share dialog in #5123 - Use separate variable for cfg file name in CMAKE. in #5136 - Bugfix/delete folders during propagation even when propagation has errors in #5104 - Remove unused app pointer in CocoaInitializer in #5127 - Ensure 'Sync now' button doesn't have its text elided in #5129 - Fix share delegate button icon colors in dark mode in #5132 - Do not use copy-assignment of QDialog. in #5148 - Remove unused remotePath in User::processCompletedSyncItem in #5118 - Make user status selector modal, show user header in #5145 - properly escape a path when creating a test file during tests in #5151 - Add support cmake unity build in #5109 - Fix typo of connector in #5157 - fully qualify types in signals and slots in #5088 - Remove reference to inexistent property in NCCustomButton in #5173 - Fix ActivityList delegate warnings in #5172 - Ensure forcing a folder to be synced unpauses syncing on said folder in #5152 - switch back to upstream craft in #5178 - fix renaming of folders with a deep hierarchy inside them in #5182 - fix instances of: c++11 range-loop might detach Qt container warnings in #5089 - Implement context menu entry 'Leave this share' in #5081 - check that we update local file mtime on changes from server in #5188 - Add end-to-end tests to our CI in #5124 - Modernize the Dolphin action plugin in #5192 - Ci/do not modify configuration file duringtests in #5200 - cmake: Use FindPkgConfig's pkg_get_variable instead of custom macro in #5199 - Fix tray window margins, stop cutting into window border in #5202 - fix regressions on pinState management when doing renames in #520 - Fix bad custom button alignments, sizings, etc. in #5189 - Ci/do not override configuration file in #5206 - Clearly tell user that E2EE has been enabled for an account in #5164 - Fix CfApiShellExtensionsIPCTest in #5209 - l10n: Fixed grammar in #5220 - Prevent bad encrypting of folder if E2EE has not been correctly set up in #5223 - Remove close/dismiss button from encryption message in #5163 - Update macOS shell integration deployment targets in #5227 - Bugfix/case cash conflicts should not terminate sync in #5224 - Differentiate between E2EE not being enabled at all vs. E2EE being enabled already through another device in account settings message in #5179 - Ensure more QML text components are rendering things as plain text in #5231 - l10n: Correct spelling in #5221 - Make use of plain text-enforcing qml labels in #5233 - Feature/edit file locally restart sync in #5175 - Fix CI errors for Edit Locally. in #5241 - Lock file when editing locally in #5226 - Format some QLabels as plain text in #5247 - do not create GUI from a random thread and show error on real error in #5253 - Fix BasicComboBox internal layout in #5216 - Explicitly size and align user status selector text input to avoid bugs with alternate QtQuick styles in #5214 - do not use bulk upload for e2ee files in #5256 - Only show mnemonic request dialog when user explicitly wants to enable E2EE in #5181 - Replace share settings popup with a page on a StackView in #5194 - Add interactive NC Talk notifications on macOS in #5143 - Show file details within the tray dialog, rather than in a separate dialog in #5139 - Silence sync termination errors when running EditLocallyJob. in #5261 - Fix typo in #5257 - Add an 'Encrypt' menu entry in file browser context menu for folders in #5263 - Add a nix flake for easy building and dev environments in #5007 - Add an internal link share to the share dialog in #5131 - Avoid the Get-Task-Allow Entitlement (macOS Notarization) in #5274 - sets a fixed version for pixman when buildign desktop client via Craft in #5269 - Fix SyncEngineTest failure when localstate is destroyed. in #5273 - Feature/remove obsolete names in #5271 - Remove unused HeaderBanner component in #5245 - Feature/do not sync enc folders if e2ee is not setup in #5258 - fix migration from old settings configuration files in #5141 - Use QFileInfo::exists where we are only creating a QFileInfo to check if file exists in #5291 - Make correct use of Qt signal 'emit' keyword in #5287 - Remove unused variables in #5290 - Declare all QRegularExpressions statically in #5289 - l10n: Remove space in #5297 - Feature/move shellextensions to root installdir in #5295 - Improve backup dark mode palette for Windows in #5298 - Allow setting up an account with apppasword and folder via command-line arguments. For deployment. in #5296 - Update file's metadata in the local database when the etag changes while file remains unchanged. Fix subsequent conflict when locking and unlocking. in #5293 - Fix warnings on QPROPERTY-s in #5286 - Replace now deprecated FSEventStreamScheduleWithRunLoop with FSEventStreamSetDispatchQueue in #5272 - Fix macOS shell integration class inits in #5299 - Drop dependency on Qt Quick Controls 1 in #5309 - Fix full-text search results not being opened in browser in #5279 - Feature/allow forceoverrideurl via command line in #5329 - Bugfix/e2ee vulnerability empty metadatakeys in #5323 - Always generate random initialization vector when uploading encrypted file in #5324 - Fix bad string for translation. in #5358 - Update legal notice to 2023 in #5361 - Fix migration from legacy client when override server url is set in #5322 - Don't try to lock folders when editing locally in #5317 - Fix fetch more unified search result item not being clickable in #5266 - Add ability to disable E2EE in #5167 - Remove unused monochrome icons setting in #5366 - Feature/sync with case clash names in #5232 - Edit locally. Do not lock if locking is disabled on the server. in #5371 - Revert 'Merge pull request #5366 from nextcloud/bugfix/remove-mono-icons-setting' in #5372 - Open calendar notifications in the browser. in #4684 - Migrate old configs in #5362 - Always unlock E2EE folders, even when network failure or crash. in #5370 - Fix displaying of file details button for local syncfileitem activities in #5380 - Improve config upgrade warning dialog in #5386 - Backport/5385/stable 3.7 in #5388 - Update to 3.6.6 - Revert 'Fix(l10n): capital_abcd Update translations from Transifex' 33f3975 - Update to 3.6.5 - do not assert when sharing to a circle in #5310 - Fix macOS shell integration class inits in #5311 - Drop dependency on Qt Quick Controls 1 in #5312 - Feature/allow forceoverrideurl via command line in #5332 - Fix typo in #5270 - check that we update local file mtime on changes from server in #5321 - fix regressions on pinState management when doing renames in #5333 - Always generate random initialization vector when uploading encrypted file in #5334 - Fix SyncEngineTest failure when localstate is destroyed. in #5336 - Bugfix/e2ee vulnerability empty metadatakeys in #5335 - Update to 3.6.4 - do not create GUI from a random thread and show error on real error - Update to 3.6.3 - Fix typo of connector - fix renaming of folders with a deep hierarchy inside them - Make user status selector modal, show user header - Prevent bad encrypting of folder if E2EE has not been correctly set up - Feature/edit file locally restart sync - Add forcefoldersync method to folder manager - Make use of plain text-enforcing qml labels - Lock file when editing locally - Format some QLabels as plain text - Update to 3.6.2 - Fix call notification dialog buttons by @backportbot-nextcloud in #5075 - emit missing signal to update folder sync status icon by @backportbot-nextcloud in #5090 - Fix macOS autoupdater settings by @backportbot-nextcloud in #5103 - Validate and sanitise edit locally token and relpath before sending to server by @backportbot-nextcloud in #5106 - Fix compatibility with newer python3-nautilus by @backportbot-nextcloud in #5112 - Refactor FolderMan's 'Edit Locally' capabilities as separate class by @backportbot-nextcloud in #5111 - use new public API to open an edit locally URL by @backportbot-nextcloud in #5117 - Use separate variable for cfg file name in CMAKE. by @backportbot-nextcloud in #5140 - Fix stable-3.6 compile on macOS by @claucambra in #5154 - Fix bad backport of CustomButton changes in Stable-3.6 by @claucambra in #5155 - Backport/5067/stable 3.6 by @allexzander in #5153 - Backport/5092/stable 3.6 by @allexzander in #5156 - properly escape a path when creating a test file during tests by @backportbot-nextcloud in #5158 - Split out the dbus service related files that provides libcloudproviders integration for nextcloud desktop client into a separate package; when this is installed, launching any app supporting libowncloudproviders (e.g. nautilus on GNOME) will automatically launch the desktop client -- which is rather annoying to happen by default, esp. in cases where a user does not even have a nextcloud account (gh#nextcloud/desktop#1982, gh#nextcloud/desktop#2622). - Make the extension working again on Nautilus 43. This patch also support previous Nautilus versions. - Update to 3.6.1 - Fix wrong estimated time when doing sync. - Bugfix/selective sync abort error - Bugfix/conflict resolution when selecting folder - Fix menu bar height calculation on macOS - Fix add account window text clipping, enlarge text - Accept valid lsColJob reply XML content types - Fix low-resolution file changed overlay icons in activities - Deallocate call notification dialog objects when closed - Ensure that the file being processed has had its etag properly sanitised, log etag more - Ensure strings in main window QML are presented as plain text and not HTML - Do not format text in QML components as HTML - Fix two factor authentication notification - Bring back .lnk files on Windows and always treat them as non-virtual files. - Fix 'Reply' primary property. - Update after tx migrate - Command-line client. Do not trust SSL certificates by default, unless '--trust' option is set. - Fix invisible user status selector button not being checked when user is in Offline mode - Fix link shares default expire date being enforced as maximum expire date even when maximum date enforcement is disabled on the server - Backport/4989/stable 3.6 - use correct version copmparison on NSIS updater: fix update from rc - Improve 'Handle local file editing' feature. Add loading popup. Add f… - Backport/5039/bugfix/check token for edit locally requests - Fix account not found when doing local file editing. - Fix two factor auth notification: activity item was disabled. - Fix predefined status text formatting - Fix sync progress bar colours in dark mode - Improve handling of file name clashes - Ensure placeholder message in emoji picker wraps correctly - Update to 3.6.0 - Fix crash in cldapi.dll - Updating command-rebase.yml workflow from template - Reply button size should be same as the input field, smaller + text color - Fix crashing when selecting user status and predefined statuses not appearing - Make user status dialog look in line with the rest of the desktop client tray and Nextcloud - Add a placeholder message for the recents tab of the emoji picker - Add SVG icon styled for macOS Big Sur - Ensure the dispatch source only gets deallocated after the dispatch_source_cancel is done, avoiding crashing of the Finder Sync Extension on macOS - Properly adapt the UserStatusSelectorModel to QML, eliminate hacks, make code more declarative - Fix the system tray menu not being correctly replaced in setupContextMenu on GNOME - Make the share dialog resizeable - Make client language gender-neutral and more clear - Use an en-dash for the userstatus panel - Close call notifications when the call has been joined by the user, or the call has ended - Correct spelling - Print sync direction in SyncFileStatusTracker::slotAboutToPropagate - Windows CI. Use specific Craft revision. - Add 'db/local/remote' reference to log string. - Work around issues with window positioning on Linux DEs, hardcode tray window to screen center when new account added - Add a custom back button to the account wizard's advanced setup page - Clean up systray methods, make more QML-friendly - Refactor tray window opening code for clarity and efficiency - Increase the call state checking interval to not overload the server - Fix bad quote in CMakeLists PNG generation message - Only set _FORTIFY_SOURCE when a higher level of this flag has not been set - Switch to using the main client CI image based on ubuntu 22.04 - Limit concurrent notifications - Use macOS-specific application icon - QML-ify the UserModel, use properties rather than setter methods - Take ints by value rather than reference in UserModel methods - Feature/vfs windows thumbnails - Respect skipAutoUpdateCheck in nextcloud.cfg with Sparkle on macOS - Restyle unified search skeleton items animation and simplify their code - Stop styling QML unified search items hierarchically, use global Style constants - Use preprocessor directive rather than normal 'if' for UNNotification types - Make apps menu scrollable when content taller than available vertical space, preventing borking of layout - Ensure that throttled notifications still appear in tray activity model - Stop clearing notifications when new notifications are received - Fix ActivityItemContent QML paintedWidth errors - Clicking on an activity list item for a file opens the local file if available - Replace unified search text field busy indicator with custom indicator - Update macOS Info.plist - Ensure debug archive contents are readable by any user - Remove Ubuntu Impish, add Kinetic - Make UserStatusSelector a dismissible page pushed onto the tray window - Feature/handle edit locally - Add Debian Bullseye build - Double-clicking tray icon opens currently-selected user's local folder (if available) - Clean up TalkReplyTextField, remove unnecessary parent Item - Refactor user line - Do not reboot PC when running an MSI via autoupdate. - Always run MSI with full UI. - Eliminate padding around the menu separator in the account menu - Feature/enable more warnings also for gcc - Move CFAPI shell extensions variables to root CMakeLists. - Move URI scheme variable from Nextcloud.cmake to root CMakeListsts. - Ensure SyncEngine use an initialized instance of SyncOptions - Fix QML warnings - I18n: Spelling unification - Fix crash: 'Failed to create OpenGL context'. - Fix bugs with setting 'Away' user status - Fix greek translation for application name in menu - Align, resize, and layout everything uniformly in the unified search view - Remove libglib-2.0.so.0 and libgobject-2.0.so.0 from Appimage. - Fix unified search item placeholder image source - Use same tooltip component everywhere, fix tooltip clipping bugs - Fix account switching and hover issues with UserLine component - Remove Ubuntu Focal - Add a ScrollView to the predefined statuses area of the UserStatusSelector - Prevent the 'Cancel' button of the user status selector getting squashed - Ensure that clear status message combo box is at least implicit width - Fix alignment of predefined status contents regardless of emoji fonts - Prevent crashing when trying to create error-ing QML component in systray.cpp, output error to log - Add CHANGELOG.md. - Ensure file activity dialog is centered on screen and appears at top of window stack - Build script for AppImage should not assume Nextcloud is the name - Fix File Activities dialog not showing up. - Reads and store fileId and remote permissions during bulk upload - Do not build qt keychain already included in the CI images - Bugfix/web engine on win11 - Update CHANGELOG for the 3.6.0 release. - Fix script that upload AppImage to go in correct path - Update to 3.5.4 - Add and use DO_NOT_REBOOT_IN_SILENT=1 parameter for MSI to not reboot during the auto-update. - Update to 3.5.3 - Fix the system tray menu not being correctly replaced in setupContextMenu on GNOME - Ensure call notification stays on top of other windows - Work around issues with window positioning on Linux DEs, hardcode tray window to screen center when new account added - Clean up systray methods, make more QML-friendly - Refactor tray window opening code for clarity and efficiency - Only set _FORTIFY_SOURCE when a higher level of this flag has not been set - Limit concurrent notifications - Take ints by value rather than reference in UserModel methods - Respect skipAutoUpdateCheck in nextcloud.cfg with Sparkle on macOS - Use preprocessor directive rather than normal 'if' for UNNotification types - QML-ify the UserModel, use properties rather than setter methods - Fix ActivityItemContent QML paintedWidth errors - Stop clearing notifications when new notifications are received - Ensure debug archive contents are readable by any user - Stop styling QML unified search items hierarchically, use global Style constants - Update macOS Info.plist - print sync direction in SyncFileStatusTracker::slotAboutToPropagate - Remove Ubuntu Impish, add Kinetic - Ensure that throttled notifications still appear in tray activity model - Make apps menu scrollable when content taller than available vertical space, preventing borking of layout - Update to 3.5.2 - Explicitly ask user for notification authorisation on launch (macOS) - Fix crash caused by overflow in FinderSyncExtension - add new fixup workflow from nextcloud org - Display chat message inside the OS notification. - Fix 'TypeError: Cannot readproperty 'messageSent' of undefined'. - Add a transparent background to the send reply button. - Fix build on macOS versions pre-11 (down to 10.14) - Ignore Office temp folders on Mac ('.sb-' in folder name). - Remove assert, it is no longer useful. - Add contrast to the text/icon of buttons if the server defined color is light. - fix general section - Remove tooltip because it is only repeating the label of the link. - bugfix/share-dialog - Updating command-rebase.yml workflow from template - Reply button size should be same as the input field, smaller + text color - Close call notifications when the call has been joined by the user, or the call has ended - Increase the call state checking interval to not overload the server - Ensure the dispatch source only gets deallocated after the dispatch_source_cancel is done, avoiding crashing of the Finder Sync Extension on macOS * A more future-proof and distribution friendly fix for boo#1201070 - Fix Tumbleweed build and install error boo#1201070. Use own CFLAGS for Tumblweed with -D_FORTIFY_SOURCE=2 instead of -D_FORTIFY_SOURCE=3. - Update to 3.5.1 - Add new and correct sparkle update signature - l10n: Remove string from translation - l10n: Changed triple dot to ellipsis - Ensure cache is stored in default cache location - Updating command-rebase.yml workflow from template - Remove '…' from 'Create Debug Archive' button - docs: Replace 'preceded' with 'followed' - only add OCS-APIREQUEST header for 1st request of webflow v1 - Make the make_universal.py script more verbose for easier debugging - Revamp notifications for macOS and add support for actionable update notifications - Use proper online status for user ('dnd', 'online', 'invisible', etc.) to enable or disable desktop notifications. - Bugfix. Take root folder's files size into account when displaying the total size in selective sync dialog. - Fix activity list item issues with colours/layout/etc. - Bugfix/allow manual rename files with spaces - Fixed share link expiration box being ineditable and always attempting to set invalid date - Fix crashing of finder sync extension caused by dispatch_source_cancel of nullptr - Simplify and remove the notification 'cache' - Fix tray icon not displaying 'Open main dialog' - if an exclude file is deleted, skip it and remove it from internal list - Bugfix/two factor notification - Fix visual borking in the share dialog - add explicit capture for lambda - Update to 3.5.0 - Require cmake 3.16 - Add testing for ActivityListModel - Check for dbus-1 when building with cloudproviders - Add ability to copy internal link from share dialog - Feature/improve activity buttons - Add thumbnails for files in the activity view - Use proper API to dehydrate a placeholder file - Feature/Talk Reply v1 - Ensure we emit a rename command for renamed files - Remove Hirsute, add Jammy - Allow account menu to scroll when content height is larger than menu height - Always build with updater. Use 'beta/stable' channel selector in 'General Settins' dialog with default 'stable'. - Cmake option to disable proxy - Add support for server color theming - No longer assume status bar height, calculate, fixing notch borking on new MacBook Pro - Add a dark mode - Generates pot files automatically. - Add headers in cmake files to get them properly detected - Ensure that bulk upload network job errors are handled - Do not remove a folder that has files that were not uploaded yet during propagation - L10n: Change to lowercase - Simplify currentScreen in systray.cpp - Fix warn colour in dark mode - Do not remove files from a Group folder and its nested folders when it is renamed or removed while not allowed. - Rollback local move on server move failure - Implement local socket to communicate with finder extension - Bugfix/prevent overflow with mtime - L10n: Changed spelling - Add 'Help' action back. - Ensure file activity dialog appears in centre of screen - Increase maximum text line count in tray activity items to two lines - Fix file activity dialog - Properly ask Qt to create qml opengl surface with proper options - Old submodule url does not work anylonger - Old submodule url does not work anylonger - Prepare for 3.5.0-rc1 - Fix icon color and highlight color issues - Fix for VFS crashes due to mimetype checking for thumbnails - Fix various dark mode bugs - Add a new yml github issue template for bug reports. - Ensure we only store update channel not localized in settings - Improve talk reply - Prepare for 3.5.0-rc2 - Bugfix/talk reply part 2 - Darkmode. Fix crash on exit. - Avoid deleting renamed file with spaces in name - More dark mode fixes - Ensure we do properly failed hydration jobs - Fix build of appimage for branded clients - Prepare for 3.5.0-rc3 - Feature/files lock - Add call notification dialog. - Fix thumbnails for new files made while client open - Increase time between connection tries - Improve contrast on server color themed elements - Fix positioning of activities in the activities list - Bugfix/activities fetch server overload - Realigned and resized thumbnails - Add user avatars in talk notifications in activity list - Fix sparkle implementation in the desktop client - Prepare 3.5.0-rc4 - Prepare final 3.5.0 release - Update to 3.4.4 - Do not remove files from a Group folder and its nested folders when it is renamed or removed while not allowed. - Bugfix/prevent overflow with mtime - Old submodule url does not work anylonger - Update to 3.4.3 - Remove Hirsute, add Jammy - Cmake option to disable proxy - ensure we emit a rename command for renamed files - Makes sure that sync engine terminates when an error happen - ensure that bulk upload network job errors are handled - Rollback local move on server move failure - Do not remove a folder that has files that were not uploaded yet during propagation - Update to 3.4.2 - Bugfix/force re-login on SSL Handshake error - Do not display 'Conflict when uploading some files to a folder - Windows. MSI. Unregister Nextcloud folders in SyncRootManager on uninstall. - Unbreak loading translations - Hide share button for deleted files and ignored files in tray activity - Display error message when creating a link share with compromised password. - Bugfix. Re-init sharing manager to enable link sharing UI when receivng sharing permissions. - Show only filenames in tray activity items, with full path in tooltip - use proper API to dehydrate a placeholder file - Add macOS *.textClipping files to ignore list - Updatete to 3.4.1 - fix random error when updating CfApi metadata - do not forget the path when renaming files with invalid names - Bugfix/assert invalid modtime - Feature/folder logo variations - Always prefill username from Windows login name based on server version - Bugfix/3.4.1 rc1 - Bugfix/sync stuck on error - Bugfix/force download local invalid files - Enforce VFS. Disable 'Make always available locally'. - Bugfix/avoid sync getting stuck - Fix CMake error in ECMAddAppIcon for mac - Do not crash on findAndCancelDeletedJob - ensure any errors after calling FileSystem::getModTime are handled - Skiped version 3.4.0 because of modtime bug: See: https://github.com/nextcloud/desktop/pull/4049 Please read the following wiki page How to fix files invalid modification date: https://github.com/nextcloud/desktop/wiki/Fix-bug-invalid-modification-date Important SUSE bug 1201070 SUSE bug 1205798 SUSE bug 1205799 SUSE bug 1205800 SUSE bug 1205801 SUSE bug 1207976 CVE-2022-39331 CVE-2022-39332 CVE-2022-39333 CVE-2022-39334 CVE-2023-23942 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: - Chromium 112.0.5615.121: * CVE-2023-2033: Type Confusion in V8 (boo#1210478) - Chromium 112.0.5615.49 * CSS now supports nesting rules. * The algorithm to set the initial focus on <dialog> elements was updated. * No-op fetch() handlers on service workers are skipped from now on to make navigations faster * The setter for document.domain is now deprecated. * The recorder in devtools can now record with pierce selectors. * Security fixes (boo#1210126): * CVE-2023-1810: Heap buffer overflow in Visuals * CVE-2023-1811: Use after free in Frames * CVE-2023-1812: Out of bounds memory access in DOM Bindings * CVE-2023-1813: Inappropriate implementation in Extensions * CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing * CVE-2023-1815: Use after free in Networking APIs * CVE-2023-1816: Incorrect security UI in Picture In Picture * CVE-2023-1817: Insufficient policy enforcement in Intents * CVE-2023-1818: Use after free in Vulkan * CVE-2023-1819: Out of bounds read in Accessibility * CVE-2023-1820: Heap buffer overflow in Browser History * CVE-2023-1821: Inappropriate implementation in WebShare * CVE-2023-1822: Incorrect security UI in Navigation * CVE-2023-1823: Inappropriate implementation in FedCM - Chromium 111.0.5563.147: * nth-child() validation performance regression for SAP apps Important SUSE bug 1210126 SUSE bug 1210478 CVE-2023-1810 CVE-2023-1811 CVE-2023-1812 CVE-2023-1813 CVE-2023-1814 CVE-2023-1815 CVE-2023-1816 CVE-2023-1817 CVE-2023-1818 CVE-2023-1819 CVE-2023-1820 CVE-2023-1821 CVE-2023-1822 CVE-2023-1823 CVE-2023-2033 cpe:/o:opensuse:leap:15.4 Security update for chromium (Important) openSUSE Leap 15.4 This update for chromium fixes the following issues: Chromium 112.0.5615.165 (boo#1210618): * CVE-2023-2133: Out of bounds memory access in Service Worker API * CVE-2023-2134: Out of bounds memory access in Service Worker API * CVE-2023-2135: Use after free in DevTools * CVE-2023-2136: Integer overflow in Skia * CVE-2023-2137: Heap buffer overflow in sqlite Important SUSE bug 1210618 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 cpe:/o:opensuse:leap:15.4 Security update for liferea (Important) openSUSE Leap 15.4 liferea was updated to version 1.14.1: + Fix CVE-2023-1350 - Remote code execution on feed enrichment (boo#1209190). Update to version 1.14.0: + New 'Reader mode' preference that allows stripping all web content + Implement support for Webkits Intelligent Tracking Protection + New progress bar when loading websites + Youtube videos from media:video can be embedded now with a click on the video preview picture. + Changes to UserAgent handling: same UA is now used for both feed fetching and internal browsing. + New view mode 'Automatic' which switches between 'Normal' and 'Wide' mode based on the window proportions. + Liferea now supports the new GTK dark theme logic, where in the GTK/GNOME preferences you define wether you 'prefer' dark mode or light mode + Favicon discovery improvements: now detects all types of Apple Touch Icons, MS Tile Images and Safari Mask Icons + Increase size of stored favicons to 128x128px to improve icon quality in 3-pane wide view. + Make several plugins support gettext + Allow mutiple feed in same libnotify notification + Redesign of the update message in the status bar. It now shows a update counter of the feeds being in update. + You can now export a feed to XML file + Added an option to show news bins in reduced feed list + Added menu option to send item per mail + Default to https:// instead of http:// when user doesn't provide protocol on subscribing feed + Implement support for subscribing to LD+Json metadata listings e.g. concert or theater event listings + Implement support for subscribing to HTML5 websites + Support for media:description field of Youtube feeds + Improve HTML5 extraction: extract main tag if it exists and no article was found. + Execute feed pipe/filter commands asynchronously + Better explanation of feed update errors. + Added generic Google Reader API support (allows using FeedHQ, FreshRSS, Miniflux...) + Now allow converting TinyTinyRSS subscriptions to local subscriptions + New search folder rule to match podcasts + New search folder rule to match headline authors + New search folder rule to match subscription source + New search folder rule to match parent folder name + New search folder property that allows hiding read items + Now search folders are automatically rebuild when rules are changed + Added new plugin 'add-bookmark-site' that allows to configure a custom bookmarking site. + Added new plugin 'getfocus' that adds transparency on the feed list when it is not focussed. + Trayicon plugin has now a configuration option to change the behaviour when closing Liferea. + Trayicon plugin has now an option to disable minimizing to tray + New hot key Ctrl-D for 'Open in External Browser' + New hot key F10 for headerbar plugin to allow triggering the hamburger menu + New hot key Ctrl-0 to reset zoom + New hot key Ctrl-O to open enclosures + Fix hidden panes, Liferea will never allow the panes to be smaller than 5% in height or width + Wait for network to be fully available before updating + 2-pane mode was removed + Dropped CDF channel support + Dropped Atom 0.2/0.3 (aka Pie) support + Dropped blogChannel namespace support + Dropped photo namespace support - Require python3-cairo; needed for tray icon (boo#1193579). Important SUSE bug 1193579 SUSE bug 1209190 CVE-2023-1350 cpe:/o:opensuse:leap:15.4 Security update for stellarium (Important) openSUSE Leap 15.4 This update for stellarium fixes the following issues: - CVE-2023-28371: Fixed arbitrary file write issue. (boo#1209285) Important SUSE bug 1209285 CVE-2023-28371 cpe:/o:opensuse:leap:15.4 Security update for opera (Important) openSUSE Leap 15.4 NonFree This update for opera fixes the following issues: - Update to 106.0.4998.19 * CHR-9416 Updating Chromium on desktop-stable-* branches * DNA-113887 Translations for O106 - The update to chromium 120.0.6099.130 fixes following issues: CVE-2023-7024 - Update to 106.0.4998.16 * CHR-9553 Update Chromium on desktop-stable-120-4998 to 120.0.6099.109 * DNA-112522 'Find in page' option does not show text cursor * DNA-113349 Lucid mode strength in full settings bar is visible only after change * DNA-113462 Crash at opera::fcm::FcmRegistrationServiceImpl:: RemoveTokenObserverForClient(opera::fcm::FcmClient*, syncer::FCMRegistrationTokenObserver*) * DNA-113748 Split preview shows on videoconferencing * DNA-114091 Promote 106 to stable - Complete Opera 106 changelog at: https://blogs.opera.com/desktop/changelog-for-106/ - The update to chromium 120.0.6099.109 fixes following issues: CVE-2023-6702, CVE-2023-6703, CVE-2023-6704, CVE-2023-6705, CVE-2023-6706, CVE-2023-6707 - Update to 105.0.4970.48 * DNA-112522 'Find in page' option does not show text cursor Important CVE-2023-6702 CVE-2023-6703 CVE-2023-6704 CVE-2023-6705 CVE-2023-6706 CVE-2023-6707 CVE-2023-7024 cpe:/o:opensuse:leap:15.4 Security update for putty (Important) openSUSE Leap 15.4 This update for putty fixes the following issues: putty was updated to to release 0.80: * Fix CVE-2023-48795 [boo#1218128] - Update to release 0.79 * Terminal mouse tracking: support for mouse movements which are not drags, and support for horizontal scroll events (e.g. generated by trackpads). * Fixed: PuTTY could fail an assertion if a resize control sequence was sent by the server while the window was docked to one half of the screen in KDE. * Fixed: PuTTY could fail an assertion if you tried to change the font size while the window was maximised. - Update to release 0.78 * Support for OpenSSH certificates, for both user authentication keys and host keys. * New SSH proxy modes, for running a custom shell command or subsystem on the proxy server instead of forwarding a port through it. * New plugin system to allow a helper program to provide responses in keyboard-interactive authentication, intended to automate one-time password systems. * Support for NTRU Prime post-quantum key exchange, * Support for AES-GCM (in the OpenSSH style rather than RFC?5647). * Support for more forms of Diffie-Hellman key exchange: new larger integer groups (such as group16 and group18), and support for using those and ECDH with GSSAPI. * Bug fix: server-controlled window title setting now works again even if the character set is ISO 8859 (or a few other Important SUSE bug 1218128 CVE-2023-48795 cpe:/o:opensuse:leap:15.4 Security update for go1.18 (Moderate) openSUSE Leap 15.4 This update for go1.18 fixes the following issues: - CVE-2022-24675: Fixed a stack overlow in Decode() in encoding/pem (bsc#1198423). - CVE-2022-28327: Fixed a crash due to refused oversized scalars in generic P-256 (bsc#1198424). - CVE-2022-27536: Fixed a crash in Certificate.Verify in crypto/x509 (bsc#1198427). Bump go1.18 (bsc#1193742) Moderate SUSE bug 1183043 SUSE bug 1193742 SUSE bug 1198423 SUSE bug 1198424 SUSE bug 1198427 CVE-2022-24675 CVE-2022-27536 CVE-2022-28327 cpe:/o:opensuse:leap:15.4 Security update for go1.17 (Moderate) openSUSE Leap 15.4 This update for go1.17 fixes the following issues: - Updated to version 1.17.9 (bsc#1190649): - CVE-2022-24675: Fixed a stack overflow via crafted PEM file (bsc#1198423). - CVE-2022-28327: Fixed a potential panic when using big P-256 scalars in the crypto/elliptic module (bsc#1198424). Moderate SUSE bug 1190649 SUSE bug 1198423 SUSE bug 1198424 CVE-2022-24675 CVE-2022-28327 cpe:/o:opensuse:leap:15.4 Security update for ant (Moderate) openSUSE Leap 15.4 This update for ant fixes the following issues: - CVE-2021-36373: Fixed an excessive memory allocation when reading a specially crafted TAR archive (bsc#1188468). - CVE-2021-36374: Fixed an excessive memory allocation when reading a specially crafted ZIP archive (bsc#1188469). Moderate SUSE bug 1188468 SUSE bug 1188469 CVE-2021-36373 CVE-2021-36374 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 (bsc#1198290): - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution. - CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error. Missing CVE reference for the update to 2.34.6 (bsc#1196133): - CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API. Important SUSE bug 1196133 SUSE bug 1198290 CVE-2022-22594 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22637 cpe:/o:opensuse:leap:15.4 Security update for firewalld, golang-github-prometheus-prometheus (Important) openSUSE Leap 15.4 This update for firewalld, golang-github-prometheus-prometheus fixes the following issues: Security fixes for golang-github-prometheus-prometheus: - CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods (bsc#1196338). Other non security changes for golang-github-prometheus-prometheus: - Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`. - Only recommends `firewalld-prometheus-config` as prometheus does not require it to run. - Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24373, jsc#SLE-24374, jsc#SLE-24375) Other non security changes for firewalld: - Provide dummy `firewalld-prometheus-config` package (bsc#1197042) Important SUSE bug 1196338 SUSE bug 1197042 CVE-2022-21698 cpe:/o:opensuse:leap:15.4 Security update for libaom (Moderate) openSUSE Leap 15.4 This update for libaom fixes the following issues: - CVE-2021-30473: AOMedia in aom_image.c frees memory that is not located on the heap (bsc#1185778). Moderate SUSE bug 1185778 CVE-2021-30473 cpe:/o:opensuse:leap:15.4 Security update for python-paramiko (Moderate) openSUSE Leap 15.4 This update for python-paramiko fixes the following issues: - CVE-2022-24302: Fixed a race condition between creation and chmod when writing private keys. (bsc#1197279) Moderate SUSE bug 1197279 CVE-2022-24302 cpe:/o:opensuse:leap:15.4 Security update for python-pip (Moderate) openSUSE Leap 15.4 This update for python-pip fixes the following issues: - Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916). - Make wheel a separate build run to avoid the setuptools/wheel build cycle. - Switch this package to use update-alternatives for all files in %{_bindir} so it doesn't collide with the versions on 'the latest' versions of Python interpreter (jsc#SLE-18038, bsc#1195831). Moderate SUSE bug 1176262 SUSE bug 1195831 CVE-2019-20916 cpe:/o:opensuse:leap:15.4 Security update for nodejs12 (Important) openSUSE Leap 15.4 This update for nodejs12 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819). Important SUSE bug 1194819 SUSE bug 1196877 SUSE bug 1197283 SUSE bug 1198247 CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-0778 cpe:/o:opensuse:leap:15.4 Security update for nodejs14 (Important) openSUSE Leap 15.4 This update for nodejs14 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819). Important SUSE bug 1194819 SUSE bug 1196877 SUSE bug 1197283 SUSE bug 1198247 CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-0778 cpe:/o:opensuse:leap:15.4 Security update for libslirp (Important) openSUSE Leap 15.4 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] Important SUSE bug 1187364 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1198773 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 cpe:/o:opensuse:leap:15.4 Security update for libcaca (Moderate) openSUSE Leap 15.4 This update for libcaca fixes the following issues: - CVE-2022-0856: Fixed a divide by zero issue which could be exploited to cause an application crash (bsc#1197028). Moderate SUSE bug 1197028 CVE-2022-0856 cpe:/o:opensuse:leap:15.4 Security update for python-Twisted (Moderate) openSUSE Leap 15.4 This update for python-Twisted fixes the following issues: - CVE-2022-24801: Fixed to not be as lenient as earlier HTTP/1.1 RFCs to prevent HTTP request smuggling. (bsc#1198086) Moderate SUSE bug 1198086 CVE-2022-24801 cpe:/o:opensuse:leap:15.4 Security update for jasper (Moderate) openSUSE Leap 15.4 This update for jasper fixes the following issues: - CVE-2021-3467: Fixed NULL pointer deref in jp2_decode() (bsc#1184757). - CVE-2021-3443: Fixed NULL pointer deref in jp2_decode() (bsc#1184798). - CVE-2021-26927: Fixed NULL pointer deref in jp2_decode() (bsc#1182104). - CVE-2021-26926: Fixed an out of bounds read in jp2_decode() (bsc#1182105). Moderate SUSE bug 1182104 SUSE bug 1182105 SUSE bug 1184757 SUSE bug 1184798 CVE-2021-26926 CVE-2021-26927 CVE-2021-3443 CVE-2021-3467 cpe:/o:opensuse:leap:15.4 Security update for git (Important) openSUSE Leap 15.4 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). Important SUSE bug 1181400 SUSE bug 1198234 CVE-2022-24765 cpe:/o:opensuse:leap:15.4 Security update for python39 (Moderate) openSUSE Leap 15.4 This update for python39 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). - Update to 3.9.10 (jsc#SLE-23849) - Remove shebangs from from python-base libraries in _libdir. (bsc#1193179) - Update to 3.9.9: * Core and Builtins + bpo-30570: Fixed a crash in issubclass() from infinite recursion when searching pathological __bases__ tuples. + bpo-45494: Fix parser crash when reporting errors involving invalid continuation characters. Patch by Pablo Galindo. + bpo-45385: Fix reference leak from descr_check. Patch by Dong-hee Na. + bpo-45167: Fix deepcopying of types.GenericAlias objects. + bpo-44219: Release the GIL while performing isatty system calls on arbitrary file descriptors. In particular, this affects os.isatty(), os.device_encoding() and io.TextIOWrapper. By extension, io.open() in text mode is also affected. This change solves a deadlock in os.isatty(). Patch by Vincent Michel in bpo-44219. + bpo-44959: Added fallback to extension modules with '.sl' suffix on HP-UX + bpo-44050: Extensions that indicate they use global state (by setting m_size to -1) can again be used in multiple interpreters. This reverts to behavior of Python 3.8. + bpo-45121: Fix issue where Protocol.__init__ raises RecursionError when it's called directly or via super(). Patch provided by Yurii Karabas. + bpo-45083: When the interpreter renders an exception, its name now has a complete qualname. Previously only the class name was concatenated to the module name, which sometimes resulted in an incorrect full name being displayed. + bpo-45738: Fix computation of error location for invalid continuation characters in the parser. Patch by Pablo Galindo. + Library + bpo-45678: Fix bug in Python 3.9 that meant functools.singledispatchmethod failed to properly wrap the attributes of the target method. Patch by Alex Waygood. + bpo-45679: Fix caching of multi-value typing.Literal. Literal[True, 2] is no longer equal to Literal[1, 2]. + bpo-45438: Fix typing.Signature string representation for generic builtin types. + bpo-45581: sqlite3.connect() now correctly raises MemoryError if the underlying SQLite API signals memory error. Patch by Erlend E. Aasland. + bpo-39679: Fix bug in functools.singledispatchmethod that caused it to fail when attempting to register a classmethod() or staticmethod() using type annotations. Patch contributed by Alex Waygood. + bpo-45515: Add references to zoneinfo in the datetime documentation, mostly replacing outdated references to dateutil.tz. Change by Paul Ganssle. + bpo-45467: Fix incremental decoder and stream reader in the 'raw-unicode-escape' codec. Previously they failed if the escape sequence was split. + bpo-45461: Fix incremental decoder and stream reader in the 'unicode-escape' codec. Previously they failed if the escape sequence was split. + bpo-45239: Fixed email.utils.parsedate_tz() crashing with UnboundLocalError on certain invalid input instead of returning None. Patch by Ben Hoyt. + bpo-44904: Fix bug in the doctest module that caused it to fail if a docstring included an example with a classmethod property. Patch by Alex Waygood. + bpo-45406: Make inspect.getmodule() catch FileNotFoundError raised by :'func:inspect.getabsfile, and return None to indicate that the module could not be determined. + bpo-45262: Prevent use-after-free in asyncio. Make sure the cached running loop holder gets cleared on dealloc to prevent use-after-free in get_running_loop + bpo-45386: Make xmlrpc.client more robust to C runtimes where the underlying C strftime function results in a ValueError when testing for year formatting options. + bpo-45371: Fix clang rpath issue in distutils. The UnixCCompiler now uses correct clang option to add a runtime library directory (rpath) to a shared library. + bpo-20028: Improve error message of csv.Dialect when initializing. Patch by Vajrasky Kok and Dong-hee Na. + bpo-45343: Update bundled pip to 21.2.4 and setuptools to 58.1.0 + bpo-41710: On Unix, if the sem_clockwait() function is available in the C library (glibc 2.30 and newer), the threading.Lock.acquire() method now uses the monotonic clock (time.CLOCK_MONOTONIC) for the timeout, rather than using the system clock (time.CLOCK_REALTIME), to not be affected by system clock changes. Patch by Victor Stinner. + bpo-45328: Fixed http.client.HTTPConnection to work properly in OSs that don't support the TCP_NODELAY socket option. + bpo-1596321: Fix the threading._shutdown() function when the threading module was imported first from a thread different than the main thread: no longer log an error at Python exit. + bpo-45274: Fix a race condition in the Thread.join() method of the threading module. If the function is interrupted by a signal and the signal handler raises an exception, make sure that the thread remains in a consistent state to prevent a deadlock. Patch by Victor Stinner. + bpo-45238: Fix unittest.IsolatedAsyncioTestCase.debug(): it runs now asynchronous methods and callbacks. + bpo-36674: unittest.TestCase.debug() raises now a unittest.SkipTest if the class or the test method are decorated with the skipping decorator. + bpo-45235: Fix an issue where argparse would not preserve values in a provided namespace when using a subparser with defaults. + bpo-45234: Fixed a regression in copyfile(), copy(), copy2() raising FileNotFoundError when source is a directory, which should raise IsADirectoryError + bpo-45228: Fix stack buffer overflow in parsing J1939 network address. + bpo-45192: Fix the tempfile._infer_return_type function so that the dir argument of the tempfile functions accepts an object implementing the os.PathLike protocol. + bpo-45160: When tracing a tkinter variable used by a ttk OptionMenu, callbacks are no longer made twice. + bpo-35474: Calling mimetypes.guess_all_extensions() with strict=False no longer affects the result of the following call with strict=True. Also, mutating the returned list no longer affects the global state. + bpo-45166: typing.get_type_hints() now works with Final wrapped in ForwardRef. + bpo-45097: Remove deprecation warnings about the loop argument in asyncio incorrectly emitted in cases when the user does not pass the loop argument. + bpo-45081: Fix issue when dataclasses that inherit from typing.Protocol subclasses have wrong __init__. Patch provided by Yurii Karabas. + bpo-24444: Fixed an error raised in argparse help display when help for an option is set to 1+ blank spaces or when choices arg is an empty container. + bpo-45021: Fix a potential deadlock at shutdown of forked children when using concurrent.futures module + bpo-45030: Fix integer overflow in pickling and copying the range iterator. + bpo-39039: tarfile.open raises ReadError when a zlib error occurs during file extraction. + bpo-44594: Fix an edge case of ExitStack and AsyncExitStack exception chaining. They will now match with block behavior when __context__ is explicitly set to None when the exception is in flight. * Documentation + bpo-45726: Improve documentation for functools.singledispatch() and functools.singledispatchmethod. + bpo-45680: Amend the docs on GenericAlias objects to clarify that non-container classes can also implement __class_getitem__. Patch contributed by Alex Waygood. + bpo-45655: Add a new 'relevant PEPs' section to the top of the documentation for the typing module. Patch by Alex Waygood. + bpo-45604: Add level argument to multiprocessing.log_to_stderr function docs. + bpo-45464: Mention in the documentation of Built-in Exceptions that inheriting from multiple exception types in a single subclass is not recommended due to possible memory layout incompatibility. + bpo-45449: Add note about PEP 585 in collections.abc. + bpo-45516: Add protocol description to the importlib.abc.Traversable documentation. + bpo-20692: Add Programming FAQ entry explaining that int literal attribute access requires either a space after or parentheses around the literal. + bpo-45216: Remove extra documentation listing methods in difflib. It was rendering twice in pydoc and was outdated in some places. + bpo-45772: socket.socket documentation is corrected to a class from a function. + bpo-45392: Update the docstring of the type built-in to remove a redundant line and to mention keyword arguments for the constructor. * Tests + bpo-45578: Add tests for dis.distb() + bpo-45577: Add subtests for all pickle protocols in test_zoneinfo. + bpo-43592: test.libregrtest now raises the soft resource limit for the maximum number of file descriptors when the default is too low for our test suite as was often the case on macOS. + bpo-40173: Fix test.support.import_helper.import_fresh_module(). + bpo-45280: Add a test case for empty typing.NamedTuple. + bpo-45269: Cover case when invalid markers type is supplied to c_make_encoder. + bpo-45209: Fix UserWarning: resource_tracker warning in _test_multiprocessing._TestSharedMemory.test_shared_memory_cleaned_after_process_termination + bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so don't expect it in the output. Patch by Victor Stinner. + bpo-45156: Fixes infinite loop on unittest.mock.seal() of mocks created by create_autospec(). + bpo-45042: Fixes that test classes decorated with @hashlib_helper.requires_hashdigest were skipped all the time. + bpo-45235: Reverted an argparse bugfix that caused regression in the handling of default arguments for subparsers. This prevented leaf level arguments from taking precedence over root level arguments. + bpo-45765: In importlib.metadata, fix distribution discovery for an empty path. + bpo-45644: In-place JSON file formatting using python3 -m json.tool infile infile now works correctly, previously it left the file empty. Patch by Chris Wesseling. * Build + bpo-43158: setup.py now uses values from configure script to build the _uuid extension module. Configure now detects util-linux's libuuid, too. + bpo-45571: Modules/Setup now use PY_CFLAGS_NODIST instead of PY_CFLAGS to compile shared modules. + bpo-45532: Update sys.version to use main as fallback information. Patch by Jeong YunWon. + bpo-45405: Prevent internal configure error when running configure with recent versions of non-Apple clang. Patch by David Bohman. + bpo-45220: Avoid building with the Windows 11 SDK previews automatically. This may be overridden by setting the DefaultWindowsSDKVersion environment variable before building. * C API + bpo-44687: BufferedReader.peek() no longer raises ValueError when the entire file has already been buffered. + bpo-44751: Remove crypt.h include from the public Python.h header. - rpm-build-python dependency is available on the current Factory, not with SLE. - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. - Update to 3.9.7: - Security - Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - Add auditing events to the marshal module, and stop raising code.__init__ events for every unmarshalled code object. Directly instantiated code objects will continue to raise an event, and audit event handlers should inspect or collect the raw marshal data. This reduces a significant performance overhead when loading from .pyc files. - Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - Core and Builtins - Fixed pickling of range iterators that iterated for over 2**32 times. - Fix a race in WeakKeyDictionary, WeakValueDictionary and WeakSet when two threads attempt to commit the last pending removal. This fixes asyncio.create_task and fixes a data loss in asyncio.run where shutdown_asyncgens is not run - Fixed a corner case bug where the result of float.fromhex('0x.8p-1074') was rounded the wrong way. - Refine the syntax error for trailing commas in import statements. Patch by Pablo Galindo. - Restore behaviour of complex exponentiation with integer-valued exponent of type float or complex. - Correct the ast locations of f-strings with format specs and repeated expressions. Patch by Pablo Galindo - Use new trashcan macros (Py_TRASHCAN_BEGIN/END) in frameobject.c instead of the old ones (Py_TRASHCAN_SAFE_BEGIN/END). - Fix segmentation fault with deep recursion when cleaning method objects. Patch by Augusto Goulart and Pablo Galindo. - Fix bug where PyErr_SetObject hangs when the current exception has a cycle in its context chain. - Fix reference leaks in the error paths of update_bases() and __build_class__. Patch by Pablo Galindo. - Fix undefined behaviour in complex object exponentiation. - Remove uses of PyObject_GC_Del() in error path when initializing types.GenericAlias. - Remove the pass-through for hash() of weakref.proxy objects to prevent unintended consequences when the original referred object dies while the proxy is part of a hashable object. Patch by Pablo Galindo. - Fix ltrace functionality when exceptions are raised. Patch by Pablo Galindo - Fix a crash at Python exit when a deallocator function removes the last strong reference to a heap type. Patch by Victor Stinner. - Fix crash when using passing a non-exception to a generator's throw() method. Patch by Noah Oxer - Library - run() now always return a TestResult instance. Previously it returned None if the test class or method was decorated with a skipping decorator. - Fix bugs in cleaning up classes and modules in unittest: - Functions registered with addModuleCleanup() were not called unless the user defines tearDownModule() in their test module. - Functions registered with addClassCleanup() were not called if tearDownClass is set to None. - Buffering in TestResult did not work with functions registered with addClassCleanup() and addModuleCleanup(). - Errors in functions registered with addClassCleanup() and addModuleCleanup() were not handled correctly in buffered and debug modes. - Errors in setUpModule() and functions registered with addModuleCleanup() were reported in wrong order. - And several lesser bugs. - Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee. - Fix a crash in the signal handler of the faulthandler module: no longer modify the reference count of frame objects. Patch by Victor Stinner. - Method stopTestRun() is now always called in pair with method startTestRun() for TestResult objects implicitly created in run(). Previously it was not called for test methods and classes decorated with a skipping decorator. - argparse.BooleanOptionalAction's default value is no longer printed twice when used with argparse.ArgumentDefaultsHelpFormatter. - Upgrade bundled pip to 21.2.3 and setuptools to 57.4.0 - Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. Patch by Victor Stinner. - The @functools.total_ordering() decorator now works with metaclasses. - sqlite3 user-defined functions and aggregators returning strings with embedded NUL characters are no longer truncated. Patch by Erlend E. Aasland. - Always show loop= arg deprecations in asyncio.gather() and asyncio.sleep() - Non-protocol subclasses of typing.Protocol ignore now the __init__ method inherited from protocol base classes. - The tokenize.tokenize() doesn't incorrectly generate a NEWLINE token if the source doesn't end with a new line character but the last line is a comment, as the function is already generating a NL token. Patch by Pablo Galindo - Fix http.client.HTTPSConnection fails to download >2GiB data. - rcompleter does not call getattr() on property objects to avoid the side-effect of evaluating the corresponding method. - weakref.proxy objects referencing non-iterators now raise TypeError rather than dereferencing the null tp_iternext slot and crashing. - The implementation of collections.abc.Set._hash() now matches that of frozenset.__hash__(). - Fixed issue in compileall.compile_file() when sys.stdout is redirected. Patch by Stefan H?lzl. - Give priority to using the current class constructor in inspect.signature(). Patch by Weipeng Hong. - Fix memory leak in _tkinter._flatten() if it is called with a sequence or set, but not list or tuple. - Update shutil.copyfile() to raise FileNotFoundError instead of confusing IsADirectoryError when a path ending with a os.path.sep does not exist; shutil.copy() and shutil.copy2() are also affected. - handle StopIteration subclass raised from @contextlib.contextmanager generator - Make the implementation consistency of indexOf() between C and Python versions. Patch by Dong-hee Na. - Fixes TypedDict to work with typing.get_type_hints() and postponed evaluation of annotations across modules. - Fix bug with pdb's handling of import error due to a package which does not have a __main__ module - Fixed an exception thrown while parsing a malformed multipart email by email.message.EmailMessage. - pathlib.PureWindowsPath.is_reserved() now identifies a greater range of reserved filenames, including those with trailing spaces or colons. - Handle exceptions from parsing the arg of pdb's run/restart command. - The sqlite3 context manager now performs a rollback (thus releasing the database lock) if commit failed. Patch by Luca Citi and Erlend E. Aasland. - Improved string handling for sqlite3 user-defined functions and aggregates: - It is now possible to pass strings with embedded null characters to UDFs - Conversion failures now correctly raise MemoryError - Patch by Erlend E. Aasland. - Handle RecursionError in TracebackException's constructor, so that long exceptions chains are truncated instead of causing traceback formatting to fail. - Fix email.message.EmailMessage.set_content() when called with binary data and 7bit content transfer encoding. - The compresslevel and preset keyword arguments of tarfile.open() are now both documented and tested. - Fixed a Y2k38 bug in the compileall module where it would fail to compile files with a modification time after the year 2038. - Fix test___all__ on platforms lacking a shared memory implementation. - Pass multiprocessing BaseProxy argument manager_owned through AutoProxy. - email.utils.getaddresses() now accepts email.header.Header objects along with string values. Patch by Zackery Spytz. - lib2to3 now recognizes async generators everywhere. - Fix TypeError when required subparsers without dest do not receive arguments. Patch by Anthony Sottile. - Documentation - Removed the othergui.rst file, any references to it, and the list of GUI frameworks in the FAQ. In their place I've added links to the Python Wiki page on GUI frameworks. - Update the definition of __future__ in the glossary by replacing the confusing word 'pseudo-module' with a more accurate description. - Add typical examples to os.path.splitext docs - Clarify that shutil.make_archive() is not thread-safe due to reliance on changing the current working directory. - Update of three expired hyperlinks in Doc/distributing/index.rst: 'Project structure', 'Building and packaging the project', and 'Uploading the project to the Python Packaging Index'. - Updated the docstring and docs of filecmp.cmp() to be more accurate and less confusing especially in respect to shallow arg. - Match the docstring and python implementation of countOf() to the behavior of its c implementation. - List all kwargs for textwrap.wrap(), textwrap.fill(), and textwrap.shorten(). Now, there are nav links to attributes of TextWrap, which makes navigation much easier while minimizing duplication in the documentation. - Clarify that atexit uses equality comparisons internally. - Documentation of csv.Dialect is more descriptive. - Fix documentation for the return type of sysconfig.get_path(). - Add a 'Security Considerations' index which links to standard library modules that have explicitly documented security considerations. - Remove the unqualified claim that tkinter is threadsafe. It has not been true for several years and likely never was. An explanation of what is true may be added later, after more discussion, and possibly after patching _tkinter.c, - Tests - Add calls of gc.collect() in tests to support PyPy. - Made tests relying on the _asyncio C extension module optional to allow running on alternative Python implementations. Patch by Serhiy Storchaka. - Fix auto history tests of test_readline: sometimes, the newline character is not written at the end, so don't expect it in the output. - Add ability to wholesale silence DeprecationWarnings while running the regression test suite. - Notify users running test_decimal regression tests on macOS of potential harmless 'malloc can't allocate region' messages spewed by test_decimal. - Fixed floating point precision issue in turtle tests. - Regression tests, when run with -w, are now re-running only the affected test methods instead of re-running the entire test file. - Add test for nested queues when using multiprocessing shared objects AutoProxy[Queue] inside ListProxy and DictProxy - Add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling - bpo-44022 (bsc#1189241, CVE-2021-3737): http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server. - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. Moderate SUSE bug 1186819 SUSE bug 1189241 SUSE bug 1189287 SUSE bug 1189356 SUSE bug 1193179 CVE-2021-3572 CVE-2021-3733 CVE-2021-3737 cpe:/o:opensuse:leap:15.4 Security update for pcp (Moderate) openSUSE Leap 15.4 This update for pcp fixes the following issues: - CVE-2020-8025: Fixed outdated entries in permissions profiles for /var/lib/pcp/tmp/* (bsc#1171883). Moderate SUSE bug 1171883 CVE-2020-8025 cpe:/o:opensuse:leap:15.4 Security update for amazon-ssm-agent (Important) openSUSE Leap 15.4 This update for amazon-ssm-agent fixes the following issues: - CVE-2022-29527: Fixed unsafe file creation mode of ssm-agent-users sudoer file (bsc#1196556). Update to version 3.1.1260.0 Important SUSE bug 1196556 CVE-2022-29527 cpe:/o:opensuse:leap:15.4 Security update for ruby2.5 (Important) openSUSE Leap 15.4 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). Important SUSE bug 1188160 SUSE bug 1188161 SUSE bug 1190375 SUSE bug 1193035 SUSE bug 1198441 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-41817 CVE-2022-28739 cpe:/o:opensuse:leap:15.4 Security update for java-11-openjdk (Important) openSUSE Leap 15.4 This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198672). - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198674). - CVE-2022-21496: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198673). - CVE-2022-21443: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198675). - CVE-2022-21476: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198671). Important SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 cpe:/o:opensuse:leap:15.4 Security update for rubygem-puma (Important) openSUSE Leap 15.4 This update for rubygem-puma fixes the following issues: rubygem-puma was updated to version 4.3.11: * CVE-2021-29509: Adjusted an incomplete fix for allows Denial of Service (DoS) (bsc#1188527) * CVE-2021-41136: Fixed request smuggling if HTTP header value contains the LF character (bsc#1191681) * CVE-2022-23634: Fixed information leak between requests (bsc#1196222) Important SUSE bug 1188527 SUSE bug 1191681 SUSE bug 1196222 CVE-2021-29509 CVE-2021-41136 CVE-2022-23634 cpe:/o:opensuse:leap:15.4 Security update for libwmf (Important) openSUSE Leap 15.4 This update for libwmf fixes the following issues: libwmf was updated to 0.2.12: * upstream changed to fork from Fedora: https://github.com/caolanm/libwmf * merged all the pending fixes * merge in fixes for libgd CVE-2019-6978 (bsc#1123522) * fixed memory allocation failure (CVE-2016-9011) * Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) Important SUSE bug 1006739 SUSE bug 1123522 SUSE bug 1174075 CVE-2016-9011 CVE-2019-6978 cpe:/o:opensuse:leap:15.4 Security update for apache2-mod_auth_mellon (Moderate) openSUSE Leap 15.4 This update for apache2-mod_auth_mellon fixes the following issues: - CVE-2021-3639: Fixed open Redirect vulnerability in logout URLs (bsc#1188926) Moderate SUSE bug 1188926 CVE-2021-3639 cpe:/o:opensuse:leap:15.4 Security update for pgadmin4 (Important) openSUSE Leap 15.4 This update for pgadmin4 fixes the following issues: - CVE-2022-0959: Fixed an unrestricted file upload (bsc#1197143). Important SUSE bug 1197143 CVE-2022-0959 cpe:/o:opensuse:leap:15.4 Security update for libvirt (Moderate) openSUSE Leap 15.4 This update for libvirt fixes the following issues: - CVE-2022-0897: Fixed a crash in nwfilter when counting number of network filters (bsc#1197636). The following non-security bugs were fixed: - qemu: Improve save operation by increasing pipe size c61d1e9b-virfile-set-pipe-size.patch, 47d6d185-virfile-fix-indent.patch, cd7acb33-virfile-report-error.patch bsc#1196625 - qemu: Directly query KVM for TSC scaling support 5df2c492-use-kvm-for-tsc-scaling.patch bsc#1193364 Moderate SUSE bug 1193364 SUSE bug 1196625 SUSE bug 1197636 CVE-2022-0897 cpe:/o:opensuse:leap:15.4 Security update for giflib (Moderate) openSUSE Leap 15.4 This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero (bsc#1146299). - CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c (bsc#1094832). - CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb (bsc#974847). Update to version 5.2.1 * In gifbuild.c, avoid a core dump on no color map. * Restore inadvertently removed library version numbers in Makefile. Changes in version 5.2.0 * The undocumented and deprecated GifQuantizeBuffer() entry point has been moved to the util library to reduce libgif size and attack surface. Applications needing this function are couraged to link the util library or make their own copy. * The following obsolete utility programs are no longer installed: gifecho, giffilter, gifinto, gifsponge. These were either installed in error or have been obsolesced by modern image-transformmation tools like ImageMagick convert. They may be removed entirely in a future release. * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84 * Address SF bug #134: Giflib fails to slurp significant number of gifs * Apply SPDX convention for license tagging. Changes in version 5.1.9 * The documentation directory now includes an HTMlified version of the GIF89 standard, and a more detailed description of how LZW compression is applied to GIFs. * Address SF bug #129: The latest version of giflib cannot be build on windows. * Address SF bug #126: Cannot compile giflib using c89 Changes in version 5.1.8 * Address SF bug #119: MemorySanitizer: FPE on unknown address (CVE-2019-15133 bsc#1146299) * Address SF bug #125: 5.1.7: xmlto is still required for tarball * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible * Address SF bug #122: 5.1.7 installs manpages to wrong directory * Address SF bug #121: make: getversion: Command not found * Address SF bug #120: 5.1.7 does not build a proper library - no Changes in version 5.1.7 * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs. Changes in version 5.1.6 * Fix library installation in the Makefile. Changes in version 5.1.5 * Fix SF bug #114: Null dereferences in main() of gifclrmp * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. This had been assigned (CVE-2018-11490 bsc#1094832). * Fix SF bug #111: segmentation fault in PrintCodeBlock * Fix SF bug #109: Segmentation fault of giftool reading a crafted file * Fix SF bug #107: Floating point exception in giftext utility * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 * Fix SF bug #104: Ineffective bounds check in DGifSlurp * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). (CVE-2016-3977 bsc#974847) * The horrible old autoconf build system has been removed with extreme prejudice. You now build this simply by running 'make' from the top-level directory. The following non-security bugs were fixed: - build path independent objects and inherit CFLAGS from the build system (bsc#1184123) Moderate SUSE bug 1094832 SUSE bug 1146299 SUSE bug 1184123 SUSE bug 974847 CVE-2016-3977 CVE-2018-11490 CVE-2019-15133 cpe:/o:opensuse:leap:15.4 Security update for gzip (Important) openSUSE Leap 15.4 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) Important SUSE bug 1198062 SUSE bug 1198922 CVE-2022-1271 cpe:/o:opensuse:leap:15.4 Security update for clamav (Important) openSUSE Leap 15.4 This update for clamav fixes the following issues: - CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser (bsc#1199242). - CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check (bsc#1199246). - CVE-2022-20771: Fixed a possible infinite loop vulnerability in the TIFF file parser (bsc#1199244). - CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / Javascript normalizer (bsc#1199245). - CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module (bsc#1199274). Important SUSE bug 1199242 SUSE bug 1199244 SUSE bug 1199245 SUSE bug 1199246 SUSE bug 1199274 CVE-2022-20770 CVE-2022-20771 CVE-2022-20785 CVE-2022-20792 CVE-2022-20796 cpe:/o:opensuse:leap:15.4 Security update for pidgin (Important) openSUSE Leap 15.4 This update for pidgin fixes the following issues: - CVE-2022-26491: Fixed MITM vulnerability when DNSSEC wasn't used (bsc#1199025). Important SUSE bug 1199025 CVE-2022-26491 cpe:/o:opensuse:leap:15.4 Security update for slurm (Important) openSUSE Leap 15.4 This update for slurm fixes the following issues: - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to arbitrary unix socket as root (bsc#1199279). Important SUSE bug 1199278 SUSE bug 1199279 CVE-2022-29500 CVE-2022-29501 cpe:/o:opensuse:leap:15.4 Security update for openldap2 (Important) openSUSE Leap 15.4 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Important SUSE bug 1199240 CVE-2022-29155 cpe:/o:opensuse:leap:15.4 Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (Important) openSUSE Leap 15.4 This update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core fixes the following issues: Security issues fixed: - CVE-2020-36518: Fixed a Java stack overflow exception and denial of service via a large depth of nested objects in jackson-databind. (bsc#1197132) - CVE-2020-25649: Fixed an insecure entity expansion in jackson-databind which was vulnerable to XML external entity (XXE). (bsc#1177616) - CVE-2020-28491: Fixed a bug which could cause `java.lang.OutOfMemoryError` exception in jackson-dataformats-binary. (bsc#1182481) Non security fixes: jackson-annotations - update from version 2.10.2 to version 2.13.0: + Build with source/target levels 8 + Add 'mvnw' wrapper + 'JsonSubType.Type' should accept array of names + Jackson version alignment with Gradle 6 + Add '@JsonIncludeProperties' + Add '@JsonTypeInfo(use=DEDUCTION)' + Ability to use '@JsonAnyGetter' on fields + Add '@JsonKey' annotation + Allow repeated calls to 'SimpleObjectIdResolver.bindItem()' for same mapping + Add 'namespace' property for '@JsonProperty' (for XML module) + Add target 'ElementType.ANNOTATION_TYPE' for '@JsonEnumDefaultValue' + 'JsonPattern.Value.pattern' retained as '', never (accidentally) exposed as 'null' + Rewrite to use `ant` for building in order to be able to use it in packages that have to be built before maven jackson-bom - update from version 2.10.2 to version 2.13.0: + Configure moditect plugin with '<jvmVersion>11</jvmVersion>' + jackson-bom manages the version of 'junit:junit' + Drop 'jackson-datatype-hibernate3' (support for Hibernate 3.x datatypes) + Removed 'jakarta' classifier variants of JAXB/JSON-P/JAX-RS modules due to the addition of new Jakarta artifacts (Jakarta-JSONP, Jakarta-xmlbind-annotations, Jakarta-rs-providers) + Add version for 'jackson-datatype-jakarta-jsonp' module (introduced after 2.12.2) + Add (beta) version for 'jackson-dataformat-toml' + Jakarta 9 artifact versions are missing from jackson-bom + Add default settings for 'gradle-module-metadata-maven-plugin' (gradle metadata) + Add default settings for 'build-helper-maven-plugin' + Drop 'jackson-module-scala_2.10' entry (not released for Jackson 2.12 or later) + Add override for 'version.plugin.bundle' (for 5.1.1) to help build on JDK 15+ + Add missing version for jackson-datatype-eclipse-collections jackson-core - update from version 2.10.2 to version 2.13.0: + Build with source and target levels 8 + Misleading exception for input source when processing byte buffer with start offset + Escape contents of source document snippet for 'JsonLocation._appendSourceDesc()' + Add 'StreamWriteException' type to eventually replace 'JsonGenerationException' + Replace 'getCurrentLocation()'/'getTokenLocation()' with 'currentLocation()'/'currentTokenLocation()' in 'JsonParser' + Replace 'JsonGenerator.writeObject()' (and related) with 'writePOJO()' + Replace 'getCurrentValue()'/'setCurrentValue()' with 'currentValue()'/'assignCurrentValue()' in 'JsonParser'/'JsonGenerator + Introduce O(n^1.5) BigDecimal parser implementation + ByteQuadsCanonicalizer.addName(String, int, int) has incorrect handling for case of q2 == null + UTF32Reader ArrayIndexOutOfBoundsException + Improve exception/JsonLocation handling for binary content: don't show content, include byte offset + Fix an issue with the TokenFilter unable to ignore properties when deserializing. + Optimize array allocation by 'JsonStringEncoder' + Add 'mvnw' wrapper + (partial) Optimize array allocation by 'JsonStringEncoder' + Add back accidentally removed 'JsonStringEncoder' related methods in 'BufferRecyclers' (like 'getJsonStringEncoder()') + 'ArrayOutOfBoundException' at 'WriterBasedJsonGenerator.writeString(Reader, int)' + Allow 'optional-padding' for 'Base64Variant' + More customizable TokenFilter inclusion (using 'Tokenfilter.Inclusion') + Publish Gradle Module Metadata + Add 'StreamReadCapability' for further format-based/format-agnostic handling improvements + Add 'JsonParser.isExpectedNumberIntToken()' convenience method + Add 'StreamWriteCapability' for further format-based/format-agnostic handling improvements + Add 'JsonParser.getNumberValueExact()' to allow precision-retaining buffering + Limit initial allocated block size by 'ByteArrayBuilder' to max block size + Add 'JacksonException' as parent class of 'JsonProcessingException' + Make 'JsonWriteContext.reset()' and 'JsonReadContext.reset()' methods public + Deprecate 'JsonParser.getCurrentTokenId()' (use '#currentTokenId()' instead) + Full 'LICENSE' included in jar for easier access by compliancy tools + Fix NPE in 'writeNumber(String)' method of 'UTF8JsonGenerator', 'WriterBasedJsonGenerator' + Add a String Array write method in the Streaming API + Synchronize variants of 'JsonGenerator#writeNumberField' with 'JsonGenerator#writeNumber' + Add JsonGenerator#writeNumber(char[], int, int) method + Do not clear aggregated contents of 'TextBuffer' when 'releaseBuffers()' called + 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)' + Optionally allow leading decimal in float tokens + Rewrite to use ant for building in order to be able to use it in packages that have to be built before maven + Parsing JSON with 'ALLOW_MISSING_VALUE' enabled results in endless stream of 'VALUE_NULL' tokens + Handle case when system property access is restricted + 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)' + DataFormatMatcher#getMatchedFormatName throws NPE when no match exists + 'JsonParser.getCurrentLocation()' byte/char offset update incorrectly for big payloads jackson-databind - update from version 2.10.5.1 to version 2.13.0: + '@JsonValue' with integer for enum does not deserialize correctly + 'AnnotatedMethod.getValue()/setValue()' doesn't have useful exception message + Add 'DatabindException' as intermediate subtype of 'JsonMappingException' + Jackson does not support deserializing new Java 9 unmodifiable collections + Allocate TokenBuffer instance via context objects (to allow format-specific buffer types) + Add mechanism for setting default 'ContextAttributes' for 'ObjectMapper' + Add 'DeserializationContext.readTreeAsValue()' methods for more convenient conversions for deserializers to use + Clean up support of typed 'unmodifiable', 'singleton' Maps/Sets/Collections + Extend internal bitfield of 'MapperFeature' to be 'long' + Add 'removeMixIn()' method in 'MapperBuilder' + Backport 'MapperBuilder' lambda-taking methods: 'withConfigOverride()', 'withCoercionConfig()', 'withCoercionConfigDefaults()' + configOverrides(boolean.class) silently ignored, whereas .configOverride(Boolean.class) works for both primitives and boxed boolean values + Dont track unknown props in buffer if 'ignoreAllUnknown' is true + Should allow deserialization of java.time types via opaque 'JsonToken.VALUE_EMBEDDED_OBJECT' + Optimize 'AnnotatedConstructor.call()' case by passing explicit null + Add AnnotationIntrospector.XmlExtensions interface for decoupling javax dependencies + Custom SimpleModule not included in list returned by ObjectMapper.getRegisteredModuleIds() after registration + Use more limiting default visibility settings for JDK types (java.*, javax.*) + Deep merge for 'JsonNode' using 'ObjectReader.readTree()' + IllegalArgumentException: Conflicting setter definitions for property with more than 2 setters + Serializing java.lang.Thread fails on JDK 11 and above + String-based 'Map' key deserializer is not deterministic when there is no single arg constructor + Add ArrayNode#set(int index, primitive_type value) + JsonStreamContext 'currentValue' wrongly references to '@JsonTypeInfo' annotated object + DOM 'Node' serialization omits the default namespace declaration + Support 'suppressed' property when deserializing 'Throwable' + 'AnnotatedMember.equals()' does not work reliably + Add 'MapperFeature.APPLY_DEFAULT_VALUES', initially for Scala module + For an absent property Jackson injects 'NullNode' instead of 'null' to a JsonNode-typed constructor argument of a '@ConstructorProperties'-annotated constructor + 'XMLGregorianCalendar' doesn't work with default typing + Content 'null' handling not working for root values + StdDeserializer rejects blank (all-whitespace) strings for ints + 'USE_BASE_TYPE_AS_DEFAULT_IMPL' not working with 'DefaultTypeResolverBuilder' + Add PropertyNamingStrategies.UpperSnakeCaseStrategy (and UPPER_SNAKE_CASE constant) + StackOverflowError when serializing JsonProcessingException + Support for BCP 47 'java.util.Locale' serialization/deserialization + String property deserializes null as 'null' for JsonTypeInfo.As.EXISTING_PROPERTY + Can not deserialize json to enum value with Object-/Array-valued input, '@JsonCreator' + Fix to avoid problem with 'BigDecimalNode', scale of 'Integer.MIN_VALUE' + Extend handling of 'FAIL_ON_NULL_FOR_PRIMITIVES' to cover coercion from (Empty) String via 'AsNull' + Add 'mvnw' wrapper + (regression) Factory method generic type resolution does not use Class-bound type parameter + Deserialization of 'empty' subtype with DEDUCTION failed + Merge findInjectableValues() results in AnnotationIntrospectorPair + READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE doesn't work with empty strings + 'TypeFactory' cannot convert 'Collection' sub-type without type parameters to canonical form and back + Fix for [modules-java8#207]: prevent fail on secondary Java 8 date/time types + EXTERNAL_PROPERTY does not work well with '@JsonCreator' and 'FAIL_ON_UNKNOWN_PROPERTIES' + String property deserializes null as 'null' for 'JsonTypeInfo.As.EXTERNAL_PROPERTY' + Property ignorals cause 'BeanDeserializer 'to forget how to read from arrays (not copying '_arrayDelegateDeserializer') + UntypedObjectDeserializer' mixes multiple unwrapped collections (related to #2733) + Two cases of incorrect error reporting about DeserializationFeature + Bug in polymorphic deserialization with '@JsonCreator', '@JsonAnySetter', 'JsonTypeInfo.As.EXTERNAL_PROPERTY' + Polymorphic subtype deduction ignores 'defaultImpl' attribute + MismatchedInputException: Cannot deserialize instance of 'com.fasterxml.jackson.databind.node.ObjectNode' out of VALUE_NULL token + Missing override for 'hasAsKey()' in 'AnnotationIntrospectorPair' + Creator lookup fails with 'InvalidDefinitionException' for conflict between single-double/single-Double arg constructor + 'MapDeserializer' forcing 'JsonMappingException' wrapping even if WRAP_EXCEPTIONS set to false + Auto-detection of constructor-based creator method skipped if there is an annotated factory-based creator method (regression from 2.11) + 'ObjectMapper.treeToValue()' no longer invokes 'JsonDeserializer.getNullValue()' + DeserializationProblemHandler is not invoked when trying to deserialize String + Fix failing 'double' JsonCreators in jackson 2.12.0 + Conflicting in POJOPropertiesCollector when having namingStrategy + Breaking API change in 'BasicClassIntrospector' (2.12.0) + 'JsonNode.requiredAt()' does NOT fail on some path expressions + Exception thrown when 'Collections.synchronizedList()' is serialized with type info, deserialized + Add option to resolve type from multiple existing properties, '@JsonTypeInfo(use=DEDUCTION)' + '@JsonIgnoreProperties' does not prevent Exception Conflicting getter/setter definitions for property + Deserialization Not Working Right with Generic Types and Builders + Add '@JsonIncludeProperties(propertyNames)' (reverse of '@JsonIgnoreProperties') + '@JsonAnyGetter' should be allowed on a field + Allow handling of single-arg constructor as property based by default + Allow case insensitive deserialization of String value into 'boolean'/'Boolean' (esp for Excel) + Allow use of '@JsonFormat(with=JsonFormat.Feature .ACCEPT_CASE_INSENSITIVE_PROPERTIES)' on Class + Abstract class included as part of known type ids for error message when using JsonSubTypes + Distinguish null from empty string for UUID deserialization + 'ReferenceType' does not expose valid containedType + Add 'CoercionConfig[s]' mechanism for configuring allowed coercions + 'JsonProperty.Access.READ_ONLY' does not work with 'getter-as-setter' 'Collection's + Support 'BigInteger' and 'BigDecimal' creators in 'StdValueInstantiator' + 'JsonProperty.Access.READ_ONLY' fails with collections when a property name is specified + 'BigDecimal' precision not retained for polymorphic deserialization + Support use of 'Void' valued properties ('MapperFeature.ALLOW_VOID_VALUED_PROPERTIES') + Explicitly fail (de)serialization of 'java.time.*' types in absence of registered custom (de)serializers + Improve description included in by 'DeserializationContext.handleUnexpectedToken()' + Support for JDK 14 record types ('java.lang.Record') + 'PropertyNamingStrategy' class initialization depends on its subclass, this can lead to class loading deadlock + 'FAIL_ON_IGNORED_PROPERTIES' does not throw on 'READONLY' properties with an explicit name + Add Gradle Module Metadata for version alignment with Gradle 6 + Allow 'JsonNode' auto-convert into 'ArrayNode' if duplicates found (for XML) + Allow values of 'untyped' auto-convert into 'List' if duplicates found (for XML) + Add 'ValueInstantiator.createContextual(...) + Support multiple names in 'JsonSubType.Type' + Disabling 'FAIL_ON_INVALID_SUBTYPE' breaks polymorphic deserialization of Enums + Explicitly fail (de)serialization of 'org.joda.time.*' types in absence of registered custom (de)serializers + Trailing zeros are stripped when deserializing BigDecimal values inside a @JsonUnwrapped property + Extract getter/setter/field name mangling from 'BeanUtil' into pluggable 'AccessorNamingStrategy' + Throw 'InvalidFormatException' instead of 'MismatchedInputException' for ACCEPT_FLOAT_AS_INT coercion failures + Add '@JsonKey' annotation (similar to '@JsonValue') for customizable serialization of Map keys + 'MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS' should work for enum as keys + Add support for disabling special handling of 'Creator properties' wrt alphabetic property ordering + Add 'JsonNode.canConvertToExactIntegral()' to indicate whether floating-point/BigDecimal values could be converted to integers losslessly + Improve static factory method generic type resolution logic + Allow preventing 'Enum from integer' coercion using new 'CoercionConfig' system + '@JsonValue' not considered when evaluating inclusion + Make some java platform modules optional + Add support for serializing 'java.sql.Blob' + 'AnnotatedCreatorCollector' should avoid processing synthetic static (factory) methods + Add errorprone static analysis profile to detect bugs at build time + Problem with implicit creator name detection for constructor detection + Add 'BeanDeserializerBase.isCaseInsensitive()' + Refactoring of 'CollectionDeserializer' to solve CSV array handling issues + Full 'LICENSE' included in jar for easier access by compliancy tools + Fix type resolution for static methods (regression in 2.11.3) + '@JsonCreator' on constructor not compatible with '@JsonIdentityInfo', 'PropertyGenerator' + Add debug improvements about 'ClassUtil.getClassMethods()' + Cannot detect creator arguments of mixins for JDK types + Add 'JsonFormat.Shape' awareness for UUID serialization ('UUIDSerializer') + Json serialization fails or a specific case that contains generics and static methods with generic parameters (2.11.1 -> 2.11.2 regression) + 'ObjectMapper.activateDefaultTypingAsProperty()' is not using parameter 'PolymorphicTypeValidator' + Problem deserialization 'raw generic' fields (like 'Map') in 2.11.2 + Fix issues with 'MapLikeType.isTrueMapType()', 'CollectionLikeType.isTrueCollectionType()' + Parser/Generator features not set when using 'ObjectMapper.createParser()', 'createGenerator()' + Polymorphic subtypes not registering on copied ObjectMapper (2.11.1) + Failure to read AnnotatedField value in Jackson 2.11 + 'TypeFactory.constructType()' does not take 'TypeBindings' correctly + Builder Deserialization with JsonCreator Value vs Array + JsonCreator on static method in Enum and Enum used as key in map fails randomly + 'StdSubtypeResolver' is not thread safe (possibly due to copy not being made with 'ObjectMapper.copy()') + 'Conflicting setter definitions for property' exception for 'Map' subtype during deserialization + Fail to deserialize local Records + Rearranging of props when property-based generator is in use leads to incorrect output + Jackson doesn't respect 'CAN_OVERRIDE_ACCESS_MODIFIERS=false' for deserializer properties + 'DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS' don't support 'Map' type field + JsonParser from MismatchedInputException cannot getText() for floating-point value + i-I case conversion problem in Turkish locale with case-insensitive deserialization + '@JsonInject' fails on trying to find deserializer even if inject-only + Polymorphic deserialization should handle case-insensitive Type Id property name if 'MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES' is enabled + TreeTraversingParser and UTF8StreamJsonParser create contexts differently + Support use of '@JsonAlias' for enum values + 'declaringClass' of 'enum-as-POJO' not removed for 'ObjectMapper' with a naming strategy + Fix 'JavaType.isEnumType()' to support sub-classes + BeanDeserializerBuilder Protected Factory Method for Extension + Support '@JsonSerialize(keyUsing)' and '@JsonDeserialize(keyUsing)' on Key class + Add 'SerializationFeature.WRITE_SELF_REFERENCES_AS_NULL' + 'ObjectMapper.registerSubtypes(NamedType...)' doesn't allow registering same POJO for two different type ids + 'DeserializationContext.handleMissingInstantiator()' throws 'MismatchedInputException' for non-static inner classes + Incorrect 'JsonStreamContext' for 'TokenBuffer' and 'TreeTraversingParser' + Add 'AnnotationIntrospector.findRenameByField()' to support Kotlin's 'is-getter' naming convention + Use '@JsonProperty(index)' for sorting properties on serialization + Java 8 'Optional' not working with '@JsonUnwrapped' on unwrappable type + Add 'MapperFeature.BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES' to allow blocking use of unsafe base type for polymorphic deserialization + 'ObjectMapper.setSerializationInclusion()' is ignored for 'JsonAnyGetter' + 'ValueInstantiationException' when deserializing using a builder and 'UNWRAP_SINGLE_VALUE_ARRAYS' + JsonIgnoreProperties(ignoreUnknown = true) does not work on field and method level + Failure to resolve generic type parameters on serialization + JsonParser cannot getText() for input stream on MismatchedInputException + ObjectReader readValue lacks Class<T> argument + Change default textual serialization of 'java.util.Date'/'Calendar' to include colon in timezone offset + Add 'ObjectMapper.createParser()' and 'createGenerator()' methods + Allow serialization of 'Properties' with non-String values + Add new factory method for creating custom 'EnumValues' to pass to 'EnumDeserializer + 'IllegalArgumentException' thrown for mismatched subclass deserialization + Add convenience methods for creating 'List', 'Map' valued 'ObjectReader's (ObjectMapper.readerForListOf()) + 'SerializerProvider.findContentValueSerializer()' methods jackson-dataformats-binary - update from version 2.10.1 to version 2.13.0: + (cbor) Should validate UTF-8 multi-byte validity for short decode path too + (ion) Deprecate 'CloseSafeUTF8Writer', remove use + (smile) Make 'SmileFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES' + (cbor) Make 'CBORFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES' + (cbor) Handle case of BigDecimal with Integer.MIN_VALUE for scale gracefully + (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (cbor) Another uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (smile) Add 'SmileGenerator.Feature.LENIENT_UTF_ENCODING' for lenient handling of broken Unicode surrogate pairs on writing + (avro) Add 'logicalType' support for some 'java.time' types; add 'AvroJavaTimeModule' for native ser/deser + Support base64 strings in 'getBinaryValue()' for CBOR and Smile + (cbor) 'ArrayIndexOutOfBounds' for truncated UTF-8 name + (avro) Generate logicalType switch + (smile) 'ArrayIndexOutOfBounds' for truncated UTF-8 name + (ion) 'jackson-dataformat-ion' does not handle null.struct deserialization correctly + 'Ion-java' dep 1.4.0 -> 1.8.0 + Minor change to Ion module registration names (fully-qualified) + (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (cbor) Uncaught exception in CBORParser._findDecodedFromSymbols() (by ossfuzzer) + (smile) Uncaught validation problem wrt Smile 'BigDecimal' type + (smile) ArrayIndexOutOfBoundsException for malformed Smile header + (cbor) Failed to handle case of alleged String with length of Integer.MAX_VALUE + (smile) Allocate byte[] lazily for longer Smile binary data payloads + (cbor) CBORParser need to validate zero-length byte[] for BigInteger + (smile) Handle invalid chunked-binary-format length gracefully + (smile) Allocate byte[] lazily for longer Smile binary data payloads (7-bit encoded) + (smile) ArrayIndexOutOfBoundsException in SmileParser._decodeShortUnicodeValue() + (smile) Handle sequence of Smile header markers without recursion + (cbor) CBOR loses 'Map' entries with specific 'long' Map key values (32-bit boundary) + (ion) Ion Polymorphic deserialization in 2.12 breaks wrt use of Native Type Ids when upgrading from 2.8 + (cbor) 'ArrayIndexOutOfBoundsException' in 'CBORParser' for invalid UTF-8 String + (cbor) Handle invalid CBOR content like '[0x84]' (incomplete array) + (ion) Respect 'WRITE_ENUMS_USING_TO_STRING' in 'EnumAsIonSymbolSerializer' + (ion) Add support for generating IonSexps + (ion) Add support for deserializing IonTimestamps and IonBlobs + (ion) Add 'IonObjectMapper.builderForBinaryWriters()' / '.builderforTextualWriters()' convenience methods + (ion) Enabling pretty-printing fails Ion serialization + (ion) Allow disabling native type ids in IonMapper + (smile) Small bug in byte-alignment for long field names in Smile, symbol table reuse + (ion) Add 'IonFactory.getIonSystem()' accessor + (ion) Optimize 'IonParser.getNumberType()' using 'IonReader.getIntegerSize()' + (cbor) Add 'CBORGenerator.Feature.LENIENT_UTF_ENCODING' for lenient handling of Unicode surrogate pairs on writing + (cbor) Add support for decoding unassigned 'simple values' (type 7) + Add Gradle Module Metadata (https://blog.gradle.org/alignment-with-gradle-module-metadata) + (avro) Cache record names to avoid hitting class loader + (avro) Avro null deserialization + (ion) Add 'IonFactory.getIonSystem()' accessor + (avro) Add 'AvroGenerator.canWriteBinaryNatively()' to support binary writes, fix 'java.util.UUID' representation + (ion) Allow 'IonObjectMapper' with class name annotation introspector to deserialize generic subtypes + Remove dependencies upon Jackson 1.X and Avro's JacksonUtils + 'jackson-databind' should not be full dependency for (cbor, protobuf, smile) modules + 'CBORGenerator.Feature.WRITE_MINIMAL_INTS' does not write most compact form for all integers + 'AvroGenerator' overrides 'getOutputContext()' properly + (ion) Add 'IonFactory.getIonSystem()' accessor + (avro) Fix schema evolution involving maps of non-scalar + (protobuf) Parsing a protobuf message doesn't properly skip unknown fields + (ion) IonObjectMapper close()s the provided IonWriter unnecessarily + ion-java dependency 1.4.0 -> 1.5.1 Important SUSE bug 1177616 SUSE bug 1182481 SUSE bug 1197132 CVE-2020-25649 CVE-2020-28491 CVE-2020-36518 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515). - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639). - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437). - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). The following non-security bugs were fixed: - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - adm8211: fix error return code in adm8211_probe() (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes) - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes) - arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes) - arm64: dts: ls1028a: fix memory node (git-fixes) - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes) - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes) - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes) - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes) - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes) - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes) - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes) - arm64: head: avoid over-mapping in map_memory (git-fixes) - arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes) - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489) - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - block: Drop leftover references to RQF_SORTED (bsc#1182073). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: fix bad fids sent over wire (bsc#1197157). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - dma-debug: fix return value of __setup handlers (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472) - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes). - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489) - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/mediatek: Add AAL output size configuration (git-fixes). - drm/mediatek: Fix aal size config (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472) - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534) - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1152472) - e1000e: Fix possible overflow in LTR decoding (git-fixes). - fibmap: Reject negative block numbers (bsc#1198448). - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449). - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). - rpm: Use bash for %() expansion (jsc#SLE-18234). - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - USB: dwc3: core: Fix tx/rx threshold settings (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Return proper request status (git-fixes). - USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489) - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1152489) - video: fbdev: w100fb: Reset global state (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - xen: fix is_xen_pmu() (git-fixes). - xen/blkfront: fix comment for need_copy (git-fixes). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). Important SUSE bug 1028340 SUSE bug 1071995 SUSE bug 1137728 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1177028 SUSE bug 1179878 SUSE bug 1182073 SUSE bug 1183723 SUSE bug 1187055 SUSE bug 1191647 SUSE bug 1193556 SUSE bug 1193842 SUSE bug 1194625 SUSE bug 1195651 SUSE bug 1195926 SUSE bug 1196018 SUSE bug 1196114 SUSE bug 1196367 SUSE bug 1196514 SUSE bug 1196639 SUSE bug 1196942 SUSE bug 1197157 SUSE bug 1197391 SUSE bug 1197656 SUSE bug 1197660 SUSE bug 1197677 SUSE bug 1197914 SUSE bug 1197926 SUSE bug 1198077 SUSE bug 1198217 SUSE bug 1198330 SUSE bug 1198400 SUSE bug 1198413 SUSE bug 1198437 SUSE bug 1198448 SUSE bug 1198484 SUSE bug 1198515 SUSE bug 1198516 SUSE bug 1198534 SUSE bug 1198742 SUSE bug 1198825 SUSE bug 1198989 SUSE bug 1199012 SUSE bug 1199024 CVE-2020-27835 CVE-2021-0707 CVE-2021-20292 CVE-2021-20321 CVE-2021-38208 CVE-2021-4154 CVE-2022-0812 CVE-2022-1158 CVE-2022-1280 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-28356 CVE-2022-28748 CVE-2022-28893 CVE-2022-29156 cpe:/o:opensuse:leap:15.4 Security update for containerd, docker (Important) openSUSE Leap 15.4 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). Important SUSE bug 1193930 SUSE bug 1196441 SUSE bug 1197284 SUSE bug 1197517 CVE-2021-43565 CVE-2022-23648 CVE-2022-24769 CVE-2022-27191 cpe:/o:opensuse:leap:15.4 Security update for nodejs8 (Moderate) openSUSE Leap 15.4 This update for nodejs8 fixes the following issues: - CVE-2021-44906: Fixed prototype pollution in npm dependency (bsc#1198247). - CVE-2021-44907: Fixed insuficient sanitation in npm dependency (bsc#1197283). - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819). Moderate SUSE bug 1194819 SUSE bug 1197283 SUSE bug 1198247 CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 cpe:/o:opensuse:leap:15.4 Security update for nodejs10 (Important) openSUSE Leap 15.4 This update for nodejs10 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). - CVE-2022-21824: Fixed prototype pollution via console.table (bsc#1194514). - CVE-2021-44906: Fixed prototype pollution in npm dependency (bsc#1198247). - CVE-2021-44907: Fixed insuficient sanitation in npm dependency (bsc#1197283). - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819). Important SUSE bug 1191962 SUSE bug 1191963 SUSE bug 1192153 SUSE bug 1192154 SUSE bug 1192696 SUSE bug 1194514 SUSE bug 1194819 SUSE bug 1197283 SUSE bug 1198247 CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-21824 cpe:/o:opensuse:leap:15.4 Security update for e2fsprogs (Important) openSUSE Leap 15.4 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) Important SUSE bug 1198446 CVE-2022-1304 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Various security fixes MFSA 2022-18 (bsc#1198970): - CVE-2022-1520: Incorrect security status shown after viewing an attached email (bmo#1745019). - CVE-2022-29914: Fullscreen notification bypass using popups (bmo#1746448). - CVE-2022-29909: Bypassing permission prompt in nested browsing contexts (bmo#1755081). - CVE-2022-29916: Leaking browser history with CSS variables (bmo#1760674). - CVE-2022-29911: iframe sandbox bypass (bmo#1761981). - CVE-2022-29912: Reader mode bypassed SameSite cookies (bmo#1692655). - CVE-2022-29913: Speech Synthesis feature not properly disabled (bmo#1764778). - CVE-2022-29917: Memory safety bugs fixed in Thunderbird 91.9 (bmo#1684739, bmo#1706441, bmo#1753298, bmo#1762614, bmo#1762620). Important SUSE bug 1198970 CVE-2022-1520 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29913 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 cpe:/o:opensuse:leap:15.4 Security update for php7 (Low) openSUSE Leap 15.4 This update for php7 fixes the following issues: - Fixed filter_var bypass vulnerability (bsc#1197644). Low SUSE bug 1197644 cpe:/o:opensuse:leap:15.4 Security update for ucode-intel (Moderate) openSUSE Leap 15.4 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220510 release. (bsc#1199423) Updated to Intel CPU Microcode 20220419 release. (bsc#1198717) - CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423). Moderate SUSE bug 1198717 SUSE bug 1199423 CVE-2022-21151 cpe:/o:opensuse:leap:15.4 Security update for libslirp (Important) openSUSE Leap 15.4 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] Important SUSE bug 1187364 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1198773 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970): - CVE-2022-29914: Fullscreen notification bypass using popups - CVE-2022-29909: Bypassing permission prompt in nested browsing contexts - CVE-2022-29916: Leaking browser history with CSS variables - CVE-2022-29911: iframe Sandbox bypass - CVE-2022-29912: Reader mode bypassed SameSite cookies - CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 Important SUSE bug 1198970 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 cpe:/o:opensuse:leap:15.4 Security update for libxml2 (Important) openSUSE Leap 15.4 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Important SUSE bug 1196490 SUSE bug 1199132 CVE-2022-23308 CVE-2022-29824 cpe:/o:opensuse:leap:15.4 Security update for php7 (Low) openSUSE Leap 15.4 This update for php7 fixes the following issues: - Fixed filter_var bypass vulnerability (bsc#1197644). Low SUSE bug 1197644 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Moderate) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350). Bugfixes: - Use png_get_eXIf_1 when available (bsc#1197147). Moderate SUSE bug 1197147 SUSE bug 1199350 CVE-2022-28463 cpe:/o:opensuse:leap:15.4 Security update for php7 (Low) openSUSE Leap 15.4 This update for php7 fixes the following issues: - Fixed filter_var bypass vulnerability (bsc#1197644). Low SUSE bug 1197644 cpe:/o:opensuse:leap:15.4 Security update for go1.18 (Moderate) openSUSE Leap 15.4 This update for go1.18 fixes the following issues: - CVE-2022-29526: Fixed faccessat() system call operation that checked the wrong group (bsc#1199413). - go1.18.2 (released 2022-05-10) (bsc#1193742). Moderate SUSE bug 1193742 SUSE bug 1199413 CVE-2022-29526 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 (bsc#1199768): - CVE-2022-1802: Prototype pollution in Top-Level Await implementation - CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution Important SUSE bug 1199768 CVE-2022-1529 CVE-2022-1802 cpe:/o:opensuse:leap:15.4 Security update for slurm_20_11 (Important) openSUSE Leap 15.4 This update for slurm_20_11 fixes the following issues: - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to arbitrary unix socket as root (bsc#1199279). Important SUSE bug 1199278 SUSE bug 1199279 CVE-2022-29500 CVE-2022-29501 cpe:/o:opensuse:leap:15.4 Security update for cups (Important) openSUSE Leap 15.4 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474) Important SUSE bug 1199474 CVE-2022-26691 cpe:/o:opensuse:leap:15.4 Security update for go1.17 (Moderate) openSUSE Leap 15.4 This update for go1.17 fixes the following issues: - CVE-2022-29526: Fixed faccessat() system call operation that checked the wrong group (bsc#1199413). - go1.17.10 (released 2022-05-10) (bsc#1190649). Moderate SUSE bug 1190649 SUSE bug 1199413 CVE-2022-29526 cpe:/o:opensuse:leap:15.4 Security update for tiff (Important) openSUSE Leap 15.4 This update for tiff fixes the following issues: - CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964). - CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965). - CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066). - CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197072). - CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073). - CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() (bsc#1197074). - CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197631). - CVE-2022-0891: Fixed heap buffer overflow in extractImageSection (bsc#1197068). Important SUSE bug 1195964 SUSE bug 1195965 SUSE bug 1197066 SUSE bug 1197068 SUSE bug 1197072 SUSE bug 1197073 SUSE bug 1197074 SUSE bug 1197631 CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-1056 cpe:/o:opensuse:leap:15.4 Security update for helm-mirror (Moderate) openSUSE Leap 15.4 This update for helm-mirror fixes the following issues: - Updated to version 0.3.1: - CVE-2019-18658: Fixed a potential symbolic link issue in helm that could be used to leak sensitive files (bsc#1156646). Moderate SUSE bug 1156646 SUSE bug 1197728 CVE-2019-18658 cpe:/o:opensuse:leap:15.4 Security update for postgresql10 (Important) openSUSE Leap 15.4 This update for postgresql10 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:opensuse:leap:15.4 Security update for dpdk (Moderate) openSUSE Leap 15.4 This update for dpdk fixes the following issues: Security: - CVE-2021-3839: Fixed a memory corruption issue during vhost-user communication (bsc#1198963). - CVE-2022-0669: Fixed a denial of service that could be triggered by a vhost-user master (bsc#1198964). Bugfixes: - kni: allow configuring thread granularity (bsc#1195172). - Fixed reading of PCI device name as UTF strings (bsc#1198873). Moderate SUSE bug 1195172 SUSE bug 1198873 SUSE bug 1198963 SUSE bug 1198964 CVE-2021-3839 CVE-2022-0669 cpe:/o:opensuse:leap:15.4 Security update for postgresql12 (Important) openSUSE Leap 15.4 This update for postgresql12 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:opensuse:leap:15.4 Security update for postgresql13 (Important) openSUSE Leap 15.4 This update for postgresql13 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:opensuse:leap:15.4 Security update for fribidi (Moderate) openSUSE Leap 15.4 This update for fribidi fixes the following issues: - CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147). - CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148). - CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150). Moderate SUSE bug 1196147 SUSE bug 1196148 SUSE bug 1196150 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 cpe:/o:opensuse:leap:15.4 Security update for postgresql14 (Important) openSUSE Leap 15.4 This update for postgresql14 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:opensuse:leap:15.4 Security update for hdf5 (Important) openSUSE Leap 15.4 This update for hdf5 fixes the following issues: Security issues fixed: - CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405). - CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401). - CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404). - CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570). - CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569). - CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568). - CVE-2018-17434: Fixed SIGFPE signal raise in function apply_filters() of h5repack_filters.c (bsc#1109566). - CVE-2018-17433: Fixed heap-based buffer overflow in ReadGifImageDesc() in gifread.c (bsc#1109565). - CVE-2018-17432: Fixed NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c (bsc#1109564). - CVE-2018-17237: Fixed SIGFPE signal raise in the function H5D__chunk_set_info_real() (bsc#1109168). - CVE-2018-17234: Fixed memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167). - CVE-2018-14460: Fixed heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c (bsc#1102175). - CVE-2018-14033: Fixed heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c (bsc#1101471). - CVE-2018-14032: Fixed heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c (bsc#1101474). - CVE-2018-11206: Fixed out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c (bsc#1093657). Bugfixes: - Fix python-h5py packages built against out-of-date version of HDF5 (bsc#1196682). - Fix netcdf-cxx4 packages built against out-of-date version of HDF5 (bsc#1179521). Important SUSE bug 1093657 SUSE bug 1101471 SUSE bug 1101474 SUSE bug 1102175 SUSE bug 1109167 SUSE bug 1109168 SUSE bug 1109564 SUSE bug 1109565 SUSE bug 1109566 SUSE bug 1109568 SUSE bug 1109569 SUSE bug 1109570 SUSE bug 1167401 SUSE bug 1167404 SUSE bug 1167405 SUSE bug 1179521 SUSE bug 1196682 CVE-2018-11206 CVE-2018-14032 CVE-2018-14033 CVE-2018-14460 CVE-2018-17234 CVE-2018-17237 CVE-2018-17432 CVE-2018-17433 CVE-2018-17434 CVE-2018-17436 CVE-2018-17437 CVE-2018-17438 CVE-2020-10809 CVE-2020-10810 CVE-2020-10811 cpe:/o:opensuse:leap:15.4 Security update for udisks2 (Moderate) openSUSE Leap 15.4 This update for udisks2 fixes the following issues: - CVE-2021-3802: Fixed denial of service vulnerability caused by insecure defaults in user-accessible mount helpers (bsc#1190606). Moderate SUSE bug 1190606 CVE-2021-3802 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027) - CVE-2022-31736: Cross-Origin resource's length leaked - CVE-2022-31737: Heap buffer overflow in WebGL - CVE-2022-31738: Browser window spoof using fullscreen mode - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files - CVE-2022-31740: Register allocation problem in WASM on arm64 - CVE-2022-31741: Uninitialized variable leads to invalid memory read - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information - CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 Important SUSE bug 1200027 CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 cpe:/o:opensuse:leap:15.4 Security update for kernel-firmware (Important) openSUSE Leap 15.4 This update for kernel-firmware fixes the following issues: Update to version 20220411 (git commit f219d616f42b, bsc#1199459): - CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26350, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312: Update AMD cpu microcode Update to version 20220309 (git commit cd01f857da28, bsc#1199470): - CVE-2021-46744: Ciphertext Side Channels on AMD SEV Update Intel Bluetooth firmware (INTEL-SA-00604, bsc#1195786): - CVE-2021-33139, CVE-2021-33155: Improper conditions check in the firmware for some Intel Wireless Bluetooth and Killer Bluetooth products may allow an authenticated user to potentially cause denial of service via adjacent access. Important SUSE bug 1195786 SUSE bug 1199459 SUSE bug 1199470 CVE-2021-26312 CVE-2021-26339 CVE-2021-26342 CVE-2021-26347 CVE-2021-26348 CVE-2021-26349 CVE-2021-26350 CVE-2021-26364 CVE-2021-26372 CVE-2021-26373 CVE-2021-26375 CVE-2021-26376 CVE-2021-26378 CVE-2021-26388 CVE-2021-33139 CVE-2021-33155 CVE-2021-46744 cpe:/o:opensuse:leap:15.4 Security update for patch (Moderate) openSUSE Leap 15.4 This update for patch fixes the following issues: Security issues fixed: - CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (bsc#1142041). - CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leading to a crash (bsc#1080985). Bugfixes: - Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn't apply, leading to a segmentation fault (bsc#1111572). - Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (bsc#1198106). Moderate SUSE bug 1080985 SUSE bug 1111572 SUSE bug 1142041 SUSE bug 1198106 CVE-2018-6952 CVE-2019-13636 cpe:/o:opensuse:leap:15.4 Security update for php8 (Low) openSUSE Leap 15.4 This update for php8 fixes the following issues: - Fixed filter_var bypass vulnerability (bsc#1197644). Low SUSE bug 1197644 cpe:/o:opensuse:leap:15.4 Security update for redis (Moderate) openSUSE Leap 15.4 This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection (bsc#1198952). - CVE-2022-24736: Fixed Lua NULL pointer dereference (bsc#1198953). Moderate SUSE bug 1198952 SUSE bug 1198953 CVE-2022-24735 CVE-2022-24736 cpe:/o:opensuse:leap:15.4 Security update for libarchive (Moderate) openSUSE Leap 15.4 This update for libarchive fixes the following issues: - CVE-2022-26280: Fixed out-of-bounds read via the component zipx_lzma_alone_init (bsc#1197634). - CVE-2021-36976: Fixed use-after-free in copy_string (called from do_uncompress_block and process_block) (bsc#1188572). - CVE-2017-5601: Fixed out-of-bounds memory access preventing denial-of-service (bsc#1197634, bsc#1189528). Moderate SUSE bug 1022528 SUSE bug 1188572 SUSE bug 1189528 SUSE bug 1197634 CVE-2017-5601 CVE-2021-36976 CVE-2022-26280 cpe:/o:opensuse:leap:15.4 Security update for openvpn (Moderate) openSUSE Leap 15.4 This update for openvpn fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341). - By default the --suppress-timestamps flag is not needed (bsc#1123557). Moderate SUSE bug 1123557 SUSE bug 1197341 CVE-2022-0547 cpe:/o:opensuse:leap:15.4 Security update for go1.17 (Important) openSUSE Leap 15.4 This update for go1.17 fixes the following issues: Update to go1.17.11 (released 2022-06-01) (bsc#1190649): - CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers (bsc#1200134). - CVE-2022-30629: Fixed crypto/tls session tickets lack random ticket_age_add (bsc#1200135). - CVE-2022-29804: Fixed path/filepath Clean(`.\c:`) returns `c:` on Windows (bsc#1200137). - CVE-2022-30580: Fixed os/exec empty Cmd.Path can result in running unintended binary on Windows (bsc#1200136). Important SUSE bug 1190649 SUSE bug 1200134 SUSE bug 1200135 SUSE bug 1200136 SUSE bug 1200137 CVE-2022-29804 CVE-2022-30580 CVE-2022-30629 CVE-2022-30634 cpe:/o:opensuse:leap:15.4 Security update for go1.18 (Important) openSUSE Leap 15.4 This update for go1.18 fixes the following issues: Update to go1.18.3 (released 2022-06-01) (bsc#1193742): - CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers (bsc#1200134). - CVE-2022-30629: Fixed crypto/tls session tickets lack random ticket_age_add (bsc#1200135). - CVE-2022-29804: Fixed path/filepath Clean(`.\c:`) returns `c:` on Windows (bsc#1200137). - CVE-2022-30580: Fixed os/exec empty Cmd.Path can result in running unintended binary on Windows (bsc#1200136). Important SUSE bug 1193742 SUSE bug 1200134 SUSE bug 1200135 SUSE bug 1200136 SUSE bug 1200137 CVE-2022-29804 CVE-2022-30580 CVE-2022-30629 CVE-2022-30634 cpe:/o:opensuse:leap:15.4 Security update for grub2 (Important) openSUSE Leap 15.4 This update for grub2 fixes the following issues: This update provides security fixes and hardenings for Boothole 3 / Boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) Important SUSE bug 1191184 SUSE bug 1191185 SUSE bug 1191186 SUSE bug 1193282 SUSE bug 1197948 SUSE bug 1198460 SUSE bug 1198493 SUSE bug 1198495 SUSE bug 1198496 SUSE bug 1198581 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 cpe:/o:opensuse:leap:15.4 Security update for google-gson (Important) openSUSE Leap 15.4 This update for google-gson fixes the following issues: - CVE-2022-25647: Fixed deserialization of untrusted data (bsc#1199064). Important SUSE bug 1199064 CVE-2022-25647 cpe:/o:opensuse:leap:15.4 Security update for netty3 (Moderate) openSUSE Leap 15.4 This update for netty3 fixes the following issues: - CVE-2021-43797: Fixed a potential HTTP request smuggling issue due to insufficient validation against control characters (bsc#1193672). Moderate SUSE bug 1193672 SUSE bug 1197787 CVE-2021-43797 cpe:/o:opensuse:leap:15.4 Security update for u-boot (Important) openSUSE Leap 15.4 This update for u-boot fixes the following issues: - CVE-2022-30552: A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (bsc#1200363) - CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (bsc#1200364) - CVE-2022-30767: Fixed an unbounded memcpy with a failed length check leading to a buffer overflow (bsc#1199623). Important SUSE bug 1199623 SUSE bug 1200363 SUSE bug 1200364 CVE-2022-30552 CVE-2022-30767 CVE-2022-30790 cpe:/o:opensuse:leap:15.4 Security update for u-boot (Important) openSUSE Leap 15.4 This update for u-boot fixes the following issues: - A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (CVE-2022-30552, bsc#1200363) - A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (CVE-2022-30790, bsc#1200364) Important SUSE bug 1200363 SUSE bug 1200364 CVE-2022-30552 CVE-2022-30790 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 91.9.1 MFSA 2022-19 (bsc#1199768): - CVE-2022-1802: Prototype pollution in Top-Level Await implementation (bmo#1770137). - CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution (bmo#1770048). Update to Mozilla Thunderbird 91.10 MFSA 2022-22 (bsc#1200027): - CVE-2022-31736: Cross-Origin resource's length leaked (bmo#1735923) - CVE-2022-31737: Heap buffer overflow in WebGL (bmo#1743767) - CVE-2022-31738: Browser window spoof using fullscreen mode (bmo#1756388) - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files (bmo#1765049) - CVE-2022-31740: Register allocation problem in WASM on arm64 (bmo#1766806) - CVE-2022-31741: Uninitialized variable leads to invalid memory read (bmo#1767590) - CVE-2022-1834: Braille space character caused incorrect sender email to be shown for a digitally signed email (bmo#1767816) - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information (bmo#1730434) - CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10 (bmo#1760765, bmo#1765610, bmo#1766283, bmo#1767365, bmo#1768559, bmo#1768734) Important SUSE bug 1199768 SUSE bug 1200027 CVE-2022-1529 CVE-2022-1802 CVE-2022-1834 CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 (bsc#1200106) - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287). - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). Important SUSE bug 1199287 SUSE bug 1200106 CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 (bsc#1200106) - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287). - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). Important SUSE bug 1199287 SUSE bug 1200106 CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - arm: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver: core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded &lt;linux/pm_runtime.h> (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded &lt;linux/pm_runtime.h> (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). Important SUSE bug 1055117 SUSE bug 1061840 SUSE bug 1065729 SUSE bug 1103269 SUSE bug 1118212 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1158266 SUSE bug 1167773 SUSE bug 1176447 SUSE bug 1178134 SUSE bug 1180100 SUSE bug 1183405 SUSE bug 1188885 SUSE bug 1195826 SUSE bug 1196426 SUSE bug 1196478 SUSE bug 1196570 SUSE bug 1196840 SUSE bug 1197446 SUSE bug 1197472 SUSE bug 1197601 SUSE bug 1197675 SUSE bug 1198438 SUSE bug 1198577 SUSE bug 1198971 SUSE bug 1198989 SUSE bug 1199035 SUSE bug 1199052 SUSE bug 1199063 SUSE bug 1199114 SUSE bug 1199314 SUSE bug 1199505 SUSE bug 1199507 SUSE bug 1199564 SUSE bug 1199626 SUSE bug 1199631 SUSE bug 1199650 SUSE bug 1199670 SUSE bug 1199839 SUSE bug 1200019 SUSE bug 1200045 SUSE bug 1200046 SUSE bug 1200192 SUSE bug 1200216 CVE-2019-19377 CVE-2021-33061 CVE-2022-0168 CVE-2022-1184 CVE-2022-1652 CVE-2022-1729 CVE-2022-1972 CVE-2022-20008 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-30594 cpe:/o:opensuse:leap:15.4 Security update for vim (Important) openSUSE Leap 15.4 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). Important SUSE bug 1070955 SUSE bug 1191770 SUSE bug 1192167 SUSE bug 1192902 SUSE bug 1192903 SUSE bug 1192904 SUSE bug 1193466 SUSE bug 1193905 SUSE bug 1194093 SUSE bug 1194216 SUSE bug 1194217 SUSE bug 1194388 SUSE bug 1194872 SUSE bug 1194885 SUSE bug 1195004 SUSE bug 1195203 SUSE bug 1195332 SUSE bug 1195354 SUSE bug 1196361 SUSE bug 1198596 SUSE bug 1198748 SUSE bug 1199331 SUSE bug 1199333 SUSE bug 1199334 SUSE bug 1199651 SUSE bug 1199655 SUSE bug 1199693 SUSE bug 1199745 SUSE bug 1199747 SUSE bug 1199936 SUSE bug 1200010 SUSE bug 1200011 SUSE bug 1200012 CVE-2017-17087 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 cpe:/o:opensuse:leap:15.4 Security update for mariadb (Important) openSUSE Leap 15.4 This update for mariadb fixes the following issues: - CVE-2021-46669 (bsc#1199928) - CVE-2022-21427 (bsc#1199928) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27445 (bsc#1198629) Important SUSE bug 1198603 SUSE bug 1198604 SUSE bug 1198606 SUSE bug 1198607 SUSE bug 1198610 SUSE bug 1198611 SUSE bug 1198612 SUSE bug 1198613 SUSE bug 1198629 SUSE bug 1199928 CVE-2021-46669 CVE-2022-21427 CVE-2022-27377 CVE-2022-27378 CVE-2022-27380 CVE-2022-27381 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27445 cpe:/o:opensuse:leap:15.4 Security update for rubygem-actionpack-5_1, rubygem-activesupport-5_1 (Important) openSUSE Leap 15.4 This update for rubygem-actionpack-5_1 and rubygem-activesupport-5_1 fixes the following issues: - CVE-2021-22904: Fixed possible DoS Vulnerability in Action Controller Token Authentication (bsc#1185780) - CVE-2022-23633: Fixed possible exposure of information vulnerability in Action Pack (bsc#1196182) Important SUSE bug 1185780 SUSE bug 1196182 CVE-2021-22904 CVE-2022-23633 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table. (bnc#1055710) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605). The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - net: ena: A typo fix in the file ena_com.h (bsc#1198777). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198777). - net: ena: Add debug prints for invalid req_id resets (bsc#1198777). - net: ena: add device distinct log prefix to files (bsc#1198777). - net: ena: add jiffies of last napi call to stats (bsc#1198777). - net: ena: aggregate doorbell common operations into a function (bsc#1198777). - net: ena: aggregate stats increase into a function (bsc#1198777). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198777). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198777). - net: ena: Change the name of bad_csum variable (bsc#1198777). - net: ena: Extract recurring driver reset code into a function (bsc#1198777). - net: ena: fix coding style nits (bsc#1198777). - net: ena: fix DMA mapping function issues in XDP (bsc#1198777). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198777). - net: ena: fix inaccurate print type (bsc#1198777). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198777). - net: ena: Fix wrong rx request id by resetting device (bsc#1198777). - net: ena: Improve error logging in driver (bsc#1198777). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198777). - net: ena: introduce XDP redirect implementation (bsc#1198777). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198777). - net: ena: Move reset completion print to the reset function (bsc#1198777). - net: ena: optimize data access in fast-path code (bsc#1198777). - net: ena: re-organize code to improve readability (bsc#1198777). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198777). - net: ena: remove extra words from comments (bsc#1198777). - net: ena: Remove module param and change message severity (bsc#1198777). - net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198777). - net: ena: Remove redundant return code check (bsc#1198777). - net: ena: Remove unused code (bsc#1198777). - net: ena: store values in their appropriate variables types (bsc#1198777). - net: ena: Update XDP verdict upon failure (bsc#1198777). - net: ena: use build_skb() in RX path (bsc#1198777). - net: ena: use constant value for net_device allocation (bsc#1198777). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198777). - net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1198777). - net: ena: use xdp_frame in XDP TX flow (bsc#1198777). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198777). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes). - powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). Important SUSE bug 1028340 SUSE bug 1055710 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1084513 SUSE bug 1087082 SUSE bug 1114648 SUSE bug 1158266 SUSE bug 1172456 SUSE bug 1177282 SUSE bug 1182171 SUSE bug 1183723 SUSE bug 1187055 SUSE bug 1191647 SUSE bug 1191958 SUSE bug 1195065 SUSE bug 1195651 SUSE bug 1196018 SUSE bug 1196367 SUSE bug 1196426 SUSE bug 1196999 SUSE bug 1197219 SUSE bug 1197343 SUSE bug 1197663 SUSE bug 1198400 SUSE bug 1198516 SUSE bug 1198577 SUSE bug 1198660 SUSE bug 1198687 SUSE bug 1198742 SUSE bug 1198777 SUSE bug 1198825 SUSE bug 1199012 SUSE bug 1199063 SUSE bug 1199314 SUSE bug 1199399 SUSE bug 1199426 SUSE bug 1199505 SUSE bug 1199507 SUSE bug 1199605 SUSE bug 1199650 SUSE bug 1200143 SUSE bug 1200144 SUSE bug 1200249 CVE-2017-13695 CVE-2018-7755 CVE-2019-19377 CVE-2019-20811 CVE-2020-26541 CVE-2021-20292 CVE-2021-20321 CVE-2021-33061 CVE-2021-38208 CVE-2021-39711 CVE-2021-43389 CVE-2022-1011 CVE-2022-1184 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-22942 CVE-2022-28748 CVE-2022-30594 cpe:/o:opensuse:leap:15.4 Security update for golang-github-prometheus-alertmanager (Important) openSUSE Leap 15.4 This update for golang-github-prometheus-alertmanager fixes the following issues: Update golang-github-prometheus-alertmanager from version 0.21.0 to version 0.23.0 (bsc#1196338, jsc#SLE-24077) - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with prometheus/client_golang 1.11.1 - Update required Go version to 1.16 - Use %autosetup macro - Update to version 0.23.0: * Release 0.23.0 * Release 0.23.0-rc.0 * amtool: Detect version drift and warn users (#2672) * Add ability to skip TLS verification for amtool (#2663) * Fix empty isEqual in amtool. (#2668) * Fix main tests (#2670) * cli: add new template render command (#2538) * OpsGenie: refer to alert instead of incident (#2609) * Docs: target_match and source_match are DEPRECATED (#2665) * Fix test not waiting for cluster member to be ready - Add go_modules to _service. - Added hardening to systemd service(s) with a modified prometheus-alertmanager.service (bsc#1181400) Important SUSE bug 1181400 SUSE bug 1196338 CVE-2022-21698 cpe:/o:opensuse:leap:15.4 Security update for node_exporter (Important) openSUSE Leap 15.4 This security update for golang-github-prometheus-node_exporter provides: Update golang-github-prometheus-node_exporter from version 1.1.2 to version 1.3.0 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with prometheus/client_golang 1.11.1 - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error fix already included upstream * Bug fixes Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 * Bug fixes Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Capture permission denied error for 'energy_uj' file (bsc#1190535) Important SUSE bug 1190535 SUSE bug 1196338 CVE-2022-21698 cpe:/o:opensuse:leap:15.4 Security update for drbd (Important) openSUSE Leap 15.4 This update of drbd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). Important SUSE bug 1177282 SUSE bug 1199365 SUSE bug 1200015 SUSE bug 1200143 SUSE bug 1200144 SUSE bug 1200206 SUSE bug 1200207 SUSE bug 1200249 SUSE bug 1200259 SUSE bug 1200263 SUSE bug 1200268 SUSE bug 1200529 CVE-2020-26541 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 cpe:/o:opensuse:leap:15.4 Security update for python39 (Important) openSUSE Leap 15.4 This update for python39 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). - Update to 3.9.13: - Core and Builtins - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-46775: Some Windows system error codes(>= 10000) are now mapped into the correct errno and may now raise a subclass of OSError. Patch by Dong-hee Na. - bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the --without-doc-strings compilation flag no longer do so. - The classes affected are pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias. - The functions affected are 24 methods in ctypes. - Patch by Oleg Iarygin. - bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters. - Library - gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle. - gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify(). - gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled. - bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by G?ry Ogam. - gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules. - gh-91810: ElementTree method write() and function tostring() now use the text file''s encoding ('UTF-8' if not available) instead of locale encoding in XML declaration when encoding='unicode' is specified. - gh-91832: Add required attribute to argparse.Action repr output. - gh-91734: Fix OSS audio support on Solaris. - gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised. - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test. - gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError. - gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu. - gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is 'fork' as that can lead to deadlocks in the child processes due to a fork happening while threads are running. - gh-91575: Update case-insensitive matching in the re module to the latest Unicode version. - gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle. - bpo-34480: Fix a bug where _markupbase raised an UnboundLocalError when an invalid keyword was found in marked section. Patch by Marek Suscak. - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX. - bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters. - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak - bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter. - bpo-44911: IsolatedAsyncioTestCase will no longer throw an exception while cancelling leaked tasks. Patch by Bar Harel. - bpo-44493: Add missing terminated NUL in sockaddr_un's length - This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. - bpo-42627: Fix incorrect parsing of Windows registry proxy settings - bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev. - Documentation - gh-91888: Add a new gh role to the documentation to link to GitHub issues. - gh-91783: Document security issues concerning the use of the function shutil.unpack_archive() - gh-91547: Remove 'Undocumented modules' page. - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree(). - bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529. - bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.4.4. - bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7's Documentation Strings paragraph. Patch by Oleg Iarygin. - bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky. - bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents. - bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed. - bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan 'yyyyyyyan' Orestes. - bpo-38056: Overhaul the Error Handlers documentation in codecs. - bpo-13553: Document tkinter.Tk args. - Tests - gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up. - bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD. - bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom. - Build - bpo-47103: Windows PGInstrument builds now copy a required DLL into the output directory, making it easier to run the profile stage of a PGO build. - Windows - bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032. - bpo-46785: Fix race condition between os.stat() and unlinking a file on Windows, by using errors codes returned by FindFirstFileW() when appropriate in win32_xstat_impl. - bpo-40859: Update Windows build to use xz-5.2.5 - Tools/Demos - gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter. - Update to 3.9.12: - bpo-46968: Check for the existence of the 'sys/auxv.h' header in faulthandler to avoid compilation problems in systems where this header doesn't exist. Patch by Pablo Galindo - bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context. - bpo-23691: Protect the re.finditer() iterator from re-entering. - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a 'zipfile.BadZipFile: Bad CRC-32 for file' exception when reading a ZipFile from multiple threads. - bpo-38256: Fix binascii.crc32() when it is compiled to use zlib'c crc32 to work properly on inputs 4+GiB in length instead of returning the wrong result. The workaround prior to this was to always feed the function data in increments smaller than 4GiB or to just call the zlib module function. - bpo-39394: A warning about inline flags not at the start of the regular expression now contains the position of the flag. - bpo-47061: Deprecate the various modules listed by PEP 594: - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau, telnetlib, uu, xdrlib - bpo-2604: Fix bug where doctests using globals would fail when run multiple times. - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. - bpo-47022: The asynchat, asyncore and smtpd modules have been deprecated since at least Python 3.6. Their documentation has now been updated to note they will removed in Python 3.12 (PEP 594). - bpo-46421: Fix a unittest issue where if the command was invoked as python -m unittest and the filename(s) began with a dot (.), a ValueError is returned. - bpo-40296: Fix supporting generic aliases in pydoc. - bpo-14156: argparse.FileType now supports an argument of '-'; in binary mode, returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes including 'x' and 'a' are treated equivalently to 'w' when argument is '-'. Patch contributed by Josh Rosenberg - Update to 3.9.11: - bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner. - bpo-46794: Bump up the libexpat version into 2.4.6 - bpo-46762: Fix an assert failure in debug builds when a '<', '>', or '=' is the last character in an f-string that's missing a closing right brace. - bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra. - bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c. - bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated. - bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property. - bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings. - bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner. - bpo-46383: Fix invalid signature of _zoneinfo's module_free function to resolve a crash on wasm32-emscripten platform. - bpo-43253: Fix a crash when closing transports where the underlying socket handle is already invalid on the Proactor event loop. - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings. - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4) - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension's request to Linux kernel to use AMX_TILE instruction set on Sapphire Rapids Xeon processor to succeed, unblocking use of the ISA in frameworks. - bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch by Stefan Zabka. - bpo-46932: Update bundled libexpat to 2.4.7 - bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when the iterator is not exhausted. Patch by Jacob Walls. - bpo-44886: Inherit asyncio proactor datagram transport from asyncio.DatagramTransport. - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for selector-based event loops. Patch by Thomas Grainger. - bpo-46811: Make test suite support Expat >=2.4.5 - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to transport-based APIs. - bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python. - bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders when running from the guest operating-system. - bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo. - bpo-45863: When the tarfile module creates a pax format archive, it will put an integer representation of timestamps in the ustar header (if possible) for the benefit of older unarchivers, in addition to the existing full-precision timestamps in the pax extended header. - bpo-46672: Fix NameError in asyncio.gather() when initial type check fails. - bpo-45948: Fixed a discrepancy in the C implementation of the xml.etree.ElementTree module. Now, instantiating an xml.etree.ElementTree.XMLParser with a target=None keyword provides a default xml.etree.ElementTree.TreeBuilder target as the Python implementation does. - bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable. - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 - bpo-46487: Add the get_write_buffer_limits method to asyncio.transports.WriteTransport and to the SSL transport. - bpo-46539: In typing.get_type_hints(), support evaluating stringified ClassVar and Final annotations inside Annotated. Patch by Gregory Beauregard. - bpo-46491: Allow typing.Annotated to wrap typing.Final and typing.ClassVar. Patch by Gregory Beauregard. - bpo-46436: Fix command-line option -d/--directory in module http.server which is ignored when combined with command-line option --cgi. Patch by G?ry Ogam. - bpo-41403: Make mock.patch() raise a TypeError with a relevant error message on invalid arg. Previously it allowed a cryptic AttributeError to escape. - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace. - bpo-46469: asyncio generic classes now return types.GenericAlias in __class_getitem__ instead of the same class. - bpo-46434: pdb now gracefully handles help when __doc__ is missing, for example when run with pregenerated optimized .pyc files. - bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef now honor the module parameter of typing.ForwardRef. Forward references from different modules are now differentiated. - bpo-43118: Fix a bug in inspect.signature() that was causing it to fail on some subclasses of classes with a __text_signature__ referencing module globals. Patch by Weipeng Hong. - bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a directory name with a trailing slash. - bpo-20392: Fix inconsistency with uppercase file extensions in MimeTypes.guess_type(). Patch by Kumar Aditya. - bpo-46080: Fix exception in argparse help text generation if a argparse.BooleanOptionalAction argument's default is argparse.SUPPRESS and it has help specified. Patch by Felix Fontein. - bpo-44439: Fix .write() method of a member file in ZipFile, when the input data is an object that supports the buffer protocol, the file length may be wrong. - bpo-45703: When a namespace package is imported before another module from the same namespace is created/installed in a different sys.path location while the program is running, calling the importlib.invalidate_caches() function will now also guarantee the new module is noticed. - bpo-24959: Fix bug where unittest sometimes drops frames from tracebacks of exceptions raised in tests. - bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner. - bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution. - bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion. - bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner. - bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner. - bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython. - bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner. - bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner. - bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale. - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__. - bpo-45925: Update Windows installer to use SQLite 3.37.2. - bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, 'Close' and 'Exit' are now 'Close Window' (the current one) and 'Exit' is now 'Exit IDLE' (by closing all windows). In Shell, 'quit()' and 'exit()' mean 'close Shell'. If there are no other windows, this also exits IDLE. - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy. Important SUSE bug 1192249 SUSE bug 1198511 CVE-2015-20107 cpe:/o:opensuse:leap:15.4 Security update for liblouis (Important) openSUSE Leap 15.4 This update for liblouis fixes the following issues: - CVE-2022-26981: fix buffer overrun in compilePassOpcode (bsc#1197085). - CVE-2022-31783: prevent an invalid memory write in compileRule (bsc#1200120). Important SUSE bug 1197085 SUSE bug 1200120 CVE-2022-26981 CVE-2022-31783 cpe:/o:opensuse:leap:15.4 Security update for php7 (Important) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645) - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628). Important SUSE bug 1200628 SUSE bug 1200645 CVE-2022-31625 CVE-2022-31626 cpe:/o:opensuse:leap:15.4 Security update for rubygem-rack (Critical) openSUSE Leap 15.4 This update for rubygem-rack fixes the following issues: - CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS (bsc#1200748) - CVE-2022-30123: Fixed crafted requests can cause shell escape sequences (bsc#1200750) Critical SUSE bug 1200748 SUSE bug 1200750 CVE-2022-30122 CVE-2022-30123 cpe:/o:opensuse:leap:15.4 Security update for liblouis (Important) openSUSE Leap 15.4 This update for liblouis fixes the following issues: - CVE-2022-26981: fix buffer overrun in compilePassOpcode (bsc#1197085). - CVE-2022-31783: prevent an invalid memory write in compileRule (bsc#1200120). Important SUSE bug 1130813 SUSE bug 1197085 SUSE bug 1200120 CVE-2022-26981 CVE-2022-31783 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Moderate) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2019-17540: Fixed heap-based buffer overflow in ReadPSInfo in coders/ps.c. (bsc#1153866) - CVE-2022-32545: Fixed an outside the range of representable values of type. (bsc#1200388) - CVE-2022-32546: Fixed an outside the range of representable values of type. (bsc#1200389) - CVE-2022-32547: Fixed a load of misaligned address at MagickCore/property.c. (bsc#1200387) Moderate SUSE bug 1153866 SUSE bug 1200387 SUSE bug 1200388 SUSE bug 1200389 CVE-2019-17540 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547 cpe:/o:opensuse:leap:15.4 Security update for qemu (Important) openSUSE Leap 15.4 This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak (bsc#1198712) - CVE-2022-26353: Fixed map leaking on error during receive (bsc#1198711) - CVE-2021-4207: Fixed double fetch in qxl_cursor() can lead to heap buffer overflow (bsc#1198037) - CVE-2021-4206: Fixed integer overflow in cursor_alloc() can lead to heap buffer overflow (bsc#1198035) Important SUSE bug 1197084 SUSE bug 1198035 SUSE bug 1198037 SUSE bug 1198711 SUSE bug 1198712 SUSE bug 1199015 SUSE bug 1199018 SUSE bug 1199625 SUSE bug 1199924 CVE-2021-4206 CVE-2021-4207 CVE-2022-26353 CVE-2022-26354 cpe:/o:opensuse:leap:15.4 Security update for dpdk (Important) openSUSE Leap 15.4 This update of dpdk fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.4 Security update for php7 (Important) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645) - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628). Important SUSE bug 1200628 SUSE bug 1200645 CVE-2022-31625 CVE-2022-31626 cpe:/o:opensuse:leap:15.4 Security update for haproxy (Moderate) openSUSE Leap 15.4 This update for haproxy fixes the following issues: - CVE-2022-0711: haproxy: Denial of service via set-cookie2 header (bsc#1196408). Moderate SUSE bug 1196408 CVE-2022-0711 cpe:/o:opensuse:leap:15.4 Security update for python310 (Important) openSUSE Leap 15.4 This update for python310 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). - Update to 3.10.5: - Core and Builtins - gh-93418: Fixed an assert where an f-string has an equal sign '=' following an expression, but there's no trailing brace. For example, f'{i='. - gh-91924: Fix __ltrace__ debug feature if the stdout encoding is not UTF-8. Patch by Victor Stinner. - gh-93061: Backward jumps after async for loops are no longer given dubious line numbers. - gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees. - The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details. - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-47212: Raise IndentationError instead of SyntaxError for a bare except with no following indent. Improve SyntaxError locations for an un-parenthesized generator used as arguments. Patch by Matthieu Dartiailh. - bpo-47182: Fix a crash when using a named unicode character like '\N{digit nine}' after the main interpreter has been initialized a second time. - bpo-47117: Fix a crash if we fail to decode characters in interactive mode if the tokenizer buffers are uninitialized. Patch by Pablo Galindo. - bpo-39829: Removed the __len__() call when initializing a list and moved initializing to list_extend. Patch by Jeremiah Pascual. - bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the --without-doc-strings compilation flag no longer do so. - The classes affected are ctypes.UnionType, pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias. - The functions affected are 24 methods in ctypes. - Patch by Oleg Iarygin. - bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters. - Library - gh-93156: Accessing the pathlib.PurePath.parents sequence of an absolute path using negative index values produced incorrect results. - gh-89973: Fix re.error raised in fnmatch if the pattern contains a character range with upper bound lower than lower bound (e.g. [c-a]). Now such ranges are interpreted as empty ranges. - gh-93010: In a very special case, the email package tried to append the nonexistent InvalidHeaderError to the defect list. It should have been InvalidHeaderDefect. - gh-92839: Fixed crash resulting from calling bisect.insort() or bisect.insort_left() with the key argument not equal to None. - gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle. - gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify(). - gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled. - bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by G?ry Ogam. - gh-91401: Provide a fail-safe way to disable subprocess use of vfork() via a private subprocess._USE_VFORK attribute. While there is currently no known need for this, if you find a need please only set it to False. File a CPython issue as to why you needed it and link to that from a comment in your code. This attribute is documented as a footnote in 3.11. - gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules. - gh-91810: ElementTree method write() and function tostring() now use the text file's encoding ('UTF-8' if not available) instead of locale encoding in XML declaration when encoding='unicode' is specified. - gh-91832: Add required attribute to argparse.Action repr output. - gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised. - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test. - gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError. - gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu. - gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is 'fork' as that can lead to deadlocks in the child processes due to a fork happening while threads are running. - gh-91575: Update case-insensitive matching in the re module to the latest Unicode version. - gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle. - bpo-47260: Fix os.closerange() potentially being a no-op in a Linux seccomp sandbox. - bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile instead of ValueError when reading a corrupt zip file in which the central directory offset is negative. - bpo-47151: When subprocess tries to use vfork, it now falls back to fork if vfork returns an error. This allows use in situations where vfork isn't allowed by the OS kernel. - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX. - bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters. - bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context. - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak - bpo-45393: Fix the formatting for await x and not x in the operator precedence table when using the help() system. - bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter. - bpo-28249: Set doctest.DocTest.lineno to None when object does not have __doc__. - bpo-45138: Fix a regression in the sqlite3 trace callback where bound parameters were not expanded in the passed statement string. The regression was introduced in Python 3.10 by bpo-40318. Patch by Erlend E. Aasland. - bpo-44493: Add missing terminated NUL in sockaddr_un's length - This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. - bpo-42627: Fix incorrect parsing of Windows registry proxy settings - bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev. - Documentation - gh-86438: Clarify that -W and PYTHONWARNINGS are matched literally and case-insensitively, rather than as regular expressions, in warnings. - gh-92240: Added release dates for 'What's New in Python 3.X' for 3.0, 3.1, 3.2, 3.8 and 3.10 - gh-91888: Add a new gh role to the documentation to link to GitHub issues. - gh-91783: Document security issues concerning the use of the function shutil.unpack_archive() - gh-91547: Remove 'Undocumented modules' page. - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree(). - bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529. - bpo-47138: Pin Jinja to a version compatible with Sphinx version 3.2.1. - bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7's Documentation Strings paragraph. Patch by Oleg Iarygin. - bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky. - bpo-40838: Document that inspect.getdoc(), inspect.getmodule(), and inspect.getsourcefile() might return None. - bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents. - bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed. - bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan 'yyyyyyyan' Orestes. - bpo-38056: Overhaul the Error Handlers documentation in codecs. - bpo-13553: Document tkinter.Tk args. - Tests - gh-92886: Fixing tests that fail when running with optimizations (-O) in test_imaplib.py. - gh-92670: Skip test_shutil.TestCopy.test_copyfile_nonexistent_dir test on AIX as the test uses a trailing slash to force the OS consider the path as a directory, but on AIX the trailing slash has no effect and is considered as a file. - gh-91904: Fix initialization of PYTHONREGRTEST_UNICODE_GUARD which prevented running regression tests on non-UTF-8 locale. - gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up. - bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD. - bpo-47104: Rewrite asyncio.to_thread() tests to use unittest.IsolatedAsyncioTestCase. - bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom. - Tools/Demos - gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter. - Update to 3.10.4: - bpo-46968: Check for the existence of the 'sys/auxv.h' header in faulthandler to avoid compilation problems in systems where this header doesn't exist. Patch by Pablo Galindo - bpo-23691: Protect the re.finditer() iterator from re-entering. - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a 'zipfile.BadZipFile: Bad CRC-32 for file' exception when reading a ZipFile from multiple threads. - bpo-38256: Fix binascii.crc32() when it is compiled to use zlib'c crc32 to work properly on inputs 4+GiB in length instead of returning the wrong result. The workaround prior to this was to always feed the function data in increments smaller than 4GiB or to just call the zlib module function. - bpo-39394: A warning about inline flags not at the start of the regular expression now contains the position of the flag. - bpo-47061: Deprecate the various modules listed by PEP 594: - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau, telnetlib, uu, xdrlib - bpo-2604: Fix bug where doctests using globals would fail when run multiple times. - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. - bpo-47022: The asynchat, asyncore and smtpd modules have been deprecated since at least Python 3.6. Their documentation and deprecation warnings and have now been updated to note they will removed in Python 3.12 (PEP 594). - bpo-46421: Fix a unittest issue where if the command was invoked as python -m unittest and the filename(s) began with a dot (.), a ValueError is returned. - bpo-40296: Fix supporting generic aliases in pydoc. - Update to 3.10.3: - bpo-46940: Avoid overriding AttributeError metadata information for nested attribute access calls. Patch by Pablo Galindo. - bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner. - bpo-46794: Bump up the libexpat version into 2.4.6 - bpo-46820: Fix parsing a numeric literal immediately (without spaces) followed by 'not in' keywords, like in 1not in x. Now the parser only emits a warning, not a syntax error. - bpo-46762: Fix an assert failure in debug builds when a '<', '>', or '=' is the last character in an f-string that's missing a closing right brace. - bpo-46724: Make sure that all backwards jumps use the JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an argument of (2**32)+offset. - bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra. - bpo-46707: Avoid potential exponential backtracking when producing some syntax errors involving lots of brackets. Patch by Pablo Galindo. - bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c. - bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated. - bpo-45773: Remove two invalid 'peephole' optimizations from the bytecode compiler. - bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property. - bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings. - bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner. - bpo-46383: Fix invalid signature of _zoneinfo's module_free function to resolve a crash on wasm32-emscripten platform. - bpo-46070: Py_EndInterpreter() now explicitly untracks all objects currently tracked by the GC. Previously, if an object was used later by another interpreter, calling PyObject_GC_UnTrack() on the object crashed if the previous or the next object of the PyGC_Head structure became a dangling pointer. Patch by Victor Stinner. - bpo-46339: Fix a crash in the parser when retrieving the error text for multi-line f-strings expressions that do not start in the first line of the string. Patch by Pablo Galindo - bpo-46240: Correct the error message for unclosed parentheses when the tokenizer doesn't reach the end of the source when the error is reported. Patch by Pablo Galindo - bpo-46091: Correctly calculate indentation levels for lines with whitespace character that are ended by line continuation characters. Patch by Pablo Galindo - bpo-43253: Fix a crash when closing transports where the underlying socket handle is already invalid on the Proactor event loop. - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings. - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4) - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension's request to Linux kernel to use AMX_TILE instruction set on Sapphire Rapids Xeon processor to succeed, unblocking use of the ISA in frameworks. - bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch by Stefan Zabka. - bpo-23325: The signal module no longer assumes that SIG_IGN and SIG_DFL are small int singletons. - bpo-46932: Update bundled libexpat to 2.4.7 - bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when the iterator is not exhausted. Patch by Jacob Walls. - bpo-44886: Inherit asyncio proactor datagram transport from asyncio.DatagramTransport. - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for selector-based event loops. Patch by Thomas Grainger. - bpo-46811: Make test suite support Expat >=2.4.5 - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to transport-based APIs. - bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python. - bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders when running from the guest operating-system. - bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo. - bpo-46643: In typing.get_type_hints(), support evaluating stringified ParamSpecArgs and ParamSpecKwargs annotations. Patch by Gregory Beauregard. - bpo-45863: When the tarfile module creates a pax format archive, it will put an integer representation of timestamps in the ustar header (if possible) for the benefit of older unarchivers, in addition to the existing full-precision timestamps in the pax extended header. - bpo-46676: Make typing.ParamSpec args and kwargs equal to themselves. Patch by Gregory Beauregard. - bpo-46672: Fix NameError in asyncio.gather() when initial type check fails. - bpo-46655: In typing.get_type_hints(), support evaluating bare stringified TypeAlias annotations. Patch by Gregory Beauregard. - bpo-45948: Fixed a discrepancy in the C implementation of the xml.etree.ElementTree module. Now, instantiating an xml.etree.ElementTree.XMLParser with a target=None keyword provides a default xml.etree.ElementTree.TreeBuilder target as the Python implementation does. - bpo-46521: Fix a bug in the codeop module that was incorrectly identifying invalid code involving string quotes as valid code. - bpo-46581: Brings ParamSpec propagation for GenericAlias in line with Concatenate (and others). - bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable. - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 - bpo-46487: Add the get_write_buffer_limits method to asyncio.transports.WriteTransport and to the SSL transport. - bpo-45173: Note the configparser deprecations will be removed in Python 3.12. - bpo-46539: In typing.get_type_hints(), support evaluating stringified ClassVar and Final annotations inside Annotated. Patch by Gregory Beauregard. - bpo-46491: Allow typing.Annotated to wrap typing.Final and typing.ClassVar. Patch by Gregory Beauregard. - bpo-46436: Fix command-line option -d/--directory in module http.server which is ignored when combined with command-line option --cgi. Patch by G?ry Ogam. - bpo-41403: Make mock.patch() raise a TypeError with a relevant error message on invalid arg. Previously it allowed a cryptic AttributeError to escape. - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace. - bpo-46469: asyncio generic classes now return types.GenericAlias in __class_getitem__ instead of the same class. - bpo-46434: pdb now gracefully handles help when __doc__ is missing, for example when run with pregenerated optimized .pyc files. - bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef now honor the module parameter of typing.ForwardRef. Forward references from different modules are now differentiated. - bpo-46246: Add missing __slots__ to importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. - bpo-46266: Improve day constants in calendar. - Now all constants (MONDAY ... SUNDAY) are documented, tested, and added to __all__. - bpo-46232: The ssl module now handles certificates with bit strings in DN correctly. - bpo-43118: Fix a bug in inspect.signature() that was causing it to fail on some subclasses of classes with a __text_signature__ referencing module globals. Patch by Weipeng Hong. - bpo-26552: Fixed case where failing asyncio.ensure_future() did not close the coroutine. Patch by Kumar Aditya. - bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a directory name with a trailing slash. - bpo-20392: Fix inconsistency with uppercase file extensions in MimeTypes.guess_type(). Patch by Kumar Aditya. - bpo-46080: Fix exception in argparse help text generation if a argparse.BooleanOptionalAction argument's default is argparse.SUPPRESS and it has help specified. Patch by Felix Fontein. - bpo-44439: Fix .write() method of a member file in ZipFile, when the input data is an object that supports the buffer protocol, the file length may be wrong. - bpo-45703: When a namespace package is imported before another module from the same namespace is created/installed in a different sys.path location while the program is running, calling the importlib.invalidate_caches() function will now also guarantee the new module is noticed. - bpo-24959: Fix bug where unittest sometimes drops frames from tracebacks of exceptions raised in tests. - bpo-44791: Fix substitution of ParamSpec in Concatenate with different parameter expressions. Substitution with a list of types returns now a tuple of types. Substitution with Concatenate returns now a Concatenate with concatenated lists of arguments. - bpo-14156: argparse.FileType now supports an argument of '-' in binary mode, returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes including 'x' and 'a' are treated equivalently to 'w' when argument is '-'. Patch contributed by Josh Rosenberg - bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner. - bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution. - bpo-46678: The function make_legacy_pyc in Lib/test/support/import_helper.py no longer fails when PYTHONPYCACHEPREFIX is set to a directory on a different device from where tempfiles are stored. - bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion. - bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner. - bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner. - bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython. - bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner. - bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner. - bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale. - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__. - bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, 'Close' and 'Exit' are now 'Close Window' (the current one) and 'Exit' is now 'Exit IDLE' (by closing all windows). In Shell, 'quit()' and 'exit()' mean 'close Shell'. If there are no other windows, this also exits IDLE. - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy. - bpo-46433: The internal function _PyType_GetModuleByDef now correctly handles inheritance patterns involving static types. - bpo-14916: Fixed bug in the tokenizer that prevented PyRun_InteractiveOne from parsing from the provided FD. Important SUSE bug 1198511 CVE-2015-20107 cpe:/o:opensuse:leap:15.4 Security update for php7 (Important) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2021-21707: Fixed a special character breaks path in xml parsing. (bsc#1193041) - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645) - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628) Important SUSE bug 1193041 SUSE bug 1200628 SUSE bug 1200645 CVE-2021-21707 CVE-2022-31625 CVE-2022-31626 cpe:/o:opensuse:leap:15.4 Security update for expat (Important) openSUSE Leap 15.4 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Important SUSE bug 1196025 SUSE bug 1196026 SUSE bug 1196168 SUSE bug 1196169 SUSE bug 1196171 SUSE bug 1196784 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 cpe:/o:opensuse:leap:15.4 Security update for 389-ds (Important) openSUSE Leap 15.4 This update for 389-ds fixes the following issues: - CVE-2021-4091: Fixed double free in psearch (bsc#1195324). - CVE-2022-1949: Fixed full access control bypass with simple crafted query (bsc#1199889). Important SUSE bug 1195324 SUSE bug 1199889 CVE-2021-4091 CVE-2022-1949 cpe:/o:opensuse:leap:15.4 Security update for xen (Important) openSUSE Leap 15.4 This update for xen fixes the following issues: - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) Important SUSE bug 1027519 SUSE bug 1199965 SUSE bug 1199966 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 cpe:/o:opensuse:leap:15.4 Security update for python-Twisted (Important) openSUSE Leap 15.4 This update for python-Twisted fixes the following issues: - CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory (bsc#1196739). Important SUSE bug 1196739 CVE-2022-21716 cpe:/o:opensuse:leap:15.4 Security update for liblouis (Important) openSUSE Leap 15.4 This update for liblouis fixes the following issues: - CVE-2022-26981: fix buffer overrun in compilePassOpcode (bsc#1197085). - CVE-2022-31783: prevent an invalid memory write in compileRule (bsc#1200120). Important SUSE bug 1197085 SUSE bug 1200120 CVE-2022-26981 CVE-2022-31783 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Moderate) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2022-32545: Fixed an outside the range of representable values of type. (bsc#1200388) - CVE-2022-32546: Fixed an outside the range of representable values of type. (bsc#1200389) - CVE-2022-32547: Fixed a load of misaligned address at MagickCore/property.c. (bsc#1200387) Moderate SUSE bug 1200387 SUSE bug 1200388 SUSE bug 1200389 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547 cpe:/o:opensuse:leap:15.4 Security update for apache2 (Important) openSUSE Leap 15.4 This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338) - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340) - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341) - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345) - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350) - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352) - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348) Important SUSE bug 1198913 SUSE bug 1200338 SUSE bug 1200340 SUSE bug 1200341 SUSE bug 1200345 SUSE bug 1200348 SUSE bug 1200350 SUSE bug 1200352 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 cpe:/o:opensuse:leap:15.4 Security update for php8 (Important) openSUSE Leap 15.4 This update for php8 fixes the following issues: - CVE-2021-21707: Fixed a special character that breaks path in xml parsing. (bsc#1193041) - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645) - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628) Important SUSE bug 1193041 SUSE bug 1200628 SUSE bug 1200645 CVE-2021-21707 CVE-2022-31625 CVE-2022-31626 cpe:/o:opensuse:leap:15.4 Security update for salt (Important) openSUSE Leap 15.4 This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass authentication when using PAM (bsc#1200566) Important SUSE bug 1200566 CVE-2022-22967 cpe:/o:opensuse:leap:15.4 Security update for curl (Important) openSUSE Leap 15.4 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) Important SUSE bug 1200734 SUSE bug 1200735 SUSE bug 1200736 SUSE bug 1200737 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 cpe:/o:opensuse:leap:15.4 Security update for openssl-3 (Important) openSUSE Leap 15.4 This update for openssl-3 fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-1292: Properly sanitise shell metacharacters in c_rehash script. (bsc#1199166) - CVE-2022-1343: Fixed incorrect signature verification in OCSP_basic_verify (bsc#1199167). - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). - CVE-2022-1434: Fixed incorrect MAC key used in the RC4-MD5 ciphersuite (bsc#1199168). - CVE-2022-1473: Fixed resource leakage when decoding certificates and keys (bsc#1199169). Important SUSE bug 1185637 SUSE bug 1199166 SUSE bug 1199167 SUSE bug 1199168 SUSE bug 1199169 SUSE bug 1200550 SUSE bug 1201099 CVE-2022-1292 CVE-2022-1343 CVE-2022-1434 CVE-2022-1473 CVE-2022-2068 CVE-2022-2097 cpe:/o:opensuse:leap:15.4 Security update for ldb, samba (Moderate) openSUSE Leap 15.4 This update for ldb, samba fixes the following issues: ldb was updated to version 2.4.2 to fix: + Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. samba was updated to fix: - Revert NIS support removal; (bsc#1199247); - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362); - Add missing samba-client requirement to samba-winbind package; (bsc#1198255); Update to 4.15.7 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * vfs_shadow_copy2 breaks 'smbd async dosmode' sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; (bso#14983); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Crash of winbind on RODC; (bso#14641); * uncached logon on RODC always fails once; (bso#14865); * KVNO off by 100000; (bso#14951); * LDAP simple binds should honour 'old password allowed period'; (bso#15001); * wbinfo -a doesn't work reliable with upn names; (bso#15003); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016); - Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995); - Add missing samba-libs requirement to samba-winbind package; (bsc#1198255); Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967); Other SUSE fixes: - Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files. - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338). - Fix ntlm authentications with 'winbind use default domain = yes'; (bso#13126); (bsc#1173429); (bsc#1196308). - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947). - libldb version mismatch in Samba dsdb component; (bsc#1118508); Moderate SUSE bug 1080338 SUSE bug 1118508 SUSE bug 1173429 SUSE bug 1195896 SUSE bug 1196224 SUSE bug 1196308 SUSE bug 1196788 SUSE bug 1197995 SUSE bug 1198255 SUSE bug 1199247 SUSE bug 1199362 CVE-2021-3670 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_1 (Important) openSUSE Leap 15.4 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). Important SUSE bug 1185637 SUSE bug 1199166 SUSE bug 1200550 SUSE bug 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793): - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651) Important SUSE bug 1200793 CVE-2022-2200 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-2226: An email with a mismatching OpenPGP signature date was accepted as valid (bmo#1775441) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102 (bmo#1763634, bmo#1772651) Important SUSE bug 1200793 CVE-2022-2200 CVE-2022-2226 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_0_0 (Moderate) openSUSE Leap 15.4 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Moderate SUSE bug 1199166 SUSE bug 1200550 CVE-2022-1292 CVE-2022-2068 cpe:/o:opensuse:leap:15.4 Security update for fwupd (Important) openSUSE Leap 15.4 This update of fwupd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.4 Security update for resource-agents (Important) openSUSE Leap 15.4 This update for resource-agents fixes the following issues: - Fixed predictable log file in /tmp in mariadb.in (bsc#1146691). - Allow aws-vpc-move-ip to specify an interface label to distinguish the IP address (bsc#1199766) - Implement options to disable DAD and to allow sending NA in the background (bsc#1196164) - Imporove error message if monpassword was not set (bsc#1197956) Important SUSE bug 1146691 SUSE bug 1196164 SUSE bug 1197956 SUSE bug 1199766 cpe:/o:opensuse:leap:15.4 Security update for fwupdate (Important) openSUSE Leap 15.4 This update of fwupdate fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.4 Security update for containerd, docker and runc (Important) openSUSE Leap 15.4 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container hasexited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. Important SUSE bug 1192051 SUSE bug 1199460 SUSE bug 1199565 SUSE bug 1200088 SUSE bug 1200145 CVE-2022-29162 CVE-2022-31030 cpe:/o:opensuse:leap:15.4 Security update for python (Important) openSUSE Leap 15.4 This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Important SUSE bug 1198511 CVE-2015-20107 cpe:/o:opensuse:leap:15.4 Security update for libnbd (Moderate) openSUSE Leap 15.4 This update for libnbd fixes the following issues: - CVE-2022-0485: Fixed nbdcopy failure if NBD read or write fails (bsc#1195636). Moderate SUSE bug 1195636 CVE-2022-0485 cpe:/o:opensuse:leap:15.4 Security update for freerdp (Critical) openSUSE Leap 15.4 This update for freerdp fixes the following issues: - CVE-2022-24882: Fixed incorrect check parameters in NTLM (bsc#1198919). - CVE-2022-24883: Fixed authentication against invalid SAM files (bsc#1198921). Critical SUSE bug 1198919 SUSE bug 1198921 CVE-2022-24882 CVE-2022-24883 cpe:/o:opensuse:leap:15.4 Security update for python3 (Important) openSUSE Leap 15.4 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Important SUSE bug 1198511 CVE-2015-20107 cpe:/o:opensuse:leap:15.4 Security update for squid (Important) openSUSE Leap 15.4 This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. (bsc#1200907) - Update to 5.6: - Improve handling of Gopher responses - Changes in 5.5: - fixes regression Bug 5192: esi_parser default is incorrect - Bug 5177: clientca certificates sent to https_port clients - Bug 5090: Must(!request->pinnedConnection()) violation - Kid restart leads to persistent queue overflows, delays/timeouts Important SUSE bug 1200907 CVE-2021-46784 cpe:/o:opensuse:leap:15.4 Security update for pcre2 (Important) openSUSE Leap 15.4 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) Important SUSE bug 1199232 CVE-2022-1586 cpe:/o:opensuse:leap:15.4 Security update for pcre (Important) openSUSE Leap 15.4 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) Important SUSE bug 1199232 CVE-2022-1586 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). - Fix Xserver crash on keyboard remapping (bsc#1200076) Important SUSE bug 1194179 SUSE bug 1194181 SUSE bug 1200076 SUSE bug 574 CVE-2022-2319 CVE-2022-2320 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). Important SUSE bug 1194179 SUSE bug 1194181 CVE-2022-2319 CVE-2022-2320 cpe:/o:opensuse:leap:15.4 Security update for cifs-utils (Important) openSUSE Leap 15.4 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Important SUSE bug 1197216 CVE-2022-27239 cpe:/o:opensuse:leap:15.4 Security update for virglrenderer (Important) openSUSE Leap 15.4 This update for virglrenderer fixes the following issues: - CVE-2022-0135: Fix OOB in read_transfer_data. (bsc#1195389) Important SUSE bug 1195389 CVE-2022-0135 cpe:/o:opensuse:leap:15.4 Security update for logrotate (Important) openSUSE Leap 15.4 This update for logrotate fixes the following issues: Security issues fixed: - CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652). - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). Important SUSE bug 1192449 SUSE bug 1199652 SUSE bug 1200278 SUSE bug 1200802 CVE-2022-1348 cpe:/o:opensuse:leap:15.4 Security update for oracleasm (Important) openSUSE Leap 15.4 This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.4 Security update for python-PyJWT (Important) openSUSE Leap 15.4 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). Important SUSE bug 1199756 CVE-2022-29217 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). The following non-security bugs were fixed: - exec: Force single empty string when argv is empty (bsc#1200571). Important SUSE bug 1194013 SUSE bug 1196901 SUSE bug 1199487 SUSE bug 1199657 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200604 SUSE bug 1200605 SUSE bug 1200608 SUSE bug 1200619 SUSE bug 1200692 SUSE bug 1200762 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201251 CVE-2021-26341 CVE-2021-4157 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 cpe:/o:opensuse:leap:15.4 Security update for nodejs14 (Important) openSUSE Leap 15.4 This update for nodejs14 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). Important SUSE bug 1201325 SUSE bug 1201326 SUSE bug 1201327 SUSE bug 1201328 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 cpe:/o:opensuse:leap:15.4 Security update for nodejs12 (Important) openSUSE Leap 15.4 This update for nodejs12 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). Important SUSE bug 1201325 SUSE bug 1201326 SUSE bug 1201327 SUSE bug 1201328 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 cpe:/o:opensuse:leap:15.4 Security update for dovecot23 (Important) openSUSE Leap 15.4 This update for dovecot23 fixes the following issues: - CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267). Important SUSE bug 1201267 CVE-2022-30550 cpe:/o:opensuse:leap:15.4 Security update for nodejs16 (Important) openSUSE Leap 15.4 This update for nodejs16 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). Important SUSE bug 1201325 SUSE bug 1201326 SUSE bug 1201327 SUSE bug 1201328 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-33743: Fixed a Denial of Service related to XDP (bsc#1200763). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bnc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bnc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-1998: Fixed a use after free in the file system notify functionality (bnc#1200284). - CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1852: Fixed a null-ptr-deref in the kvm module which can lead to DoS. (bsc#1199875) - CVE-2022-1789: Fixed a NULL pointer dereference when shadow paging is enabled. (bnc#1199674) - CVE-2022-1508: Fixed an out-of-bounds read flaw that could cause the system to crash. (bsc#1198968) - CVE-2022-1671: Fixed a null-ptr-deref bugs in net/rxrpc/server_key.c, unprivileged users could easily trigger it via ioctl. (bsc#1199439) - CVE-2022-1651: Fixed a bug in ACRN Device Model emulates virtual NICs in VM. This flaw may allow a local privileged attacker to leak kernel unauthorized information and also cause a denial of service problem. (bsc#1199433) - CVE-2022-29582: Fixed a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. (bnc#1198811) - CVE-2022-0494: Fixed a kernel information leak flaw in the scsi_ioctl function. This flaw allowed a local attacker with a special user privilege to create issues with confidentiality. (bnc#1197386) - CVE-2021-4204: Fixed a vulnerability that allows local attackers to escalate privileges on affected installations via ebpf. (bnc#1194111) - CVE-2022-23222: Fixed a bug that allowed local users to gain privileges. (bnc#1194765) - CVE-2022-0264: Fixed a vulnerability in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (bnc#1194826) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). The following non-security bugs were fixed: - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: bus: Avoid using CPPC if not supported by firmware (bsc#1199793). - ACPICA: Avoid cache flush inside virtual machines (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - ACPI: CPPC: Assume no transition latency if no PCCT (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Amend PWM enumeration ASL example (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: PM: Revert 'Only mark EC GPE for wakeup on Intel systems' (git-fixes). - ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (git-fixes). - ACPI: processor idle: Allow playing dead in C3 state (git-fixes). - ACPI: processor: idle: Avoid falling back to C3 type C-states (git-fixes). - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: property: Release subnode properties with data nodes (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: video: Change how we determine if brightness key-presses are handled (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (git-fixes). - aio: Fix incorrect usage of eventfd_signal_allowed() (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: core: Add snd_card_free_on_error() helper (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda: Add AlderLake-PS variant PCI ID (git-fixes). - ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake (git-fixes). - ALSA: hda: Avoid unsol event during RPM suspending (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda: Fix discovery of i915 graphics PCI device (bsc#1200611). - ALSA: hda: Fix driver index handling at re-binding (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ALSA: hda: Fix signedness of sscanf() arguments (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/i915: Fix one too many pci_dev_put() (git-fixes). - ALSA: hda/i915 - skip acomp init if no matching display (git-fixes). - ALSA: hda: intel-dspcfg: use SOF for UpExtreme and UpExtreme11 boards (git-fixes). - ALSA: hda: intel-dsp-config: update AlderLake PCI IDs (git-fixes). - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 (git-fixes). - ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (bsc#1195913). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda: realtek: Fix race at concurrent COEF updates (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Set max DMA segment size (git-fixes). - ALSA: hda: Skip codec shutdown in case the codec is not registered (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ALSA: memalloc: Fix dma_need_sync() checks (bsc#1195913). - ALSA: memalloc: invalidate SG pages before sync (bsc#1195913). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent prealloc proc writes (git-fixes). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX (git-fixes). - ALSA: usb-audio: add mapping for new Corsair Virtuoso SE (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb (git-fixes). - ALSA: usb-audio: Cancel pending work at closing a MIDI substream (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: Do not abort resume upon errors (bsc#1195913). - ALSA: usb-audio: Do not get sample rate for MCT Trigger 5 USB-to-HDMI (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: US16x08: Move overflow check before array access (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ALSA: x86: intel_hdmi_audio: enable pm_runtime and set autosuspend delay (git-fixes). - ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() (git-fixes). - alx: acquire mutex for alx_reinit in alx_change_mtu (git-fixes). - amd/display: set backlight only if required (git-fixes). - arch/arm64: Fix topology initialization for core scheduling (git-fixes). - arm64: Add Cortex-A510 CPU part definition (git-fixes). - arm64: Add part number for Arm Cortex-A78AE (git-fixes). - arm64: Add support for user sub-page fault probing (git-fixes) - arm64: alternatives: mark patch_alternative() as `noinstr` (git-fixes). - arm64: avoid fixmap race condition when create pud mapping (git-fixes). - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (git-fixes). - arm64: Correct wrong label in macro __init_el2_gicv3 (git-fixes). - arm64: defconfig: build imx-sdma as a module (git-fixes). - arm64: do not abuse pfn_valid() to ensure presence of linear map (git-fixes). - arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones (git-fixes). - arm64: Do not include __READ_ONCE() block in assembly files (git-fixes). - arm64: dts: agilex: use the compatible 'intel,socfpga-agilex-hsotg' (git-fixes). - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (git-fixes). - arm64: dts: broadcom: bcm4908: use proper TWD binding (git-fixes). - arm64: dts: broadcom: Fix sata nodename (git-fixes). - arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mm-venice: fix spi2 pin configuration (git-fixes) - arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (git-fixes) - arm64: dts: imx8mn: Fix SAI nodes (git-fixes) - arm64: dts: imx8mp-evk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct mmc pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (git-fixes). - arm64: dts: imx8mp-evk: correct vbus pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (git-fixes). - arm64: dts: imx8mq: fix lcdif port node (git-fixes). - arm64: dts: imx8qm: Correct SCU clock controller's compatible (git-fixes) - arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes (git-fixes). - arm64: dts: juno: Remove GICv2m dma-range (git-fixes). - arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus (git-fixes). - arm64: dts: ls1043a: Update i2c dma properties (git-fixes). - arm64: dts: ls1046a: Update i2c node dma properties (git-fixes). - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes). - arm64: dts: marvell: espressobin-ultra: enable front USB3 port (git-fixes). - arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config (git-fixes). - arm64: dts: meson-g12: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133' (git-fixes). - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (git-fixes). - arm64: dts: meson-gx: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for GPIOE_2 (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1 (git-fixes). - arm64: dts: meson-sm1-odroid: fix boot loop after reboot (git-fixes). - arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator (git-fixes). - arm64: dts: mt8192: Fix nor_flash status disable typo (git-fixes). - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes). - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (git-fixes). - arm64: dts: qcom: msm8916-huawei-g7: Clarify installation instructions (git-fixes). - arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count (git-fixes). - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (git-fixes). - arm64: dts: qcom: msm8994: Fix the cont_splash_mem address (git-fixes). - arm64: dts: qcom: msm8996: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: msm8996: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: pm8350c: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: pmr735a: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name (git-fixes). - arm64: dts: qcom: sdm845-db845c: add wifi variant property (git-fixes). - arm64: dts: qcom: sdm845: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sdm845: fix microphone bias properties and values (git-fixes). - arm64: dts: qcom: sdm845: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property (git-fixes). - arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8250: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2 (git-fixes). - arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema (git-fixes). - arm64: dts: qcom: sm8350: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8350: Correct UFS symbol clocks (git-fixes). - arm64: dts: qcom: sm8350: Describe GCC dependency clocks (git-fixes). - arm64: dts: qcom: sm8350: Shorten camera-thermal-bottom name (git-fixes). - arm64: dts: renesas: Fix thermal bindings (git-fixes). - arm64: dts: renesas: ulcb-kf: fix wrong comment (git-fixes). - arm64: dts: rockchip: align pl330 node name with dtschema (git-fixes). - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (git-fixes). - arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (git-fixes). - arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes). - arm64: dts: rockchip: reorder rk3399 hdmi clocks (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: j721e-main: Fix 'dtbs_check' in serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (git-fixes). - arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates (git-fixes). - arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs (git-fixes). - arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (git-fixes). - arm64: Ensure execute-only permissions are not allowed without EPAN (git-fixes) - arm64: fix clang warning about TRAMP_VALIAS (git-fixes). - arm64: fix types in copy_highpage() (git-fixes). - arm64: ftrace: consistently handle PLTs (git-fixes). - arm64: ftrace: fix branch range checks (git-fixes). - arm64: kasan: fix include error in MTE functions (git-fixes). - arm64: kvm: keep the field workaround_flags in structure kvm_vcpu_arch (git-fixes). - arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL (git-fixes) - arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit definition (git-fixes). - arm64: mm: fix p?d_leaf() (git-fixes). - arm64: module: remove (NOLOAD) from linker script (git-fixes). - arm64: mte: Ensure the cleared tags are visible before setting the PTE (git-fixes). - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: patch_text: Fixup last cpu should be master (git-fixes). - arm64: prevent instrumentation of bp hardening callbacks (git-fixes). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64: stackleak: fix current_top_of_stack() (git-fixes). - arm64: supported.conf: mark PHY_FSL_IMX8MQ_USB as supported (bsc#1199909) - arm64: tegra: Add missing DFLL reset on Tegra210 (git-fixes). - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (git-fixes). - arm64: Update config files. (bsc#1199909) Add pfuze100 regulator as module - arm64: vdso: fix makefile dependency on vdso.so (git-fixes). - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes). - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (git-fixes). - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (git-fixes). - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (git-fixes). - ARM: at91: fix soc detection for SAM9X60 SiPs (git-fixes). - ARM: at91: pm: use proper compatible for sama5d2's rtc (git-fixes). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (git-fixes). - ARM: boot: dts: bcm2711: Fix HVS register range (git-fixes). - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx (git-fixes). - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes). - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes). - ARM: Do not use NOCROSSREFS directive with ld.lld (git-fixes). - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes). - ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (git-fixes). - ARM: dts: aspeed: Add secure boot controller node (git-fixes). - ARM: dts: aspeed: Add video engine to g6 (git-fixes). - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (git-fixes). - ARM: dts: aspeed: Fix AST2600 quad spi group (git-fixes). - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (git-fixes). - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (git-fixes). - ARM: dts: at91: fix pinctrl phandles (git-fixes). - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (git-fixes). - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (git-fixes). - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes). - ARM: dts: bcm2711: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes). - ARM: dts: bcm2837: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes). - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes). - ARM: dts: BCM5301X: update CRU block description (git-fixes). - ARM: dts: BCM5301X: Update pin controller node name (git-fixes). - ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks (git-fixes). - ARM: dts: dra7: Fix suspend warning for vpe powerdomain (git-fixes). - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5250 (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5420 (git-fixes). - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes). - ARM: dts: Fix boot regression on Skomer (git-fixes). - ARM: dts: Fix mmc order for omap3-gta04 (git-fixes). - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes). - ARM: dts: Fix timer regression for beagleboard revision c (git-fixes). - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes). - ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (git-fixes). - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes). - ARM: dts: imx6qdl: correct PU regulator ramp delay (git-fixes). - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes). - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes). - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (git-fixes). - ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo (git-fixes). - ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk (git-fixes). - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes). - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes). - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson: Fix the UART compatible strings (git-fixes). - ARM: dts: ox820: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 (git-fixes). - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes). - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes). - ARM: dts: qcom: sdx55: fix IPA interconnect definitions (git-fixes). - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (git-fixes). - ARM: dts: rockchip: reorder rk322x hmdi clocks (git-fixes). - ARM: dts: s5pv210: align DMA channels with dtschema (git-fixes). - ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries (git-fixes). - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (git-fixes). - ARM: dts: socfpga: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: socfpga: change qspi to 'intel,socfpga-qspi' (git-fixes). - ARM: dts: spear1340: Update serial node properties (git-fixes). - ARM: dts: spear13xx: Update SPI dma properties (git-fixes). - ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 (git-fixes). - ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 (git-fixes). - ARM: dts: sun8i: v3s: Move the csi1 block to follow address order (git-fixes). - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes). - ARM: dts: switch timer config to common devkit8000 devicetree (git-fixes). - ARM: dts: Use 32KiHz oscillator on devkit8000 (git-fixes). - ARM: exynos: Fix refcount leak in exynos_map_pmu (git-fixes). - ARM: fix build warning in proc-v7-bugs.c (git-fixes). - ARM: fix co-processor register typo (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ARM: Fix refcount leak in axxia_boot_secondary (git-fixes). - ARM: fix Thumb2 regression with Spectre BHB (git-fixes). - ARM: ftrace: avoid redundant loads or clobbering IP (git-fixes). - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes). - ARM: hisi: Add missing of_node_put after of_find_compatible_node (git-fixes). - ARM: iop32x: offset IRQ numbers by 1 (git-fixes). - ARM: kprobes: Make space for instruction pointer on stack (bsc#1193277). - ARM: mediatek: select arch timer for mt7629 (git-fixes). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (git-fixes). - ARM: mmp: Fix failure to remove sram device (git-fixes). - ARM: mstar: Select HAVE_ARM_ARCH_TIMER (git-fixes). - ARM: mxs_defconfig: Enable the framebuffer (git-fixes). - ARM: omap1: ams-delta: remove camera leftovers (git-fixes). - ARM: OMAP1: clock: Fix UART rate reporting algorithm (git-fixes). - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes). - ARM: OMAP2+: hwmod: Add of_node_put() before break (git-fixes). - ARM: pxa: maybe fix gpio lookup tables (git-fixes). - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes). - ARM: Spectre-BHB: provide empty stub for non-config (git-fixes). - ARM: tegra: tamonten: Fix I2C3 pad setting (git-fixes). - ARM: vexpress/spc: Avoid negative array index when !SMP (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: amd: vg: fix for pm resume callback sequence (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe (git-fixes). - ASoC: atmel: Fix error handling in snd_proto_probe (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: codecs: Check for error pointer after calling devm_regmap_init_mmio (git-fixes). - ASoC: codecs: lpass-rx-macro: fix sidetone register offsets (git-fixes). - ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: rx-macro: fix accessing compander for aux (git-fixes). - ASoC: codecs: va-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wc938x: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: codecs: wcd934x: fix kcontrol max values (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: codecs: wcd938x: fix return value of mixer put function (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: cs42l51: Correct minimum value for SX volume control (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: fsl: Use dev_err_probe() helper (git-fixes). - ASoC: hdmi-codec: Fix OOB memory accesses (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 (git-fixes). - ASoC: intel: skylake: Set max DMA segment size (git-fixes). - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (git-fixes). - ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13' (git-fixes). - ASoC: madera: Add dependencies on MFD (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe (git-fixes). - ASoC: mediatek: use of_device_get_match_data() (git-fixes). - ASoC: meson: Fix event generation for AUI ACODEC mux (git-fixes). - ASoC: meson: Fix event generation for AUI CODEC mux (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: qcom: Actually clear DMA interrupt register for HDMI (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rk817: Fix missing clk_disable_unprepare() in rk817_platform_probe (git-fixes). - ASoC: rk817: Use devm_clk_get() in rk817_platform_probe (git-fixes). - ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() (git-fixes). - ASoC: rsnd: care return value from rsnd_node_fixed_index() (git-fixes). - ASoC: rt1015p: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - ASoC: samsung: Fix refcount leak in aries_audio_probe (git-fixes). - ASoC: samsung: Use dev_err_probe() helper (git-fixes). - ASoC: simple-card: fix probe failure on platform component (git-fixes). - ASoC: simple-card-utils: Set sysclk on all components (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ASoC: soc-ops: fix error handling (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (git-fixes). - ASoC: SOF: hda: Set max DMA segment size (git-fixes). - ASoC: SOF: Intel: enable DMI L1 for playback streams (git-fixes). - ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV (git-fixes). - ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM (git-fixes). - ASoC: SOF: Intel: match sdw version on link_slaves_found (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: tas2770: Insert post reset delay (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - asus-wmi: Add dgpu disable method (bsc#1198058). - asus-wmi: Add egpu enable method (bsc#1198058). - asus-wmi: Add panel overdrive functionality (bsc#1198058). - asus-wmi: Add support for platform_profile (bsc#1198058). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath10k: skip ath10k_halt during suspend for driver state RESTARTING (git-fixes). - ath11k: acquire ab->base_lock in unassign when finding the peer by addr (git-fixes). - ath11k: disable spectral scan during spectral deinit (git-fixes). - ath11k: Do not check arvif->is_started before sending management frames (git-fixes). - ath11k: fix kernel panic during unload/load ath11k modules (git-fixes). - ath11k: mhi: use mhi_sync_power_up() (git-fixes). - ath11k: pci: fix crash on suspend if board file is not found (git-fixes). - ath11k: set correct NL80211_FEATURE_DYNAMIC_SMPS for WCN6855 (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC (git-fixes). - atm: eni: Add check for dma_map_single (git-fixes). - atm: firestream: check the return value of ioremap() in fs_init() (git-fixes). - atomics: Fix atomic64_{read_acquire,set_release} fallbacks (git-fixes). - audit: ensure userspace is penalized the same as the kernel when under pressure (git-fixes). - audit: improve audit queue handling when 'audit=1' on cmdline (git-fixes). - audit: improve robustness of the audit queue handling (git-fixes). - auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature (git-fixes). - auxdisplay: lcd2s: Fix memory leak in ->remove() (git-fixes). - auxdisplay: lcd2s: Use proper API to free the instance of charlcd object (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: fix use-after-free problem in bcache_device_free() (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bfq: Allow current waker to defend against a tentative one (bsc#1195915). - bfq: Avoid false marking of bic as stably merged (bsc#1197926). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Do not let waker requests skip proper accounting (bsc#1184318). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Fix warning in bfqq_request_over_limit() (bsc#1200812). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Limit waker detection in time (bsc#1184318). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Relax waker detection for shared queues (bsc#1184318). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (git-fixes). - bitfield: add explicit inclusions to the example (git-fixes). - blkcg: Remove extra blkcg_bio_issue_init (bsc#1194585). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - blk-cgroup: set blkg iostat after percpu stat aggregation (bsc#1198018). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() (bsc#1198034). - blk-mq: do not touch ->tagset in blk_mq_get_sq_hctx (bsc#1200824). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - blktrace: fix use after free for struct blk_trace (bsc#1198017). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1198016). - block: avoid to quiesce queue in elevator_init_mq (bsc#1198013). - block, bfq: fix UAF problem in bfqg_stats_init() (bsc#1194583). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: Check ADMIN before NICE for IOPRIO_CLASS_RT (bsc#1198012). - block: do not delete queue kobject before its children (bsc#1198019). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: fix async_depth sysfs interface for mq-deadline (bsc#1198015). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (git-fixes). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - block: Fix the maximum minor value is blk_alloc_ext_minor() (bsc#1198021). - block: Fix up kabi after blkcg merge fix (bsc#1198020). - block: Hold invalidate_lock in BLKRESETZONE ioctl (bsc#1198010). - block: limit request dispatch loop duration (bsc#1198022). - block/mq-deadline: Improve request accounting further (bsc#1198009). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products (git-fixes). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: btusb: Add another Realtek 8761BU (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (git-fixes). - Bluetooth: btusb: Whitespace fixes for btusb_setup_csr() (git-fixes). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg} (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - Bluetooth: use hdev lock for accept_list and reject_list in conn req (git-fixes). - Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring (git-fixes). - Bluetooth: use memset avoid memory leaks (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bnxt_en: Do not destroy health reporters during reset (bsc#1199736). - bnxt_en: Eliminate unintended link toggle during FW reset (bsc#1199736). - bnxt_en: Fix active FEC reporting to ethtool (git-fixes). - bnxt_en: Fix devlink fw_activate (jsc#SLE-18978). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (git-fixes). - bnxt_en: Fix unnecessary dropping of RX packets (git-fixes). - bnxt_en: Increase firmware message response DMA wait time (git-fixes). - bnxt_en: Prevent XDP redirect from running when stopping TX queue (git-fixes). - bnxt_en: reserve space inside receive page for skb_shared_info (git-fixes). - bnxt_en: Restore the resets_reliable flag in bnxt_open() (jsc#SLE-18978). - bnxt_en: Synchronize tx when xdp redirects happen on same ring (git-fixes). - bonding: fix data-races around agg_select_timer (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Add check_func_arg_reg_off function (git-fixes). - bpf: add config to allow loading modules with BTF mismatches (bsc#1194501). - bpf: Avoid races in __bpf_prog_run() for 32bit arches (git-fixes). - bpf: Disallow negative offset in check_ptr_off_reg (git-fixes). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg (git-fixes). - bpf: Fix PTR_TO_BTF_ID var_off check (git-fixes). - bpf: Fix UAF due to race between btf_try_get_module and load_module (git-fixes). - bpf: Mark PTR_TO_FUNC register initially with zero offset (git-fixes). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes). - bpf: selftests: adapt bpf_iter_task_vma to get_inode_dev() (bsc#1198585). - bpf, selftests: Fix racing issue in btf_skc_cls_ingress test (git-fixes). - bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer (git-fixes). - bpftool: Fix memory leak in prog_dump() (git-fixes). - bpftool: Remove inclusion of utilities.mak from Makefiles (git-fixes). - bpftool: Remove unused includes to bpf/bpf_gen_internal.h (git-fixes). - bpftool: Remove useless #include to perf-sys.h from map_perf_ring.c (git-fixes). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: firmware: Fix crash in brcm_alt_fw_path (git-fixes). - brcmfmac: pcie: Declare missing firmware files in pcie.c (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - btrfs: add a BTRFS_FS_ERROR helper (bsc#1197915). - btrfs: add btrfs_set_item_*_nr() helpers (bsc#1197915). - btrfs: add helper to truncate inode items when logging inode (bsc#1197915). - btrfs: add missing run of delayed items after unlink during log replay (bsc#1197915). - btrfs: add ro compat flags to inodes (bsc#1197915). - btrfs: always update the logged transaction when logging new names (bsc#1197915). - btrfs: assert that extent buffers are write locked instead of only locked (bsc#1197915). - btrfs: avoid attempt to drop extents when logging inode for the first time (bsc#1197915). - btrfs: avoid expensive search when dropping inode items from log (bsc#1197915). - btrfs: avoid expensive search when truncating inode items from the log (bsc#1197915). - btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page (git-fixes) - btrfs: avoid search for logged i_size when logging inode if possible (bsc#1197915). - btrfs: avoid unnecessarily logging directories that had no changes (bsc#1197915). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1197915). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1197915). - btrfs: change error handling for btrfs_delete_*_in_log (bsc#1197915). - btrfs: change handle_fs_error in recover_log_trees to aborts (bsc#1197915). - btrfs: check if a log tree exists at inode_logged() (bsc#1197915). - btrfs: constify and cleanup variables in comparators (bsc#1197915). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1197915). - btrfs: do not log new dentries when logging that a new name exists (bsc#1197915). - btrfs: do not pin logs too early during renames (bsc#1197915). - btrfs: drop the _nr from the item helpers (bsc#1197915). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1197915). - btrfs: factor out the copying loop of dir items from log_dir_items() (bsc#1197915). - btrfs: fix lost prealloc extents beyond eof after full fsync (bsc#1197915). - btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). - btrfs: fix memory leak in __add_inode_ref() (bsc#1197915). - btrfs: fix missing last dir item offset update when logging directory (bsc#1197915). - btrfs: fix re-dirty process of tree-log nodes (bsc#1197915). - btrfs: improve the batch insertion of delayed items (bsc#1197915). - btrfs: insert items in batches when logging a directory when possible (bsc#1197915). - btrfs: introduce btrfs_lookup_match_dir (bsc#1197915). - btrfs: introduce item_nr token variant helpers (bsc#1197915). - btrfs: keep track of the last logged keys when logging a directory (bsc#1197915). - btrfs: loop only once over data sizes array when inserting an item batch (bsc#1197915). - btrfs: make btrfs_file_extent_inline_item_len take a slot (bsc#1197915). - btrfs: only copy dir index keys when logging a directory (bsc#1197915). - btrfs: remove no longer needed checks for NULL log context (bsc#1197915). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1197915). - btrfs: remove no longer needed logic for replaying directory deletes (bsc#1197915). - btrfs: remove redundant log root assignment from log_dir_items() (bsc#1197915). - btrfs: remove root argument from add_link() (bsc#1197915). - btrfs: remove root argument from btrfs_log_inode() and its callees (bsc#1197915). - btrfs: remove root argument from btrfs_unlink_inode() (bsc#1197915). - btrfs: remove root argument from check_item_in_log() (bsc#1197915). - btrfs: remove root argument from drop_one_dir_item() (bsc#1197915). - btrfs: remove the btrfs_item_end() helper (bsc#1197915). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1197915). - btrfs: remove unneeded return variable in btrfs_lookup_file_extent (bsc#1197915). - btrfs: rename btrfs_item_end_nr to btrfs_item_data_end (bsc#1197915). - btrfs: stop doing GFP_KERNEL memory allocations in the ref verify tool (bsc#1197915). - btrfs: unexport setup_items_for_insert() (bsc#1197915). - btrfs: unify lookup return value when dir entry is missing (bsc#1197915). - btrfs: update comment at log_conflicting_inodes() (bsc#1197915). - btrfs: use btrfs_item_size_nr/btrfs_item_offset_nr everywhere (bsc#1197915). - btrfs: use btrfs_next_leaf instead of btrfs_next_item when slots > nritems (bsc#1197915). - btrfs: use single bulk copy operations when logging directories (bsc#1197915). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8 (git-fixes). - can: etas_es58x: es58x_fd_rx_event_msg(): initialize rx_event_msg before calling es58x_check_msg_len() (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (git-fixes). - can: grcan: only use the NAPI poll budget for RX (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - can: isotp: fix error path in isotp_sendmsg() to unlock wait queue (git-fixes). - can: isotp: fix potential CAN frame reception race in isotp_rcv() (git-fixes). - can: isotp: restore accidentally removed MSG_PEEK feature (git-fixes). - can: isotp: return -EADDRNOTAVAIL when reading from unbound socket (git-fixes). - can: isotp: set default value for N_As to 50 micro seconds (git-fixes). - can: isotp: stop timeout monitoring when no first frame was sent (git-fixes). - can: isotp: support MSG_TRUNC flag when reading from socket (git-fixes). - can: m_can: m_can_tx_handler(): fix use after free of skb (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value (git-fixes). - can: mcp251xfd: silence clang's -Wunaligned-access warning (git-fixes). - can: rcar_canfd: add __maybe_unused annotation to silence warning (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: xilinx_can: mark bit timing constants as const (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - CDC-NCM: avoid overflow in sanity checking (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1199611). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cfg80211: declare MODULE_FIRMWARE for regulatory.db (git-fixes). - cfg80211: do not add non transmitted BSS to 6GHz scanned channels (git-fixes). - cfg80211: fix race in netlink owner interface destruction (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (bsc#1196869). - cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - char: tpm: cr50_i2c: Suppress duplicated error message in .remove() (git-fixes). - char: xillybus: fix a refcount leak in cleanup_dev() (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1193629). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1193629). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1193629). - cifs: avoid parallel session setups on same channel (bsc#1193629). - cifs: avoid race during socket reconnect between send and recv (bsc#1193629). - cifs: call cifs_reconnect when a connection is marked (bsc#1193629). - cifs: call helper functions for marking channels for reconnect (bsc#1193629). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1193629). - cifs: check for smb1 in open_cached_dir() (bsc#1193629). - cifs: check reconnects for channels of active tcons too (bsc#1193629). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1193629). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1193629). - cifs: clean up an inconsistent indenting (bsc#1193629). - cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1193629). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1193629). - cifs: do not build smb1ops if legacy support is disabled (bsc#1193629). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1193629). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: do not use tcpStatus after negotiate completes (bsc#1193629). - cifs: do not use uninitialized data in the owner/group sid (bsc#1193629). - cifs: fix bad fids sent over wire (bsc#1197157). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1193629). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1193629). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1193629). - cifs: fix handlecache and multiuser (bsc#1193629). - cifs: fix hang on cifs_get_next_mid() (bsc#1193629). - cifs: fix incorrect use of list iterator after the loop (bsc#1193629). - cifs: fix minor compile warning (bsc#1193629). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1193629). - cifs: fix potential deadlock in direct reclaim (bsc#1193629). - cifs: fix potential double free during failed mount (bsc#1193629). - cifs: fix potential race with cifsd thread (bsc#1193629). - cifs: fix set of group SID via NTSD xattrs (bsc#1193629). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1193629). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1193629). - cifs: fix the cifs_reconnect path for DFS (bsc#1193629). - cifs: fix the connection state transitions with multichannel (bsc#1193629). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1193629). - cifs: fix workstation_name for multiuser mounts (bsc#1193629). - cifs: force new session setup and tcon for dfs (bsc#1193629). - cifs: free ntlmsspblob allocated in negotiate (bsc#1193629). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1193629). - cifs: make status checks in version independent callers (bsc#1193629). - cifs: mark sessions for reconnection in helper function (bsc#1193629). - cifs: modefromsids must add an ACE for authenticated users (bsc#1193629). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1193629). - cifs: move superblock magic defitions to magic.h (bsc#1193629). - cifs: potential buffer overflow in handling symlinks (bsc#1193629). - cifs: print TIDs as hex (bsc#1193629). - cifs: protect all accesses to chan_* with chan_lock (bsc#1193629). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1193629). - cifs: reconnect only the connection and not smb session where possible (bsc#1193629). - cifs: release cached dentries only if mount is complete (bsc#1193629). - cifs: remove check of list iterator against head past the loop body (bsc#1193629). - cifs: remove redundant assignment to pointer p (bsc#1193629). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1193629). - cifs: remove repeated state change in dfs tree connect (bsc#1193629). - cifs: remove unused variable ses_selected (bsc#1193629). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1193629). - cifs: return the more nuanced writeback error on close() (bsc#1193629). - cifs: serialize all mount attempts (bsc#1193629). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1193629). - cifs: skip trailing separators of prefix paths (bsc#1193629). - cifs: smbd: fix typo in comment (bsc#1193629). - cifs: Split the smb3_add_credits tracepoint (bsc#1193629). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1193629). - cifs: track individual channel status using chans_need_reconnect (bsc#1193629). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: update tcpStatus during negotiate and sess setup (bsc#1193629). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1193629). - cifs: use correct lock type in cifs_reconnect() (bsc#1193629). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1193629). - cifs: use new enum for ses_status (bsc#1193629). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1193629). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1193629). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1193629). - cifs: we do not need a spinlock around the tree access during umount (bsc#1193629). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1193629). - cifs: writeback fix (bsc#1193629). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: at91: sama7g5: fix parents of PDMCs' GCLK (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: Fix clk_hw_get_clk() when dev is NULL (git-fixes). - clk: hisilicon: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: imx: Add check for kcalloc (git-fixes). - clk: imx: off by one in imx_lpcg_parse_clks_from_dt() (git-fixes). - clk: imx: scu: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: fix PCI-E clock oops (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568 (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - clk: tegra: Add missing reset deassertion (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: ti: Preserve node in ti_dt_clocks_register() (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts (git-fixes). - clocksource/drivers/exynos_mct: Refactor resources allocation (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - clocksource/drivers/timer-microchip-pit64b: Use notrace (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix (git-fixes). - clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (bsc#1201218). - comedi: drivers: ni_routes: Use strcmp() instead of memcmp() (git-fixes). - comedi: vmk80xx: fix expression for tx buffer size (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (bsc#1201228). - cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse (git-fixes). - cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (git-fixes). - cpuidle: intel_idle: Update intel_idle() kerneldoc comment (git-fixes). - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - crypto: amlogic - call finalize with bh disabled (git-fixes). - crypto: api - Move cryptomgr soft dependency into algapi (git-fixes). - crypto: arm/aes-neonbs-cbc - Select generic cbc and aes (git-fixes). - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: ccree - Fix use after free in cc_cipher_exit() (git-fixes). - crypto: ccree - use fine grained DMA mapping dir (git-fixes). - crypto: cryptd - Protect per-CPU resource by disabling BH (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: engine - check if BH is disabled during completion (git-fixes). - crypto: gemini - call finalize with bh disabled (git-fixes). - crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos (git-fixes). - crypto: hisilicon/sec - fix the aead software fallback for engine (git-fixes). - crypto: hisilicon/sec - not need to enable sm4 extra mode at HW V3 (git-fixes). - crypto: marvell/cesa - ECB does not IV (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: octeontx2 - remove CONFIG_DM_CRYPT check (git-fixes). - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: qcom-rng - ensure buffer for generate is completely filled (git-fixes). - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (git-fixes). - crypto: rockchip - ECB does not need IV (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - only allow with rsa (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: sun8i-ce - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - handle zero sized sg (git-fixes). - crypto: sun8i-ss - really disable hash on A80 (git-fixes). - crypto: sun8i-ss - rework handling of IV (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: xts - Add softdep on ecb (git-fixes). - dax: fix cache flush on PMD-mapped pages (bsc#1200830). - devlink: Add 'enable_iwarp' generic device param (bsc#1200502). - dim: initialize all struct fields (git-fixes). - display/amd: decrease message verbosity about watermarks table failure (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - dma-debug: fix return value of __setup handlers (git-fixes). - dma-direct: avoid redundant memory sync for swiotlb (git-fixes). - dmaengine: dw-edma: Fix unaligned 64bit access (git-fixes). - dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma (git-fixes). - dmaengine: idxd: add missing callback function to support DMA_INTERRUPT (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: idxd: check GENCAP config support for gencfg register (git-fixes). - dmaengine: idxd: fix device cleanup on disable (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: idxd: restore traffic class defaults after wq reset (git-fixes). - dmaengine: idxd: set DMA_INTERRUPT cap bit (git-fixes). - dmaengine: idxd: skip clearing device context when device is read-only (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: ptdma: fix concurrency issue with multiple dma transfer (jsc#SLE-21315). - dmaengine: ptdma: Fix the error handling path in pt_core_init() (git-fixes). - dmaengine: ptdma: handle the cases based on DMA is complete (jsc#SLE-21315). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after setting mask (git-fixes). - dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe (git-fixes). - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - dma-mapping: remove bogus test for pfn_valid from dma_map_resource (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm: fix use-after-free in dm_cleanup_zoned_dev() (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm verity: set DM_TARGET_IMMUTABLE feature flag (git-fixes). - doc/ip-sysctl: add bc_forwarding (git-fixes). - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - Documentation: dd: Use ReST lists for return values of driver_deferred_probe_check_state() (git-fixes). - Documentation: Fix duplicate statement about raw_spinlock_t type (git-fixes). - Documentation: update stable tree link (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - driver base: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - driver base: fix compaction sysfs file leak (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - driver core: dd: fix return value of __setup handler (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver core: Fix wait_for_device_probe() and deferred_probe_timeout interaction (git-fixes). - driver core: Free DMA range map when device is released (git-fixes). - driver: hv: Compare cpumasks and not their weights in init_vp_index() (git-fixes). - driver: hv: log when enabling crash_kexec_post_notifiers (git-fixes). - driver: hv: Rename 'alloced' to 'allocated' (git-fixes). - driver: hv: utils: Make use of the helper macro LIST_HEAD() (git-fixes). - driver: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - driver: hv: vmbus: Fix potential crash on module unload (git-fixes). - driver: hv: vmbus: Use struct_size() helper in kmalloc() (git-fixes). - driver: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - driver: net: xgene: Fix regression in CRC stripping (git-fixes). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit (git-fixes). - drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (git-fixes). - drm/amd: Check if ASPM is enabled from PCIe subsystem (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/display: Add pstate verification and recovery for DCN31 (git-fixes). - drm/amd/display: Add signal type check when verify stream backends same (git-fixes). - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (git-fixes). - drm/amd/display: Cap OLED brightness per max frame-average luminance (git-fixes). - drm/amd/display: Cap pflip irqs per max otg number (git-fixes). - drm/amd/display: Check if modulo is 0 before dividing (git-fixes). - drm/amd/display: DCN3.1: do not mark as kernel-doc (git-fixes). - drm/amd/display: Disabling Z10 on DCN31 (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Do not reinitialize DMCUB on s0ix resume (git-fixes). - drm/amd/display: Enable power gating before init_pipes (git-fixes). - drm/amd/display: FEC check in timing validation (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: fix audio format not updated after edid updated (git-fixes). - drm/amd/display: Fix memory leak (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1190786) - drm/amd/display: Fix OLED brightness control on eDP (git-fixes). - drm/amd/display: Fix p-state allow debug index on dcn31 (git-fixes). - drm/amd/display: fix yellow carp wm clamping (git-fixes). - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15' Apple Retina panels (git-fixes). - drm/amd/display: For vblank_disable_immediate, check PSR is really used (git-fixes). - drm/amd/display: Protect update_bw_bounding_box FPU code (git-fixes). - drm/amd/display: Read Golden Settings Table from VBIOS (git-fixes). - drm/amd/display: Remove vupdate_int_entry definition (git-fixes). - drm/amd/display: Revert FEC check in validation (git-fixes). - drm/amd/display: Update VTEM Infopacket definition (git-fixes). - drm/amd/display: Update watermark values for DCN301 (git-fixes). - drm/amd/display: Use adjusted DCN301 watermarks (git-fixes). - drm/amd/display: Use PSR version selected during set_psr_caps (git-fixes). - drm/amd/display: watermark latencies is not enough on DCN31 (git-fixes). - drm/amdgpu: add beige goby PCI ID (git-fixes). - drm/amdgpu: bypass tiling flag check in virtual display case (v2) (git-fixes). - drm/amdgpu: check vm ready by amdgpu_vm->evicting flag (git-fixes). - drm/amdgpu: conduct a proper cleanup of PDB bo (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/amdgpu/display: add support for multiple backlights (git-fixes). - drm/amdgpu: do not do resets on APUs which do not support it (git-fixes). - drm/amdgpu: do not enable asic reset for raven2 (git-fixes). - drm/amdgpu: do not set s3 and s0ix at the same time (git-fixes). - drm/amdgpu: do not use BACO for reset in S3 (git-fixes). - drm/amdgpu: do not use passthrough mode in Xen dom0 (git-fixes). - drm/amdgpu: Drop inline from amdgpu_ras_eeprom_max_record_count (git-fixes). - drm/amdgpu: Enable gfxoff quirk on MacBook Pro (git-fixes). - drm/amdgpu: Ensure HDA function is suspended before ASIC reset (git-fixes). - drm/amdgpu: explicitly check for s0ix when evicting resources (git-fixes). - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1190497) - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdgpu: fix suspend/resume hang regression (git-fixes). - drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells (git-fixes). - drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu: suppress the warning about enum value 'AMD_IP_BLOCK_TYPE_NUM' (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/amdgpu: unify BO evicting method in amdgpu_ttm (git-fixes). - drm/amdgpu: update VCN codec support for Yellow Carp (git-fixes). - drm/amdgpu/vcn: Fix the register setting for vcn1 (git-fixes). - drm/amdgpu/vcn: improve vcn dpg stop procedure (git-fixes). - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (bsc#1190786) - drm/amdkfd: add pinned BOs to kfd_bo_list (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Create file descriptor after client is added to smi_clients list (git-fixes). - drm/amdkfd: Do not take process mutex for svm ioctls (git-fixes). - drm/amdkfd: Fix GWS queue count (bsc#1190786) - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/amdkfd: remove unused function (git-fixes). - drm/amdkfd: Separate pinned BOs destruction from general routine (bsc#1195287). - drm/amdkfd: Use mmget_not_zero in MMU notifier (git-fixes). - drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (git-fixes). - drm/amd/pm: correct the sequence of sending gpu reset msg (git-fixes). - drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby (git-fixes). - drm/amd/pm: enable pm sysfs write for one VF mode (git-fixes). - drm/amd/pm: fix hwmon node of power1_label create issue (git-fixes). - drm/amd/pm: Fix missing thermal throttler status (git-fixes). - drm/amd/pm: fix some OEM SKU specific stability issues (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu12 (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu13 (git-fixes). - drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate (git-fixes). - drm/ast: Create threshold values for AST2600 (bsc#1190786) - drm/atomic: Do not pollute crtc_state->mode_blob with error pointers (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm: avoid circular locks in drm_mode_getconnector (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: Add missing pm_runtime_put_sync (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/bridge: anx7625: Fix overflow issue on reading EDID (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm: bridge: fix unmet dependency on DRM_KMS_HELPER for DRM_PANEL_BRIDGE (git-fixes). - drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling (bsc#1190786) - drm: bridge: icn6211: Fix register layout (git-fixes). - drm: bridge: it66121: Fix the register page length (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/bridge: sn65dsi83: Fix an error handling path in (bsc#1190786) - drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid (git-fixes). - drm/bridge: ti-sn65dsi86: Properly undo autosuspend (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (git-fixes). - drm/connector: Fix typo in output format (bsc#1190786) - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/dp: Fix OOB read when handling Post Cursor2 register (bsc#1190786) - drm/edid: Always set RGB444 (git-fixes). - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/edid: fix CEA extension byte #3 parsing (bsc#1190786) - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with FBINFO_VIRTFB (git-fixes). - drm/fourcc: fix integer type usage in uapi header (git-fixes). - drm/i915/adlp: Fix TypeC PHY-ready status readout (git-fixes). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - drm/i915: Check EDID for HDR static metadata when choosing blc (bsc#1190497) - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915/dg2: Print PHY name properly on calibration error (git-fixes). - drm/i915: Disable DRRS on IVB/HSW port != A (git-fixes). - drm/i915/display: Fix HPD short pulse handling for eDP (git-fixes). - drm/i915/display: Move DRRS code its own file (git-fixes). - drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails (git-fixes). - drm/i915/display: split out dpt out of intel_display.c (git-fixes). - drm/i915/dmc: Add MMIO range restrictions (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for ICL+ (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix PSF GV point mask when SAGV is not possible (git-fixes). - drm/i915: Fix race in __i915_vma_remove_closed (bsc#1190497) - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (bsc#1190497) - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/i915/gem: add missing else (git-fixes). - drm/i915/guc/slpc: Correct the param count for unset param (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915: Implement w/a 22010492432 for adl-s (git-fixes). - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1190497) - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: s/JSP2/ICP2/ PCH (git-fixes). - drm/i915: Treat SAGV block time 0 as SAGV disabled (git-fixes). - drm/i915/ttm: ensure we unmap when purging (git-fixes). - drm/i915/ttm: tweak priority hint selection (git-fixes). - drm/i915: Widen the QGV point mask (git-fixes). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/imx: imx-ldb: Check for null pointer after calling kmemdup (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/kmb: Fix for build errors with Warray-bounds (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm/mediatek: Add vblank register/unregister callback functions (bsc#1190768) - drm/mediatek: dpi: Use mt8183 output formats for mt8192 (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/mediatek: mtk_dsi: Reset the dsi0 hardware (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: Make use of the helper function devm_platform_ioremap_resourcexxx() (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/meson: split out encoder from meson_dw_hdmi (git-fixes). - drm/msm/a6xx: Fix missing ARRAY_SIZE() check (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm: add missing include to msm_drv.c (git-fixes). - drm/msm: Add missing put_task_struct() in debugfs path (git-fixes). - drm/msm/disp: check the return value of kzalloc() (git-fixes). - drm/msm/disp/dpu1: set mdp clk to the maximum frequency in opp table (bsc#1190768) - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dp: add fail safe mode outside of event_mutex context (git-fixes). - drm/msm/dp: always add fail-safe mode into connector mode list (git-fixes). - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (git-fixes). - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (git-fixes). - drm/msm/dp: do not initialize phy until plugin interrupt received (bsc#1190497) - drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test (git-fixes). - drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (git-fixes). - drm/msm/dp: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() (git-fixes). - drm/msm/dp: force link training for display resolution change (git-fixes). - drm/msm/dp: Modify prototype of encoder based API (git-fixes). - drm/msm/dp: populate connector of struct dp_panel (git-fixes). - drm/msm/dp: remove fail safe mode related code (git-fixes). - drm/msm/dp: reset DP controller before transmit phy test pattern (git-fixes). - drm/msm/dp: stop event kernel thread when DP unbind (bsc#1190768) - drm/msm/dp: stop link training after link training 2 failed (git-fixes). - drm/msm/dp: tear down main link at unplug handle immediately (bsc#1190768) - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dpu: fix dp audio condition (git-fixes). - drm/msm/dpu: fix error check return value of irq_of_parse_and_map() (bsc#1190768) - drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/dsi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/msm/dsi: Use 'ref' fw clock instead of global name for VCO parent (git-fixes). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm/msm: Fix range size vs end confusion (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/msm: properly add and remove internal bridges (bsc#1190768) - drm/msm: remove unused plane_property field from msm_drm_private (bsc#1190768) - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm: Switch ordering of runpm put vs devfreq_idle (git-fixes). - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/nouveau/backlight: Just set all backlight types as RAW (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/pmu: Add missing callbacks for Tegra devices (git-fixes). - drm/nouveau/pmu/gm200-: use alternate falcon reset sequence (git-fixes). - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/panfrost: Check for error num after setting mask (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/selftests/test-drm_dp_mst_helper: Fix memory leak in sideband_msg_req_encode_decode (git-fixes). - drm/simpledrm: Add 'panel orientation' property on non-upright mounted LCD panels (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - drm/sun4i: Remove obsolete references to PHYS_OFFSET (bsc#1190786) - drm/syncobj: flatten dma_fence_chains on transfer (git-fixes). - drm/tegra: Add back arm_iommu_detach_device() (git-fixes). - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm: use the lookup lock in drm_is_current_master (git-fixes). - drm/v3d/v3d_drv: Check for error num after setting mask (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: Fix deadlock on DSI device attach error (git-fixes). - drm/vc4: hdmi: Add debugfs prefix (bsc#1199163). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm/vc4: hdmi: Fix build error for implicit function declaration (git-fixes). - drm/vc4: hdmi: Fix HPD GPIO detection (git-fixes). - drm/vc4: hdmi: Make sure the device is powered with CEC (git-fixes). - drm/vc4: hdmi: Split the CEC disable / enable functions in two (git-fixes). - drm/vc4: hvs: Fix frame count register readout (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (git-fixes). - drm/vmwgfx: Fix fencing on SVGAv3 (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1190786) - drm/vmwgfx: validate the screen formats (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - dt-bindings: arm: bcm: fix BCM53012 and BCM53016 SoC strings (git-fixes). - dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config (git-fixes). - dt-bindings: display: sitronix, st7735r: Fix backlight in example (git-fixes). - dt-bindings: gpio: altera: correct interrupt-cells (git-fixes). - dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167 (git-fixes). - dt-bindings: mtd: nand-controller: Fix a comment in the examples (git-fixes). - dt-bindings: mtd: nand-controller: Fix the reg property description (git-fixes). - dt-bindings: net: xgmac_mdio: Remove unsupported 'bus-frequency' (git-fixes). - dt-bindings: PCI: xilinx-cpm: Fix reg property order (git-fixes). - dt-bindings: phy: uniphier-usb3hs: Fix incorrect clock-names and reset-names (git-fixes). - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (git-fixes). - dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example (git-fixes). - dt-bindings: spi: mxic: The interrupt property is not mandatory (git-fixes). - dt-bindings: usb: ehci: Increase the number of PHYs (git-fixes). - dt-bindings: usb: hcd: correct usb-device path (git-fixes). - dt-bindings: usb: ohci: Increase the number of PHYs (git-fixes). - dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7 (git-fixes). - e1000e: Correct NVM checksum verification flow (bsc#1191663). - e1000e: Fix possible HW unit hang after an s0ix exit (jsc#SLE-18382). - e1000e: Fix possible overflow in LTR decoding (git-fixes). - e1000e: Handshake with CSME starts from ADL platforms (git-fixes). - e1000e: Separate ADP board type from TGP (git-fixes). - EDAC/altera: Fix deferred probing (bsc#1190497). - EDAC/amd64: Add new register offset support and related changes (jsc#SLE-19026). - EDAC/amd64: Set memory type per DIMM (jsc#SLE-19026). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1190497). - EDAC/synopsys: Read the error count from the correct register (bsc#1190497). - EDAC/xgene: Fix deferred probing (bsc#1190497). - eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - efi: fix return value of __setup handlers (git-fixes). - efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes). - epic100: fix use after free on rmmod (git-fixes). - ethernet/sfc: remove redundant rc variable (bsc#1196306). - exec: Force single empty string when argv is empty (bsc#1200571). - ext2: correct max file size computing (bsc#1197820). - ext4: avoid trim error on fs with small groups (bsc#1191271). - ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal (bsc#1197917). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix ext4_fc_stats trace point (git-fixes). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - ext4: reject the 'commit' option on ext2 filesystems (bsc#1200808). - extcon: Modify extcon device to be created after driver data is set (git-fixes). - extcon: ptn5150: Add queue work sync before driver release (git-fixes). - faddr2line: Fix overlapping text section failures, the sequel (git-fixes). - fbcon: Avoid 'cap' set but not used warning (bsc#1190786) - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe (git-fixes). - firmware: arm_ffa: Remove incorrect assignment of driver_data (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - firmware: stratix10-svc: add missing callback parameter on RSU (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - firmware: sysfb: fix platform-device leak in error path (git-fixes). - firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined (git-fixes). - firmware: use kernel credentials when reading firmware (git-fixes). - fs: fd tables have to be multiples of BITS_PER_LONG (bsc#1200827). - fs: fix fd table size alignment properly (bsc#1200882). - fs: handle circular mappings correctly (bsc#1197918). - fsl_lpuart: Do not enable interrupts too early (git-fixes). - fsnotify: Do not insert unmergeable events in hashtable (bsc#1197922). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195944 bsc#1195478). - fsnotify: fix wrong lockdep annotations (bsc#1200815). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - fuse: fix fileattr op failure (bsc#1197292). - gen_init_cpio: fix short read file handling (bsc#1193289). - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq: Synchronize interrupt thread startup (git-fixes) - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: aggregator: Fix calling into sleeping GPIO controllers (git-fixes). - gpio: dwapb: Do not print error on -EPROBE_DEFER (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpiolib: Never return internal error codes to user space (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - gpio: mvebu: drop pwm base assignment (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpio: Return EPROBE_DEFER if gc->to_irq is NULL (git-fixes). - gpio: Revert regression in sysfs-gpio (gpiolib.c) (git-fixes). - gpio: sifive: use the correct register to read output values (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpio: visconti: Fix fwnode of GPIO IRQ (git-fixes). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gpu: host1x: Fix a memory leak in 'host1x_remove()' (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: fix the wrong AdminQ buffer queue index check (git-fixes). - habanalabs: Add check for pci_enable_device (git-fixes). - habanalabs: fix possible memory leak in MMU DR fini (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - HID: Add support for open wheel and no attachment to T300 (git-fixes). - HID:Add support for UGTABLET WP5540 (git-fixes). - HID: amd_sfh: Add illuminance mask to limit ALS max value (git-fixes). - HID: amd_sfh: Correct the structure field name (git-fixes). - HID: amd_sfh: Modify the bus name (git-fixes). - HID: amd_sfh: Modify the hid name (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - hide appended member supports_dynamic_smps_6ghz (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - HID: intel-ish-hid: Use dma_alloc_coherent for firmware update (git-fixes). - HID: logitech-dj: add new lightspeed receiver id (git-fixes). - HID: multitouch: add quirks to enable Lenovo X12 trackpoint (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - HID: vivaldi: fix sysfs attributes leak (git-fixes). - hinic: fix bug of wq out of bound access (git-fixes). - hv_balloon: rate-limit 'Unhandled message' warning (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_utils: Add comment about max VMbus packet size in VSS driver (git-fixes). - hwmon: (dell-smm) Speed up setting of fan speed (git-fixes). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: Handle failure to register sensor with thermal zone correctly (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (pmbus) Check PEC support before reading other registers (git-fixes). - hwmon: (pmbus) Clear pmbus fault/warning bits after read (git-fixes). - hwmon: (pmbus) disable PEC if not enabled (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - hwrng: cavium - Check health status while reading random data (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - hwrng: nomadik - Change clk_disable to clk_disable_unprepare (git-fixes). - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()' (git-fixes). - i2c: bcm2835: Use platform_get_irq() to get the interrupt (git-fixes). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - i2c: ismt: prevent memory corruption in ismt_access() (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - i2c: meson: Fix wrong speed use from probe (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i2c: mux: demux-pinctrl: do not deactivate a master that is not active (git-fixes). - i2c: npcm7xx: Add check for platform_driver_register (git-fixes). - i2c: npcm: Correct register access width (git-fixes). - i2c: npcm: Fix timeout calculation (git-fixes). - i2c: npcm: Handle spurious interrupts (git-fixes). - i2c: piix4: Add EFCH MMIO support for SMBus port select (git-fixes). - i2c: piix4: Add EFCH MMIO support to region request and release (git-fixes). - i2c: piix4: Add EFCH MMIO support to SMBus base address detect (git-fixes). - i2c: piix4: Enable EFCH MMIO for Family 17h+ (git-fixes). - i2c: piix4: Move port I/O region request/release code into functions (git-fixes). - i2c: piix4: Move SMBus controller base address detect into function (git-fixes). - i2c: piix4: Move SMBus port selection into function (git-fixes). - i2c: piix4: Replace hardcoded memory map size with a #define (git-fixes). - i2c: qcom-cci: do not delete an unregistered adapter (git-fixes). - i2c: qcom-cci: do not put a device tree node before i2c_add_adapter() (git-fixes). - i2c: rcar: fix PM ref counts in probe error paths (git-fixes). - i2c: xiic: Make bus names unique (git-fixes). - i40e: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Fix reset bw limit when DCB enabled with 1 TC (git-fixes). - i40e: Fix reset path while removing the driver (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - i40e: i40e_main: fix a missing check on list iterator (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: remove dead stores on XSK hotpath (jsc#SLE-18378). - i40e: respect metadata on XSK Rx to skb (git-fixes). - i40e: stop disabling VFs due to PF error responses (jsc#SLE-18378). - iavf: Add waiting so the port is initialized in remove (jsc#SLE-18385). - iavf: Fix deadlock in iavf_reset_task (jsc#SLE-18385). - iavf: Fix double free in iavf_reset_task (jsc#SLE-18385). - iavf: Fix handling of vlan strip virtual channel messages (jsc#SLE-18385). - iavf: Fix hang during reboot/shutdown (jsc#SLE-18385). - iavf: Fix __IAVF_RESETTING state usage (jsc#SLE-18385). - iavf: Fix init state closure on remove (jsc#SLE-18385). - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (jsc#SLE-18385). - iavf: Fix missing check for running netdev (git-fixes). - iavf: Fix race in init state (jsc#SLE-18385). - iavf: Rework mutexes for better synchronisation (jsc#SLE-18385 stable-5.14.6). - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes). - IB/cm: Release previously acquired reference counter in the cm_id_priv (git-fixes). - IB/hfi1: Allow larger MTU without AIP (git-fixes). - IB/hfi1: Fix AIP early init panic (git-fixes). - IB/hfi1: Fix alloc failure with larger txqueuelen (git-fixes). - IB/hfi1: Fix panic with larger ipoib send_queue_size (jsc#SLE-19242). - IB/hfi1: Fix tstats alloc and dealloc (git-fixes). - IB/mlx5: Expose NDR speed through MAD (bsc#1196930). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - IB/qib: Fix duplicate sysfs directory name (git-fixes). - IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (jsc#SLE-18375). - ice: check the return of ice_ptp_gettimex64 (git-fixes). - ice: clear cmd_type_offset_bsz for TX rings (jsc#SLE-18375). - ice: Clear default forwarding VSI during VSI release (git-fixes). - ice: clear stale Tx queue settings before configuring (git-fixes). - ice: do not allow to run ice_send_event_to_aux() in atomic ctx (git-fixes). - ice: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ice: Do not use GFP_KERNEL in atomic context (git-fixes). - ice: enable parsing IPSEC SPI headers for RSS (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (git-fixes). - ice: fix concurrent reset and removal of VFs (git-fixes). - ice: fix crash in switchdev mode (jsc#SLE-18375). - ice: Fix curr_link_speed advertised speed (git-fixes). - ice: Fix incorrect locking in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (jsc#SLE-18375). - ice: fix PTP stale Tx timestamps cleanup (git-fixes). - ice: fix setting l4 port flag when adding filter (jsc#SLE-18375). - ice: fix use-after-free when deinitializing mailbox snapshot (git-fixes). - ice: initialize local variable 'tlv' (git-fixes). - ice: kabi protect ice_pf (bsc#1200502). - ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: respect metadata on XSK Rx to skb (git-fixes). - ice: synchronize_rcu() when terminating rings (git-fixes). - ice: xsk: Fix indexing in ice_tx_xsk_pool() (jsc#SLE-18375). - ice: xsk: fix VSI state check in ice_xsk_wakeup() (git-fixes). - igb: refactor XDP registration (git-fixes). - igc: avoid kernel warning when changing RX ring parameters (git-fixes). - igc: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - igc: Fix BUG: scheduling while atomic (git-fixes). - igc: Fix infinite loop in release_swfw_sync (git-fixes). - igc: Fix suspending when PTM is active (jsc#SLE-18377). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: fxls8962af: add padding to regmap for SPI (git-fixes). - iio:accel:kxcjk-1013: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio:accel:mxc4005: rearrange iio trigger get and register (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP and AIN_BUFM bits (git-fixes). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stm32: Fix ADCs iteration in irq handler (git-fixes). - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (git-fixes). - iio: adc: stm32: fix maximum clock rate for stm32mp15x (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (git-fixes). - iio: adc: tsc2046: fix memory corruption by preventing array overflow (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio: afe: rescale: Fix boolean logic bug (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio:humidity:hts221: rearrange iio trigger get and register (git-fixes). - iio:imu:adis16480: fix buffering for devices with no burst mode (git-fixes). - iio:imu:bmi160: disable regulator in error path (git-fixes). - iio: imu: inv_icm42600: Fix I2C init possible nack (git-fixes). - iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - iio: magnetometer: yas530: Fix memchr_inv() misuse (git-fixes). - iio: mma8452: Fix probe failing when an i2c_device_id is used (git-fixes). - iio: mma8452: fix probe fail when device tree compatible is used (git-fixes). - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (git-fixes). - iio: st_sensors: Add a local lock for protecting odr (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: fix reference leak in asymmetric_verify() (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - init: call time_init() before rand_initialize() (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - init/main.c: return 1 from handled __setup() functions (git-fixes). - initramfs: Check timestamp to prevent broken cpio archive (bsc#1193289). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c: Add deny list for Lenovo Yoga Slim 7 (bsc#1193064). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - Input: gpio-keys - cancel delayed work only in case of GPIO (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - Input: samsung-keypad - properly state IOMEM dependency (git-fixes). - Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - Input: synaptics - enable InterTouch on ThinkPad T14/P14s Gen 1 AMD (git-fixes). - Input: synaptics: retry query upon error (bsc#1194086). - Input: wm97xx: Simplify resource management (git-fixes). - Input: zinitix - do not report shadow fingers (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - iocost: do not reset the inuse weight of under-weighted debtors (git-fixes). - iocost: Fix divide-by-zero on donation from low hweight cgroup (bsc#1198014). - iomap: iomap_write_failed fix (bsc#1200829). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (bsc#1198826). - iommu/arm-smmu-qcom: Fix TTBR0 read (git-fixes). - iommu: Extend mutex lock scope in iommu_probe_device() (git-fixes). - iommu/ioasid: Introduce a helper to check for valid PASIDs (jsc#SLE-24350). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit (jsc#SLE-24350). - iommu/sva: Rename CONFIG_IOMMU_SVA_LIB to CONFIG_IOMMU_SVA (jsc#SLE-24350). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - ionic: add FW_STOPPING state (git-fixes). - ionic: Allow flexibility for error reporting on dev commands (git-fixes). - ionic: better handling of RESET event (git-fixes). - ionic: catch transition back to RUNNING with fw_generation 0 (git-fixes). - ionic: Cleanups in the Tx hotpath code (git-fixes). - ionic: Correctly print AQ errors if completions are not received (git-fixes). - ionic: disable napi when ionic_lif_init() fails (git-fixes). - ionic: Do not send reset commands if FW isn't running (git-fixes). - ionic: fix missing pci_release_regions() on error in ionic_probe() (git-fixes). - ionic: fix type complaint in ionic_dev_cmd_clean() (git-fixes). - ionic: fix up printing of timeout error (git-fixes). - ionic: Prevent filter add/del err msgs when the device is not available (git-fixes). - ionic: Query FW when getting VF info via ndo_get_vf_config (git-fixes). - ionic: remove the dbid_inuse bitmap (git-fixes). - ionic: replace set_vf data with union (git-fixes). - ionic: start watchdog after all is setup (git-fixes). - ionic: stretch heartbeat detection (git-fixes). - io_uring: add more locking annotations for submit (bsc#1199011). - io_uring: avoid touching inode in rw prep (bsc#1199011). - io_uring: be smarter about waking multiple CQ ring waiters (bsc#1199011). - io_uring: cache __io_free_req()'d requests (bsc#1199011). - io_uring: clean io-wq callbacks (bsc#1199011). - io_uring: clean up tctx_task_work() (bsc#1199011). - io_uring: deduplicate open iopoll check (bsc#1199011). - io_uring: do not halt iopoll too early (bsc#1199011). - io_uring: drop exec checks from io_req_task_submit (bsc#1199011). - io_uring: extract a helper for ctx quiesce (bsc#1199011). - io_uring: Fix undefined-behaviour in io_issue_sqe (bsc#1199011). - io_uring: improve ctx hang handling (bsc#1199011). - io_uring: inline fixed part of io_file_get() (bsc#1199011). - io_uring: inline io_free_req_deferred (bsc#1199011). - io_uring: inline io_poll_remove_waitqs (bsc#1199011). - io_uring: inline struct io_comp_state (bsc#1199011). - io_uring: kill unused IO_IOPOLL_BATCH (bsc#1199011). - io_uring: move io_fallback_req_func() (bsc#1199011). - io_uring: move io_put_task() definition (bsc#1199011). - io_uring: move io_rsrc_node_alloc() definition (bsc#1199011). - io_uring: optimise io_cqring_wait() hot path (bsc#1199011). - io_uring: optimise putting task struct (bsc#1199011). - io_uring: refactor io_alloc_req (bsc#1199011). - io_uring: remove extra argument for overflow flush (bsc#1199011). - io_uring: remove file batch-get optimisation (bsc#1199011). - io_uring: remove IRQ aspect of io_ring_ctx completion lock (bsc#1199011). - io_uring: remove redundant args from cache_free (bsc#1199011). - io_uring: remove unnecessary PF_EXITING check (bsc#1199011). - io_uring: rename io_file_supports_async() (bsc#1199011). - io_uring: run linked timeouts from task_work (bsc#1199011). - io_uring: run regular file completions from task_work (bsc#1199011). - io_uring: run timeouts from task_work (bsc#1199011). - io_uring: use inflight_entry instead of compl.list (bsc#1199011). - io_uring: use kvmalloc for fixed files (bsc#1199011). - io-wq: get rid of FIXED worker flag (bsc#1199011). - io-wq: make worker creation resilient against signals (bsc#1199011). - io-wq: move nr_running and worker_refs out of wqe->lock protection (bsc#1199011). - io-wq: only exit on fatal signals (bsc#1199011). - io-wq: provide a way to limit max number of workers (bsc#1199011). - io-wq: split bounded and unbounded work into separate lists (bsc#1199011). - io-wq: wqe and worker locks no longer need to be IRQ safe (bsc#1199011). - ipc/sem: do not sleep with a spin lock held (bsc#1198412). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix pr_fmt to avoid compilation issues (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi:ssif: Check for NULL msg when handling events and messages (git-fixes). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - irqchip/gic, gic-v3: Prevent GSI to SGI translations (git-fixes). - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (git-fixes). - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (git-fixes). - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v3: Fix GICR_CTLR.RWP polling (git-fixes). - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/nvic: Release nvic_base upon failure (git-fixes). - irqchip/qcom-pdc: Fix broken locking (git-fixes). - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (git-fixes). - irqchip/realtek-rtl: Service all pending interrupts (git-fixes). - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (git-fixes). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: align locking in D3 test debugfs (git-fixes). - iwlwifi: mvm: check debugfs_dir ptr before use (git-fixes). - iwlwifi: mvm: Correctly set fragmented EBS (git-fixes). - iwlwifi: mvm: Do not call iwl_mvm_sta_from_mac80211() with NULL sta (git-fixes). - iwlwifi: mvm: do not crash on invalid rate w/o STA (git-fixes). - iwlwifi: mvm: do not iterate unadded vifs when handling FW SMPS req (git-fixes). - iwlwifi: mvm: do not send SAR GEO command for 3160 devices (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - iwlwifi: mvm: move only to an enabled channel (git-fixes). - iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes). - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes). - iwlwifi: yoyo: remove DBGI_SRAM address reset writing (git-fixes). - ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ixgbe: ensure IPsec VF - PF compatibility (git-fixes). - ixgbe: respect metadata on XSK Rx to skb (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI: fix change of iscsi_host_remove() arguments (bsc#1198410). - kABI: Fix kABI after 'x86/mm/cpa: Generalize __set_memory_enc_pgtable()' (jsc#SLE-19924). - kABI fix of sysctl_run_estimation (git-fixes). - kABI: fix removal of iscsi_destroy_conn (bsc#1198410). - kABI: fix rndis_parameters locking (git-fixes). - kABI: ivtv: restore caps member (git-fixes). - kabi/severities: add exception for bcache symboles - kabi/severities: allow dropping a few invalid exported symbols (bsc#1201218) - kabi/severities: Ignore arch/x86/kvm except for kvm_x86_ops Handle this like in previous SLE kernels. - kABI workaround for fxls8962af iio accel drivers (git-fixes). - kABI workaround for pci quirks (git-fixes). - kconfig: fix failing to generate auto.conf (git-fixes). - kconfig: let 'shell' return enough output for deep path names (git-fixes). - kernel/fork: Initialize mm's PASID (jsc#SLE-24350). - kernel/resource: Introduce request_mem_region_muxed() (git-fixes). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (git-fixes). - KEYS: asymmetric: enforce that sig algo matches key algo (git-fixes). - KEYS: asymmetric: properly validate hash_algo and encoding (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - KEYS: trusted: Avoid calling null function trusted_key_exit (git-fixes). - KEYS: trusted: Fix trusted key backends when building as module (git-fixes). - KEYS: trusted: tpm2: Fix migratable logic (git-fixes). - kprobes: Add kretprobe_find_ret_addr() for searching return address (bsc#1193277). - kprobes: Enable stacktrace from pt_regs in kretprobe handler (bsc#1193277). - kprobes: treewide: Cleanup the error messages for kprobes (bsc#1193277). - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly (bsc#1193277). - kprobes: treewide: Remove trampoline_address from kretprobe_trampoline_handler() (bsc#1193277). - kprobes: treewide: Replace arch_deref_entry_point() with dereference_symbol_descriptor() (bsc#1193277). - kprobes: treewide: Use 'kprobe_opcode_t *' for the code address in get_optimized_kprobe() (bsc#1193277). - kselftest/arm64: bti: force static linking (git-fixes). - kunit: tool: Import missing importlib.abc (git-fixes). - KVM: arm64: Avoid consuming a stale esr value when SError occur (git-fixes). - KVM: arm64: Drop unused workaround_flags vcpu field (git-fixes). - KVM: arm64: pkvm: Use the mm_ops indirection for cache maintenance (git-fixes). - KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE (git-fixes). - KVM: Clean up benign vcpu->cpu data races when kicking vCPUs (git-fixes). - KVM: Ensure local memslot copies operate on up-to-date arch-specific data (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (git-fixes). - KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit (git-fixes). - KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault (git-fixes). - KVM: nVMX: Do not clear CR3 load/store exiting bits if L1 wants 'em (git-fixes). - KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with new vpid12 (git-fixes). - KVM: nVMX: Ensure vCPU honors event request if posting nested IRQ fails (git-fixes). - KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST (git-fixes). - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: selftests: Do not skip L2's VMCALL in SMM test for SVM guest (bsc#1194523). - KVM: selftests: Re-enable access_tracking_perf_test (bsc#1194526). - KVM: SEV: accept signals in sev_lock_two_vms (bsc#1194526). - KVM: SEV: do not take kvm->lock when destroying (bsc#1194526). - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (bsc#1194526). - KVM: SEV: Mark nested locking of kvm->lock (bsc#1194526). - KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails (bsc#1194526). - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (bsc#1193823). - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (bsc#1194526). - KVM: SVM: drop unnecessary code in svm_hv_vmcb_dirty_nested_enlightenments() (git-fixes). - KVM: SVM: Emulate #INIT in response to triple fault shutdown (git-fixes). - KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode() (git-fixes). - KVM: SVM: hyper-v: Enable Enlightened MSR-Bitmap support for real (git-fixes). - KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (git-fixes). - KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (git-fixes). - KVM: VMX: Do not unblock vCPU w/ Posted IRQ if IRQs are disabled in guest (git-fixes). - KVM: VMX: Fold ept_update_paging_mode_cr0() back into vmx_set_cr0() (git-fixes). - KVM: VMX: Invert handling of CR0.WP for EPT without unrestricted guest (git-fixes). - KVM: VMX: Read Posted Interrupt 'control' exactly once per loop iteration (git-fixes). - KVM: VMX: Refresh list of user return MSRs after setting guest CPUID (git-fixes). - KVM: VMX: Remove defunct 'nr_active_uret_msrs' field (git-fixes). - KVM: VMX: Set failure code in prepare_vmcs02() (git-fixes). - KVM: VMX: Skip pointless MSR bitmap update when setting EFER (git-fixes). - KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (git-fixes). - KVM: x86: Assume a 64-bit hypercall for guests with protected state (git-fixes). - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Do not mark all registers as avail/dirty during RESET/INIT (git-fixes). - KVM: x86: do not print when fail to read/write pv eoi memory (git-fixes). - KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (git-fixes). - KVM: x86: Drop WARNs that assert a triple fault never 'escapes' from L2 (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: X86: Ensure that dirty PDPTRs are loaded (git-fixes). - KVM: x86: Exit to userspace if emulation prepared a completion callback (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (git-fixes). - KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap() (git-fixes). - KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg (git-fixes). - KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB flush hypercalls (git-fixes). - KVM: x86: Ignore sparse banks size for an 'all CPUs', non-sparse IPI req (git-fixes). - KVM: x86: Mark all registers as avail/dirty at vCPU creation (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU (git-fixes). - KVM: x86/mmu: Complete prefetch for trailing SPTEs for direct, legacy MMU (git-fixes). - KVM: x86/mmu: Fix TLB flush range when handling disconnected pt (git-fixes). - KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU (git-fixes). - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (git-fixes). - KVM: x86/mmu: Pass parameter flush as false in kvm_tdp_mmu_zap_collapsible_sptes() (git-fixes). - KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap collapsible path (git-fixes). - KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range() (git-fixes). - KVM: x86/mmu: Update number of zapped pages even if page list is stable (git-fixes). - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (git-fixes). - KVM: x86: nSVM: restore the L1 host state prior to resuming nested guest on SMM exit (git-fixes). - KVM: x86: nSVM: skip eax alignment check for non-SVM instructions (git-fixes). - KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround (git-fixes). - KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race (git-fixes). - KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register (git-fixes). - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (git-fixes). - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (git-fixes). - KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs (git-fixes). - KVM: x86: SVM: do not set VMLOAD/VMSAVE intercepts on vCPU reset (git-fixes). - KVM: x86: SVM: fix avic spec based definitions again (bsc#1193823 jsc#SLE-24549). - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (bsc#1193823 jsc#SLE-24549). - KVM: X86: Synchronize the shadow pagetable before link it (git-fixes). - KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS (git-fixes). - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (git-fixes). - lib: bitmap: fix many kernel-doc warnings (git-fixes). - libbpf: Free up resources used by inner map definition (git-fixes). - lib/iov_iter: initialize 'flags' in new pipe_buffer (git-fixes). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - list: fix a data-race around ep->rdllist (git-fixes). - list: introduce list_is_head() helper and re-use it in list.h (git-fixes). - list: test: Add a test for list_is_head() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - locking: Make owner_on_cpu() into linux/sched.h (bsc#1190137 bsc#1189998). - locking: Remove rt_rwlock_is_contended() (bsc#1190137 bsc#1189998). - locking/rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable() (bsc#1190137 bsc#1189998). - locking/rtmutex: Squash self-deadlock check for ww_rt_mutex (bsc#1190137 bsc#1189998). - locking/rwlocks: introduce write_lock_nested (bsc#1189998). - LSM: general protection fault in legacy_parse_param (git-fixes). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - mac80211: fix EAPoL rekey fail in 802.3 rx path (git-fixes). - mac80211: fix forwarded mesh frames AC and queue selection (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) (git-fixes). - mac80211: mlme: check for null after calling kmemdup (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - mac80211: Remove a couple of obsolete TODO (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - mac80211: treat some SAE auth steps as final (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - macvlan: Fix leaking skb in source mode with nodst option (git-fixes). - mailbox: change mailbox-mpfs compatible string (git-fixes). - mailbox: imx: fix crash in resume on i.mx8ulp (git-fixes). - mailbox: imx: fix wakeup failure from freeze mode (git-fixes). - mailbox: tegra-hsp: Flush whole channel (git-fixes). - maple: fix wrong return value of maple_bus_init() (git-fixes). - md: Do not set mddev private to NULL in raid0 pers->free (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - md: fix double free of io_acct_set bioset (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - md: Move alloc/free acct bioset in to personality (git-fixes). - md/raid5: play nice with PREEMPT_RT (bsc#1189998). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: atmel: atmel-isc-base: report frame sizes as full supported range (git-fixes). - media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe (git-fixes). - media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check (git-fixes). - media: atmel: atmel-sama7g5-isc: fix ispck leftover (git-fixes). - media: atomisp: fix bad usage at error handling logic (git-fixes). - media: atomisp: fix dummy_ptr check to avoid duplicate active_bo (git-fixes). - media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: camss: csid-170: do not enable unused irqs (git-fixes). - media: camss: csid-170: fix non-10bit formats (git-fixes). - media: camss: csid-170: remove stray comment (git-fixes). - media: camss: csid-170: set the right HALT_CMD when disabled (git-fixes). - media: camss: vfe-170: fix 'VFE halt timeout' error (git-fixes). - media: ccs-core.c: fix failure to call clk_disable_unprepare (git-fixes). - media: cec-adap.c: fix is_configuring state (git-fixes). - media: cedrus: h264: Fix neighbour info buffer size (git-fixes). - media: cedrus: H265: Fix neighbour info buffer size (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: doc: pixfmt-rgb: Fix V4L2_PIX_FMT_BGR24 format description (git-fixes). - media: doc: pixfmt-yuv: Fix V4L2-PIX-FMT-Y10P format (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC (git-fixes). - media: hantro: Empty encoder capture buffers by default (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: hantro: HEVC: Fix tile info buffer value computation (git-fixes). - media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - media: i2c: max9286: fix kernel oops when removing module (git-fixes). - media: i2c: max9286: Use dev_err_probe() helper (git-fixes). - media: i2c: max9286: Use 'maxim,gpio-poc' property (git-fixes). - media: i2c: ov5648: Fix lockdep error (git-fixes). - media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - media: i2c: rdacm2x: properly set subdev entity function (git-fixes). - media: imon: reorganize serialization (git-fixes). - media: imx-jpeg: fix a bug of accessing array out of bounds (git-fixes). - media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers (git-fixes). - media: iommu/mediatek: Add device_link between the consumer and the larb devices (git-fixes). - media: iommu/mediatek: Return ENODEV if the device is NULL (git-fixes). - media: iommu/mediatek-v1: Free the existed fwspec if the master dev already has (git-fixes). - media: ir_toy: free before error exiting (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: mexon-ge2d: fixup frames size in registers (git-fixes). - media: mtk-vcodec: potential dereference of null pointer (git-fixes). - media: omap3isp: Use struct_group() for memcpy() region (git-fixes). - media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated (git-fixes). - media: ov5648: Do not pack controls struct (git-fixes). - media: ov6650: Add try support to selection API operations (git-fixes). - media: ov6650: Fix crop rectangle affected by set format (git-fixes). - media: ov6650: Fix set format try processing path (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes). - media: rga: fix possible memory leak in rga_probe (git-fixes). - media: rkvdec: h264: Fix bit depth wrap in pps packet (git-fixes). - media: rkvdec: h264: Fix dpb_valid implementation (git-fixes). - media: rkvdec: Stop overclocking the decoder (git-fixes). - media: rockchip/rga: do proper error checking in probe (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: staging: media: imx: imx7-mipi-csis: Make subdev name unique (git-fixes). - media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (git-fixes). - media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size (git-fixes). - media: staging: media: zoran: fix various V4L2 compliance errors (git-fixes). - media: staging: media: zoran: move videodev alloc (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: v4l2-core: Initialize h264 scaling matrix (git-fixes). - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (git-fixes). - media: v4l: Avoid unaligned access warnings when printing 4cc modifiers (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - media: venus: hfi_cmds: List HDR10 property as unsupported for v1 and v3 (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - media: vidtv: Check for null return of vzalloc (git-fixes). - mei: avoid iterator usage outside of list_for_each_entry (git-fixes). - mei: hbm: drop capability response on early shutdown (git-fixes). - mei: me: add Alder Lake N device id (git-fixes). - mei: me: add raptor lake point S DID (git-fixes). - mei: me: disable driver on the ign firmware (git-fixes). - memblock: fix memblock_phys_alloc() section mismatch error (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - memory: fsl_ifc: populate child nodes of buses and mfd devices (git-fixes). - memory: mtk-smi: Add error handle for smi_probe (git-fixes). - memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode (git-fixes). - memory: renesas-rpc-if: fix platform-device leak in error path (git-fixes). - memory: samsung: exynos5422-dmc: Avoid some over memory allocation (git-fixes). - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (git-fixes). - mfd: exynos-lpass: Drop unneeded syscon.h include (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mgag200 fix memmapsl configuration in GCTL6 register (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: atmel-ssc: Fix IRQ check in ssc_probe (git-fixes). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - misc: fastrpc: fix an incorrect NULL check on list iterator (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mISDN: Fix memory leak in dsp_pipeline_build() (git-fixes). - mlx5: kabi protect lag_mp (git-fixes). - mlxsw: spectrum: Protect driver from buggy firmware (git-fixes). - mm: Add fault_in_subpage_writeable() to probe at sub-page granularity (git-fixes) - mmc: block: Check for errors after write on SPI (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: block: fix read single on recovery logic (git-fixes). - mmc: core: Allows to override the timeout value for ioctl() path (git-fixes). - mmc: core: Fixup support for writeback-cache for eMMC and SD (git-fixes). - mmc: core: Set HS clock speed before sending HS CMD13 (git-fixes). - mmc: core: Wait for command setting 'Power Off Notification' bit to complete (git-fixes). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - mm: Change CONFIG option for mm->pasid field (jsc#SLE-24350). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - mm/cma: provide option to opt out from exposing pages on activation failure (bsc#1195099 ltc#196102). - mmc: mediatek: wait dma stop bit reset to 0 (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mmc: rtsx: add 74 Clocks in power on flow (git-fixes). - mmc: rtsx: Fix build errors/warnings for unused variable (git-fixes). - mmc: rtsx: Let MMC core handle runtime PM (git-fixes). - mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM (git-fixes). - mmc: sdhci_am654: Fix the driver data of AM64 SoC (git-fixes). - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (git-fixes). - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (git-fixes). - mm: fs: fix lru_cache_disabled race in bh_lru (bsc#1197761). - mm: Fully initialize invalidate_lock, amend lock class later (bsc#1197921). - mm: memcg: synchronize objcg lists with a dedicated spinlock (bsc#1198402). - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (git fixes (mm/pgalloc)). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/scatterlist: replace the !preemptible warning in sg_miter_stop() (bsc#1189998). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm, thp: fix incorrect unmap behavior for private pages (bsc#1198024). - mm, thp: lock filemap when truncating page cache (bsc#1198023). - mm/vmalloc: fix comments about vmap_area struct (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix section mismatch check for exported init/exit sections (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - modpost: restore the warning message for missing symbol versions (git-fixes). - mptcp: add missing documented NL params (git-fixes). - mt76: connac: fix sta_rec_wtbl tag len (git-fixes). - mt76: dma: initialize skip_unmap in mt76_dma_rx_fill (git-fixes). - mt76: do not attempt to reorder received 802.3 packets without agg session (git-fixes). - mt76: fix encap offload ethernet type check (git-fixes). - mt76: fix monitor mode crash with sdio driver (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update (git-fixes). - mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update (git-fixes). - mt76: mt7615: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7615: Fix assigning negative values to unsigned variable (git-fixes). - mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode (git-fixes). - mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (git-fixes). - mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). - mt76: mt7921: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7921: fix crash when startup fails (git-fixes). - mt76: mt7921: fix mt7921_queues_acq implementation (git-fixes). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (git-fixes). - mtd: mchp23k256: Add SPI ID table (git-fixes). - mtd: mchp48l640: Add SPI ID table (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: parsers: qcom: Fix kernel panic on skipped partition (git-fixes). - mtd: parsers: qcom: Fix missing free for pparts in cleanup (git-fixes). - mtd: phram: Prevent divide by zero bug in phram_setup() (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() (git-fixes). - mtd: rawnand: denali: Use managed device resources (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get (git-fixes). - mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() (git-fixes). - mtd: rawnand: pl353: Set the nand chip node as the flash node (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - mtd: rawnand: qcom: fix memory corruption that causes panic (git-fixes). - mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - n64cart: convert bi_disk to bi_bdev->bd_disk fix build (git-fixes). - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: atlantic: Avoid out-of-bounds indexing (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: axienet: setup mdio unconditionally (git-fixes). - net: bnxt_ptp: fix compilation error (bsc#1199736). - net: dev: Always serialize on Qdisc::busylock in __dev_xmit_skb() on PREEMPT_RT (bsc#1189998). - net: dev: Change the order of the arguments for the contended condition (bsc#1189998). - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (git-fixes). - net: dpaa_eth: remove dead select in menuconfig FSL_DPAA_ETH (git-fixes). - net: dsa: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: hellcreek: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: microchip: ksz8863: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: xrs700x: be compatible with masters which unregister on shutdown (git-fixes). - net: ethernet: lantiq_etop: fix build errors/warnings (git-fixes). - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (git-fixes). - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (git-fixes). - net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks (git-fixes). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (git-fixes). - net: hns3: add NULL pointer check for hns3_set/get_ringparam() (git-fixes). - net: hns3: add return value for mailbox handling in PF (bsc#1190336). - net: hns3: add validity check for message data length (git-fixes). - net: hns3: add vlan list lock to protect vlan list (git-fixes). - net: hns3: align the debugfs output to the left (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (git-fixes). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (git-fixes). - net: hns3: fix phy can not link up when autoneg off and reset (git-fixes). - net: hns3: fix port base vlan add fail when concurrent with reset (git-fixes). - net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware (git-fixes). - net: hns3: handle empty unknown interrupt for VF (git-fixes). - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (git-fixes). - net: hns3: refine the process when PF set VF VLAN (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/ice: Add support for enable_iwarp and enable_roce devlink param (bsc#1200502). - net/ice: Fix boolean assignment (bsc#1200502). - net/ice: Remove unused enum (bsc#1200502). - net: ipa: disable HOLB drop when updating timer (git-fixes). - net: ipa: HOLB register sometimes must be written twice (git-fixes). - net/ipa: ipa_resource: Fix wrong for loop range (git-fixes). - net: ipv6: unexport __init-annotated seg6_hmac_init() (bsc#1201218). - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1201218). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: marvell: mvpp2: increase MTU limit when XDP enabled (git-fixes). - net: marvell: prestera: fix double free issue on err path (git-fixes). - net: mdio: do not defer probe forever if PHY IRQ provider is missing (git-fixes). - net: mdio: unexport __init-annotated mdio_bus_init() (bsc#1201218). - net/mlx5: Avoid double clear or set of sync reset requested (git-fixes). - net/mlx5: Bridge, ensure dev_name is null-terminated (git-fixes). - net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (git-fixes). - net/mlx5: Bridge, take rtnl lock in init error handler (git-fixes). - net/mlx5: DR, Cache STE shadow memory (git-fixes). - net/mlx5: DR, Do not allow match on IP w/o matching on full ethertype/ip_version (git-fixes). - net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (jsc#SLE-19253). - net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (git-fixes). - net/mlx5e: Add missing increment of count (jsc#SLE-19253). - net/mlx5e: Avoid field-overflowing memcpy() (git-fixes). - net/mlx5e: Avoid implicit modify hdr for decap drop rule (jsc#SLE-19253). - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (git-fixes). - net/mlx5e: Do not treat small ceil values as unlimited in HTB offload (git-fixes). - net/mlx5e: Fix broken SKB allocation in HW-GRO (jsc#SLE-19253). - net/mlx5e: Fix handling of wrong devices during bond netevent (git-fixes). - net/mlx5e: Fix module EEPROM query (git-fixes). - net/mlx5e: Fix the calling of update_buffer_lossy() API (git-fixes). - net/mlx5e: Fix trust state reset in reload (git-fixes). - net/mlx5e: Fix wrong calculation of header index in HW_GRO (jsc#SLE-19253). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Fix wrong source vport matching on tunnel rule (jsc#SLE-19253). - net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic (git-fixes). - net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (git-fixes). - net/mlx5e: Lag, Do not skip fib events on current dst (git-fixes). - net/mlx5e: Lag, Fix fib_info pointer assignment (git-fixes). - net/mlx5e: Lag, Fix use-after-free in fib event handler (git-fixes). - net/mlx5e: Lag, Only handle events from highest priority multipath entry (git-fixes). - net/mlx5e: MPLSoUDP decap, fix check for unsupported matches (git-fixes). - net/mlx5e: SHAMPO, reduce TIR indication (jsc#SLE-19253). - net/mlx5: E-Switch, Fix uninitialized variable modact (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: Use struct_group() for memcpy() region (git-fixes). - net/mlx5: Fix a race on command flush flow (git-fixes). - net/mlx5: Fix deadlock in sync reset flow (git-fixes). - net/mlx5: Fix matching on inner TTC (jsc#SLE-19253). - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (jsc#SLE-19253). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix size field in bufferx_reg struct (git-fixes). - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (git-fixes). - net/mlx5: Fix tc max supported prio for nic mode (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Use del_timer_sync in fw reset flow of halting poll (git-fixes). - net: mvmdio: fix compilation warning (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: ax88772a: fix lost pause advertisement configuration (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: correct spelling error of media in documentation (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: phy: dp83867: retrigger SGMII AN when link change (git-fixes). - net: phy: Fix race condition on link status change (git-fixes). - net: phy: marvell10g: fix return value on error (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: mediatek: remove PHY mode check on MT7531 (git-fixes). - net: phy: meson-gxl: fix interrupt handling in forced mode (git-fixes). - net: phy: meson-gxl: improve link-up behavior (git-fixes). - net: phy: micrel: Allow probing without .driver_data (git-fixes). - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (git-fixes). - net: phy: micrel: Pass .probe for KS8737 (git-fixes). - net: phy: mscc: Add MODULE_FIRMWARE macros (git-fixes). - net: phy: mscc-miim: reject clause 45 register accesses (git-fixes). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: sfc: add missing xdp queue reinitialization (git-fixes). - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (git-fixes). - net: sfc: fix memory leak due to ptp channel (git-fixes). - net: sfc: fix using uninitialized xdp tx_queue (git-fixes). - net/smc: Avoid warning of possible recursive locking (git-fixes). - net/smc: fix connection leak (git-fixes). - net/smc: fixes for converting from 'struct smc_cdc_tx_pend **' to 'struct smc_wr_tx_pend_priv *' (git-fixes). - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (git-fixes). - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (git-fixes). - net/smc: postpone sk_refcnt increment in connect() (git-fixes). - net/smc: remove redundant re-assignment of pointer link (git-fixes). - net/smc: Remove unused function declaration (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable (git-fixes). - net/smc: sync err code when tcp connection was refused (git-fixes). - net/smc: Transfer remaining wait queue entries during fallback (git-fixes). - net/smc: Transitional solution for clcsock race issue (git-fixes). - net/smc: Use a mutex for locking 'struct smc_pnettable' (git-fixes). - net/smc: use memcpy instead of snprintf to avoid out of bounds read (git-fixes). - net: stmmac: fix gcc-10 -Wrestrict warning (git-fixes). - net: stmmac: Fix signed/unsigned wreckage (git-fixes). - net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: asix: do not force pause frames support (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - Netvsc: Call hv_unmap_memory() in the netvsc_device_remove() (bsc#1183682). - net/x25: Fix null-ptr-deref caused by x25_disconnect (git-fixes). - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (bsc#1201218). - nfc: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - nfc: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - nfc: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - nfc: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - nfc: pn533: Fix buggy cleanup order (git-fixes). - nfc: port100: fix use-after-free in port100_send_complete (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nfp: flower: fix ida_idx not being released (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFSD: allow delegation state ids to be revoked and then freed (bsc#1192483). - NFSD: allow lock state ids to be revoked and then freed (bsc#1192483). - NFSD: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: destroy percpu stats counters after reply cache shutdown (git-fixes). - NFSD: do not admin-revoke NSv4.0 state ids (bsc#1192483). - NFSD: Fix a write performance regression (bsc#1197016). - NFSD: fix crash on COPY_NOTIFY with special stateid (git-fixes). - NFSD: Fix nsfd startup race (again) (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - NFSD: Fix READDIR buffer overflow (git-fixes). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - NFSD: Fix verifier returned in stable WRITEs (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - NFSD: more robust allocation failure handling in nfsd_file_cache_init (git-fixes). - NFSD: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: Do not loop forever in nfs_do_recoalesce() (git-fixes). - NFS: Do not overfill uncached readdir pages (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: do not store 'struct cred *' in struct nfs_access_entry (git-fixes). - NFSD: prepare for supporting admin-revocation of state (bsc#1192483). - NFSD: Replace use of rwsem with errseq_t (bsc#1196960). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFS: fix broken handling of the softreval mount option (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR (git-fixes). - NFS: pass cred explicitly for access tests (git-fixes). - NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked() (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFSv4.1 mark qualified async operations as MOVEABLE tasks (git-fixes). - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - NFSv4: Fix another issue with a list iterator pointing to the head (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size (git-fixes). - nl80211: fix locking in nl80211_set_tx_bitrate_mask() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - nl80211: validate S1G channel width (git-fixes). - ntb_hw_switchtec: Fix bug with more than 32 partitions (git-fixes). - ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - n_tty: wake up poll(POLLRDNORM) on receiving data (git-fixes). - nvme: add verbose error logging (bsc#1200567). Update config files. - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme: send uevent on connection up (jsc#SLE-23643). - objtool: Add frame-pointer-specific function ignore (bsc#1193277). - objtool: Fix code relocs vs weak symbols (git-fixes). - objtool: Fix type of reloc::addend (git-fixes). - objtool: Ignore unwind hints for ignored functions (bsc#1193277). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - octeontx2-af: Add a 'rvu_free_bitmap()' function (gix-fixes). - octeontx2-af: Fix some memory leaks in the error handling path of 'cgx_lmac_init()' (git-fixes). - of: base: Fix phandle argument length mismatch error message (git-fixes). - of: base: Improve argument length mismatch error (git-fixes). - of/fdt: Do not worry about non-memory region overlap for no-map (git-fixes). - of: overlay: do not break notify on NOTIFY_{OK|STOP} (git-fixes). - of: Support more than one crash kernel regions for kexec -s (git-fixes). - of: unittest: 64 bit dma address test requires arch support (git-fixes). - of: unittest: fix warning on PowerPC frame size warning (git-fixes). - of: unittest: update text of expected warnings (git-fixes). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (git-fixes). - PCI: aardvark: Add support for ERR interrupt on emulated bridge (git-fixes). - PCI: aardvark: Add support for masking MSI interrupts (git-fixes). - PCI: aardvark: Add support for PME interrupts (git-fixes). - PCI: aardvark: Assert PERST# when unbinding driver (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: aardvark: Comment actions in driver remove method (git-fixes). - PCI: aardvark: Disable bus mastering when unbinding driver (git-fixes). - PCI: aardvark: Disable common PHY when unbinding driver (git-fixes). - PCI: aardvark: Disable link training when unbinding driver (git-fixes). - PCI: aardvark: Do not mask irq when mapping (git-fixes). - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (git-fixes). - PCI: aardvark: Enable MSI-X support (git-fixes). - PCI: aardvark: Fix memory leak in driver unbind (git-fixes). - PCI: aardvark: Fix reading MSI interrupt number (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix setting MSI address (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: aardvark: Fix support for PME requester on emulated bridge (git-fixes). - PCI: aardvark: Make msi_domain_info structure a static driver structure (git-fixes). - PCI: aardvark: Make MSI irq_chip structures static driver structures (git-fixes). - PCI: aardvark: Mask all interrupts when unbinding driver (git-fixes). - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (git-fixes). - PCI: aardvark: Refactor unmasking summary MSI interrupt (git-fixes). - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (git-fixes). - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (git-fixes). - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (git-fixes). - PCI: aardvark: Update comment about link going down after link-up (git-fixes). - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (git-fixes). - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (git-fixes). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G switches (bsc#1199390). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI: Avoid broken MSI on SB600 USB devices (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: endpoint: Fix alignment fault error in copy tests (git-fixes). - PCI: endpoint: Fix misused goto label (git-fixes). - PCI: fu740: Force 2.5GT/s for initial device probe (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (git-fixes). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (git-fixes). - PCI: microchip: Fix potential race in interrupt handling (git-fixes). - PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated bridge (git-fixes). - PCI: mvebu: Fix device enumeration regression (git-fixes). - PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (git-fixes). - PCI: mvebu: Setup PCIe controller to Root Complex mode (git-fixes). - PCI: pci-bridge-emul: Add definitions for missing capabilities registers (git-fixes). - PCI: pci-bridge-emul: Add description for class_revision field (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/switchtec: Add Gen4 automotive device IDs (git-fixes). - PCI: Work around Intel I210 ROM BAR overlap defect (git-fixes). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - perf: Copy perf_event_attr::sig_data on modification (git fixes). - perf/core: Do not pass task around when ctx sched in (git-fixes). - perf/core: Fix address filter parser for multiple filters (git fixes). - perf/core: Fix cgroup event list management (git fixes). - perf/core: Fix perf_cgroup_switch() (git fixes). - perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled (git fixes). - perf: Fix list corruption in perf_cgroup_switch() (git fixes). - perf/x86/intel/pt: Fix address filter config for 32-bit kernel (git fixes). - perf/x86/intel/pt: Fix crash with stop filters in single-range mode (git fixes). - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (bsc#1197304). - perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids (git fixes). - phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe() (git-fixes). - phy: amlogic: meson8b-usb2: fix shared reset control use (git-fixes). - phy: amlogic: meson8b-usb2: Use dev_err_probe() (git-fixes). - phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller use (git-fixes). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option (git-fixes). - phy: dphy: Correct clk_pre parameter (git-fixes). - phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure}) (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: phy-brcm-usb: fixup BCM4908 support (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: Fix missing sentinel for clk_div_table (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - phy: usb: Leave some clocks running during suspend (git-fixes). - phy: xilinx: zynqmp: Fix bus width setting for SGMII (git-fixes). - pinctrl: bcm2835: Fix a few error paths (git-fixes). - pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP (git-fixes). - pinctrl: fix loop in k210_pinconf_get_drive() (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - pinctrl: k210: Fix bias-pull-up (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: moore: Fix build error (git-fixes). - pinctrl: mediatek: mt8195: enable driver on mtk platforms (git-fixes). - pinctrl: mediatek: mt8365: fix IES control pins (git-fixes). - pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs (git-fixes). - pinctrl: microchip-sgpio: lock RMW access (git-fixes). - pinctrl: microchip sgpio: use reset driver (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: npcm: Fix broken references to chip->parent_device (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: renesas: checker: Fix miscalculation of number of states (git-fixes). - pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel (git-fixes). - pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins (git-fixes). - pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config (git-fixes). - pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI (git-fixes). - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - pinctrl: sunxi: Fix H616 I2S3 pin data (git-fixes). - pinctrl: sunxi: Use unique lockdep classes for IRQs (git-fixes). - pinctrl: tegra: tegra194: drop unused pin groups (git-fixes). - pinctrl: tigerlake: Revert 'Add Alder Lake-M ACPI ID' (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - pipe: Fix missing lock in pipe_resize_ring() (git-fixes). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/chrome: cros_ec: fix error handling in cros_ec_register() (git-fixes). - platform/chrome: cros_ec_typec: Check for EC device (git-fixes). - platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls (git-fixes). - platform: finally disallow IRQ0 in platform_get_irq() and its ilk (git-fixes). - platform/surface: aggregator: Fix initialization order when compiling as builtin module (git-fixes). - platform/surface: surface3-wmi: Simplify resource management (git-fixes). - platform/x86: Add Intel Software Defined Silicon driver (jsc#SLE-18938). - platform/x86: asus-wmi: Add support for custom fan curves (bsc#1198058). - platform/x86: asus-wmi: Delete impossible condition (bsc#1198058). - platform/x86: asus-wmi: Fix driver not binding when fan curve control probe fails (git-fixes). - platform/x86: asus-wmi: Fix regression when probing for fan curve control (bsc#1198058). - platform/x86: asus-wmi: Fix 'unsigned 'retval' is never less than zero' smatch warning (bsc#1198058). - platform/x86: asus-wmi: Potential buffer overflow in asus_wmi_evaluate_method_buf() (git-fixes). - platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF (git-fixes). - platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4 support (git-fixes). - platform/x86: huawei-wmi: check the return value of device_create_file() (git-fixes). - platform/x86: intel-hid: fix _DSM function index handling (git-fixes). - platform/x86/intel/sdsi: Fix bug in multi packet reads (jsc#SLE-18901). - platform/x86/intel/sdsi: Handle leaky bucket (jsc#SLE-18901). - platform/x86/intel/sdsi: Poll on ready bit for writes (jsc#SLE-18901). - platform/x86: panasonic-laptop: de-obfuscate button codes (git-fixes). - platform/x86: panasonic-laptop: do not report duplicate brightness key-presses (git-fixes). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (git-fixes). - platform/x86: panasonic-laptop: revert 'Resolve hotkey double trigger bug' (git-fixes). - platform/x86: panasonic-laptop: sort includes alphabetically (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1 (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - PM: domains: Fix initialization of genpd's next_wakeup (git-fixes). - PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - pNFS: Avoid a live lock condition in pnfs_update_layout() (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s: Do not use DSISR for SLB faults (bsc#1194869). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/bpf: Update ldimm64 instructions during extra pass (bsc#1194869). - powerpc: Do not select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1194869). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/fadump: opt out from freeing pages on cma activation failure (bsc#1195099 ltc#196102). - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mce: Modify the real address error logging messages (jsc#SLE-18194). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - powerpc/perf: Fix the threshold compare group constraint for power10 (bsc#1194869). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/pseries: Parse control memory access error (jsc#SLE-18194). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/vdso: Fix incorrect CFI in gettimeofday.S (bsc#1199173 ltc#197388). - powerpc/vdso: Remove cvdso_call_time macro (bsc#1199173 ltc#197388). - powerpc/xive: Add a debugfs file to dump EQs (bsc#1194409 ltc#195810). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Change the debugfs file 'xive' into a directory (bsc#1194409 ltc#195810). - powerpc/xive: Export XIVE IPI information for online-only processors (bsc#1194409 ltc#195810). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - powerpc/xive: Introduce an helper to print out interrupt characteristics (bsc#1194409 ltc#195810). - powerpc/xive: Introduce xive_core_debugfs_create() (bsc#1194409 ltc#195810). - powerpc/xive: Rename the 'cpus' debugfs file to 'ipis' (bsc#1194409 ltc#195810). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: axp288_fuel_gauge: Drop BIOS version check from 'T3 MRD' DMI quirk (git-fixes). - power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: sbs-charger: Do not cancel work that is not initialized (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - pps: clients: gpio: Propagate return value from pps_gpio_probe (git-fixes). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - proc: bootconfig: Add null pointer check (git-fixes). - proc: fix documentation and description of pagemap (git-fixes). - procfs: prevent unprivileged processes accessing fdinfo dir (git-fixes). - psi: fix 'defined but not used' warnings when (git-fixes) - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - pvpanic: Fix typos in the comments (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qed: display VF trust config (git-fixes). - qede: confirm skb is allocated before using (git-fixes). - qed: fix ethtool register dump (jsc#SLE-19001). - qed: return status of qed_iov_get_link (git-fixes). - qla2xxx: add ->map_queues support for nvme (bsc#1195823). - qlcnic: dcb: default to returning -EOPNOTSUPP (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - random: check for signal_pending() outside of need_resched() check (git-fixes). - random: wake up /dev/random writers after zap (git-fixes). - random: wire up fops->splice_{read,write}_iter() (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (git-fixes). - RDMA/core: Fix ib_qp_usecnt_dec() called when error (jsc#SLE-19249). - RDMA/core: Set MR type in ib_reg_user_mr (git-fixes). - RDMA/hfi1: Fix use-after-free bug for mm struct (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/irdma: Fix netdev notifications for vlan's (git-fixes). - RDMA/irdma: Fix Passthrough mode in VM (git-fixes). - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (git-fixes). - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (git-fixes). - RDMA/irdma: Prevent some integer underflows (git-fixes). - RDMA/irdma: Reduce iWARP QP destroy time (git-fixes). - RDMA/irdma: Remove incorrect masking of PD (git-fixes). - RDMA/irdma: Set protocol based on PF rdma_mode flag (bsc#1200502). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/mlx5: Add a missing update of cache->last_add (git-fixes). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (git-fixes). - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (git-fixes). - RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() (jsc#SLE-19249). - RDMA/rtrs-clt: Fix possible double free in error case (git-fixes). - RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close (git-fixes). - RDMA/rxe: Change variable and function argument to proper type (jsc#SLE-19249). - RDMA/rxe: Check the last packet by RXE_END_MASK (git-fixes). - RDMA/rxe: Fix ref error in rxe_av.c (jsc#SLE-19249). - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/siw: Fix refcounting leak in siw_create_qp() (jsc#SLE-19249). - RDMA/ucma: Protect mc during concurrent multicast leaves (git-fixes). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (git-fixes). - regmap-irq: Update interrupt clear register for proper reset (git-fixes). - regulator: atc260x: Fix missing active_discharge_on setting (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: core: fix false positive in regulator_late_cleanup() (git-fixes). - regulator: da9121: Fix uninit-value in da9121_assign_chip_model() (git-fixes). - regulator: mt6315: Enforce regulator-compatible, not name (git-fixes). - regulator: mt6315-regulator: fix invalid allowed mode (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - regulator: qcom_smd: Fix up PM8950 regulator configuration (git-fixes). - regulator: rpi-panel: Handle I2C errors/timing to the Atmel (git-fixes). - regulator: scmi: Fix refcount leak in scmi_regulator_probe (git-fixes). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - remoteproc: Fix count check in rproc_coredump_write() (git-fixes). - remoteproc: imx_rproc: Ignore create mem entry for resource table (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - Revert 'drm/amd/display: Fix DCN3 B0 DP Alt Mapping' (git-fixes). - Revert 'drm/amdgpu/display: set vblank_disable_immediate for DC' (git-fixes). - Revert 'svm: Add warning message for AVIC IPI invalid target' (git-fixes). - rfkill: make new event layout opt-in (git-fixes). - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (git-fixes). - riscv: Fix fill_callchain return value (git fixes). - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (git-fixes). - rpmsg: qcom_smd: Fix redundant channel->registered assignment (git-fixes). - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_probe() (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (git-fixes). - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (git-fixes). - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe (git-fixes). - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (git-fixes). - rtc: mc146818-lib: fix locking in mc146818_set_time (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - rtc: mxc: Silence a clang warning (git-fixes). - rtc: pcf2127: fix bug when reading alarm registers (git-fixes). - rtc: pl031: fix rtc features null pointer dereference (git-fixes). - rtc: sun6i: Fix time overflow handling (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - rtw88: 8821c: fix debugfs rssi value (git-fixes). - rtw88: 8821c: support RFE type4 wifi NIC (git-fixes). - rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE (git-fixes). - rtw88: rtw8821c: enable rfe 6 devices (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (git-fixes). - s390/dasd: Fix read for ESE with blksize 4k (git-fixes). - s390/dasd: Fix read inconsistency for ESE DASD devices (git-fixes). - s390/dasd: prevent double format of tracks for ESE devices (git-fixes). - s390/entry: fix duplicate tracking of irq nesting level (git-fixes). - s390/extable: fix exception table sorting (git-fixes). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/perf: obtain sie_block from the right address (bsc#1200315 LTC#198473). - s390/setup: avoid reserving memory above identity mapping (git-fixes). - s390/smp: sort out physical vs virtual pointers usage (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sc16is7xx: Fix for incorrect data being transmitted (git-fixes). - sched/core: Export pelt_thermal_tp (git-fixes) - sched/core: Fix forceidle balancing (git-fixes) - sched/core: Mitigate race (git-fixes) - sched/cpuacct: Fix charge percpu cpuusage (git-fixes) - sched/cpuacct: Fix user/system in shown cpuacct.usage* (git-fixes) - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched: Define and initialize a flag to identify valid PASID in the task (jsc#SLE-24350). - sched/fair: Consider CPU affinity when allowing NUMA imbalance in find_idlest_group() (bnc#1193431). - sched/fair: Fix fault in reweight_entity (git fixes (sched/core)). - sched/fair: Revise comment about lb decision matrix (git-fixes) - sched: Fix balance_push() vs __sched_setscheduler() (git-fixes) - sched: Fix yet more sched_fork() races (git fixes (sched/core)). - sched/membarrier: Fix membarrier-rseq fence command missing (git-fixes) - sched/numa: Adjust imb_numa_nr to a better approximation of memory channels (bnc#1193431). - sched/numa: Apply imbalance limitations consistently (bnc#1193431). - sched/numa: Do not swap tasks between nodes when spare capacity is available (bnc#1193431). - sched/numa: Initialise numa_migrate_retry (bnc#1193431). - sched/pasid: Add a kABI workaround (jsc#SLE-24350). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/pelt: Relax the sync of util_sum with util_avg (git-fixes) - sched/psi: report zeroes for CPU full at the system level (git-fixes) - sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race (git-fixes) - sched/rt: Try to restart rt period timer when rt runtime (git-fixes) - sched/scs: Reset task stack state in bringup_cpu() (git-fixes) - sched/sugov: Ignore 'busy' filter when rq is capped by (git-fixes) - sched: Teach the forced-newidle balancer about CPU affinity (git-fixes) - scripts/faddr2line: Fix overlapping text section failures (git-fixes). - scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() (bsc#1198802). - scsi: block: PM fix blk_post_runtime_resume() args (bsc#1198802). - scsi: core: Query VPD size before getting full page (git-fixes). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: elx: efct: Do not use GFP_KERNEL under spin lock (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Add more logs for runtime suspend/resume (bsc#1198802). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: hisi_sas: Fix rescan after deleting a disk (git-fixes). - scsi: hisi_sas: Fix some issues related to asd_sas_port->phy_list (bsc#1198802). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - scsi: hisi_sas: Initialise devices in .slave_alloc callback (bsc#1198802). - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Remove unused variable and check in hisi_sas_send_ata_reset_each_phy() (git-fixes). - scsi: hisi_sas: Wait for phyup in hisi_sas_control_phy() (bsc#1198802). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: iscsi: Add helper functions to manage iscsi_cls_conn (bsc#1198410). - scsi: iscsi: Add helper to remove a session from the kernel (bsc#1198410). - scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#1198410). - scsi: iscsi: Clean up bound endpoints during shutdown (bsc#1198410). - scsi: iscsi: Fix HW conn removal use after free (bsc#1198410). - scsi: iscsi: Fix session removal on shutdown (bsc#1198410). - scsi: libiscsi: Teardown iscsi_cls_conn gracefully (bsc#1198410). - scsi: libsas: Add flag SAS_HA_RESUMING (bsc#1198802). - scsi: libsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: libsas: Defer works of new phys during suspend (bsc#1198802). - scsi: libsas: Do not always drain event workqueue for HA resume (bsc#1198802). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: libsas: Insert PORTE_BROADCAST_RCVD event for resuming host (bsc#1198802). - scsi: libsas: Keep host active while processing events (bsc#1198802). - scsi: libsas: Refactor sas_queue_deferred_work() (bsc#1198802). - scsi: libsas: Resume host while sending SMP I/Os (bsc#1198802). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use irq_set_affinity() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: mpt3sas: Fix incorrect 4GB boundary check (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: mpt3sas: Use cached ATA Information VPD page (git-fixes). - scsi: mvsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() (git-fixes). - scsi: qedi: Use QEDI_MODE_NORMAL for error handling (bsc#1198410). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters (git-fixes). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftest: KVM: Add open sev dev helper (bsc#1194526). - selftests/bpf: Remove unused variable in tc_tunnel prog (git-fixes). - selftests: firmware: Fix the request_firmware_into_buf() test for XZ format (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526). - selftests: KVM: Add /x86_64/sev_migrate_tests to .gitignore (bsc#1194526). - selftests: KVM: Fix check for !POLLIN in demand_paging_test (bsc#1194526). - selftests: kvm: Remove absent target file (git-fixes). - selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (bsc#1194526). - selftests: kvm/x86: Fix the warning in lib/x86_64/processor.c (bsc#1194526). - selftests/powerpc: Add test for real address error handling (jsc#SLE-18194). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type (git-fixes). - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (git-fixes). - serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: 8250: fix XOFF/XON sending when DMA is used (git-fixes). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Report actual baud base rather than fixed 115200 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - sfc: Do not free an empty page_ring (git-fixes). - sfc: fallback for lack of xdp tx queues (bsc#1196306). - sfc: last resort fallback for lack of xdp tx queues (bsc#1196306). - sfc: Use swap() instead of open coding it (bsc#1196306). - sfc: use swap() to make code cleaner (bsc#1196306). - skbuff: fix coalescing for page_pool fragment recycling (bsc#1190336). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - slip: fix macro redefine warning (git-fixes). - smb3: add mount parm nosparse (bsc#1193629). - smb3: add trace point for lease not found issue (bsc#1193629). - smb3: add trace point for oplock not found (bsc#1193629). - smb3: check for null tcon (bsc#1193629). - smb3: cleanup and clarify status of tree connections (bsc#1193629). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1193629). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1193629). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1193629). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1193629). - smb3: fix snapshot mount option (bsc#1193629). - smb3 improve error message when mount options conflict with posix (bsc#1193629). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1193629). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1193629). - smb3 move more common protocol header definitions to smbfs_common (bsc#1193629). - smb3: send NTLMSSP version information (bsc#1193629). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: aspeed: lpc-ctrl: Block error printing on probe defer cases (git-fixes). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - soc: bcm: Check for NULL return of devm_kzalloc() (git-fixes). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: guts: Add a missing memory allocation failure check (git-fixes). - soc: fsl: guts: Revert commit 3c0d64e867ed (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - soc: mediatek: pm-domains: Add wakeup capacity support in power domain (git-fixes). - soc: qcom: aoss: Expose send for generic usecase (git-fixes). - soc: qcom: aoss: Fix missing put_device call in qmp_get (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (git-fixes). - soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - sound/oss/dmasound: fix build when drivers are mixed =y/=m (git-fixes). - sound/oss/dmasound: fix 'dmasound_setup' defined but not used (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - soundwire: intel: prevent pm_runtime resume prior to system suspend (git-fixes). - soundwire: qcom: adjust autoenumeration timeout (git-fixes). - speakup-dectlk: Restore pitch setting (git-fixes). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: cadence-quadspi: fix incorrect supports_op() return value (git-fixes). - spi: cadence-quadspi: fix protocol setup for non-1-1-X operations (git-fixes). - spi: core: add dma_map_dev for __spi_unmap_msg() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: Fix Tegra QSPI example (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: qcom-qspi: Add minItems to interconnect-names (git-fixes). - spi: rockchip: Fix error in getting num-cs property (git-fixes). - spi: rockchip: fix missing error on unsupported SPI_CS_HIGH (git-fixes). - spi: rockchip: Preset cs-high and clk polarity in setup progress (git-fixes). - spi: rockchip: Stop spi slave dma receiver when cs inactive (git-fixes). - spi: rockchip: terminate dma transmission when slave abort (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-mtk-nor: initialize spi controller after resume (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - spi: spi-zynqmp-gqspi: Handle error for dma_set_mask (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: fbtft: fb_st7789v: reset display before initialization (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - staging: most: dim2: force fcnt=3 on Renesas GEN3 (git-fixes). - staging: most: dim2: use device release method (git-fixes). - staging: most: dim2: use if statements instead of ?: expressions (git-fixes). - staging: mt7621-dts: fix formatting (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet (git-fixes). - staging: mt7621-dts: fix pinctrl properties for ethernet (git-fixes). - staging: rtl8712: fix a potential memory leak in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - staging: rtl8723bs: Fix access-point mode deadlock (git-fixes). - staging: vc04_services: shut up out-of-range warning (git-fixes). - staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances (git-fixes). - staging: vchiq_core: handle NULL result of find_service_by_handle (git-fixes). - staging: vchiq: Move certain declarations to vchiq_arm.h (git-fixes). - staging: vchiq: Move vchiq char driver to its own file (git-fixes). - staging: vchiq: Refactor vchiq cdev code (git-fixes). - staging: wfx: fix an error handling in wfx_init_common() (git-fixes). - stddef: Introduce DECLARE_FLEX_ARRAY() helper (git-fixes). - stm: ltdc: fix two incorrect NULL checks on list iterator (bsc#1190786) - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Do not dereference non-socket transports in sysfs (git-fixes). - SUNRPC: Do not dereference non-socket transports in sysfs - kabi fix (git-fixes). - SUNRPC do not resend a task on an offlined transport (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - SUNRPC release the transport of a relocated task with an assigned transport (git-fixes). - SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() (git-fixes). - SUNRPC: Trap RDMA segment overflows (git-fixes). - SUNRPC: use different lock keys for INET6 and LOCAL (git-fixes). - supported.conf: add intel_sdsi - supported.conf: mark pfuze100 regulator as supported (bsc#1199909) - supported.conf: Support TPM TIS SPI driver (jsc#SLE-24093) - surface: surface3_power: Fix battery readings on batteries without a serial number (git-fixes). - swiotlb: max mapping size takes min align mask into account (bsc#1197303). - sysrq: do not omit current cpu when showing backtrace of all active CPUs (git-fixes). - thermal/core: Fix memory leak in __thermal_cooling_device_register() (git-fixes). - thermal: core: Fix TZ_GET_TRIP NULL pointer dereference (git-fixes). - thermal: devfreq_cooling: use local ops instead of global ops (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe (git-fixes). - thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal: int340x: fix memory leak in int3400_notify() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - thunderbolt: Use different lane for second DisplayPort tunnel (git-fixes). - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (bsc#1201218). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (bsc#1190786) - timekeeping: Mark NMI safe time accessors as notrace (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - TOMOYO: fix __setup handlers return values (git-fixes). - tools arch x86: Add Intel SDSi provisiong tool (jsc#SLE-18938). - tools: bpftool: Complete metrics list in 'bpftool prog profile' doc (git-fixes). - tools: bpftool: Document and add bash completion for -L, -B options (git-fixes). - tools: bpftool: Update and synchronise option list in doc and help msg (git-fixes). - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: Fix error handling in async work (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tpm: use try_get_ops() in tpm-space.c (git-fixes). - tps6598x: clear int mask on probe failure (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have trace event string test handle zero length strings (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histogram: Fix sorting on old 'cpu' value (git-fixes). - tracing/osnoise: Force quiescent states while tracing (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - tracing: Show kretprobe unknown indicator only for kretprobe_trampoline (bsc#1193277). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (git-fixes). - tty: n_gsm: Do not ignore write return value in gsmld_output() (git-fixes). - tty: n_gsm: fix deadlock in gsmtty_open() (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix NULL pointer access due to DLCI release (git-fixes). - tty: n_gsm: Fix packet data hex dump output (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong tty control line for flow control (git-fixes). - tty: n_tty: do not look ahead for EOL character past the end of the buffer (git-fixes). - tty: n_tty: Restore EOF push handling behavior (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates (bsc#1189998). - uapi/linux/stddef.h: Add include guards (jsc#SLE-18978). - ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1 (bsc#1194191). - udmabuf: validate ubuf->pagecount (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: cdns3: Fix issue for clear halt endpoint (git-fixes). - usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value (git-fixes). - usb: cdnsp: Fixed setting last_trb incorrectly (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: core: Do not hold the device lock while sleeping in do_proc_control() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: drd: fix soft connect when gadget is unconfigured (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: core: Fix tx/rx threshold settings (git-fixes). - usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - usb: dwc3: Decouple USB 2.0 L1 & L2 events (git-fixes). - usb: dwc3: gadget: Change to dev_dbg() when queuing to inactive gadget/ep (git-fixes). - usb: dwc3: gadget: ep_queue simplify isoc start condition (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Give some time to schedule isoc (git-fixes). - usb: dwc3: gadget: Ignore Update Transfer cmd params (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: gadget: move cmd_endtransfer to extra function (git-fixes). - usb: dwc3: gadget: Move null pinter check to proper place (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Return proper request status (git-fixes). - usb: dwc3: gadget: Skip checking Update Transfer status (git-fixes). - usb: dwc3: gadget: Skip reading GEVNTSIZn (git-fixes). - usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (git-fixes). - usb: dwc3: Issue core soft reset before enabling run/stop (git-fixes). - usb: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - usb: dwc3: pci: Add 'snps,dis_u2_susphy_quirk' for Intel Bay Trail (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-P (git-fixes). - usb: dwc3: pci: add support for the Intel Raptor Lake-S (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks() (git-fixes). - usb: dwc3: Try usb-role-switch first in dwc3_drd_init (git-fixes). - usb: dwc3: xilinx: fix uninitialized return value (git-fixes). - usb: ehci: add pci device support for Aspeed platforms (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: Fix xhci event ring dequeue pointer ERDP update issue (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: gadget: eliminate anonymous module_init and module_exit (git-fixes). - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (git-fixes). - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (git-fixes). - USB: gadget: Fix double-free bug in raw_gadget driver (git-fixes). - usb: gadget: Fix non-unique driver names in raw-gadget driver (git-fixes). - usb: gadget: fix race when gadget driver register via ioctl (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: gadget: tegra-xudc: Do not program SPARAM (git-fixes). - usb: gadget: tegra-xudc: Fix control endpoint's definitions (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usb: gadget: uvc: allow for application to cleanly shutdown (git-fixes). - usb: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - usb: gadget: uvc: rename function to be more consistent (git-fixes). - usb: gadget: validate endpoint index for xilinx udc (git-fixes). - usb: gadget: validate interface OS descriptor requests (git-fixes). - USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (git-fixes). - USB: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: isp1760: Fix out-of-bounds array access (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: new quirk for Dell Gen 2 devices (git-fixes). - usb: phy: generic: Get the vbus supply (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: raw-gadget: fix handling of dual-direction-capable endpoints (git-fixes). - usb: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - usb: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - usb: serial: cp210x: add NCR Retail IO box id (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - USB: serial: option: add Quectel BG95 modem (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add support for DW5829e (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: serial: option: add Telit LE910R1 compositions (git-fixes). - usb: serial: option: add ZTE MF286D modem (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: pl2303: add support for more HXN (G) types (git-fixes). - usb: serial: pl2303: fix GS type detection (git-fixes). - usb: serial: pl2303: fix type detection for odd device (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: simple: add Nokia phone driver (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: tcpci_mt6360: Update for BMC PHY setting (git-fixes). - usb: typec: tipd: Forward plug orientation to typec subsystem (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: eliminate anonymous module_init and module_exit (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - usb: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions (git-fixes). - usb: zaurus: support another broken Zaurus (git-fixes). - use jobs not processors in the constraints jobs is the number of vcpus available to the build, while processors is the total processor count of the machine the VM is running on. - vdpasim: allow to enable a vq repeatedly (git-fixes). - veth: Ensure eth header is in skb's linear part (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - vhost_vdpa: do not setup irq offloading when irq_num 0 (git-fixes). - vhost/vsock: do not check owner in vhost_vsock_stop() while releasing (git-fixes). - vhost/vsock: fix incorrect used length reported to the guest (git-fixes). - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1190497) - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit (git-fixes). - video: fbdev: w100fb: Reset global state (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio_blk: eliminate anonymous module_init and module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init and module_exit (git-fixes). - virtio: fix virtio transitional ids (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix for skb_over_panic inside big mode (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix wrong buf address calculation when using xdp (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-net: realign page_to_skb() after merges (git-fixes). - virtio: pci: Fix an error handling path in vp_modern_probe() (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - vsprintf: Fix potential unaligned access (bsc#1198379). - vt_ioctl: add array_index_nospec to VT_ACTIVATE (git-fixes). - vt_ioctl: fix array_index_nospec in vt_setactivate (git-fixes). - vxcan: enable local echo for sent CAN frames (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function (git-fixes). - watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking (git-fixes). - Watchdog: sp5100_tco: Add initialization using EFCH MMIO (bsc#1199260). - watchdog: sp5100_tco: Add support for get_timeleft (bsc#1199260). - Watchdog: sp5100_tco: Enable Family 17h+ CPUs (bsc#1199260). - Watchdog: sp5100_tco: Move timer initialization into function (bsc#1199260). - Watchdog: sp5100_tco: Refactor MMIO base address initialization (bsc#1199260). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). - watch_queue: Actually free the watch (git-fixes). - watch_queue: Fix NULL dereference in error cleanup (git-fixes). - watch_queue: Free the page array when watch_queue is dismantled (git-fixes). - wcn36xx: Differentiate wcn3660 from wcn3620 (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice() (git-fixes). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (bsc#1190497). - x86/boot: Fix memremap of setup_indirect structures (bsc#1190497). - x86/cc: Move arch/x86/{kernel/cc_platform.c coco/core.c} (jsc#SLE-19924). - x86/coco: Add API to handle encryption mask (jsc#SLE-19924). - x86/coco: Explicitly declare type of confidential computing platform (jsc#SLE-19924). - x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN (bsc#1190497). - x86/cpufeatures: Re-enable ENQCMD (jsc#SLE-24350). - x86/cpu: Load microcode during restore_processor_state() (bsc#1190497). - x86/entry: Remove skip_r11rcx (bsc#1201524). - x86/fpu: Clear PASID when copying fpstate (jsc#SLE-24350). - x86/ibt,xen: Sprinkle the ENDBR (bsc#1201471). - x86/kprobes: Add UNWIND_HINT_FUNC on kretprobe_trampoline() (bsc#1193277). - x86/kprobes: Fixup return address in generic trampoline handler (bsc#1193277). - x86/kprobes: Push a fake return address at kretprobe_trampoline (bsc#1193277). - x86/kvmclock: Fix Hyper-V Isolated VM s boot issue when vCPUs 64 (bsc#1183682). - x86/kvm: Do not waste memory if kvmclock is disabled (bsc#1183682). - x86/MCE/AMD: Allow thresholding interface updates after init (bsc#1190497). - x86/mm/cpa: Generalize __set_memory_enc_pgtable() (jsc#SLE-19924). - x86/module: Fix the paravirt vs alternative order (bsc#1190497). - x86/pm: Save the MSR validity status at context setup (bsc#1190497). - x86/ptrace: Fix xfpregs_set() incorrect xmm clearing (bsc#1190497). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1190497). - x86/traps: Demand-populate PASID MSR via #GP (jsc#SLE-24350). - x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1190497). - x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (bsc#1190497). - x86/unwind: kABI workaround for unwind_state changes (bsc#1193277). - x86/unwind: Recover kretprobe trampoline entry (bsc#1193277). - xen/blkfront: fix comment for need_copy (git-fixes). - xen: fix is_xen_pmu() (git-fixes). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (bsc#1201218). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xfs: drop async cache flushes from CIL commits (bsc#1195669). - xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI (git-fixes). - xhci: Enable runtime PM on second Alderlake controller (git-fixes). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). - xhci: increase usb U3 U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: make xhci_handshake timeout for xhci_reset() adjustable (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). - xhci: turn off port power in shutdown (git-fixes). - xsk: Do not write NULL in SW ring at allocation failure (jsc#SLE-18375). - zsmalloc: decouple class actions from zspage works (bsc#1189998). - zsmalloc: introduce obj_allocated (bsc#1189998). - zsmalloc: introduce some helper functions (bsc#1189998). - zsmalloc: move huge compressed obj from page to zspage (bsc#1189998). - zsmalloc: remove zspage isolation for migration (bsc#1189998). - zsmalloc: rename zs_stat_type to class_stat_type (bsc#1189998). - zsmalloc: replace get_cpu_var with local_lock (bsc#1189998). - zsmalloc: replace per zpage lock with poolmigrate_lock (bsc#1189998). - zsmalloc: Stop using slab fields in struct page (bsc#1189998 bsc#1190208). Important SUSE bug 1055117 SUSE bug 1061840 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1089644 SUSE bug 1103269 SUSE bug 1118212 SUSE bug 1121726 SUSE bug 1137728 SUSE bug 1156395 SUSE bug 1157038 SUSE bug 1157923 SUSE bug 1175667 SUSE bug 1179439 SUSE bug 1179639 SUSE bug 1180814 SUSE bug 1183682 SUSE bug 1183872 SUSE bug 1184318 SUSE bug 1184924 SUSE bug 1187716 SUSE bug 1188885 SUSE bug 1189998 SUSE bug 1190137 SUSE bug 1190208 SUSE bug 1190336 SUSE bug 1190497 SUSE bug 1190768 SUSE bug 1190786 SUSE bug 1190812 SUSE bug 1191271 SUSE bug 1191663 SUSE bug 1192483 SUSE bug 1193064 SUSE bug 1193277 SUSE bug 1193289 SUSE bug 1193431 SUSE bug 1193556 SUSE bug 1193629 SUSE bug 1193640 SUSE bug 1193787 SUSE bug 1193823 SUSE bug 1193852 SUSE bug 1194086 SUSE bug 1194111 SUSE bug 1194191 SUSE bug 1194409 SUSE bug 1194501 SUSE bug 1194523 SUSE bug 1194526 SUSE bug 1194583 SUSE bug 1194585 SUSE bug 1194586 SUSE bug 1194625 SUSE bug 1194765 SUSE bug 1194826 SUSE bug 1194869 SUSE bug 1195099 SUSE bug 1195287 SUSE bug 1195478 SUSE bug 1195482 SUSE bug 1195504 SUSE bug 1195651 SUSE bug 1195668 SUSE bug 1195669 SUSE bug 1195775 SUSE bug 1195823 SUSE bug 1195826 SUSE bug 1195913 SUSE bug 1195915 SUSE bug 1195926 SUSE bug 1195944 SUSE bug 1195957 SUSE bug 1195987 SUSE bug 1196079 SUSE bug 1196114 SUSE bug 1196130 SUSE bug 1196213 SUSE bug 1196306 SUSE bug 1196367 SUSE bug 1196400 SUSE bug 1196426 SUSE bug 1196478 SUSE bug 1196514 SUSE bug 1196570 SUSE bug 1196723 SUSE bug 1196779 SUSE bug 1196830 SUSE bug 1196836 SUSE bug 1196866 SUSE bug 1196868 SUSE bug 1196869 SUSE bug 1196901 SUSE bug 1196930 SUSE bug 1196942 SUSE bug 1196960 SUSE bug 1197016 SUSE bug 1197157 SUSE bug 1197227 SUSE bug 1197243 SUSE bug 1197292 SUSE bug 1197302 SUSE bug 1197303 SUSE bug 1197304 SUSE bug 1197362 SUSE bug 1197386 SUSE bug 1197501 SUSE bug 1197601 SUSE bug 1197661 SUSE bug 1197675 SUSE bug 1197761 SUSE bug 1197817 SUSE bug 1197819 SUSE bug 1197820 SUSE bug 1197888 SUSE bug 1197889 SUSE bug 1197894 SUSE bug 1197915 SUSE bug 1197917 SUSE bug 1197918 SUSE bug 1197920 SUSE bug 1197921 SUSE bug 1197922 SUSE bug 1197926 SUSE bug 1198009 SUSE bug 1198010 SUSE bug 1198012 SUSE bug 1198013 SUSE bug 1198014 SUSE bug 1198015 SUSE bug 1198016 SUSE bug 1198017 SUSE bug 1198018 SUSE bug 1198019 SUSE bug 1198020 SUSE bug 1198021 SUSE bug 1198022 SUSE bug 1198023 SUSE bug 1198024 SUSE bug 1198027 SUSE bug 1198030 SUSE bug 1198034 SUSE bug 1198058 SUSE bug 1198217 SUSE bug 1198379 SUSE bug 1198400 SUSE bug 1198402 SUSE bug 1198410 SUSE bug 1198412 SUSE bug 1198413 SUSE bug 1198438 SUSE bug 1198484 SUSE bug 1198577 SUSE bug 1198585 SUSE bug 1198660 SUSE bug 1198802 SUSE bug 1198803 SUSE bug 1198806 SUSE bug 1198811 SUSE bug 1198826 SUSE bug 1198829 SUSE bug 1198835 SUSE bug 1198968 SUSE bug 1198971 SUSE bug 1199011 SUSE bug 1199024 SUSE bug 1199035 SUSE bug 1199046 SUSE bug 1199052 SUSE bug 1199063 SUSE bug 1199163 SUSE bug 1199173 SUSE bug 1199260 SUSE bug 1199314 SUSE bug 1199390 SUSE bug 1199426 SUSE bug 1199433 SUSE bug 1199439 SUSE bug 1199482 SUSE bug 1199487 SUSE bug 1199505 SUSE bug 1199507 SUSE bug 1199605 SUSE bug 1199611 SUSE bug 1199626 SUSE bug 1199631 SUSE bug 1199650 SUSE bug 1199657 SUSE bug 1199674 SUSE bug 1199736 SUSE bug 1199793 SUSE bug 1199839 SUSE bug 1199875 SUSE bug 1199909 SUSE bug 1200015 SUSE bug 1200019 SUSE bug 1200045 SUSE bug 1200046 SUSE bug 1200144 SUSE bug 1200205 SUSE bug 1200211 SUSE bug 1200259 SUSE bug 1200263 SUSE bug 1200284 SUSE bug 1200315 SUSE bug 1200343 SUSE bug 1200420 SUSE bug 1200442 SUSE bug 1200475 SUSE bug 1200502 SUSE bug 1200567 SUSE bug 1200569 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200600 SUSE bug 1200608 SUSE bug 1200611 SUSE bug 1200619 SUSE bug 1200692 SUSE bug 1200762 SUSE bug 1200763 SUSE bug 1200806 SUSE bug 1200807 SUSE bug 1200808 SUSE bug 1200809 SUSE bug 1200810 SUSE bug 1200812 SUSE bug 1200813 SUSE bug 1200815 SUSE bug 1200816 SUSE bug 1200820 SUSE bug 1200821 SUSE bug 1200822 SUSE bug 1200824 SUSE bug 1200825 SUSE bug 1200827 SUSE bug 1200828 SUSE bug 1200829 SUSE bug 1200830 SUSE bug 1200845 SUSE bug 1200882 SUSE bug 1200925 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201160 SUSE bug 1201171 SUSE bug 1201177 SUSE bug 1201193 SUSE bug 1201196 SUSE bug 1201218 SUSE bug 1201222 SUSE bug 1201228 SUSE bug 1201251 SUSE bug 1201381 SUSE bug 1201471 SUSE bug 1201524 CVE-2021-26341 CVE-2021-33061 CVE-2021-4204 CVE-2021-44879 CVE-2021-45402 CVE-2022-0264 CVE-2022-0494 CVE-2022-0617 CVE-2022-1012 CVE-2022-1016 CVE-2022-1184 CVE-2022-1198 CVE-2022-1205 CVE-2022-1462 CVE-2022-1508 CVE-2022-1651 CVE-2022-1652 CVE-2022-1671 CVE-2022-1679 CVE-2022-1729 CVE-2022-1734 CVE-2022-1789 CVE-2022-1852 CVE-2022-1966 CVE-2022-1972 CVE-2022-1974 CVE-2022-1998 CVE-2022-20132 CVE-2022-20154 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-2318 CVE-2022-23222 CVE-2022-26365 CVE-2022-26490 CVE-2022-29582 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33981 CVE-2022-34918 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 (bsc#1201221): - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution. Important SUSE bug 1201221 CVE-2022-22662 CVE-2022-22677 CVE-2022-26710 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 (bsc#1201221): - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution. Important SUSE bug 1201221 CVE-2022-22662 CVE-2022-22677 CVE-2022-26710 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 15.4 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0) - CVE-2022-21426: Better XPath expression handling (bsc#1198672) - CVE-2022-21443: Improved Object Identification (bsc#1198675) - CVE-2022-21434: Better invocation handler handling (bsc#1198674) - CVE-2022-21476: Improve Santuario processing (bsc#1198671) - CVE-2022-21496: Improve URL supports (bsc#1198673) And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes. Important SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 cpe:/o:opensuse:leap:15.4 Security update for python-M2Crypto (Important) openSUSE Leap 15.4 This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). Important SUSE bug 1178829 CVE-2020-25657 cpe:/o:opensuse:leap:15.4 Security update for mozilla-nss (Important) openSUSE Leap 15.4 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. Important SUSE bug 1192079 SUSE bug 1192080 SUSE bug 1192086 SUSE bug 1192087 SUSE bug 1192228 SUSE bug 1198486 SUSE bug 1200027 CVE-2022-31741 cpe:/o:opensuse:leap:15.4 Security update for s390-tools (Important) openSUSE Leap 15.4 This update of s390-tools fixes the following issues: - Fixed KMIP plugin failing to connection to KMIP server. When a zkey key repository is bound to the KMIP plugin, and the connection to the KMIP server is to be configired using command 'zkey kms configure --kmip-server <server>', it fails to connect to the specified KMIP server. (bsc#1199649) - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 SUSE bug 1199649 SUSE bug 1200131 cpe:/o:opensuse:leap:15.4 Security update for gpg2 (Important) openSUSE Leap 15.4 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) Important SUSE bug 1196125 SUSE bug 1201225 CVE-2022-34903 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3: move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). - x86/entry: Remove skip_r11rcx (bsc#1201644). Important SUSE bug 1065729 SUSE bug 1179195 SUSE bug 1180814 SUSE bug 1184924 SUSE bug 1185762 SUSE bug 1192761 SUSE bug 1193629 SUSE bug 1194013 SUSE bug 1195504 SUSE bug 1195775 SUSE bug 1196901 SUSE bug 1197362 SUSE bug 1197754 SUSE bug 1198020 SUSE bug 1198924 SUSE bug 1199482 SUSE bug 1199487 SUSE bug 1199489 SUSE bug 1199657 SUSE bug 1200217 SUSE bug 1200263 SUSE bug 1200343 SUSE bug 1200442 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200600 SUSE bug 1200604 SUSE bug 1200605 SUSE bug 1200608 SUSE bug 1200619 SUSE bug 1200622 SUSE bug 1200692 SUSE bug 1200806 SUSE bug 1200807 SUSE bug 1200809 SUSE bug 1200810 SUSE bug 1200813 SUSE bug 1200816 SUSE bug 1200820 SUSE bug 1200821 SUSE bug 1200822 SUSE bug 1200825 SUSE bug 1200828 SUSE bug 1200829 SUSE bug 1200925 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201143 SUSE bug 1201147 SUSE bug 1201149 SUSE bug 1201160 SUSE bug 1201171 SUSE bug 1201177 SUSE bug 1201193 SUSE bug 1201222 SUSE bug 1201644 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 CVE-2021-26341 CVE-2021-4157 CVE-2022-1012 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVE-2022-34918 cpe:/o:opensuse:leap:15.4 Security update for git (Important) openSUSE Leap 15.4 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). Important SUSE bug 1201431 CVE-2022-29187 cpe:/o:opensuse:leap:15.4 Security update for libxml2 (Important) openSUSE Leap 15.4 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) Important SUSE bug 1196490 SUSE bug 1199132 CVE-2022-23308 CVE-2022-29824 cpe:/o:opensuse:leap:15.4 Security update for mariadb (Important) openSUSE Leap 15.4 This update for mariadb fixes the following issues: - Added mariadb-galera (jsc#SLE-22245) Update to 10.6.8 (bsc#1199928): - CVE-2021-46669 (bsc#1199928) - CVE-2022-27376 (bsc#1198628) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27379 (bsc#1198605) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27382 (bsc#1198609) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27444 (bsc#1198634) - CVE-2022-27445 (bsc#1198629) - CVE-2022-27446 (bsc#1198630) - CVE-2022-27447 (bsc#1198631) - CVE-2022-27448 (bsc#1198632) - CVE-2022-27449 (bsc#1198633) - CVE-2022-27451 (bsc#1198639) - CVE-2022-27452 (bsc#1198640) - CVE-2022-27455 (bsc#1198638) - CVE-2022-27456 (bsc#1198635) - CVE-2022-27457 (bsc#1198636) - CVE-2022-27458 (bsc#1198637) - The following issue is not affecting this package: CVE-2022-21427 Update to 10.6.7 (bsc#1196016): - CVE-2021-46665, CVE-2021-46664, CVE-2021-46661, CVE-2021-46668, CVE-2021-46663 Update to 10.6.6: - CVE-2022-24052, CVE-2022-24051, CVE-2022-24050, CVE-2022-24048, CVE-2021-46659 (bsc#1195339) The following issues have been fixed already but didn't have CVE references: - CVE-2021-46658 (bsc#1195334) - CVE-2021-46657 (bsc#1195325) Non security fixes: - Skip failing tests for s390x, fixes bsc#1195076 External refernences: - https://mariadb.com/kb/en/library/mariadb-1068-release-notes - https://mariadb.com/kb/en/library/mariadb-1068-changelog - https://mariadb.com/kb/en/library/mariadb-1067-release-notes - https://mariadb.com/kb/en/library/mariadb-1067-changelog - https://mariadb.com/kb/en/library/mariadb-1066-release-notes - https://mariadb.com/kb/en/library/mariadb-1066-changelog Important SUSE bug 1195076 SUSE bug 1195325 SUSE bug 1195334 SUSE bug 1195339 SUSE bug 1196016 SUSE bug 1198603 SUSE bug 1198604 SUSE bug 1198605 SUSE bug 1198606 SUSE bug 1198607 SUSE bug 1198609 SUSE bug 1198610 SUSE bug 1198611 SUSE bug 1198612 SUSE bug 1198613 SUSE bug 1198628 SUSE bug 1198629 SUSE bug 1198630 SUSE bug 1198631 SUSE bug 1198632 SUSE bug 1198633 SUSE bug 1198634 SUSE bug 1198635 SUSE bug 1198636 SUSE bug 1198637 SUSE bug 1198638 SUSE bug 1198639 SUSE bug 1198640 SUSE bug 1199928 CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2021-46669 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27451 CVE-2022-27452 CVE-2022-27455 CVE-2022-27456 CVE-2022-27457 CVE-2022-27458 cpe:/o:opensuse:leap:15.4 Security update for pcre2 (Important) openSUSE Leap 15.4 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). Important SUSE bug 1199235 CVE-2022-1587 cpe:/o:opensuse:leap:15.4 Security update for libguestfs (Moderate) openSUSE Leap 15.4 This update for libguestfs fixes the following issues: - CVE-2022-2211: Fixed a buffer overflow in get_keys (bsc#1201064). Moderate SUSE bug 1201064 CVE-2022-2211 cpe:/o:opensuse:leap:15.4 Security update for aws-iam-authenticator (Important) openSUSE Leap 15.4 This update for aws-iam-authenticator fixes the following issues: - CVE-2022-2385: Fixed AccessKeyID validation bypass (bsc#1201395). Important SUSE bug 1201395 CVE-2022-2385 cpe:/o:opensuse:leap:15.4 Security update for rubygem-tzinfo (Important) openSUSE Leap 15.4 This update for rubygem-tzinfo fixes the following issues: - CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files (bsc#1201835). Important SUSE bug 1201835 CVE-2022-31163 cpe:/o:opensuse:leap:15.4 Security update for mozilla-nss (Important) openSUSE Leap 15.4 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Important SUSE bug 1192079 SUSE bug 1192080 SUSE bug 1192086 SUSE bug 1192087 SUSE bug 1192228 SUSE bug 1198486 SUSE bug 1200027 CVE-2022-31741 cpe:/o:opensuse:leap:15.4 Security update for xen (Important) openSUSE Leap 15.4 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). Important SUSE bug 1027519 SUSE bug 1199965 SUSE bug 1199966 SUSE bug 1200549 SUSE bug 1201394 SUSE bug 1201469 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 cpe:/o:opensuse:leap:15.4 Security update for booth (Important) openSUSE Leap 15.4 This update for booth fixes the following issues: - CVE-2022-2553: authfile directive in booth config file is completely ignored (bsc#1201946). Important SUSE bug 1201946 CVE-2022-2553 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.12.0 ESR (bsc#1201758): - CVE-2022-36319: Mouse Position spoofing with CSS transforms - CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters Important SUSE bug 1201758 CVE-2022-36318 CVE-2022-36319 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-33743: Fixed a Denial of Service related to XDP (bsc#1200763). - CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1852: Fixed a null-ptr-deref in the kvm module which can lead to DoS. (bsc#1199875) - CVE-2022-1789: Fixed a NULL pointer dereference when shadow paging is enabled. (bnc#1199674) - CVE-2022-1508: Fixed an out-of-bounds read flaw that could cause the system to crash. (bsc#1198968) - CVE-2022-1671: Fixed a null-ptr-deref bugs in net/rxrpc/server_key.c, unprivileged users could easily trigger it via ioctl. (bsc#1199439) - CVE-2022-1651: Fixed a bug in ACRN Device Model emulates virtual NICs in VM. This flaw may allow a local privileged attacker to leak kernel unauthorized information and also cause a denial of service problem. (bsc#1199433) - CVE-2022-29582: Fixed a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. (bnc#1198811) - CVE-2022-0494: Fixed a kernel information leak flaw in the scsi_ioctl function. This flaw allowed a local attacker with a special user privilege to create issues with confidentiality. (bnc#1197386) - CVE-2021-4204: Fixed a vulnerability that allows local attackers to escalate privileges on affected installations via ebpf. (bnc#1194111) - CVE-2022-23222: Fixed a bug that allowed local users to gain privileges. (bnc#1194765) - CVE-2022-0264: Fixed a vulnerability in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (bnc#1194826) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). - CVE-2022-1679: Fixed use-after-free in ath9k in ath9k_hif_usb_rx_cb (bsc#1199487). - CVE-2022-20132: Fixed several potential out of bounds reads via malicious HID device (bsc#1200619). - CVE-2022-1012: Fixed an information leak in net/ipv4/tcp.c (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bnc#1200692). - CVE-2022-1998: Fixed use-after-free in fanotify (bnc#1200284). The following non-security bugs were fixed: - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: bus: Avoid using CPPC if not supported by firmware (bsc#1199793). - ACPICA: Avoid cache flush inside virtual machines (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - ACPI: CPPC: Assume no transition latency if no PCCT (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Amend PWM enumeration ASL example (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: PM: Revert 'Only mark EC GPE for wakeup on Intel systems' (git-fixes). - ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (git-fixes). - ACPI: processor idle: Allow playing dead in C3 state (git-fixes). - ACPI: processor: idle: Avoid falling back to C3 type C-states (git-fixes). - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: property: Release subnode properties with data nodes (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: video: Change how we determine if brightness key-presses are handled (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - Add references to IBM bugs - Add various fsctl structs (bsc#1193629). - Adjust cifssb maximum read size (bsc#1193629). - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (git-fixes). - aio: Fix incorrect usage of eventfd_signal_allowed() (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: core: Add snd_card_free_on_error() helper (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda: Add AlderLake-PS variant PCI ID (git-fixes). - ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake (git-fixes). - ALSA: hda: Avoid unsol event during RPM suspending (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda: Fix discovery of i915 graphics PCI device (bsc#1200611). - ALSA: hda: Fix driver index handling at re-binding (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ALSA: hda: Fix signedness of sscanf() arguments (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/i915: Fix one too many pci_dev_put() (git-fixes). - ALSA: hda/i915 - skip acomp init if no matching display (git-fixes). - ALSA: hda: intel-dspcfg: use SOF for UpExtreme and UpExtreme11 boards (git-fixes). - ALSA: hda: intel-dsp-config: update AlderLake PCI IDs (git-fixes). - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 (git-fixes). - ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (bsc#1195913). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda: realtek: Fix race at concurrent COEF updates (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Set max DMA segment size (git-fixes). - ALSA: hda: Skip codec shutdown in case the codec is not registered (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ALSA: memalloc: Fix dma_need_sync() checks (bsc#1195913). - ALSA: memalloc: invalidate SG pages before sync (bsc#1195913). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent prealloc proc writes (git-fixes). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX (git-fixes). - ALSA: usb-audio: add mapping for new Corsair Virtuoso SE (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb (git-fixes). - ALSA: usb-audio: Cancel pending work at closing a MIDI substream (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: Do not abort resume upon errors (bsc#1195913). - ALSA: usb-audio: Do not get sample rate for MCT Trigger 5 USB-to-HDMI (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: US16x08: Move overflow check before array access (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ALSA: x86: intel_hdmi_audio: enable pm_runtime and set autosuspend delay (git-fixes). - ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() (git-fixes). - alx: acquire mutex for alx_reinit in alx_change_mtu (git-fixes). - amd/display: set backlight only if required (git-fixes). - arch/arm64: Fix topology initialization for core scheduling (git-fixes). - arm64: Add Cortex-A510 CPU part definition (git-fixes). - arm64: Add part number for Arm Cortex-A78AE (git-fixes). - arm64: Add support for user sub-page fault probing (git-fixes) - arm64: alternatives: mark patch_alternative() as `noinstr` (git-fixes). - arm64: avoid fixmap race condition when create pud mapping (git-fixes). - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (git-fixes). - arm64: Correct wrong label in macro __init_el2_gicv3 (git-fixes). - arm64: defconfig: build imx-sdma as a module (git-fixes). - arm64: do not abuse pfn_valid() to ensure presence of linear map (git-fixes). - arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones (git-fixes). - arm64: Do not include __READ_ONCE() block in assembly files (git-fixes). - arm64: dts: agilex: use the compatible 'intel,socfpga-agilex-hsotg' (git-fixes). - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (git-fixes). - arm64: dts: broadcom: bcm4908: use proper TWD binding (git-fixes). - arm64: dts: broadcom: Fix sata nodename (git-fixes). - arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mm-venice: fix spi2 pin configuration (git-fixes) - arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (git-fixes) - arm64: dts: imx8mn: Fix SAI nodes (git-fixes) - arm64: dts: imx8mp-evk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct mmc pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (git-fixes). - arm64: dts: imx8mp-evk: correct vbus pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (git-fixes). - arm64: dts: imx8mq: fix lcdif port node (git-fixes). - arm64: dts: imx8qm: Correct SCU clock controller's compatible (git-fixes) - arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes (git-fixes). - arm64: dts: juno: Remove GICv2m dma-range (git-fixes). - arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus (git-fixes). - arm64: dts: ls1043a: Update i2c dma properties (git-fixes). - arm64: dts: ls1046a: Update i2c node dma properties (git-fixes). - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes). - arm64: dts: marvell: espressobin-ultra: enable front USB3 port (git-fixes). - arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config (git-fixes). - arm64: dts: meson-g12: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133' (git-fixes). - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (git-fixes). - arm64: dts: meson-gx: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for GPIOE_2 (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1 (git-fixes). - arm64: dts: meson-sm1-odroid: fix boot loop after reboot (git-fixes). - arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator (git-fixes). - arm64: dts: mt8192: Fix nor_flash status disable typo (git-fixes). - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes). - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (git-fixes). - arm64: dts: qcom: msm8916-huawei-g7: Clarify installation instructions (git-fixes). - arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count (git-fixes). - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (git-fixes). - arm64: dts: qcom: msm8994: Fix the cont_splash_mem address (git-fixes). - arm64: dts: qcom: msm8996: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: msm8996: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: pm8350c: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: pmr735a: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name (git-fixes). - arm64: dts: qcom: sdm845-db845c: add wifi variant property (git-fixes). - arm64: dts: qcom: sdm845: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sdm845: fix microphone bias properties and values (git-fixes). - arm64: dts: qcom: sdm845: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property (git-fixes). - arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8250: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2 (git-fixes). - arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema (git-fixes). - arm64: dts: qcom: sm8350: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8350: Correct UFS symbol clocks (git-fixes). - arm64: dts: qcom: sm8350: Describe GCC dependency clocks (git-fixes). - arm64: dts: qcom: sm8350: Shorten camera-thermal-bottom name (git-fixes). - arm64: dts: renesas: Fix thermal bindings (git-fixes). - arm64: dts: renesas: ulcb-kf: fix wrong comment (git-fixes). - arm64: dts: rockchip: align pl330 node name with dtschema (git-fixes). - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (git-fixes). - arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (git-fixes). - arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes). - arm64: dts: rockchip: reorder rk3399 hdmi clocks (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: j721e-main: Fix 'dtbs_check' in serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (git-fixes). - arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates (git-fixes). - arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs (git-fixes). - arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (git-fixes). - arm64: Ensure execute-only permissions are not allowed without EPAN (git-fixes) - arm64: fix clang warning about TRAMP_VALIAS (git-fixes). - arm64: fix types in copy_highpage() (git-fixes). - arm64: ftrace: consistently handle PLTs (git-fixes). - arm64: ftrace: fix branch range checks (git-fixes). - arm64: kasan: fix include error in MTE functions (git-fixes). - arm64: kvm: keep the field workaround_flags in structure kvm_vcpu_arch (git-fixes). - arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL (git-fixes) - arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit definition (git-fixes). - arm64: mm: fix p?d_leaf() (git-fixes). - arm64: module: remove (NOLOAD) from linker script (git-fixes). - arm64: mte: Ensure the cleared tags are visible before setting the PTE (git-fixes). - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: patch_text: Fixup last cpu should be master (git-fixes). - arm64: prevent instrumentation of bp hardening callbacks (git-fixes). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64: stackleak: fix current_top_of_stack() (git-fixes). - arm64: supported.conf: mark PHY_FSL_IMX8MQ_USB as supported (bsc#1199909) - arm64: tegra: Add missing DFLL reset on Tegra210 (git-fixes). - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (git-fixes). - arm64: Update config files. (bsc#1199909) Add pfuze100 regulator as module - arm64: vdso: fix makefile dependency on vdso.so (git-fixes). - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes). - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (git-fixes). - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (git-fixes). - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (git-fixes). - ARM: at91: fix soc detection for SAM9X60 SiPs (git-fixes). - ARM: at91: pm: use proper compatible for sama5d2's rtc (git-fixes). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (git-fixes). - ARM: boot: dts: bcm2711: Fix HVS register range (git-fixes). - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx (git-fixes). - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes). - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes). - ARM: Do not use NOCROSSREFS directive with ld.lld (git-fixes). - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes). - ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (git-fixes). - ARM: dts: aspeed: Add secure boot controller node (git-fixes). - ARM: dts: aspeed: Add video engine to g6 (git-fixes). - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (git-fixes). - ARM: dts: aspeed: Fix AST2600 quad spi group (git-fixes). - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (git-fixes). - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (git-fixes). - ARM: dts: at91: fix pinctrl phandles (git-fixes). - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (git-fixes). - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (git-fixes). - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes). - ARM: dts: bcm2711: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes). - ARM: dts: bcm2837: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes). - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes). - ARM: dts: BCM5301X: update CRU block description (git-fixes). - ARM: dts: BCM5301X: Update pin controller node name (git-fixes). - ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks (git-fixes). - ARM: dts: dra7: Fix suspend warning for vpe powerdomain (git-fixes). - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5250 (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5420 (git-fixes). - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes). - ARM: dts: Fix boot regression on Skomer (git-fixes). - ARM: dts: Fix mmc order for omap3-gta04 (git-fixes). - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes). - ARM: dts: Fix timer regression for beagleboard revision c (git-fixes). - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes). - ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (git-fixes). - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes). - ARM: dts: imx6qdl: correct PU regulator ramp delay (git-fixes). - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes). - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes). - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (git-fixes). - ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo (git-fixes). - ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk (git-fixes). - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes). - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes). - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson: Fix the UART compatible strings (git-fixes). - ARM: dts: ox820: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 (git-fixes). - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes). - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes). - ARM: dts: qcom: sdx55: fix IPA interconnect definitions (git-fixes). - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (git-fixes). - ARM: dts: rockchip: reorder rk322x hmdi clocks (git-fixes). - ARM: dts: s5pv210: align DMA channels with dtschema (git-fixes). - ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries (git-fixes). - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (git-fixes). - ARM: dts: socfpga: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: socfpga: change qspi to 'intel,socfpga-qspi' (git-fixes). - ARM: dts: spear1340: Update serial node properties (git-fixes). - ARM: dts: spear13xx: Update SPI dma properties (git-fixes). - ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 (git-fixes). - ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 (git-fixes). - ARM: dts: sun8i: v3s: Move the csi1 block to follow address order (git-fixes). - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes). - ARM: dts: switch timer config to common devkit8000 devicetree (git-fixes). - ARM: dts: Use 32KiHz oscillator on devkit8000 (git-fixes). - ARM: exynos: Fix refcount leak in exynos_map_pmu (git-fixes). - ARM: fix build warning in proc-v7-bugs.c (git-fixes). - ARM: fix co-processor register typo (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ARM: Fix refcount leak in axxia_boot_secondary (git-fixes). - ARM: fix Thumb2 regression with Spectre BHB (git-fixes). - ARM: ftrace: avoid redundant loads or clobbering IP (git-fixes). - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes). - ARM: hisi: Add missing of_node_put after of_find_compatible_node (git-fixes). - ARM: iop32x: offset IRQ numbers by 1 (git-fixes). - ARM: kprobes: Make space for instruction pointer on stack (bsc#1193277). - ARM: mediatek: select arch timer for mt7629 (git-fixes). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (git-fixes). - ARM: mmp: Fix failure to remove sram device (git-fixes). - ARM: mstar: Select HAVE_ARM_ARCH_TIMER (git-fixes). - ARM: mxs_defconfig: Enable the framebuffer (git-fixes). - ARM: omap1: ams-delta: remove camera leftovers (git-fixes). - ARM: OMAP1: clock: Fix UART rate reporting algorithm (git-fixes). - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes). - ARM: OMAP2+: hwmod: Add of_node_put() before break (git-fixes). - ARM: pxa: maybe fix gpio lookup tables (git-fixes). - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes). - ARM: Spectre-BHB: provide empty stub for non-config (git-fixes). - ARM: tegra: tamonten: Fix I2C3 pad setting (git-fixes). - ARM: vexpress/spc: Avoid negative array index when !SMP (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: amd: vg: fix for pm resume callback sequence (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe (git-fixes). - ASoC: atmel: Fix error handling in snd_proto_probe (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: codecs: Check for error pointer after calling devm_regmap_init_mmio (git-fixes). - ASoC: codecs: lpass-rx-macro: fix sidetone register offsets (git-fixes). - ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: rx-macro: fix accessing compander for aux (git-fixes). - ASoC: codecs: va-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wc938x: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: codecs: wcd934x: fix kcontrol max values (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: codecs: wcd938x: fix return value of mixer put function (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: cs42l51: Correct minimum value for SX volume control (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: fsl: Use dev_err_probe() helper (git-fixes). - ASoC: hdmi-codec: Fix OOB memory accesses (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 (git-fixes). - ASoC: intel: skylake: Set max DMA segment size (git-fixes). - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (git-fixes). - ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13' (git-fixes). - ASoC: madera: Add dependencies on MFD (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe (git-fixes). - ASoC: mediatek: use of_device_get_match_data() (git-fixes). - ASoC: meson: Fix event generation for AUI ACODEC mux (git-fixes). - ASoC: meson: Fix event generation for AUI CODEC mux (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: qcom: Actually clear DMA interrupt register for HDMI (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rk817: Fix missing clk_disable_unprepare() in rk817_platform_probe (git-fixes). - ASoC: rk817: Use devm_clk_get() in rk817_platform_probe (git-fixes). - ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() (git-fixes). - ASoC: rsnd: care return value from rsnd_node_fixed_index() (git-fixes). - ASoC: rt1015p: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - ASoC: samsung: Fix refcount leak in aries_audio_probe (git-fixes). - ASoC: samsung: Use dev_err_probe() helper (git-fixes). - ASoC: simple-card: fix probe failure on platform component (git-fixes). - ASoC: simple-card-utils: Set sysclk on all components (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ASoC: soc-ops: fix error handling (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (git-fixes). - ASoC: SOF: hda: Set max DMA segment size (git-fixes). - ASoC: SOF: Intel: enable DMI L1 for playback streams (git-fixes). - ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV (git-fixes). - ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM (git-fixes). - ASoC: SOF: Intel: match sdw version on link_slaves_found (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: tas2770: Insert post reset delay (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - asus-wmi: Add dgpu disable method (bsc#1198058). - asus-wmi: Add egpu enable method (bsc#1198058). - asus-wmi: Add panel overdrive functionality (bsc#1198058). - asus-wmi: Add support for platform_profile (bsc#1198058). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath10k: skip ath10k_halt during suspend for driver state RESTARTING (git-fixes). - ath11k: acquire ab->base_lock in unassign when finding the peer by addr (git-fixes). - ath11k: disable spectral scan during spectral deinit (git-fixes). - ath11k: Do not check arvif->is_started before sending management frames (git-fixes). - ath11k: fix kernel panic during unload/load ath11k modules (git-fixes). - ath11k: mhi: use mhi_sync_power_up() (git-fixes). - ath11k: pci: fix crash on suspend if board file is not found (git-fixes). - ath11k: set correct NL80211_FEATURE_DYNAMIC_SMPS for WCN6855 (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC (git-fixes). - atm: eni: Add check for dma_map_single (git-fixes). - atm: firestream: check the return value of ioremap() in fs_init() (git-fixes). - atomics: Fix atomic64_{read_acquire,set_release} fallbacks (git-fixes). - audit: ensure userspace is penalized the same as the kernel when under pressure (git-fixes). - audit: improve audit queue handling when 'audit=1' on cmdline (git-fixes). - audit: improve robustness of the audit queue handling (git-fixes). - auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature (git-fixes). - auxdisplay: lcd2s: Fix memory leak in ->remove() (git-fixes). - auxdisplay: lcd2s: Use proper API to free the instance of charlcd object (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: fix use-after-free problem in bcache_device_free() (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bfq: Allow current waker to defend against a tentative one (bsc#1195915). - bfq: Avoid false marking of bic as stably merged (bsc#1197926). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Do not let waker requests skip proper accounting (bsc#1184318). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Fix warning in bfqq_request_over_limit() (bsc#1200812). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Limit waker detection in time (bsc#1184318). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Relax waker detection for shared queues (bsc#1184318). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (git-fixes). - bitfield: add explicit inclusions to the example (git-fixes). - blkcg: Remove extra blkcg_bio_issue_init (bsc#1194585). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - blk-cgroup: set blkg iostat after percpu stat aggregation (bsc#1198018). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() (bsc#1198034). - blk-mq: do not touch ->tagset in blk_mq_get_sq_hctx (bsc#1200824). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - blktrace: fix use after free for struct blk_trace (bsc#1198017). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1198016). - block: avoid to quiesce queue in elevator_init_mq (bsc#1198013). - block, bfq: fix UAF problem in bfqg_stats_init() (bsc#1194583). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: Check ADMIN before NICE for IOPRIO_CLASS_RT (bsc#1198012). - block: do not delete queue kobject before its children (bsc#1198019). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: fix async_depth sysfs interface for mq-deadline (bsc#1198015). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (git-fixes). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - block: Fix the maximum minor value is blk_alloc_ext_minor() (bsc#1198021). - block: Fix up kabi after blkcg merge fix (bsc#1198020). - block: Hold invalidate_lock in BLKRESETZONE ioctl (bsc#1198010). - block: limit request dispatch loop duration (bsc#1198022). - block/mq-deadline: Improve request accounting further (bsc#1198009). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products (git-fixes). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: btusb: Add another Realtek 8761BU (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (git-fixes). - Bluetooth: btusb: Whitespace fixes for btusb_setup_csr() (git-fixes). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg} (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - Bluetooth: use hdev lock for accept_list and reject_list in conn req (git-fixes). - Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring (git-fixes). - Bluetooth: use memset avoid memory leaks (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bnxt_en: Do not destroy health reporters during reset (bsc#1199736). - bnxt_en: Eliminate unintended link toggle during FW reset (bsc#1199736). - bnxt_en: Fix active FEC reporting to ethtool (git-fixes). - bnxt_en: Fix devlink fw_activate (jsc#SLE-18978). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (git-fixes). - bnxt_en: Fix unnecessary dropping of RX packets (git-fixes). - bnxt_en: Increase firmware message response DMA wait time (git-fixes). - bnxt_en: Prevent XDP redirect from running when stopping TX queue (git-fixes). - bnxt_en: reserve space inside receive page for skb_shared_info (git-fixes). - bnxt_en: Restore the resets_reliable flag in bnxt_open() (jsc#SLE-18978). - bnxt_en: Synchronize tx when xdp redirects happen on same ring (git-fixes). - bonding: fix data-races around agg_select_timer (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Add check_func_arg_reg_off function (git-fixes). - bpf: add config to allow loading modules with BTF mismatches (bsc#1194501). - bpf: Avoid races in __bpf_prog_run() for 32bit arches (git-fixes). - bpf: Disallow negative offset in check_ptr_off_reg (git-fixes). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg (git-fixes). - bpf: Fix PTR_TO_BTF_ID var_off check (git-fixes). - bpf: Fix UAF due to race between btf_try_get_module and load_module (git-fixes). - bpf: Mark PTR_TO_FUNC register initially with zero offset (git-fixes). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes). - bpf: selftests: adapt bpf_iter_task_vma to get_inode_dev() (bsc#927455 bsc#1198585). - bpf, selftests: Fix racing issue in btf_skc_cls_ingress test (git-fixes). - bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer (git-fixes). - bpftool: Fix memory leak in prog_dump() (git-fixes). - bpftool: Remove inclusion of utilities.mak from Makefiles (git-fixes). - bpftool: Remove unused includes to bpf/bpf_gen_internal.h (git-fixes). - bpftool: Remove useless #include to perf-sys.h from map_perf_ring.c (git-fixes). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: firmware: Fix crash in brcm_alt_fw_path (git-fixes). - brcmfmac: pcie: Declare missing firmware files in pcie.c (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - btrfs: add a BTRFS_FS_ERROR helper (bsc#1197915). - btrfs: add btrfs_set_item_*_nr() helpers (bsc#1197915). - btrfs: add helper to truncate inode items when logging inode (bsc#1197915). - btrfs: add missing run of delayed items after unlink during log replay (bsc#1197915). - btrfs: add ro compat flags to inodes (bsc#1197915). - btrfs: always update the logged transaction when logging new names (bsc#1197915). - btrfs: assert that extent buffers are write locked instead of only locked (bsc#1197915). - btrfs: avoid attempt to drop extents when logging inode for the first time (bsc#1197915). - btrfs: avoid expensive search when dropping inode items from log (bsc#1197915). - btrfs: avoid expensive search when truncating inode items from the log (bsc#1197915). - btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page (git-fixes) - btrfs: avoid search for logged i_size when logging inode if possible (bsc#1197915). - btrfs: avoid unnecessarily logging directories that had no changes (bsc#1197915). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1197915). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1197915). - btrfs: change error handling for btrfs_delete_*_in_log (bsc#1197915). - btrfs: change handle_fs_error in recover_log_trees to aborts (bsc#1197915). - btrfs: check if a log tree exists at inode_logged() (bsc#1197915). - btrfs: constify and cleanup variables in comparators (bsc#1197915). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1197915). - btrfs: do not log new dentries when logging that a new name exists (bsc#1197915). - btrfs: do not pin logs too early during renames (bsc#1197915). - btrfs: drop the _nr from the item helpers (bsc#1197915). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1197915). - btrfs: factor out the copying loop of dir items from log_dir_items() (bsc#1197915). - btrfs: fix lost prealloc extents beyond eof after full fsync (bsc#1197915). - btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). - btrfs: fix memory leak in __add_inode_ref() (bsc#1197915). - btrfs: fix missing last dir item offset update when logging directory (bsc#1197915). - btrfs: fix re-dirty process of tree-log nodes (bsc#1197915). - btrfs: improve the batch insertion of delayed items (bsc#1197915). - btrfs: insert items in batches when logging a directory when possible (bsc#1197915). - btrfs: introduce btrfs_lookup_match_dir (bsc#1197915). - btrfs: introduce item_nr token variant helpers (bsc#1197915). - btrfs: keep track of the last logged keys when logging a directory (bsc#1197915). - btrfs: loop only once over data sizes array when inserting an item batch (bsc#1197915). - btrfs: make btrfs_file_extent_inline_item_len take a slot (bsc#1197915). - btrfs: only copy dir index keys when logging a directory (bsc#1197915). - btrfs: remove no longer needed checks for NULL log context (bsc#1197915). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1197915). - btrfs: remove no longer needed logic for replaying directory deletes (bsc#1197915). - btrfs: remove redundant log root assignment from log_dir_items() (bsc#1197915). - btrfs: remove root argument from add_link() (bsc#1197915). - btrfs: remove root argument from btrfs_log_inode() and its callees (bsc#1197915). - btrfs: remove root argument from btrfs_unlink_inode() (bsc#1197915). - btrfs: remove root argument from check_item_in_log() (bsc#1197915). - btrfs: remove root argument from drop_one_dir_item() (bsc#1197915). - btrfs: remove the btrfs_item_end() helper (bsc#1197915). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1197915). - btrfs: remove unneeded return variable in btrfs_lookup_file_extent (bsc#1197915). - btrfs: rename btrfs_item_end_nr to btrfs_item_data_end (bsc#1197915). - btrfs: stop doing GFP_KERNEL memory allocations in the ref verify tool (bsc#1197915). - btrfs: unexport setup_items_for_insert() (bsc#1197915). - btrfs: unify lookup return value when dir entry is missing (bsc#1197915). - btrfs: update comment at log_conflicting_inodes() (bsc#1197915). - btrfs: use btrfs_item_size_nr/btrfs_item_offset_nr everywhere (bsc#1197915). - btrfs: use btrfs_next_leaf instead of btrfs_next_item when slots > nritems (bsc#1197915). - btrfs: use single bulk copy operations when logging directories (bsc#1197915). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8 (git-fixes). - can: etas_es58x: es58x_fd_rx_event_msg(): initialize rx_event_msg before calling es58x_check_msg_len() (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (git-fixes). - can: grcan: only use the NAPI poll budget for RX (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - can: isotp: fix error path in isotp_sendmsg() to unlock wait queue (git-fixes). - can: isotp: fix potential CAN frame reception race in isotp_rcv() (git-fixes). - can: isotp: restore accidentally removed MSG_PEEK feature (git-fixes). - can: isotp: return -EADDRNOTAVAIL when reading from unbound socket (git-fixes). - can: isotp: set default value for N_As to 50 micro seconds (git-fixes). - can: isotp: stop timeout monitoring when no first frame was sent (git-fixes). - can: isotp: support MSG_TRUNC flag when reading from socket (git-fixes). - can: m_can: m_can_tx_handler(): fix use after free of skb (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value (git-fixes). - can: mcp251xfd: silence clang's -Wunaligned-access warning (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: xilinx_can: mark bit timing constants as const (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - CDC-NCM: avoid overflow in sanity checking (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1199611). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cfg80211: declare MODULE_FIRMWARE for regulatory.db (git-fixes). - cfg80211: do not add non transmitted BSS to 6GHz scanned channels (git-fixes). - cfg80211: fix race in netlink owner interface destruction (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (bsc#1196869). - cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - char: tpm: cr50_i2c: Suppress duplicated error message in .remove() (git-fixes). - char: xillybus: fix a refcount leak in cleanup_dev() (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1193629). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1193629). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1193629). - cifs: avoid parallel session setups on same channel (bsc#1193629). - cifs: avoid race during socket reconnect between send and recv (bsc#1193629). - cifs: call cifs_reconnect when a connection is marked (bsc#1193629). - cifs: call helper functions for marking channels for reconnect (bsc#1193629). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1193629). - cifs: check for smb1 in open_cached_dir() (bsc#1193629). - cifs: check reconnects for channels of active tcons too (bsc#1193629). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1193629). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1193629). - cifs: clean up an inconsistent indenting (bsc#1193629). - cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1193629). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1193629). - cifs: do not build smb1ops if legacy support is disabled (bsc#1193629). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1193629). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: do not use tcpStatus after negotiate completes (bsc#1193629). - cifs: do not use uninitialized data in the owner/group sid (bsc#1193629). - cifs: fix bad fids sent over wire (bsc#1197157). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1193629). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1193629). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1193629). - cifs: fix handlecache and multiuser (bsc#1193629). - cifs: fix hang on cifs_get_next_mid() (bsc#1193629). - cifs: fix incorrect use of list iterator after the loop (bsc#1193629). - cifs: fix minor compile warning (bsc#1193629). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1193629). - cifs: fix potential deadlock in direct reclaim (bsc#1193629). - cifs: fix potential double free during failed mount (bsc#1193629). - cifs: fix potential race with cifsd thread (bsc#1193629). - cifs: fix set of group SID via NTSD xattrs (bsc#1193629). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1193629). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1193629). - cifs: fix the cifs_reconnect path for DFS (bsc#1193629). - cifs: fix the connection state transitions with multichannel (bsc#1193629). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1193629). - cifs: fix workstation_name for multiuser mounts (bsc#1193629). - cifs: force new session setup and tcon for dfs (bsc#1193629). - cifs: free ntlmsspblob allocated in negotiate (bsc#1193629). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1193629). - cifs: make status checks in version independent callers (bsc#1193629). - cifs: mark sessions for reconnection in helper function (bsc#1193629). - cifs: modefromsids must add an ACE for authenticated users (bsc#1193629). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1193629). - cifs: move superblock magic defitions to magic.h (bsc#1193629). - cifs: potential buffer overflow in handling symlinks (bsc#1193629). - cifs: print TIDs as hex (bsc#1193629). - cifs: protect all accesses to chan_* with chan_lock (bsc#1193629). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1193629). - cifs: reconnect only the connection and not smb session where possible (bsc#1193629). - cifs: release cached dentries only if mount is complete (bsc#1193629). - cifs: remove check of list iterator against head past the loop body (bsc#1193629). - cifs: remove redundant assignment to pointer p (bsc#1193629). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1193629). - cifs: remove repeated state change in dfs tree connect (bsc#1193629). - cifs: remove unused variable ses_selected (bsc#1193629). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1193629). - cifs: return the more nuanced writeback error on close() (bsc#1193629). - cifs: serialize all mount attempts (bsc#1193629). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1193629). - cifs: skip trailing separators of prefix paths (bsc#1193629). - cifs: smbd: fix typo in comment (bsc#1193629). - cifs: Split the smb3_add_credits tracepoint (bsc#1193629). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1193629). - cifs: track individual channel status using chans_need_reconnect (bsc#1193629). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: update tcpStatus during negotiate and sess setup (bsc#1193629). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1193629). - cifs: use correct lock type in cifs_reconnect() (bsc#1193629). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1193629). - cifs: use new enum for ses_status (bsc#1193629). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1193629). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1193629). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1193629). - cifs: we do not need a spinlock around the tree access during umount (bsc#1193629). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1193629). - cifs: writeback fix (bsc#1193629). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: at91: sama7g5: fix parents of PDMCs' GCLK (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: Fix clk_hw_get_clk() when dev is NULL (git-fixes). - clk: hisilicon: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: imx: Add check for kcalloc (git-fixes). - clk: imx: off by one in imx_lpcg_parse_clks_from_dt() (git-fixes). - clk: imx: scu: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: fix PCI-E clock oops (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568 (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - clk: tegra: Add missing reset deassertion (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: ti: Preserve node in ti_dt_clocks_register() (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts (git-fixes). - clocksource/drivers/exynos_mct: Refactor resources allocation (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - clocksource/drivers/timer-microchip-pit64b: Use notrace (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix (git-fixes). - clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (bsc#1201218). - comedi: drivers: ni_routes: Use strcmp() instead of memcmp() (git-fixes). - comedi: vmk80xx: fix expression for tx buffer size (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - cpufreq-fix-memory-leak-in-sun50i_cpufreq_nvmem_prob.patch: (git-fixes). - cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (bsc#1201228). - cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse (git-fixes). - cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (git-fixes). - cpuidle: intel_idle: Update intel_idle() kerneldoc comment (git-fixes). - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - crypto: amlogic - call finalize with bh disabled (git-fixes). - crypto: api - Move cryptomgr soft dependency into algapi (git-fixes). - crypto: arm/aes-neonbs-cbc - Select generic cbc and aes (git-fixes). - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: ccree - Fix use after free in cc_cipher_exit() (git-fixes). - crypto: ccree - use fine grained DMA mapping dir (git-fixes). - crypto: cryptd - Protect per-CPU resource by disabling BH (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: engine - check if BH is disabled during completion (git-fixes). - crypto: gemini - call finalize with bh disabled (git-fixes). - crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos (git-fixes). - crypto: hisilicon/sec - fix the aead software fallback for engine (git-fixes). - crypto: hisilicon/sec - not need to enable sm4 extra mode at HW V3 (git-fixes). - crypto: marvell/cesa - ECB does not IV (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: octeontx2 - remove CONFIG_DM_CRYPT check (git-fixes). - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: qcom-rng - ensure buffer for generate is completely filled (git-fixes). - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (git-fixes). - crypto: rockchip - ECB does not need IV (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - only allow with rsa (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: sun8i-ce - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - handle zero sized sg (git-fixes). - crypto: sun8i-ss - really disable hash on A80 (git-fixes). - crypto: sun8i-ss - rework handling of IV (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: xts - Add softdep on ecb (git-fixes). - dax: fix cache flush on PMD-mapped pages (bsc#1200830). - devlink: Add 'enable_iwarp' generic device param (bsc#1200502). - dim: initialize all struct fields (git-fixes). - display/amd: decrease message verbosity about watermarks table failure (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - dma-debug: fix return value of __setup handlers (git-fixes). - dma-direct: avoid redundant memory sync for swiotlb (git-fixes). - dmaengine: dw-edma: Fix unaligned 64bit access (git-fixes). - dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma (git-fixes). - dmaengine: idxd: add missing callback function to support DMA_INTERRUPT (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: idxd: check GENCAP config support for gencfg register (git-fixes). - dmaengine: idxd: fix device cleanup on disable (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: idxd: restore traffic class defaults after wq reset (git-fixes). - dmaengine: idxd: set DMA_INTERRUPT cap bit (git-fixes). - dmaengine: idxd: skip clearing device context when device is read-only (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: ptdma: fix concurrency issue with multiple dma transfer (jsc#SLE-21315). - dmaengine: ptdma: Fix the error handling path in pt_core_init() (git-fixes). - dmaengine: ptdma: handle the cases based on DMA is complete (jsc#SLE-21315). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after setting mask (git-fixes). - dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe (git-fixes). - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - dma-mapping: remove bogus test for pfn_valid from dma_map_resource (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm: fix use-after-free in dm_cleanup_zoned_dev() (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm verity: set DM_TARGET_IMMUTABLE feature flag (git-fixes). - doc/ip-sysctl: add bc_forwarding (git-fixes). - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - Documentation: dd: Use ReST lists for return values of driver_deferred_probe_check_state() (git-fixes). - Documentation: Fix duplicate statement about raw_spinlock_t type (git-fixes). - Documentation: update stable tree link (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - driver base: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - driver base: fix compaction sysfs file leak (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - driver core: dd: fix return value of __setup handler (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver core: Fix wait_for_device_probe() and deferred_probe_timeout interaction (git-fixes). - driver core: Free DMA range map when device is released (git-fixes). - driver: hv: Compare cpumasks and not their weights in init_vp_index() (git-fixes). - driver: hv: log when enabling crash_kexec_post_notifiers (git-fixes). - driver: hv: Rename 'alloced' to 'allocated' (git-fixes). - driver: hv: utils: Make use of the helper macro LIST_HEAD() (git-fixes). - driver: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - driver: hv: vmbus: Fix potential crash on module unload (git-fixes). - driver: hv: vmbus: Use struct_size() helper in kmalloc() (git-fixes). - driver: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - driver: net: xgene: Fix regression in CRC stripping (git-fixes). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit (git-fixes). - drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (git-fixes). - drm/amd: Check if ASPM is enabled from PCIe subsystem (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/display: Add pstate verification and recovery for DCN31 (git-fixes). - drm/amd/display: Add signal type check when verify stream backends same (git-fixes). - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (git-fixes). - drm/amd/display: Cap OLED brightness per max frame-average luminance (git-fixes). - drm/amd/display: Cap pflip irqs per max otg number (git-fixes). - drm/amd/display: Check if modulo is 0 before dividing (git-fixes). - drm/amd/display: DCN3.1: do not mark as kernel-doc (git-fixes). - drm/amd/display: Disabling Z10 on DCN31 (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Do not reinitialize DMCUB on s0ix resume (git-fixes). - drm/amd/display: Enable power gating before init_pipes (git-fixes). - drm/amd/display: FEC check in timing validation (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: fix audio format not updated after edid updated (git-fixes). - drm/amd/display: Fix memory leak (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1190786) - drm/amd/display: Fix OLED brightness control on eDP (git-fixes). - drm/amd/display: Fix p-state allow debug index on dcn31 (git-fixes). - drm/amd/display: fix yellow carp wm clamping (git-fixes). - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15' Apple Retina panels (git-fixes). - drm/amd/display: For vblank_disable_immediate, check PSR is really used (git-fixes). - drm/amd/display: Protect update_bw_bounding_box FPU code (git-fixes). - drm/amd/display: Read Golden Settings Table from VBIOS (git-fixes). - drm/amd/display: Remove vupdate_int_entry definition (git-fixes). - drm/amd/display: Revert FEC check in validation (git-fixes). - drm/amd/display: Update VTEM Infopacket definition (git-fixes). - drm/amd/display: Update watermark values for DCN301 (git-fixes). - drm/amd/display: Use adjusted DCN301 watermarks (git-fixes). - drm/amd/display: Use PSR version selected during set_psr_caps (git-fixes). - drm/amd/display: watermark latencies is not enough on DCN31 (git-fixes). - drm/amdgpu: add beige goby PCI ID (git-fixes). - drm/amdgpu: bypass tiling flag check in virtual display case (v2) (git-fixes). - drm/amdgpu: check vm ready by amdgpu_vm->evicting flag (git-fixes). - drm/amdgpu: conduct a proper cleanup of PDB bo (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/amdgpu/display: add support for multiple backlights (git-fixes). - drm/amdgpu: do not do resets on APUs which do not support it (git-fixes). - drm/amdgpu: do not enable asic reset for raven2 (git-fixes). - drm/amdgpu: do not set s3 and s0ix at the same time (git-fixes). - drm/amdgpu: do not use BACO for reset in S3 (git-fixes). - drm/amdgpu: do not use passthrough mode in Xen dom0 (git-fixes). - drm/amdgpu: Drop inline from amdgpu_ras_eeprom_max_record_count (git-fixes). - drm/amdgpu: Enable gfxoff quirk on MacBook Pro (git-fixes). - drm/amdgpu: Ensure HDA function is suspended before ASIC reset (git-fixes). - drm/amdgpu: explicitly check for s0ix when evicting resources (git-fixes). - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1190497) - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdgpu: fix suspend/resume hang regression (git-fixes). - drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells (git-fixes). - drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu: suppress the warning about enum value 'AMD_IP_BLOCK_TYPE_NUM' (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/amdgpu: unify BO evicting method in amdgpu_ttm (git-fixes). - drm/amdgpu: update VCN codec support for Yellow Carp (git-fixes). - drm/amdgpu/vcn: Fix the register setting for vcn1 (git-fixes). - drm/amdgpu/vcn: improve vcn dpg stop procedure (git-fixes). - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (bsc#1190786) - drm/amdkfd: add pinned BOs to kfd_bo_list (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Create file descriptor after client is added to smi_clients list (git-fixes). - drm/amdkfd: Do not take process mutex for svm ioctls (git-fixes). - drm/amdkfd: Fix GWS queue count (bsc#1190786) - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/amdkfd: remove unused function (git-fixes). - drm/amdkfd: Separate pinned BOs destruction from general routine (bsc#1195287). - drm/amdkfd: Use mmget_not_zero in MMU notifier (git-fixes). - drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (git-fixes). - drm/amd/pm: correct the sequence of sending gpu reset msg (git-fixes). - drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby (git-fixes). - drm/amd/pm: enable pm sysfs write for one VF mode (git-fixes). - drm/amd/pm: fix hwmon node of power1_label create issue (git-fixes). - drm/amd/pm: Fix missing thermal throttler status (git-fixes). - drm/amd/pm: fix some OEM SKU specific stability issues (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu12 (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu13 (git-fixes). - drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate (git-fixes). - drm/ast: Create threshold values for AST2600 (bsc#1190786) - drm/atomic: Do not pollute crtc_state->mode_blob with error pointers (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm: avoid circular locks in drm_mode_getconnector (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: Add missing pm_runtime_put_sync (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/bridge: anx7625: Fix overflow issue on reading EDID (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm: bridge: fix unmet dependency on DRM_KMS_HELPER for DRM_PANEL_BRIDGE (git-fixes). - drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling (bsc#1190786) - drm: bridge: icn6211: Fix register layout (git-fixes). - drm: bridge: it66121: Fix the register page length (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/bridge: sn65dsi83: Fix an error handling path in (bsc#1190786) - drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid (git-fixes). - drm/bridge: ti-sn65dsi86: Properly undo autosuspend (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (git-fixes). - drm/connector: Fix typo in output format (bsc#1190786) - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/dp: Fix OOB read when handling Post Cursor2 register (bsc#1190786) - drm/edid: Always set RGB444 (git-fixes). - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/edid: fix CEA extension byte #3 parsing (bsc#1190786) - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with FBINFO_VIRTFB (git-fixes). - drm/fourcc: fix integer type usage in uapi header (git-fixes). - drm/i915/adlp: Fix TypeC PHY-ready status readout (git-fixes). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - drm/i915: Check EDID for HDR static metadata when choosing blc (bsc#1190497) - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915/dg2: Print PHY name properly on calibration error (git-fixes). - drm/i915: Disable DRRS on IVB/HSW port != A (git-fixes). - drm/i915/display: Fix HPD short pulse handling for eDP (git-fixes). - drm/i915/display: Move DRRS code its own file (git-fixes). - drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails (git-fixes). - drm/i915/display: split out dpt out of intel_display.c (git-fixes). - drm/i915/dmc: Add MMIO range restrictions (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for ICL+ (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix PSF GV point mask when SAGV is not possible (git-fixes). - drm/i915: Fix race in __i915_vma_remove_closed (bsc#1190497) - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (bsc#1190497) - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/i915/gem: add missing else (git-fixes). - drm/i915/guc/slpc: Correct the param count for unset param (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915: Implement w/a 22010492432 for adl-s (git-fixes). - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1190497) - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: s/JSP2/ICP2/ PCH (git-fixes). - drm/i915: Treat SAGV block time 0 as SAGV disabled (git-fixes). - drm/i915/ttm: ensure we unmap when purging (git-fixes). - drm/i915/ttm: tweak priority hint selection (git-fixes). - drm/i915: Widen the QGV point mask (git-fixes). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/imx: imx-ldb: Check for null pointer after calling kmemdup (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/kmb: Fix for build errors with Warray-bounds (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm/mediatek: Add vblank register/unregister callback functions (bsc#1190768) - drm/mediatek: dpi: Use mt8183 output formats for mt8192 (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/mediatek: mtk_dsi: Reset the dsi0 hardware (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: Make use of the helper function devm_platform_ioremap_resourcexxx() (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/meson: split out encoder from meson_dw_hdmi (git-fixes). - drm/msm/a6xx: Fix missing ARRAY_SIZE() check (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm: add missing include to msm_drv.c (git-fixes). - drm/msm: Add missing put_task_struct() in debugfs path (git-fixes). - drm/msm/disp: check the return value of kzalloc() (git-fixes). - drm/msm/disp/dpu1: set mdp clk to the maximum frequency in opp table (bsc#1190768) - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dp: add fail safe mode outside of event_mutex context (git-fixes). - drm/msm/dp: always add fail-safe mode into connector mode list (git-fixes). - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (git-fixes). - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (git-fixes). - drm/msm/dp: do not initialize phy until plugin interrupt received (bsc#1190497) - drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test (git-fixes). - drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (git-fixes). - drm/msm/dp: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() (git-fixes). - drm/msm/dp: force link training for display resolution change (git-fixes). - drm/msm/dp: Modify prototype of encoder based API (git-fixes). - drm/msm/dp: populate connector of struct dp_panel (git-fixes). - drm/msm/dp: remove fail safe mode related code (git-fixes). - drm/msm/dp: reset DP controller before transmit phy test pattern (git-fixes). - drm/msm/dp: stop event kernel thread when DP unbind (bsc#1190768) - drm/msm/dp: stop link training after link training 2 failed (git-fixes). - drm/msm/dp: tear down main link at unplug handle immediately (bsc#1190768) - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dpu: fix dp audio condition (git-fixes). - drm/msm/dpu: fix error check return value of irq_of_parse_and_map() (bsc#1190768) - drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/dsi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/msm/dsi: Use 'ref' fw clock instead of global name for VCO parent (git-fixes). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm/msm: Fix range size vs end confusion (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/msm: properly add and remove internal bridges (bsc#1190768) - drm/msm: remove unused plane_property field from msm_drm_private (bsc#1190768) - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm: Switch ordering of runpm put vs devfreq_idle (git-fixes). - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/nouveau/backlight: Just set all backlight types as RAW (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/pmu: Add missing callbacks for Tegra devices (git-fixes). - drm/nouveau/pmu/gm200-: use alternate falcon reset sequence (git-fixes). - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/panfrost: Check for error num after setting mask (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/selftests/test-drm_dp_mst_helper: Fix memory leak in sideband_msg_req_encode_decode (git-fixes). - drm/simpledrm: Add 'panel orientation' property on non-upright mounted LCD panels (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - drm/sun4i: Remove obsolete references to PHYS_OFFSET (bsc#1190786) - drm/syncobj: flatten dma_fence_chains on transfer (git-fixes). - drm/tegra: Add back arm_iommu_detach_device() (git-fixes). - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm: use the lookup lock in drm_is_current_master (git-fixes). - drm/v3d/v3d_drv: Check for error num after setting mask (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: Fix deadlock on DSI device attach error (git-fixes). - drm/vc4: hdmi: Add debugfs prefix (bsc#1199163). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm/vc4: hdmi: Fix build error for implicit function declaration (git-fixes). - drm/vc4: hdmi: Fix HPD GPIO detection (git-fixes). - drm/vc4: hdmi: Make sure the device is powered with CEC (git-fixes). - drm/vc4: hdmi: Split the CEC disable / enable functions in two (git-fixes). - drm/vc4: hvs: Fix frame count register readout (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (git-fixes). - drm/vmwgfx: Fix fencing on SVGAv3 (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1190786) - drm/vmwgfx: validate the screen formats (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - dt-bindings: arm: bcm: fix BCM53012 and BCM53016 SoC strings (git-fixes). - dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config (git-fixes). - dt-bindings: display: sitronix, st7735r: Fix backlight in example (git-fixes). - dt-bindings: gpio: altera: correct interrupt-cells (git-fixes). - dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167 (git-fixes). - dt-bindings: mtd: nand-controller: Fix a comment in the examples (git-fixes). - dt-bindings: mtd: nand-controller: Fix the reg property description (git-fixes). - dt-bindings: net: xgmac_mdio: Remove unsupported 'bus-frequency' (git-fixes). - dt-bindings: PCI: xilinx-cpm: Fix reg property order (git-fixes). - dt-bindings: phy: uniphier-usb3hs: Fix incorrect clock-names and reset-names (git-fixes). - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (git-fixes). - dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example (git-fixes). - dt-bindings: spi: mxic: The interrupt property is not mandatory (git-fixes). - dt-bindings: usb: ehci: Increase the number of PHYs (git-fixes). - dt-bindings: usb: hcd: correct usb-device path (git-fixes). - dt-bindings: usb: ohci: Increase the number of PHYs (git-fixes). - dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7 (git-fixes). - e1000e: Correct NVM checksum verification flow (bsc#1191663). - e1000e: Fix possible HW unit hang after an s0ix exit (jsc#SLE-18382). - e1000e: Fix possible overflow in LTR decoding (git-fixes). - e1000e: Handshake with CSME starts from ADL platforms (git-fixes). - e1000e: Separate ADP board type from TGP (git-fixes). - EDAC/altera: Fix deferred probing (bsc#1190497). - EDAC/amd64: Add new register offset support and related changes (jsc#SLE-19026). - EDAC/amd64: Set memory type per DIMM (jsc#SLE-19026). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1190497). - EDAC/synopsys: Read the error count from the correct register (bsc#1190497). - EDAC/xgene: Fix deferred probing (bsc#1190497). - eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - efi: fix return value of __setup handlers (git-fixes). - efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes). - enable DRM_BOCHS as module (bsc#1200572) - epic100: fix use after free on rmmod (git-fixes). - ethernet/sfc: remove redundant rc variable (bsc#1196306). - exec: Force single empty string when argv is empty (bsc#1200571). - ext2: correct max file size computing (bsc#1197820). - ext4: avoid trim error on fs with small groups (bsc#1191271). - ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal (bsc#1197917). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix ext4_fc_stats trace point (git-fixes). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - ext4: reject the 'commit' option on ext2 filesystems (bsc#1200808). - extcon: Modify extcon device to be created after driver data is set (git-fixes). - extcon: ptn5150: Add queue work sync before driver release (git-fixes). - faddr2line: Fix overlapping text section failures, the sequel (git-fixes). - fbcon: Avoid 'cap' set but not used warning (bsc#1190786) - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe (git-fixes). - firmware: arm_ffa: Remove incorrect assignment of driver_data (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - firmware: stratix10-svc: add missing callback parameter on RSU (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - firmware: sysfb: fix platform-device leak in error path (git-fixes). - firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined (git-fixes). - firmware: use kernel credentials when reading firmware (git-fixes). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1193629). - fs: fd tables have to be multiples of BITS_PER_LONG (bsc#1200827). - fs: fix fd table size alignment properly (bsc#1200882). - fs: handle circular mappings correctly (bsc#1197918). - fsl_lpuart: Do not enable interrupts too early (git-fixes). - fsnotify: Do not insert unmergeable events in hashtable (bsc#1197922). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195944 bsc#1195478). - fsnotify: fix wrong lockdep annotations (bsc#1200815). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - fuse: fix fileattr op failure (bsc#1197292). - gen_init_cpio: fix short read file handling (bsc#1193289). - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq: Synchronize interrupt thread startup (git-fixes) - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: aggregator: Fix calling into sleeping GPIO controllers (git-fixes). - gpio: dwapb: Do not print error on -EPROBE_DEFER (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpiolib: Never return internal error codes to user space (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - gpio: mvebu: drop pwm base assignment (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpio: Return EPROBE_DEFER if gc->to_irq is NULL (git-fixes). - gpio: Revert regression in sysfs-gpio (gpiolib.c) (git-fixes). - gpio: sifive: use the correct register to read output values (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpio: visconti: Fix fwnode of GPIO IRQ (git-fixes). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gpu: host1x: Fix a memory leak in 'host1x_remove()' (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: fix the wrong AdminQ buffer queue index check (git-fixes). - habanalabs: Add check for pci_enable_device (git-fixes). - habanalabs: fix possible memory leak in MMU DR fini (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - HID: Add support for open wheel and no attachment to T300 (git-fixes). - HID:Add support for UGTABLET WP5540 (git-fixes). - HID: amd_sfh: Add illuminance mask to limit ALS max value (git-fixes). - HID: amd_sfh: Correct the structure field name (git-fixes). - HID: amd_sfh: Modify the bus name (git-fixes). - HID: amd_sfh: Modify the hid name (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - hide appended member supports_dynamic_smps_6ghz (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - HID: intel-ish-hid: Use dma_alloc_coherent for firmware update (git-fixes). - HID: logitech-dj: add new lightspeed receiver id (git-fixes). - HID: multitouch: add quirks to enable Lenovo X12 trackpoint (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - HID: vivaldi: fix sysfs attributes leak (git-fixes). - hinic: fix bug of wq out of bound access (git-fixes). - hv_balloon: rate-limit 'Unhandled message' warning (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_utils: Add comment about max VMbus packet size in VSS driver (git-fixes). - hwmon: (dell-smm) Speed up setting of fan speed (git-fixes). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: Handle failure to register sensor with thermal zone correctly (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (pmbus) Check PEC support before reading other registers (git-fixes). - hwmon: (pmbus) Clear pmbus fault/warning bits after read (git-fixes). - hwmon: (pmbus) disable PEC if not enabled (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - hwrng: cavium - Check health status while reading random data (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - hwrng: nomadik - Change clk_disable to clk_disable_unprepare (git-fixes). - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()' (git-fixes). - i2c: bcm2835: Use platform_get_irq() to get the interrupt (git-fixes). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - i2c: ismt: prevent memory corruption in ismt_access() (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - i2c: meson: Fix wrong speed use from probe (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i2c: mux: demux-pinctrl: do not deactivate a master that is not active (git-fixes). - i2c: npcm7xx: Add check for platform_driver_register (git-fixes). - i2c: npcm: Correct register access width (git-fixes). - i2c: npcm: Fix timeout calculation (git-fixes). - i2c: npcm: Handle spurious interrupts (git-fixes). - i2c: piix4: Add EFCH MMIO support for SMBus port select (git-fixes). - i2c: piix4: Add EFCH MMIO support to region request and release (git-fixes). - i2c: piix4: Add EFCH MMIO support to SMBus base address detect (git-fixes). - i2c: piix4: Enable EFCH MMIO for Family 17h+ (git-fixes). - i2c: piix4: Move port I/O region request/release code into functions (git-fixes). - i2c: piix4: Move SMBus controller base address detect into function (git-fixes). - i2c: piix4: Move SMBus port selection into function (git-fixes). - i2c: piix4: Replace hardcoded memory map size with a #define (git-fixes). - i2c: qcom-cci: do not delete an unregistered adapter (git-fixes). - i2c: qcom-cci: do not put a device tree node before i2c_add_adapter() (git-fixes). - i2c: rcar: fix PM ref counts in probe error paths (git-fixes). - i2c: xiic: Make bus names unique (git-fixes). - i40e: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Fix reset bw limit when DCB enabled with 1 TC (git-fixes). - i40e: Fix reset path while removing the driver (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - i40e: i40e_main: fix a missing check on list iterator (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: remove dead stores on XSK hotpath (jsc#SLE-18378). - i40e: respect metadata on XSK Rx to skb (git-fixes). - i40e: stop disabling VFs due to PF error responses (jsc#SLE-18378). - iavf: Add waiting so the port is initialized in remove (jsc#SLE-18385). - iavf: Fix deadlock in iavf_reset_task (jsc#SLE-18385). - iavf: Fix double free in iavf_reset_task (jsc#SLE-18385). - iavf: Fix handling of vlan strip virtual channel messages (jsc#SLE-18385). - iavf: Fix hang during reboot/shutdown (jsc#SLE-18385). - iavf: Fix __IAVF_RESETTING state usage (jsc#SLE-18385). - iavf: Fix init state closure on remove (jsc#SLE-18385). - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (jsc#SLE-18385). - iavf: Fix missing check for running netdev (git-fixes). - iavf: Fix race in init state (jsc#SLE-18385). - iavf: Rework mutexes for better synchronisation (jsc#SLE-18385 stable-5.14.6). - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes). - IB/cm: Release previously acquired reference counter in the cm_id_priv (git-fixes). - IB/hfi1: Allow larger MTU without AIP (git-fixes). - IB/hfi1: Fix AIP early init panic (git-fixes). - IB/hfi1: Fix alloc failure with larger txqueuelen (git-fixes). - IB/hfi1: Fix panic with larger ipoib send_queue_size (jsc#SLE-19242). - IB/hfi1: Fix tstats alloc and dealloc (git-fixes). - IB/mlx5: Expose NDR speed through MAD (bsc#1196930). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - IB/qib: Fix duplicate sysfs directory name (git-fixes). - IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (jsc#SLE-18375). - ice: check the return of ice_ptp_gettimex64 (git-fixes). - ice: clear cmd_type_offset_bsz for TX rings (jsc#SLE-18375). - ice: Clear default forwarding VSI during VSI release (git-fixes). - ice: clear stale Tx queue settings before configuring (git-fixes). - ice: do not allow to run ice_send_event_to_aux() in atomic ctx (git-fixes). - ice: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ice: Do not use GFP_KERNEL in atomic context (git-fixes). - ice: enable parsing IPSEC SPI headers for RSS (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (git-fixes). - ice: fix concurrent reset and removal of VFs (git-fixes). - ice: fix crash in switchdev mode (jsc#SLE-18375). - ice: Fix curr_link_speed advertised speed (git-fixes). - ice: Fix incorrect locking in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (jsc#SLE-18375). - ice: fix PTP stale Tx timestamps cleanup (git-fixes). - ice: fix setting l4 port flag when adding filter (jsc#SLE-18375). - ice: fix use-after-free when deinitializing mailbox snapshot (git-fixes). - ice: initialize local variable 'tlv' (git-fixes). - ice: kabi protect ice_pf (bsc#1200502). - ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: respect metadata on XSK Rx to skb (git-fixes). - ice: synchronize_rcu() when terminating rings (git-fixes). - ice: xsk: Fix indexing in ice_tx_xsk_pool() (jsc#SLE-18375). - ice: xsk: fix VSI state check in ice_xsk_wakeup() (git-fixes). - igb: refactor XDP registration (git-fixes). - igc: avoid kernel warning when changing RX ring parameters (git-fixes). - igc: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - igc: Fix BUG: scheduling while atomic (git-fixes). - igc: Fix infinite loop in release_swfw_sync (git-fixes). - igc: Fix suspending when PTM is active (jsc#SLE-18377). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: fxls8962af: add padding to regmap for SPI (git-fixes). - iio:accel:kxcjk-1013: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio:accel:mxc4005: rearrange iio trigger get and register (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP and AIN_BUFM bits (git-fixes). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stm32: Fix ADCs iteration in irq handler (git-fixes). - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (git-fixes). - iio: adc: stm32: fix maximum clock rate for stm32mp15x (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (git-fixes). - iio: adc: tsc2046: fix memory corruption by preventing array overflow (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio: afe: rescale: Fix boolean logic bug (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio:humidity:hts221: rearrange iio trigger get and register (git-fixes). - iio:imu:adis16480: fix buffering for devices with no burst mode (git-fixes). - iio:imu:bmi160: disable regulator in error path (git-fixes). - iio: imu: inv_icm42600: Fix I2C init possible nack (git-fixes). - iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - iio: magnetometer: yas530: Fix memchr_inv() misuse (git-fixes). - iio: mma8452: Fix probe failing when an i2c_device_id is used (git-fixes). - iio: mma8452: fix probe fail when device tree compatible is used (git-fixes). - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (git-fixes). - iio: st_sensors: Add a local lock for protecting odr (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: fix reference leak in asymmetric_verify() (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - init: call time_init() before rand_initialize() (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - init/main.c: return 1 from handled __setup() functions (git-fixes). - initramfs: Check timestamp to prevent broken cpio archive (bsc#1193289). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c: Add deny list for Lenovo Yoga Slim 7 (bsc#1193064). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - Input: gpio-keys - cancel delayed work only in case of GPIO (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - Input: samsung-keypad - properly state IOMEM dependency (git-fixes). - Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - Input: synaptics - enable InterTouch on ThinkPad T14/P14s Gen 1 AMD (git-fixes). - Input: synaptics: retry query upon error (bsc#1194086). - Input: wm97xx: Simplify resource management (git-fixes). - Input: zinitix - do not report shadow fingers (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - iocost: do not reset the inuse weight of under-weighted debtors (git-fixes). - iocost: Fix divide-by-zero on donation from low hweight cgroup (bsc#1198014). - iomap: iomap_write_failed fix (bsc#1200829). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (bsc#1198826). - iommu/arm-smmu-qcom: Fix TTBR0 read (git-fixes). - iommu: Extend mutex lock scope in iommu_probe_device() (git-fixes). - iommu/ioasid: Introduce a helper to check for valid PASIDs (jsc#SLE-24350). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit (jsc#SLE-24350). - iommu/sva: Rename CONFIG_IOMMU_SVA_LIB to CONFIG_IOMMU_SVA (jsc#SLE-24350). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - ionic: add FW_STOPPING state (git-fixes). - ionic: Allow flexibility for error reporting on dev commands (git-fixes). - ionic: better handling of RESET event (git-fixes). - ionic: catch transition back to RUNNING with fw_generation 0 (git-fixes). - ionic: Cleanups in the Tx hotpath code (git-fixes). - ionic: Correctly print AQ errors if completions are not received (git-fixes). - ionic: disable napi when ionic_lif_init() fails (git-fixes). - ionic: Do not send reset commands if FW isn't running (git-fixes). - ionic: fix missing pci_release_regions() on error in ionic_probe() (git-fixes). - ionic: fix type complaint in ionic_dev_cmd_clean() (git-fixes). - ionic: fix up printing of timeout error (git-fixes). - ionic: Prevent filter add/del err msgs when the device is not available (git-fixes). - ionic: Query FW when getting VF info via ndo_get_vf_config (git-fixes). - ionic: remove the dbid_inuse bitmap (git-fixes). - ionic: replace set_vf data with union (git-fixes). - ionic: start watchdog after all is setup (git-fixes). - ionic: stretch heartbeat detection (git-fixes). - io_uring: add more locking annotations for submit (bsc#1199011). - io_uring: avoid touching inode in rw prep (bsc#1199011). - io_uring: be smarter about waking multiple CQ ring waiters (bsc#1199011). - io_uring: cache __io_free_req()'d requests (bsc#1199011). - io_uring: clean io-wq callbacks (bsc#1199011). - io_uring: clean up tctx_task_work() (bsc#1199011). - io_uring: deduplicate open iopoll check (bsc#1199011). - io_uring: do not halt iopoll too early (bsc#1199011). - io_uring: drop exec checks from io_req_task_submit (bsc#1199011). - io_uring: extract a helper for ctx quiesce (bsc#1199011). - io_uring: Fix undefined-behaviour in io_issue_sqe (bsc#1199011). - io_uring: improve ctx hang handling (bsc#1199011). - io_uring: inline fixed part of io_file_get() (bsc#1199011). - io_uring: inline io_free_req_deferred (bsc#1199011). - io_uring: inline io_poll_remove_waitqs (bsc#1199011). - io_uring: inline struct io_comp_state (bsc#1199011). - io_uring: kill unused IO_IOPOLL_BATCH (bsc#1199011). - io_uring: move io_fallback_req_func() (bsc#1199011). - io_uring: move io_put_task() definition (bsc#1199011). - io_uring: move io_rsrc_node_alloc() definition (bsc#1199011). - io_uring: optimise io_cqring_wait() hot path (bsc#1199011). - io_uring: optimise putting task struct (bsc#1199011). - io_uring: refactor io_alloc_req (bsc#1199011). - io_uring: remove extra argument for overflow flush (bsc#1199011). - io_uring: remove file batch-get optimisation (bsc#1199011). - io_uring: remove IRQ aspect of io_ring_ctx completion lock (bsc#1199011). - io_uring: remove redundant args from cache_free (bsc#1199011). - io_uring: remove unnecessary PF_EXITING check (bsc#1199011). - io_uring: rename io_file_supports_async() (bsc#1199011). - io_uring: run linked timeouts from task_work (bsc#1199011). - io_uring: run regular file completions from task_work (bsc#1199011). - io_uring: run timeouts from task_work (bsc#1199011). - io_uring: use inflight_entry instead of compl.list (bsc#1199011). - io_uring: use kvmalloc for fixed files (bsc#1199011). - io-wq: get rid of FIXED worker flag (bsc#1199011). - io-wq: make worker creation resilient against signals (bsc#1199011). - io-wq: move nr_running and worker_refs out of wqe->lock protection (bsc#1199011). - io-wq: only exit on fatal signals (bsc#1199011). - io-wq: provide a way to limit max number of workers (bsc#1199011). - io-wq: split bounded and unbounded work into separate lists (bsc#1199011). - io-wq: wqe and worker locks no longer need to be IRQ safe (bsc#1199011). - ipc/sem: do not sleep with a spin lock held (bsc#1198412). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix pr_fmt to avoid compilation issues (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi:ssif: Check for NULL msg when handling events and messages (git-fixes). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - irqchip/gic, gic-v3: Prevent GSI to SGI translations (git-fixes). - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (git-fixes). - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (git-fixes). - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v3: Fix GICR_CTLR.RWP polling (git-fixes). - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/nvic: Release nvic_base upon failure (git-fixes). - irqchip/qcom-pdc: Fix broken locking (git-fixes). - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (git-fixes). - irqchip/realtek-rtl: Service all pending interrupts (git-fixes). - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (git-fixes). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: align locking in D3 test debugfs (git-fixes). - iwlwifi: mvm: check debugfs_dir ptr before use (git-fixes). - iwlwifi: mvm: Correctly set fragmented EBS (git-fixes). - iwlwifi: mvm: Do not call iwl_mvm_sta_from_mac80211() with NULL sta (git-fixes). - iwlwifi: mvm: do not crash on invalid rate w/o STA (git-fixes). - iwlwifi: mvm: do not iterate unadded vifs when handling FW SMPS req (git-fixes). - iwlwifi: mvm: do not send SAR GEO command for 3160 devices (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - iwlwifi: mvm: move only to an enabled channel (git-fixes). - iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes). - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes). - iwlwifi: yoyo: remove DBGI_SRAM address reset writing (git-fixes). - ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ixgbe: ensure IPsec VF - PF compatibility (git-fixes). - ixgbe: respect metadata on XSK Rx to skb (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI: Fix kABI after 'x86/mm/cpa: Generalize __set_memory_enc_pgtable()' (jsc#SLE-19924). - kABI fix of sysctl_run_estimation (git-fixes). - kABI: fix rndis_parameters locking (git-fixes). - kABI: ivtv: restore caps member (git-fixes). - kabi/severities: allow dropping a few invalid exported symbols (bsc#1201218) - kabi/severities: Ignore arch/x86/kvm except for kvm_x86_ops Handle this like in previous SLE kernels. - kABI workaround for fxls8962af iio accel drivers (git-fixes). - kABI workaround for pci quirks (git-fixes). - kconfig: fix failing to generate auto.conf (git-fixes). - kconfig: let 'shell' return enough output for deep path names (git-fixes). - kernel/fork: Initialize mm's PASID (jsc#SLE-24350). - kernel/resource: Introduce request_mem_region_muxed() (git-fixes). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (git-fixes). - KEYS: asymmetric: enforce that sig algo matches key algo (git-fixes). - KEYS: asymmetric: properly validate hash_algo and encoding (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - KEYS: trusted: Avoid calling null function trusted_key_exit (git-fixes). - KEYS: trusted: Fix trusted key backends when building as module (git-fixes). - KEYS: trusted: tpm2: Fix migratable logic (git-fixes). - kprobes: Add kretprobe_find_ret_addr() for searching return address (bsc#1193277). - kprobes: Enable stacktrace from pt_regs in kretprobe handler (bsc#1193277). - kprobes: treewide: Cleanup the error messages for kprobes (bsc#1193277). - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly (bsc#1193277). - kprobes: treewide: Remove trampoline_address from kretprobe_trampoline_handler() (bsc#1193277). - kprobes: treewide: Replace arch_deref_entry_point() with dereference_symbol_descriptor() (bsc#1193277). - kprobes: treewide: Use 'kprobe_opcode_t *' for the code address in get_optimized_kprobe() (bsc#1193277). - kselftest/arm64: bti: force static linking (git-fixes). - kunit: tool: Import missing importlib.abc (git-fixes). - KVM: arm64: Avoid consuming a stale esr value when SError occur (git-fixes). - KVM: arm64: Drop unused workaround_flags vcpu field (git-fixes). - KVM: arm64: pkvm: Use the mm_ops indirection for cache maintenance (git-fixes). - KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE (git-fixes). - KVM: Clean up benign vcpu->cpu data races when kicking vCPUs (git-fixes). - KVM: Ensure local memslot copies operate on up-to-date arch-specific data (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (git-fixes). - KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit (git-fixes). - KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault (git-fixes). - KVM: nVMX: Do not clear CR3 load/store exiting bits if L1 wants 'em (git-fixes). - KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with new vpid12 (git-fixes). - KVM: nVMX: Ensure vCPU honors event request if posting nested IRQ fails (git-fixes). - KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST (git-fixes). - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: selftests: Do not skip L2's VMCALL in SMM test for SVM guest (bsc#1194523). - KVM: selftests: Re-enable access_tracking_perf_test (bsc#1194526). - KVM: SEV: accept signals in sev_lock_two_vms (bsc#1194526). - KVM: SEV: do not take kvm->lock when destroying (bsc#1194526). - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (bsc#1194526). - KVM: SEV: Mark nested locking of kvm->lock (bsc#1194526). - KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails (bsc#1194526). - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (bsc#1193823). - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (bsc#1194526). - KVM: SVM: drop unnecessary code in svm_hv_vmcb_dirty_nested_enlightenments() (git-fixes). - KVM: SVM: Emulate #INIT in response to triple fault shutdown (git-fixes). - KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode() (git-fixes). - KVM: SVM: hyper-v: Enable Enlightened MSR-Bitmap support for real (git-fixes). - KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (git-fixes). - KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (git-fixes). - KVM: VMX: Do not unblock vCPU w/ Posted IRQ if IRQs are disabled in guest (git-fixes). - KVM: VMX: Fold ept_update_paging_mode_cr0() back into vmx_set_cr0() (git-fixes). - KVM: VMX: Invert handling of CR0.WP for EPT without unrestricted guest (git-fixes). - KVM: VMX: Read Posted Interrupt 'control' exactly once per loop iteration (git-fixes). - KVM: VMX: Refresh list of user return MSRs after setting guest CPUID (git-fixes). - KVM: VMX: Remove defunct 'nr_active_uret_msrs' field (git-fixes). - KVM: VMX: Set failure code in prepare_vmcs02() (git-fixes). - KVM: VMX: Skip pointless MSR bitmap update when setting EFER (git-fixes). - KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (git-fixes). - KVM: x86: Assume a 64-bit hypercall for guests with protected state (git-fixes). - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Do not mark all registers as avail/dirty during RESET/INIT (git-fixes). - KVM: x86: do not print when fail to read/write pv eoi memory (git-fixes). - KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (git-fixes). - KVM: x86: Drop WARNs that assert a triple fault never 'escapes' from L2 (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: X86: Ensure that dirty PDPTRs are loaded (git-fixes). - KVM: x86: Exit to userspace if emulation prepared a completion callback (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (git-fixes). - KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap() (git-fixes). - KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg (git-fixes). - KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB flush hypercalls (git-fixes). - KVM: x86: Ignore sparse banks size for an 'all CPUs', non-sparse IPI req (git-fixes). - KVM: x86: Mark all registers as avail/dirty at vCPU creation (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU (git-fixes). - KVM: x86/mmu: Complete prefetch for trailing SPTEs for direct, legacy MMU (git-fixes). - KVM: x86/mmu: Fix TLB flush range when handling disconnected pt (git-fixes). - KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU (git-fixes). - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (git-fixes). - KVM: x86/mmu: Pass parameter flush as false in kvm_tdp_mmu_zap_collapsible_sptes() (git-fixes). - KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap collapsible path (git-fixes). - KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range() (git-fixes). - KVM: x86/mmu: Update number of zapped pages even if page list is stable (git-fixes). - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (git-fixes). - KVM: x86: nSVM: restore the L1 host state prior to resuming nested guest on SMM exit (git-fixes). - KVM: x86: nSVM: skip eax alignment check for non-SVM instructions (git-fixes). - KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround (git-fixes). - KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race (git-fixes). - KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register (git-fixes). - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (git-fixes). - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (git-fixes). - KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs (git-fixes). - KVM: x86: SVM: do not set VMLOAD/VMSAVE intercepts on vCPU reset (git-fixes). - KVM: x86: SVM: fix avic spec based definitions again (bsc#1193823 jsc#SLE-24549). - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (bsc#1193823 jsc#SLE-24549). - KVM: X86: Synchronize the shadow pagetable before link it (git-fixes). - KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS (git-fixes). - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (git-fixes). - lib: bitmap: fix many kernel-doc warnings (git-fixes). - libbpf: Free up resources used by inner map definition (git-fixes). - lib/iov_iter: initialize 'flags' in new pipe_buffer (git-fixes). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - list: fix a data-race around ep->rdllist (git-fixes). - list: introduce list_is_head() helper and re-use it in list.h (git-fixes). - list: test: Add a test for list_is_head() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - locking: Make owner_on_cpu() into linux/sched.h (bsc#1190137 bsc#1189998). - locking: Remove rt_rwlock_is_contended() (bsc#1190137 bsc#1189998). - locking/rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable() (bsc#1190137 bsc#1189998). - locking/rtmutex: Squash self-deadlock check for ww_rt_mutex (bsc#1190137 bsc#1189998). - locking/rwlocks: introduce write_lock_nested (bsc#1189998). - LSM: general protection fault in legacy_parse_param (git-fixes). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - mac80211: fix EAPoL rekey fail in 802.3 rx path (git-fixes). - mac80211: fix forwarded mesh frames AC and queue selection (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) (git-fixes). - mac80211: mlme: check for null after calling kmemdup (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - mac80211: Remove a couple of obsolete TODO (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - mac80211: treat some SAE auth steps as final (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - macros.kernel-source: Fix conditional expansion. Fixes: bb95fef3cf19 ('rpm: Use bash for %() expansion (jsc#SLE-18234).') - macvlan: Fix leaking skb in source mode with nodst option (git-fixes). - mailbox: change mailbox-mpfs compatible string (git-fixes). - mailbox: imx: fix crash in resume on i.mx8ulp (git-fixes). - mailbox: imx: fix wakeup failure from freeze mode (git-fixes). - mailbox: tegra-hsp: Flush whole channel (git-fixes). - maple: fix wrong return value of maple_bus_init() (git-fixes). - md: Do not set mddev private to NULL in raid0 pers->free (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - md: fix double free of io_acct_set bioset (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - md: Move alloc/free acct bioset in to personality (git-fixes). - md/raid5: play nice with PREEMPT_RT (bsc#1189998). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: atmel: atmel-isc-base: report frame sizes as full supported range (git-fixes). - media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe (git-fixes). - media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check (git-fixes). - media: atmel: atmel-sama7g5-isc: fix ispck leftover (git-fixes). - media: atomisp: fix bad usage at error handling logic (git-fixes). - media: atomisp: fix dummy_ptr check to avoid duplicate active_bo (git-fixes). - media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: camss: csid-170: do not enable unused irqs (git-fixes). - media: camss: csid-170: fix non-10bit formats (git-fixes). - media: camss: csid-170: remove stray comment (git-fixes). - media: camss: csid-170: set the right HALT_CMD when disabled (git-fixes). - media: camss: vfe-170: fix 'VFE halt timeout' error (git-fixes). - media: ccs-core.c: fix failure to call clk_disable_unprepare (git-fixes). - media: cec-adap.c: fix is_configuring state (git-fixes). - media: cedrus: h264: Fix neighbour info buffer size (git-fixes). - media: cedrus: H265: Fix neighbour info buffer size (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: doc: pixfmt-rgb: Fix V4L2_PIX_FMT_BGR24 format description (git-fixes). - media: doc: pixfmt-yuv: Fix V4L2-PIX-FMT-Y10P format (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC (git-fixes). - media: hantro: Empty encoder capture buffers by default (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: hantro: HEVC: Fix tile info buffer value computation (git-fixes). - media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - media: i2c: max9286: fix kernel oops when removing module (git-fixes). - media: i2c: max9286: Use dev_err_probe() helper (git-fixes). - media: i2c: max9286: Use 'maxim,gpio-poc' property (git-fixes). - media: i2c: ov5648: Fix lockdep error (git-fixes). - media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - media: i2c: rdacm2x: properly set subdev entity function (git-fixes). - media: imon: reorganize serialization (git-fixes). - media: imx-jpeg: fix a bug of accessing array out of bounds (git-fixes). - media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers (git-fixes). - media: iommu/mediatek: Add device_link between the consumer and the larb devices (git-fixes). - media: iommu/mediatek: Return ENODEV if the device is NULL (git-fixes). - media: iommu/mediatek-v1: Free the existed fwspec if the master dev already has (git-fixes). - media: ir_toy: free before error exiting (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: mexon-ge2d: fixup frames size in registers (git-fixes). - media: mtk-vcodec: potential dereference of null pointer (git-fixes). - media: omap3isp: Use struct_group() for memcpy() region (git-fixes). - media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated (git-fixes). - media: ov5648: Do not pack controls struct (git-fixes). - media: ov6650: Add try support to selection API operations (git-fixes). - media: ov6650: Fix crop rectangle affected by set format (git-fixes). - media: ov6650: Fix set format try processing path (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes). - media: rga: fix possible memory leak in rga_probe (git-fixes). - media: rkvdec: h264: Fix bit depth wrap in pps packet (git-fixes). - media: rkvdec: h264: Fix dpb_valid implementation (git-fixes). - media: rkvdec: Stop overclocking the decoder (git-fixes). - media: rockchip/rga: do proper error checking in probe (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: staging: media: imx: imx7-mipi-csis: Make subdev name unique (git-fixes). - media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (git-fixes). - media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size (git-fixes). - media: staging: media: zoran: fix various V4L2 compliance errors (git-fixes). - media: staging: media: zoran: move videodev alloc (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: v4l2-core: Initialize h264 scaling matrix (git-fixes). - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (git-fixes). - media: v4l: Avoid unaligned access warnings when printing 4cc modifiers (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - media: venus: hfi_cmds: List HDR10 property as unsupported for v1 and v3 (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - media: vidtv: Check for null return of vzalloc (git-fixes). - mei: avoid iterator usage outside of list_for_each_entry (git-fixes). - mei: hbm: drop capability response on early shutdown (git-fixes). - mei: me: add Alder Lake N device id (git-fixes). - mei: me: add raptor lake point S DID (git-fixes). - mei: me: disable driver on the ign firmware (git-fixes). - memblock: fix memblock_phys_alloc() section mismatch error (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - memory: fsl_ifc: populate child nodes of buses and mfd devices (git-fixes). - memory: mtk-smi: Add error handle for smi_probe (git-fixes). - memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode (git-fixes). - memory: renesas-rpc-if: fix platform-device leak in error path (git-fixes). - memory: samsung: exynos5422-dmc: Avoid some over memory allocation (git-fixes). - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (git-fixes). - mfd: exynos-lpass: Drop unneeded syscon.h include (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mgag200 fix memmapsl configuration in GCTL6 register (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: atmel-ssc: Fix IRQ check in ssc_probe (git-fixes). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - misc: fastrpc: fix an incorrect NULL check on list iterator (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mISDN: Fix memory leak in dsp_pipeline_build() (git-fixes). - mlx5: kabi protect lag_mp (git-fixes). - mlxsw: spectrum: Protect driver from buggy firmware (git-fixes). - mm: Add fault_in_subpage_writeable() to probe at sub-page granularity (git-fixes) - mmc: block: Check for errors after write on SPI (git-fixes). - mmc: block: fix read single on recovery logic (git-fixes). - mmc: core: Allows to override the timeout value for ioctl() path (git-fixes). - mmc: core: Fixup support for writeback-cache for eMMC and SD (git-fixes). - mmc: core: Set HS clock speed before sending HS CMD13 (git-fixes). - mmc: core: Wait for command setting 'Power Off Notification' bit to complete (git-fixes). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - mm: Change CONFIG option for mm->pasid field (jsc#SLE-24350). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - mm/cma: provide option to opt out from exposing pages on activation failure (bsc#1195099 ltc#196102). - mmc: mediatek: wait dma stop bit reset to 0 (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mmc: rtsx: add 74 Clocks in power on flow (git-fixes). - mmc: rtsx: Fix build errors/warnings for unused variable (git-fixes). - mmc: rtsx: Let MMC core handle runtime PM (git-fixes). - mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM (git-fixes). - mmc: sdhci_am654: Fix the driver data of AM64 SoC (git-fixes). - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (git-fixes). - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (git-fixes). - mm: fs: fix lru_cache_disabled race in bh_lru (bsc#1197761). - mm: Fully initialize invalidate_lock, amend lock class later (bsc#1197921). - mm: memcg: synchronize objcg lists with a dedicated spinlock (bsc#1198402). - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (git fixes (mm/pgalloc)). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/scatterlist: replace the !preemptible warning in sg_miter_stop() (bsc#1189998). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm, thp: fix incorrect unmap behavior for private pages (bsc#1198024). - mm, thp: lock filemap when truncating page cache (bsc#1198023). - mm/vmalloc: fix comments about vmap_area struct (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix section mismatch check for exported init/exit sections (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - modpost: restore the warning message for missing symbol versions (git-fixes). - Move upstreamed ALSA fix into sorted section - Move upstreamed x86 patches into sorted section - mptcp: add missing documented NL params (git-fixes). - mt76: connac: fix sta_rec_wtbl tag len (git-fixes). - mt76: dma: initialize skip_unmap in mt76_dma_rx_fill (git-fixes). - mt76: do not attempt to reorder received 802.3 packets without agg session (git-fixes). - mt76: fix encap offload ethernet type check (git-fixes). - mt76: fix monitor mode crash with sdio driver (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update (git-fixes). - mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update (git-fixes). - mt76: mt7615: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7615: Fix assigning negative values to unsigned variable (git-fixes). - mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode (git-fixes). - mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (git-fixes). - mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). - mt76: mt7921: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7921: fix crash when startup fails (git-fixes). - mt76: mt7921: fix mt7921_queues_acq implementation (git-fixes). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (git-fixes). - mtd: mchp23k256: Add SPI ID table (git-fixes). - mtd: mchp48l640: Add SPI ID table (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: parsers: qcom: Fix kernel panic on skipped partition (git-fixes). - mtd: parsers: qcom: Fix missing free for pparts in cleanup (git-fixes). - mtd: phram: Prevent divide by zero bug in phram_setup() (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() (git-fixes). - mtd: rawnand: denali: Use managed device resources (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get (git-fixes). - mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() (git-fixes). - mtd: rawnand: pl353: Set the nand chip node as the flash node (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - mtd: rawnand: qcom: fix memory corruption that causes panic (git-fixes). - mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - n64cart: convert bi_disk to bi_bdev->bd_disk fix build (git-fixes). - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: atlantic: Avoid out-of-bounds indexing (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: axienet: setup mdio unconditionally (git-fixes). - net: bnxt_ptp: fix compilation error (bsc#1199736). - net: dev: Always serialize on Qdisc::busylock in __dev_xmit_skb() on PREEMPT_RT (bsc#1189998). - net: dev: Change the order of the arguments for the contended condition (bsc#1189998). - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (git-fixes). - net: ethernet: lantiq_etop: fix build errors/warnings (git-fixes). - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (git-fixes). - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (git-fixes). - net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks (git-fixes). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (git-fixes). - net: hns3: add NULL pointer check for hns3_set/get_ringparam() (git-fixes). - net: hns3: add return value for mailbox handling in PF (bsc#1190336). - net: hns3: add validity check for message data length (git-fixes). - net: hns3: add vlan list lock to protect vlan list (git-fixes). - net: hns3: align the debugfs output to the left (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (git-fixes). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (git-fixes). - net: hns3: fix phy can not link up when autoneg off and reset (git-fixes). - net: hns3: fix port base vlan add fail when concurrent with reset (git-fixes). - net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware (git-fixes). - net: hns3: handle empty unknown interrupt for VF (git-fixes). - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (git-fixes). - net: hns3: refine the process when PF set VF VLAN (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/ice: Add support for enable_iwarp and enable_roce devlink param (bsc#1200502). - net/ice: Fix boolean assignment (bsc#1200502). - net/ice: Remove unused enum (bsc#1200502). - net: ipa: disable HOLB drop when updating timer (git-fixes). - net: ipa: HOLB register sometimes must be written twice (git-fixes). - net/ipa: ipa_resource: Fix wrong for loop range (git-fixes). - net: ipv6: unexport __init-annotated seg6_hmac_init() (bsc#1201218). - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1201218). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: marvell: mvpp2: increase MTU limit when XDP enabled (git-fixes). - net: marvell: prestera: fix double free issue on err path (git-fixes). - net: mdio: do not defer probe forever if PHY IRQ provider is missing (git-fixes). - net: mdio: unexport __init-annotated mdio_bus_init() (bsc#1201218). - net/mlx5: Avoid double clear or set of sync reset requested (git-fixes). - net/mlx5: Bridge, ensure dev_name is null-terminated (git-fixes). - net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (git-fixes). - net/mlx5: Bridge, take rtnl lock in init error handler (git-fixes). - net/mlx5: DR, Cache STE shadow memory (git-fixes). - net/mlx5: DR, Do not allow match on IP w/o matching on full ethertype/ip_version (git-fixes). - net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (jsc#SLE-19253). - net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (git-fixes). - net/mlx5e: Add missing increment of count (jsc#SLE-19253). - net/mlx5e: Avoid field-overflowing memcpy() (git-fixes). - net/mlx5e: Avoid implicit modify hdr for decap drop rule (jsc#SLE-19253). - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (git-fixes). - net/mlx5e: Do not treat small ceil values as unlimited in HTB offload (git-fixes). - net/mlx5e: Fix broken SKB allocation in HW-GRO (jsc#SLE-19253). - net/mlx5e: Fix handling of wrong devices during bond netevent (git-fixes). - net/mlx5e: Fix module EEPROM query (git-fixes). - net/mlx5e: Fix the calling of update_buffer_lossy() API (git-fixes). - net/mlx5e: Fix trust state reset in reload (git-fixes). - net/mlx5e: Fix wrong calculation of header index in HW_GRO (jsc#SLE-19253). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Fix wrong source vport matching on tunnel rule (jsc#SLE-19253). - net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic (git-fixes). - net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (git-fixes). - net/mlx5e: Lag, Do not skip fib events on current dst (git-fixes). - net/mlx5e: Lag, Fix fib_info pointer assignment (git-fixes). - net/mlx5e: Lag, Fix use-after-free in fib event handler (git-fixes). - net/mlx5e: Lag, Only handle events from highest priority multipath entry (git-fixes). - net/mlx5e: MPLSoUDP decap, fix check for unsupported matches (git-fixes). - net/mlx5e: SHAMPO, reduce TIR indication (jsc#SLE-19253). - net/mlx5: E-Switch, Fix uninitialized variable modact (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: Use struct_group() for memcpy() region (git-fixes). - net/mlx5: Fix a race on command flush flow (git-fixes). - net/mlx5: Fix deadlock in sync reset flow (git-fixes). - net/mlx5: Fix matching on inner TTC (jsc#SLE-19253). - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (jsc#SLE-19253). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix size field in bufferx_reg struct (git-fixes). - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (git-fixes). - net/mlx5: Fix tc max supported prio for nic mode (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Use del_timer_sync in fw reset flow of halting poll (git-fixes). - net: mvmdio: fix compilation warning (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: ax88772a: fix lost pause advertisement configuration (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: correct spelling error of media in documentation (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: phy: dp83867: retrigger SGMII AN when link change (git-fixes). - net: phy: Fix race condition on link status change (git-fixes). - net: phy: marvell10g: fix return value on error (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: mediatek: remove PHY mode check on MT7531 (git-fixes). - net: phy: meson-gxl: fix interrupt handling in forced mode (git-fixes). - net: phy: meson-gxl: improve link-up behavior (git-fixes). - net: phy: micrel: Allow probing without .driver_data (git-fixes). - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (git-fixes). - net: phy: micrel: Pass .probe for KS8737 (git-fixes). - net: phy: mscc: Add MODULE_FIRMWARE macros (git-fixes). - net: phy: mscc-miim: reject clause 45 register accesses (git-fixes). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: sfc: add missing xdp queue reinitialization (git-fixes). - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (git-fixes). - net: sfc: fix memory leak due to ptp channel (git-fixes). - net: sfc: fix using uninitialized xdp tx_queue (git-fixes). - net/smc: Avoid warning of possible recursive locking (git-fixes). - net/smc: fix connection leak (git-fixes). - net/smc: fixes for converting from 'struct smc_cdc_tx_pend **' to 'struct smc_wr_tx_pend_priv *' (git-fixes). - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (git-fixes). - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (git-fixes). - net/smc: postpone sk_refcnt increment in connect() (git-fixes). - net/smc: remove redundant re-assignment of pointer link (git-fixes). - net/smc: Remove unused function declaration (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable (git-fixes). - net/smc: sync err code when tcp connection was refused (git-fixes). - net/smc: Transfer remaining wait queue entries during fallback (git-fixes). - net/smc: Transitional solution for clcsock race issue (git-fixes). - net/smc: Use a mutex for locking 'struct smc_pnettable' (git-fixes). - net/smc: use memcpy instead of snprintf to avoid out of bounds read (git-fixes). - net: stmmac: fix gcc-10 -Wrestrict warning (git-fixes). - net: stmmac: Fix signed/unsigned wreckage (git-fixes). - net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: asix: do not force pause frames support (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - Netvsc: Call hv_unmap_memory() in the netvsc_device_remove() (bsc#1183682). - net/x25: Fix null-ptr-deref caused by x25_disconnect (git-fixes). - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (bsc#1201218). - nfc: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - nfc: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - nfc: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - nfc: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - nfc: pn533: Fix buggy cleanup order (git-fixes). - nfc: port100: fix use-after-free in port100_send_complete (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nfp: flower: fix ida_idx not being released (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFSD: allow delegation state ids to be revoked and then freed (bsc#1192483). - NFSD: allow lock state ids to be revoked and then freed (bsc#1192483). - NFSD: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: destroy percpu stats counters after reply cache shutdown (git-fixes). - NFSD: do not admin-revoke NSv4.0 state ids (bsc#1192483). - NFSD: Fix a write performance regression (bsc#1197016). - NFSD: fix crash on COPY_NOTIFY with special stateid (git-fixes). - NFSD: Fix nsfd startup race (again) (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - NFSD: Fix READDIR buffer overflow (git-fixes). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - NFSD: Fix verifier returned in stable WRITEs (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - NFSD: more robust allocation failure handling in nfsd_file_cache_init (git-fixes). - NFSD: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: Do not loop forever in nfs_do_recoalesce() (git-fixes). - NFS: Do not overfill uncached readdir pages (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: do not store 'struct cred *' in struct nfs_access_entry (git-fixes). - NFSD: prepare for supporting admin-revocation of state (bsc#1192483). - NFSD: Replace use of rwsem with errseq_t (bsc#1196960). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFS: fix broken handling of the softreval mount option (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR (git-fixes). - NFS: pass cred explicitly for access tests (git-fixes). - NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked() (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFSv4.1 mark qualified async operations as MOVEABLE tasks (git-fixes). - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - NFSv4: Fix another issue with a list iterator pointing to the head (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size (git-fixes). - nl80211: fix locking in nl80211_set_tx_bitrate_mask() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - nl80211: validate S1G channel width (git-fixes). - ntb_hw_switchtec: Fix bug with more than 32 partitions (git-fixes). - ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - n_tty: wake up poll(POLLRDNORM) on receiving data (git-fixes). - nvme: add verbose error logging (bsc#1200567). Update config files. - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme: send uevent on connection up (jsc#SLE-23643). - objtool: Add frame-pointer-specific function ignore (bsc#1193277). - objtool: Fix code relocs vs weak symbols (git-fixes). - objtool: Fix type of reloc::addend (git-fixes). - objtool: Ignore unwind hints for ignored functions (bsc#1193277). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - of: base: Fix phandle argument length mismatch error message (git-fixes). - of: base: Improve argument length mismatch error (git-fixes). - of/fdt: Do not worry about non-memory region overlap for no-map (git-fixes). - of: overlay: do not break notify on NOTIFY_{OK|STOP} (git-fixes). - of: Support more than one crash kernel regions for kexec -s (git-fixes). - of: unittest: 64 bit dma address test requires arch support (git-fixes). - of: unittest: fix warning on PowerPC frame size warning (git-fixes). - of: unittest: update text of expected warnings (git-fixes). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (git-fixes). - PCI: aardvark: Add support for ERR interrupt on emulated bridge (git-fixes). - PCI: aardvark: Add support for masking MSI interrupts (git-fixes). - PCI: aardvark: Add support for PME interrupts (git-fixes). - PCI: aardvark: Assert PERST# when unbinding driver (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: aardvark: Comment actions in driver remove method (git-fixes). - PCI: aardvark: Disable bus mastering when unbinding driver (git-fixes). - PCI: aardvark: Disable common PHY when unbinding driver (git-fixes). - PCI: aardvark: Disable link training when unbinding driver (git-fixes). - PCI: aardvark: Do not mask irq when mapping (git-fixes). - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (git-fixes). - PCI: aardvark: Enable MSI-X support (git-fixes). - PCI: aardvark: Fix memory leak in driver unbind (git-fixes). - PCI: aardvark: Fix reading MSI interrupt number (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix setting MSI address (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: aardvark: Fix support for PME requester on emulated bridge (git-fixes). - PCI: aardvark: Make msi_domain_info structure a static driver structure (git-fixes). - PCI: aardvark: Make MSI irq_chip structures static driver structures (git-fixes). - PCI: aardvark: Mask all interrupts when unbinding driver (git-fixes). - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (git-fixes). - PCI: aardvark: Refactor unmasking summary MSI interrupt (git-fixes). - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (git-fixes). - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (git-fixes). - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (git-fixes). - PCI: aardvark: Update comment about link going down after link-up (git-fixes). - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (git-fixes). - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (git-fixes). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G switches (bsc#1199390). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI: Avoid broken MSI on SB600 USB devices (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: endpoint: Fix alignment fault error in copy tests (git-fixes). - PCI: endpoint: Fix misused goto label (git-fixes). - PCI: fu740: Force 2.5GT/s for initial device probe (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (git-fixes). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (git-fixes). - PCI: microchip: Fix potential race in interrupt handling (git-fixes). - PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated bridge (git-fixes). - PCI: mvebu: Fix device enumeration regression (git-fixes). - PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (git-fixes). - PCI: mvebu: Setup PCIe controller to Root Complex mode (git-fixes). - PCI: pci-bridge-emul: Add definitions for missing capabilities registers (git-fixes). - PCI: pci-bridge-emul: Add description for class_revision field (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/switchtec: Add Gen4 automotive device IDs (git-fixes). - PCI: Work around Intel I210 ROM BAR overlap defect (git-fixes). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - perf: Copy perf_event_attr::sig_data on modification (git fixes). - perf/core: Do not pass task around when ctx sched in (git-fixes). - perf/core: Fix address filter parser for multiple filters (git fixes). - perf/core: Fix cgroup event list management (git fixes). - perf/core: Fix perf_cgroup_switch() (git fixes). - perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled (git fixes). - perf: Fix list corruption in perf_cgroup_switch() (git fixes). - perf/x86/intel/pt: Fix address filter config for 32-bit kernel (git fixes). - perf/x86/intel/pt: Fix crash with stop filters in single-range mode (git fixes). - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (bsc#1197304). - perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids (git fixes). - phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe() (git-fixes). - phy: amlogic: meson8b-usb2: fix shared reset control use (git-fixes). - phy: amlogic: meson8b-usb2: Use dev_err_probe() (git-fixes). - phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller use (git-fixes). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option (git-fixes). - phy: dphy: Correct clk_pre parameter (git-fixes). - phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure}) (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: phy-brcm-usb: fixup BCM4908 support (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: Fix missing sentinel for clk_div_table (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - phy: usb: Leave some clocks running during suspend (git-fixes). - phy: xilinx: zynqmp: Fix bus width setting for SGMII (git-fixes). - pinctrl: bcm2835: Fix a few error paths (git-fixes). - pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP (git-fixes). - pinctrl: fix loop in k210_pinconf_get_drive() (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - pinctrl: k210: Fix bias-pull-up (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: moore: Fix build error (git-fixes). - pinctrl: mediatek: mt8195: enable driver on mtk platforms (git-fixes). - pinctrl: mediatek: mt8365: fix IES control pins (git-fixes). - pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs (git-fixes). - pinctrl: microchip-sgpio: lock RMW access (git-fixes). - pinctrl: microchip sgpio: use reset driver (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: npcm: Fix broken references to chip->parent_device (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: renesas: checker: Fix miscalculation of number of states (git-fixes). - pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel (git-fixes). - pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins (git-fixes). - pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config (git-fixes). - pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI (git-fixes). - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - pinctrl: sunxi: Fix H616 I2S3 pin data (git-fixes). - pinctrl: sunxi: Use unique lockdep classes for IRQs (git-fixes). - pinctrl: tegra: tegra194: drop unused pin groups (git-fixes). - pinctrl: tigerlake: Revert 'Add Alder Lake-M ACPI ID' (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - pipe: Fix missing lock in pipe_resize_ring() (git-fixes). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/chrome: cros_ec: fix error handling in cros_ec_register() (git-fixes). - platform/chrome: cros_ec_typec: Check for EC device (git-fixes). - platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls (git-fixes). - platform: finally disallow IRQ0 in platform_get_irq() and its ilk (git-fixes). - platform/surface: aggregator: Fix initialization order when compiling as builtin module (git-fixes). - platform/surface: surface3-wmi: Simplify resource management (git-fixes). - platform/x86: Add Intel Software Defined Silicon driver (jsc#SLE-18938). - platform/x86: asus-wmi: Add support for custom fan curves (bsc#1198058). - platform/x86: asus-wmi: Delete impossible condition (bsc#1198058). - platform/x86: asus-wmi: Fix driver not binding when fan curve control probe fails (git-fixes). - platform/x86: asus-wmi: Fix regression when probing for fan curve control (bsc#1198058). - platform/x86: asus-wmi: Fix 'unsigned 'retval' is never less than zero' smatch warning (bsc#1198058). - platform/x86: asus-wmi: Potential buffer overflow in asus_wmi_evaluate_method_buf() (git-fixes). - platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF (git-fixes). - platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4 support (git-fixes). - platform/x86: huawei-wmi: check the return value of device_create_file() (git-fixes). - platform/x86: intel-hid: fix _DSM function index handling (git-fixes). - platform/x86/intel/sdsi: Fix bug in multi packet reads (jsc#SLE-18901). - platform/x86/intel/sdsi: Handle leaky bucket (jsc#SLE-18901). - platform/x86/intel/sdsi: Poll on ready bit for writes (jsc#SLE-18901). - platform/x86: panasonic-laptop: de-obfuscate button codes (git-fixes). - platform/x86: panasonic-laptop: do not report duplicate brightness key-presses (git-fixes). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (git-fixes). - platform/x86: panasonic-laptop: revert 'Resolve hotkey double trigger bug' (git-fixes). - platform/x86: panasonic-laptop: sort includes alphabetically (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1 (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - PM: domains: Fix initialization of genpd's next_wakeup (git-fixes). - PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - pNFS: Avoid a live lock condition in pnfs_update_layout() (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s: Do not use DSISR for SLB faults (bsc#1194869). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/bpf: Update ldimm64 instructions during extra pass (bsc#1194869). - powerpc: Do not select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1194869). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/fadump: opt out from freeing pages on cma activation failure (bsc#1195099 ltc#196102). - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mce: Modify the real address error logging messages (jsc#SLE-18194). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - powerpc/perf: Fix the threshold compare group constraint for power10 (bsc#1194869). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/pseries: Parse control memory access error (jsc#SLE-18194). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/vdso: Fix incorrect CFI in gettimeofday.S (bsc#1199173 ltc#197388). - powerpc/vdso: Remove cvdso_call_time macro (bsc#1199173 ltc#197388). - powerpc/xive: Add a debugfs file to dump EQs (bsc#1194409 ltc#195810). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Change the debugfs file 'xive' into a directory (bsc#1194409 ltc#195810). - powerpc/xive: Export XIVE IPI information for online-only processors (bsc#1194409 ltc#195810). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - powerpc/xive: Introduce an helper to print out interrupt characteristics (bsc#1194409 ltc#195810). - powerpc/xive: Introduce xive_core_debugfs_create() (bsc#1194409 ltc#195810). - powerpc/xive: Rename the 'cpus' debugfs file to 'ipis' (bsc#1194409 ltc#195810). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: axp288_fuel_gauge: Drop BIOS version check from 'T3 MRD' DMI quirk (git-fixes). - power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: sbs-charger: Do not cancel work that is not initialized (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - pps: clients: gpio: Propagate return value from pps_gpio_probe (git-fixes). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - proc: bootconfig: Add null pointer check (git-fixes). - proc: fix documentation and description of pagemap (git-fixes). - procfs: prevent unprivileged processes accessing fdinfo dir (git-fixes). - psi: fix 'defined but not used' warnings when (git-fixes) - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - pvpanic: Fix typos in the comments (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qed: display VF trust config (git-fixes). - qede: confirm skb is allocated before using (git-fixes). - qed: fix ethtool register dump (jsc#SLE-19001). - qed: return status of qed_iov_get_link (git-fixes). - qla2xxx: add ->map_queues support for nvme (bsc#1195823). - qlcnic: dcb: default to returning -EOPNOTSUPP (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - random: check for signal_pending() outside of need_resched() check (git-fixes). - random: wake up /dev/random writers after zap (git-fixes). - random: wire up fops->splice_{read,write}_iter() (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (git-fixes). - RDMA/core: Fix ib_qp_usecnt_dec() called when error (jsc#SLE-19249). - RDMA/core: Set MR type in ib_reg_user_mr (git-fixes). - RDMA/hfi1: Fix use-after-free bug for mm struct (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/irdma: Fix netdev notifications for vlan's (git-fixes). - RDMA/irdma: Fix Passthrough mode in VM (git-fixes). - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (git-fixes). - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (git-fixes). - RDMA/irdma: Prevent some integer underflows (git-fixes). - RDMA/irdma: Reduce iWARP QP destroy time (git-fixes). - RDMA/irdma: Remove incorrect masking of PD (git-fixes). - RDMA/irdma: Set protocol based on PF rdma_mode flag (bsc#1200502). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/mlx5: Add a missing update of cache->last_add (git-fixes). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (git-fixes). - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (git-fixes). - RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() (jsc#SLE-19249). - RDMA/rtrs-clt: Fix possible double free in error case (git-fixes). - RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close (git-fixes). - RDMA/rxe: Change variable and function argument to proper type (jsc#SLE-19249). - RDMA/rxe: Check the last packet by RXE_END_MASK (git-fixes). - RDMA/rxe: Fix ref error in rxe_av.c (jsc#SLE-19249). - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/siw: Fix refcounting leak in siw_create_qp() (jsc#SLE-19249). - RDMA/ucma: Protect mc during concurrent multicast leaves (git-fixes). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (git-fixes). - regmap-irq: Update interrupt clear register for proper reset (git-fixes). - regulator: atc260x: Fix missing active_discharge_on setting (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: core: fix false positive in regulator_late_cleanup() (git-fixes). - regulator: da9121: Fix uninit-value in da9121_assign_chip_model() (git-fixes). - regulator: mt6315: Enforce regulator-compatible, not name (git-fixes). - regulator: mt6315-regulator: fix invalid allowed mode (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - regulator: qcom_smd: Fix up PM8950 regulator configuration (git-fixes). - regulator: rpi-panel: Handle I2C errors/timing to the Atmel (git-fixes). - regulator: scmi: Fix refcount leak in scmi_regulator_probe (git-fixes). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - remoteproc: Fix count check in rproc_coredump_write() (git-fixes). - remoteproc: imx_rproc: Ignore create mem entry for resource table (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - Revert 'drm/amd/display: Fix DCN3 B0 DP Alt Mapping' (git-fixes). - Revert 'svm: Add warning message for AVIC IPI invalid target' (git-fixes). - rfkill: make new event layout opt-in (git-fixes). - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (git-fixes). - riscv: Fix fill_callchain return value (git fixes). - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (git-fixes). - rpmsg: qcom_smd: Fix redundant channel->registered assignment (git-fixes). - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_probe() (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (git-fixes). - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (git-fixes). - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe (git-fixes). - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (git-fixes). - rtc: mc146818-lib: fix locking in mc146818_set_time (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - rtc: mxc: Silence a clang warning (git-fixes). - rtc: pcf2127: fix bug when reading alarm registers (git-fixes). - rtc: pl031: fix rtc features null pointer dereference (git-fixes). - rtc: sun6i: Fix time overflow handling (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - rtw88: 8821c: fix debugfs rssi value (git-fixes). - rtw88: 8821c: support RFE type4 wifi NIC (git-fixes). - rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE (git-fixes). - rtw88: rtw8821c: enable rfe 6 devices (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390-dasd-fix-data-corruption-for-ESE-devices (bsc#1200205 LTC#198456). - s390/dasd: fix data corruption for ESE devices (git-fixes). - s390-dasd-Fix-read-for-ESE-with-blksize-4k (bsc#1200211 LTC#198457). - s390/dasd: Fix read for ESE with blksize 4k (git-fixes). - s390-dasd-Fix-read-inconsistency-for-ESE-DASD-devices (bsc#1200211 LTC#198457). - s390/dasd: Fix read inconsistency for ESE DASD devices (git-fixes). - s390-dasd-prevent-double-format-of-tracks-for-ESE-devices (bsc#1200205 LTC#198456). - s390/dasd: prevent double format of tracks for ESE devices (git-fixes). - s390/entry: fix duplicate tracking of irq nesting level (git-fixes). - s390/extable: fix exception table sorting (git-fixes). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/perf: obtain sie_block from the right address (bsc#1200315 LTC#198473). - s390/setup: avoid reserving memory above identity mapping (git-fixes). - s390/smp: sort out physical vs virtual pointers usage (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sc16is7xx: Fix for incorrect data being transmitted (git-fixes). - sched/core: Export pelt_thermal_tp (git-fixes) - sched/core: Fix forceidle balancing (git-fixes) - sched/core: Mitigate race (git-fixes) - sched/cpuacct: Fix charge percpu cpuusage (git-fixes) - sched/cpuacct: Fix user/system in shown cpuacct.usage* (git-fixes) - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched: Define and initialize a flag to identify valid PASID in the task (jsc#SLE-24350). - sched/fair: Consider CPU affinity when allowing NUMA imbalance in find_idlest_group() (bnc#1193431). - sched/fair: Fix fault in reweight_entity (git fixes (sched/core)). - sched/fair: Revise comment about lb decision matrix (git-fixes) - sched: Fix balance_push() vs __sched_setscheduler() (git-fixes) - sched: Fix yet more sched_fork() races (git fixes (sched/core)). - sched/membarrier: Fix membarrier-rseq fence command missing (git-fixes) - sched/numa: Adjust imb_numa_nr to a better approximation of memory channels (bnc#1193431). - sched/numa: Apply imbalance limitations consistently (bnc#1193431). - sched/numa: Do not swap tasks between nodes when spare capacity is available (bnc#1193431). - sched/numa: Initialise numa_migrate_retry (bnc#1193431). - sched/pasid: Add a kABI workaround (jsc#SLE-24350). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/pelt: Relax the sync of util_sum with util_avg (git-fixes) - sched/psi: report zeroes for CPU full at the system level (git-fixes) - sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race (git-fixes) - sched/rt: Try to restart rt period timer when rt runtime (git-fixes) - sched/scs: Reset task stack state in bringup_cpu() (git-fixes) - sched/sugov: Ignore busy filter when rq is capped by (git-fixes) - sched: Teach the forced-newidle balancer about CPU affinity (git-fixes) - scripts/faddr2line: Fix overlapping text section failures (git-fixes). - scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() (bsc#1198802). - scsi: block: PM fix blk_post_runtime_resume() args (bsc#1198802). - scsi: core: Query VPD size before getting full page (git-fixes). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: elx: efct: Do not use GFP_KERNEL under spin lock (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Add more logs for runtime suspend/resume (bsc#1198802). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: hisi_sas: Fix rescan after deleting a disk (git-fixes). - scsi: hisi_sas: Fix some issues related to asd_sas_port-phy_list (bsc#1198802). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - scsi: hisi_sas: Initialise devices in .slave_alloc callback (bsc#1198802). - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Remove unused variable and check in hisi_sas_send_ata_reset_each_phy() (git-fixes). - scsi: hisi_sas: Wait for phyup in hisi_sas_control_phy() (bsc#1198802). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: libsas: Add flag SAS_HA_RESUMING (bsc#1198802). - scsi: libsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: libsas: Defer works of new phys during suspend (bsc#1198802). - scsi: libsas: Do not always drain event workqueue for HA resume (bsc#1198802). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: libsas: Insert PORTE_BROADCAST_RCVD event for resuming host (bsc#1198802). - scsi: libsas: Keep host active while processing events (bsc#1198802). - scsi: libsas: Refactor sas_queue_deferred_work() (bsc#1198802). - scsi: libsas: Resume host while sending SMP I/Os (bsc#1198802). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use irq_set_affinity() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: mpt3sas: Fix incorrect 4GB boundary check (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: mpt3sas: Use cached ATA Information VPD page (git-fixes). - scsi: mvsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() (git-fixes). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters (git-fixes). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftest: KVM: Add open sev dev helper (bsc#1194526). - selftests/bpf: Remove unused variable in tc_tunnel prog (git-fixes). - selftests: firmware: Fix the request_firmware_into_buf() test for XZ format (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526). - selftests: KVM: Add /x86_64/sev_migrate_tests to .gitignore (bsc#1194526). - selftests: KVM: Fix check for !POLLIN in demand_paging_test (bsc#1194526). - selftests: kvm: Remove absent target file (git-fixes). - selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (bsc#1194526). - selftests: kvm/x86: Fix the warning in lib/x86_64/processor.c (bsc#1194526). - selftests/powerpc: Add test for real address error handling (jsc#SLE-18194). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type (git-fixes). - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (git-fixes). - serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: 8250: fix XOFF/XON sending when DMA is used (git-fixes). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Report actual baud base rather than fixed 115200 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - sfc: Do not free an empty page_ring (git-fixes). - sfc: fallback for lack of xdp tx queues (bsc#1196306). - sfc: last resort fallback for lack of xdp tx queues (bsc#1196306). - sfc: Use swap() instead of open coding it (bsc#1196306). - sfc: use swap() to make code cleaner (bsc#1196306). - skbuff: fix coalescing for page_pool fragment recycling (bsc#1190336). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - slip: fix macro redefine warning (git-fixes). - smb3: add mount parm nosparse (bsc#1193629). - smb3: add trace point for lease not found issue (bsc#1193629). - smb3: add trace point for oplock not found (bsc#1193629). - smb3: check for null tcon (bsc#1193629). - smb3: cleanup and clarify status of tree connections (bsc#1193629). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1193629). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1193629). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1193629). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1193629). - smb3: fix snapshot mount option (bsc#1193629). - [smb3] improve error message when mount options conflict with posix (bsc#1193629). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1193629). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1193629). - [smb3] move more common protocol header definitions to smbfs_common (bsc#1193629). - smb3: send NTLMSSP version information (bsc#1193629). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: aspeed: lpc-ctrl: Block error printing on probe defer cases (git-fixes). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - soc: bcm: Check for NULL return of devm_kzalloc() (git-fixes). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: guts: Add a missing memory allocation failure check (git-fixes). - soc: fsl: guts: Revert commit 3c0d64e867ed (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - soc: mediatek: pm-domains: Add wakeup capacity support in power domain (git-fixes). - soc: qcom: aoss: Expose send for generic usecase (git-fixes). - soc: qcom: aoss: Fix missing put_device call in qmp_get (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (git-fixes). - soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - sound/oss/dmasound: fix build when drivers are mixed =y/=m (git-fixes). - sound/oss/dmasound: fix 'dmasound_setup' defined but not used (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - soundwire: intel: prevent pm_runtime resume prior to system suspend (git-fixes). - soundwire: qcom: adjust autoenumeration timeout (git-fixes). - speakup-dectlk: Restore pitch setting (git-fixes). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: cadence-quadspi: fix incorrect supports_op() return value (git-fixes). - spi: cadence-quadspi: fix protocol setup for non-1-1-X operations (git-fixes). - spi: core: add dma_map_dev for __spi_unmap_msg() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: Fix Tegra QSPI example (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: qcom-qspi: Add minItems to interconnect-names (git-fixes). - spi: rockchip: Fix error in getting num-cs property (git-fixes). - spi: rockchip: fix missing error on unsupported SPI_CS_HIGH (git-fixes). - spi: rockchip: Preset cs-high and clk polarity in setup progress (git-fixes). - spi: rockchip: Stop spi slave dma receiver when cs inactive (git-fixes). - spi: rockchip: terminate dma transmission when slave abort (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-mtk-nor: initialize spi controller after resume (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - spi: spi-zynqmp-gqspi: Handle error for dma_set_mask (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: fbtft: fb_st7789v: reset display before initialization (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - staging: most: dim2: force fcnt=3 on Renesas GEN3 (git-fixes). - staging: most: dim2: use device release method (git-fixes). - staging: most: dim2: use if statements instead of ?: expressions (git-fixes). - staging: mt7621-dts: fix formatting (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet (git-fixes). - staging: mt7621-dts: fix pinctrl properties for ethernet (git-fixes). - staging: rtl8712: fix a potential memory leak in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - staging: rtl8723bs: Fix access-point mode deadlock (git-fixes). - staging: vc04_services: shut up out-of-range warning (git-fixes). - staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances (git-fixes). - staging: vchiq_core: handle NULL result of find_service_by_handle (git-fixes). - staging: vchiq: Move certain declarations to vchiq_arm.h (git-fixes). - staging: vchiq: Move vchiq char driver to its own file (git-fixes). - staging: vchiq: Refactor vchiq cdev code (git-fixes). - staging: wfx: fix an error handling in wfx_init_common() (git-fixes). - stddef: Introduce DECLARE_FLEX_ARRAY() helper (git-fixes). - stm: ltdc: fix two incorrect NULL checks on list iterator (bsc#1190786) - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Do not dereference non-socket transports in sysfs (git-fixes). - SUNRPC: Do not dereference non-socket transports in sysfs - kabi fix (git-fixes). - SUNRPC do not resend a task on an offlined transport (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - SUNRPC release the transport of a relocated task with an assigned transport (git-fixes). - SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() (git-fixes). - SUNRPC: Trap RDMA segment overflows (git-fixes). - SUNRPC: use different lock keys for INET6 and LOCAL (git-fixes). - supported.conf: add intel_sdsi - supported.conf: mark pfuze100 regulator as supported (bsc#1199909) - supported.conf: Support TPM TIS SPI driver (jsc#SLE-24093) - surface: surface3_power: Fix battery readings on batteries without a serial number (git-fixes). - swiotlb: max mapping size takes min align mask into account (bsc#1197303). - sysrq: do not omit current cpu when showing backtrace of all active CPUs (git-fixes). - thermal/core: Fix memory leak in __thermal_cooling_device_register() (git-fixes). - thermal: core: Fix TZ_GET_TRIP NULL pointer dereference (git-fixes). - thermal: devfreq_cooling: use local ops instead of global ops (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe (git-fixes). - thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal: int340x: fix memory leak in int3400_notify() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - thunderbolt: Use different lane for second DisplayPort tunnel (git-fixes). - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (bsc#1201218). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (bsc#1190786) - timekeeping: Mark NMI safe time accessors as notrace (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - TOMOYO: fix __setup handlers return values (git-fixes). - tools arch x86: Add Intel SDSi provisiong tool (jsc#SLE-18938). - tools: bpftool: Complete metrics list in 'bpftool prog profile' doc (git-fixes). - tools: bpftool: Document and add bash completion for -L, -B options (git-fixes). - tools: bpftool: Update and synchronise option list in doc and help msg (git-fixes). - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: Fix error handling in async work (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tpm: use try_get_ops() in tpm-space.c (git-fixes). - tps6598x: clear int mask on probe failure (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have trace event string test handle zero length strings (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histogram: Fix sorting on old 'cpu' value (git-fixes). - tracing/osnoise: Force quiescent states while tracing (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - tracing: Show kretprobe unknown indicator only for kretprobe_trampoline (bsc#1193277). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (git-fixes). - tty: n_gsm: Do not ignore write return value in gsmld_output() (git-fixes). - tty: n_gsm: fix deadlock in gsmtty_open() (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix NULL pointer access due to DLCI release (git-fixes). - tty: n_gsm: Fix packet data hex dump output (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong tty control line for flow control (git-fixes). - tty: n_tty: do not look ahead for EOL character past the end of the buffer (git-fixes). - tty: n_tty: Restore EOF push handling behavior (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates (bsc#1189998). - uapi/linux/stddef.h: Add include guards (jsc#SLE-18978). - ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1 (bsc#1194191). - udmabuf: validate ubuf->pagecount (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: cdns3: Fix issue for clear halt endpoint (git-fixes). - usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value (git-fixes). - usb: cdnsp: Fixed setting last_trb incorrectly (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: core: Do not hold the device lock while sleeping in do_proc_control() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: drd: fix soft connect when gadget is unconfigured (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: core: Fix tx/rx threshold settings (git-fixes). - usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - usb: dwc3: Decouple USB 2.0 L1 & L2 events (git-fixes). - usb: dwc3: gadget: Change to dev_dbg() when queuing to inactive gadget/ep (git-fixes). - usb: dwc3: gadget: ep_queue simplify isoc start condition (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Give some time to schedule isoc (git-fixes). - usb: dwc3: gadget: Ignore Update Transfer cmd params (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: gadget: move cmd_endtransfer to extra function (git-fixes). - usb: dwc3: gadget: Move null pinter check to proper place (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Return proper request status (git-fixes). - usb: dwc3: gadget: Skip checking Update Transfer status (git-fixes). - usb: dwc3: gadget: Skip reading GEVNTSIZn (git-fixes). - usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (git-fixes). - usb: dwc3: Issue core soft reset before enabling run/stop (git-fixes). - usb: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - usb: dwc3: pci: Add 'snps,dis_u2_susphy_quirk' for Intel Bay Trail (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-P (git-fixes). - usb: dwc3: pci: add support for the Intel Raptor Lake-S (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks() (git-fixes). - usb: dwc3: Try usb-role-switch first in dwc3_drd_init (git-fixes). - usb: dwc3: xilinx: fix uninitialized return value (git-fixes). - usb: ehci: add pci device support for Aspeed platforms (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: Fix xhci event ring dequeue pointer ERDP update issue (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: gadget: eliminate anonymous module_init and module_exit (git-fixes). - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (git-fixes). - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (git-fixes). - USB: gadget: Fix double-free bug in raw_gadget driver (git-fixes). - usb: gadget: Fix non-unique driver names in raw-gadget driver (git-fixes). - usb: gadget: fix race when gadget driver register via ioctl (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: gadget: tegra-xudc: Do not program SPARAM (git-fixes). - usb: gadget: tegra-xudc: Fix control endpoint's definitions (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usb: gadget: uvc: allow for application to cleanly shutdown (git-fixes). - usb: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - usb: gadget: uvc: rename function to be more consistent (git-fixes). - usb: gadget: validate endpoint index for xilinx udc (git-fixes). - usb: gadget: validate interface OS descriptor requests (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: isp1760: Fix out-of-bounds array access (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: phy: generic: Get the vbus supply (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: raw-gadget: fix handling of dual-direction-capable endpoints (git-fixes). - usb: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - usb: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - usb: serial: cp210x: add NCR Retail IO box id (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - usb: serial: io_ti: add Agilent E5805A support (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - usb: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add support for DW5829e (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: serial: option: add Telit LE910R1 compositions (git-fixes). - usb: serial: option: add ZTE MF286D modem (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: pl2303: add support for more HXN (G) types (git-fixes). - usb: serial: pl2303: fix GS type detection (git-fixes). - usb: serial: pl2303: fix type detection for odd device (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: simple: add Nokia phone driver (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: tcpci_mt6360: Update for BMC PHY setting (git-fixes). - usb: typec: tipd: Forward plug orientation to typec subsystem (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: eliminate anonymous module_init and module_exit (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - usb: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions (git-fixes). - usb: zaurus: support another broken Zaurus (git-fixes). - vdpasim: allow to enable a vq repeatedly (git-fixes). - veth: Ensure eth header is in skb's linear part (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - vhost_vdpa: do not setup irq offloading when irq_num 0 (git-fixes). - vhost/vsock: do not check owner in vhost_vsock_stop() while releasing (git-fixes). - vhost/vsock: fix incorrect used length reported to the guest (git-fixes). - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1190497) - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit (git-fixes). - video: fbdev: w100fb: Reset global state (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio_blk: eliminate anonymous module_init and module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init and module_exit (git-fixes). - virtio: fix virtio transitional ids (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix for skb_over_panic inside big mode (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix wrong buf address calculation when using xdp (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-net: realign page_to_skb() after merges (git-fixes). - virtio: pci: Fix an error handling path in vp_modern_probe() (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - vsprintf: Fix potential unaligned access (bsc#1198379). - vt_ioctl: add array_index_nospec to VT_ACTIVATE (git-fixes). - vt_ioctl: fix array_index_nospec in vt_setactivate (git-fixes). - vxcan: enable local echo for sent CAN frames (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function (git-fixes). - watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking (git-fixes). - Watchdog: sp5100_tco: Add initialization using EFCH MMIO (bsc#1199260). - watchdog: sp5100_tco: Add support for get_timeleft (bsc#1199260). - Watchdog: sp5100_tco: Enable Family 17h+ CPUs (bsc#1199260). - Watchdog: sp5100_tco: Move timer initialization into function (bsc#1199260). - Watchdog: sp5100_tco: Refactor MMIO base address initialization (bsc#1199260). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). - watch_queue: Actually free the watch (git-fixes). - watch_queue: Fix NULL dereference in error cleanup (git-fixes). - watch_queue: Free the page array when watch_queue is dismantled (git-fixes). - wcn36xx: Differentiate wcn3660 from wcn3620 (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice() (git-fixes). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (bsc#1190497). - x86/boot: Fix memremap of setup_indirect structures (bsc#1190497). - x86/cc: Move arch/x86/{kernel/cc_platform.c coco/core.c} (jsc#SLE-19924). - x86/coco: Add API to handle encryption mask (jsc#SLE-19924). - x86/coco: Explicitly declare type of confidential computing platform (jsc#SLE-19924). - x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN (bsc#1190497). - x86/cpufeatures: Re-enable ENQCMD (jsc#SLE-24350). - x86/cpu: Load microcode during restore_processor_state() (bsc#1190497). - x86/fpu: Clear PASID when copying fpstate (jsc#SLE-24350). - x86/kprobes: Add UNWIND_HINT_FUNC on kretprobe_trampoline() (bsc#1193277). - x86/kprobes: Fixup return address in generic trampoline handler (bsc#1193277). - x86/kprobes: Push a fake return address at kretprobe_trampoline (bsc#1193277). - x86/kvmclock: Fix Hyper-V Isolated VM boot issue when vCPUs 64 (bsc#1183682). - x86/kvm: Do not waste memory if kvmclock is disabled (bsc#1183682). - x86/MCE/AMD: Allow thresholding interface updates after init (bsc#1190497). - x86/mm/cpa: Generalize __set_memory_enc_pgtable() (jsc#SLE-19924). - x86/module: Fix the paravirt vs alternative order (bsc#1190497). - x86/pm: Save the MSR validity status at context setup (bsc#1190497). - x86/ptrace: Fix xfpregs_set() incorrect xmm clearing (bsc#1190497). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1190497). - x86/traps: Demand-populate PASID MSR via #GP (jsc#SLE-24350). - x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1190497). - x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (bsc#1190497). - x86/unwind: kABI workaround for unwind_state changes (bsc#1193277). - x86/unwind: Recover kretprobe trampoline entry (bsc#1193277). - xen/blkfront: fix comment for need_copy (git-fixes). - xen: fix is_xen_pmu() (git-fixes). - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (bsc#1201218). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xfs: drop async cache flushes from CIL commits (bsc#1195669). - xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI (git-fixes). - xhci: Enable runtime PM on second Alderlake controller (git-fixes). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). - xhci: increase usb U3 U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: make xhci_handshake timeout for xhci_reset() adjustable (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). - xhci: turn off port power in shutdown (git-fixes). - xsk: Do not write NULL in SW ring at allocation failure (jsc#SLE-18375). - zsmalloc: decouple class actions from zspage works (bsc#1189998). - zsmalloc: introduce obj_allocated (bsc#1189998). - zsmalloc: introduce some helper functions (bsc#1189998). - zsmalloc: move huge compressed obj from page to zspage (bsc#1189998). - zsmalloc: remove zspage isolation for migration (bsc#1189998). - zsmalloc: rename zs_stat_type to class_stat_type (bsc#1189998). - zsmalloc: replace get_cpu_var with local_lock (bsc#1189998). - zsmalloc: replace per zpage lock with pool migrate_lock (bsc#1189998). - zsmalloc: Stop using slab fields in struct page (bsc#1189998 bsc#1190208). Important SUSE bug 1055117 SUSE bug 1061840 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1089644 SUSE bug 1103269 SUSE bug 1118212 SUSE bug 1121726 SUSE bug 1137728 SUSE bug 1156395 SUSE bug 1157038 SUSE bug 1157923 SUSE bug 1175667 SUSE bug 1179439 SUSE bug 1179639 SUSE bug 1180814 SUSE bug 1183682 SUSE bug 1183872 SUSE bug 1184318 SUSE bug 1184924 SUSE bug 1187716 SUSE bug 1188885 SUSE bug 1189998 SUSE bug 1190137 SUSE bug 1190208 SUSE bug 1190336 SUSE bug 1190497 SUSE bug 1190768 SUSE bug 1190786 SUSE bug 1190812 SUSE bug 1191271 SUSE bug 1191663 SUSE bug 1192483 SUSE bug 1193064 SUSE bug 1193277 SUSE bug 1193289 SUSE bug 1193431 SUSE bug 1193556 SUSE bug 1193629 SUSE bug 1193640 SUSE bug 1193787 SUSE bug 1193823 SUSE bug 1193852 SUSE bug 1194086 SUSE bug 1194111 SUSE bug 1194191 SUSE bug 1194409 SUSE bug 1194501 SUSE bug 1194523 SUSE bug 1194526 SUSE bug 1194583 SUSE bug 1194585 SUSE bug 1194586 SUSE bug 1194625 SUSE bug 1194765 SUSE bug 1194826 SUSE bug 1194869 SUSE bug 1195099 SUSE bug 1195287 SUSE bug 1195478 SUSE bug 1195482 SUSE bug 1195504 SUSE bug 1195651 SUSE bug 1195668 SUSE bug 1195669 SUSE bug 1195775 SUSE bug 1195823 SUSE bug 1195826 SUSE bug 1195913 SUSE bug 1195915 SUSE bug 1195926 SUSE bug 1195944 SUSE bug 1195957 SUSE bug 1195987 SUSE bug 1196079 SUSE bug 1196114 SUSE bug 1196130 SUSE bug 1196213 SUSE bug 1196306 SUSE bug 1196367 SUSE bug 1196400 SUSE bug 1196426 SUSE bug 1196478 SUSE bug 1196514 SUSE bug 1196570 SUSE bug 1196723 SUSE bug 1196779 SUSE bug 1196830 SUSE bug 1196836 SUSE bug 1196866 SUSE bug 1196868 SUSE bug 1196869 SUSE bug 1196901 SUSE bug 1196930 SUSE bug 1196942 SUSE bug 1196960 SUSE bug 1197016 SUSE bug 1197157 SUSE bug 1197227 SUSE bug 1197243 SUSE bug 1197292 SUSE bug 1197302 SUSE bug 1197303 SUSE bug 1197304 SUSE bug 1197362 SUSE bug 1197386 SUSE bug 1197501 SUSE bug 1197601 SUSE bug 1197661 SUSE bug 1197675 SUSE bug 1197761 SUSE bug 1197817 SUSE bug 1197819 SUSE bug 1197820 SUSE bug 1197888 SUSE bug 1197889 SUSE bug 1197894 SUSE bug 1197915 SUSE bug 1197917 SUSE bug 1197918 SUSE bug 1197920 SUSE bug 1197921 SUSE bug 1197922 SUSE bug 1197926 SUSE bug 1198009 SUSE bug 1198010 SUSE bug 1198012 SUSE bug 1198013 SUSE bug 1198014 SUSE bug 1198015 SUSE bug 1198016 SUSE bug 1198017 SUSE bug 1198018 SUSE bug 1198019 SUSE bug 1198020 SUSE bug 1198021 SUSE bug 1198022 SUSE bug 1198023 SUSE bug 1198024 SUSE bug 1198027 SUSE bug 1198030 SUSE bug 1198034 SUSE bug 1198058 SUSE bug 1198217 SUSE bug 1198379 SUSE bug 1198400 SUSE bug 1198402 SUSE bug 1198412 SUSE bug 1198413 SUSE bug 1198438 SUSE bug 1198484 SUSE bug 1198577 SUSE bug 1198585 SUSE bug 1198660 SUSE bug 1198802 SUSE bug 1198803 SUSE bug 1198806 SUSE bug 1198811 SUSE bug 1198826 SUSE bug 1198835 SUSE bug 1198968 SUSE bug 1198971 SUSE bug 1199011 SUSE bug 1199024 SUSE bug 1199035 SUSE bug 1199046 SUSE bug 1199052 SUSE bug 1199063 SUSE bug 1199163 SUSE bug 1199173 SUSE bug 1199260 SUSE bug 1199314 SUSE bug 1199390 SUSE bug 1199426 SUSE bug 1199433 SUSE bug 1199439 SUSE bug 1199482 SUSE bug 1199487 SUSE bug 1199505 SUSE bug 1199507 SUSE bug 1199605 SUSE bug 1199611 SUSE bug 1199626 SUSE bug 1199631 SUSE bug 1199650 SUSE bug 1199657 SUSE bug 1199674 SUSE bug 1199736 SUSE bug 1199793 SUSE bug 1199839 SUSE bug 1199875 SUSE bug 1199909 SUSE bug 1200015 SUSE bug 1200019 SUSE bug 1200045 SUSE bug 1200046 SUSE bug 1200144 SUSE bug 1200205 SUSE bug 1200211 SUSE bug 1200259 SUSE bug 1200263 SUSE bug 1200284 SUSE bug 1200315 SUSE bug 1200343 SUSE bug 1200420 SUSE bug 1200442 SUSE bug 1200475 SUSE bug 1200502 SUSE bug 1200567 SUSE bug 1200569 SUSE bug 1200571 SUSE bug 1200572 SUSE bug 1200599 SUSE bug 1200600 SUSE bug 1200608 SUSE bug 1200611 SUSE bug 1200619 SUSE bug 1200692 SUSE bug 1200762 SUSE bug 1200763 SUSE bug 1200806 SUSE bug 1200807 SUSE bug 1200808 SUSE bug 1200809 SUSE bug 1200810 SUSE bug 1200812 SUSE bug 1200815 SUSE bug 1200816 SUSE bug 1200820 SUSE bug 1200822 SUSE bug 1200824 SUSE bug 1200825 SUSE bug 1200827 SUSE bug 1200828 SUSE bug 1200829 SUSE bug 1200830 SUSE bug 1200845 SUSE bug 1200882 SUSE bug 1200925 SUSE bug 1201050 SUSE bug 1201160 SUSE bug 1201171 SUSE bug 1201177 SUSE bug 1201193 SUSE bug 1201196 SUSE bug 1201218 SUSE bug 1201222 SUSE bug 1201228 SUSE bug 1201251 SUSE bug 150300 CVE-2021-26341 CVE-2021-33061 CVE-2021-4204 CVE-2021-44879 CVE-2021-45402 CVE-2022-0264 CVE-2022-0494 CVE-2022-0617 CVE-2022-1012 CVE-2022-1016 CVE-2022-1184 CVE-2022-1198 CVE-2022-1205 CVE-2022-1508 CVE-2022-1651 CVE-2022-1652 CVE-2022-1671 CVE-2022-1679 CVE-2022-1729 CVE-2022-1734 CVE-2022-1789 CVE-2022-1852 CVE-2022-1966 CVE-2022-1972 CVE-2022-1974 CVE-2022-1998 CVE-2022-20132 CVE-2022-20154 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-2318 CVE-2022-23222 CVE-2022-26365 CVE-2022-26490 CVE-2022-29582 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33981 CVE-2022-34918 cpe:/o:opensuse:leap:15.4 Security update for gimp (Moderate) openSUSE Leap 15.4 This update for gimp fixes the following issues: - CVE_2022-30067: Fixed an out of memory when reading. (bsc#1199653) Moderate SUSE bug 1199653 CVE-2022-30067 cpe:/o:opensuse:leap:15.4 Security update for samba (Moderate) openSUSE Leap 15.4 This update for samba fixes the following issues: - CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bso#15085) (bsc#1201496). Moderate SUSE bug 1201496 CVE-2022-32742 cpe:/o:opensuse:leap:15.4 Security update for permissions (Important) openSUSE Leap 15.4 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) Important SUSE bug 1198720 SUSE bug 1200747 SUSE bug 1201385 cpe:/o:opensuse:leap:15.4 Security update for mokutil (Moderate) openSUSE Leap 15.4 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --set-sbat-policy (latest | previous | delete) to set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. Moderate SUSE bug 1198458 cpe:/o:opensuse:leap:15.4 Security update for python-numpy (Moderate) openSUSE Leap 15.4 This update for python-numpy fixes the following issues: - CVE-2021-41495: Fixed Null Pointer Dereference in numpy.sort (bsc#1193911). Moderate SUSE bug 1193911 CVE-2021-41495 cpe:/o:opensuse:leap:15.4 Security update for tiff (Low) openSUSE Leap 15.4 This update for tiff fixes the following issues: - CVE-2022-2056: Fixed a division by zero denial of service (bsc#1201176). - CVE-2022-2057: Fixed a division by zero denial of service (bsc#1201175). - CVE-2022-2058: Fixed a division by zero denial of service (bsc#1201174). Low SUSE bug 1201174 SUSE bug 1201175 SUSE bug 1201176 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.4 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 7 Fix Pack 10 [bsc#1201643] - CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670), CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674), CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675), CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931). Important SUSE bug 1191912 SUSE bug 1194931 SUSE bug 1198670 SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 SUSE bug 1201643 CVE-2021-35561 CVE-2022-21299 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 cpe:/o:opensuse:leap:15.4 Security update for samba (Moderate) openSUSE Leap 15.4 This update for samba fixes the following issues: - CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bso#15085) (bsc#1201496). Moderate SUSE bug 1201496 CVE-2022-32742 cpe:/o:opensuse:leap:15.4 Security update for u-boot (Important) openSUSE Leap 15.4 This update for u-boot fixes the following issues: - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). Important SUSE bug 1201214 CVE-2022-34835 cpe:/o:opensuse:leap:15.4 Security update for postgresql-jdbc (Moderate) openSUSE Leap 15.4 This update for postgresql-jdbc fixes the following issues: - CVE-2022-26520: Fixed arbitrary File Write Vulnerability (bsc#1197356) Moderate SUSE bug 1197356 CVE-2022-26520 cpe:/o:opensuse:leap:15.4 Security update for drbd (Important) openSUSE Leap 15.4 This update of drbd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.4 Security update for oracleasm (Important) openSUSE Leap 15.4 This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.4 Security update for keylime (Important) openSUSE Leap 15.4 This update for keylime fixes the following issues: Update to version 6.3.2, including fixes for: - CVE-2022-1053: Fixed Tenant and Verifier might not use the same registrar data (bsc#1199253). - CVE-2022-31250: Fixed %post scriplet allows for privilege escalation from keylime user to root (bsc#1200885). Important SUSE bug 1199253 SUSE bug 1200885 SUSE bug 1201466 SUSE bug 1201866 CVE-2022-1053 CVE-2022-31250 cpe:/o:opensuse:leap:15.4 Security update for ldb, samba (Important) openSUSE Leap 15.4 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following non-security bug were fixed: ldb was updated to version 2.4.3: + Fix build problems, waf produces incorrect names for python extensions; (bso#15071); samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). Important SUSE bug 1196224 SUSE bug 1198255 SUSE bug 1199247 SUSE bug 1199734 SUSE bug 1200556 SUSE bug 1200964 SUSE bug 1201490 SUSE bug 1201492 SUSE bug 1201493 SUSE bug 1201495 SUSE bug 1201496 CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 cpe:/o:opensuse:leap:15.4 Security update for java-17-openjdk (Important) openSUSE Leap 15.4 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.4+8 (July 2022 CPU) - CVE-2022-21540: Improve class compilation (bsc#1201694) - CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692) - CVE-2022-34169: Improve Xalan supports (bsc#1201684) - CVE-2022-21549: java.util.random does not correctly sample exponential or Gaussian distributions (bsc#1201685) Important SUSE bug 1201684 SUSE bug 1201685 SUSE bug 1201692 SUSE bug 1201694 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 cpe:/o:opensuse:leap:15.4 Security update for u-boot (Important) openSUSE Leap 15.4 This update for u-boot fixes the following issues: - CVE-2022-33967: Fixed heap overflow in squashfs filesystem implementation (bsc#1201745). - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). Important SUSE bug 1201214 SUSE bug 1201745 CVE-2022-33967 CVE-2022-34835 cpe:/o:opensuse:leap:15.4 Security update for harfbuzz (Important) openSUSE Leap 15.4 This update for harfbuzz fixes the following issues: - CVE-2022-33068: Fixed a integer overflow in hb-ot-shape-fallback.cc (bsc#1200900). Important SUSE bug 1200900 CVE-2022-33068 cpe:/o:opensuse:leap:15.4 Security update for qpdf (Important) openSUSE Leap 15.4 This update for qpdf fixes the following issues: - CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF:processXRefStream (bsc#1201830). - CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514). Important SUSE bug 1188514 SUSE bug 1201830 CVE-2021-36978 CVE-2022-34503 cpe:/o:opensuse:leap:15.4 Security update for go1.17 (Important) openSUSE Leap 15.4 This update for go1.17 fixes the following issues: Update to go version 1.17.13 (bsc#1190649): - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic (bsc#1202035). - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (bsc#1201444). - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (bsc#1201437). - CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (bsc#1201448). - CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (bsc#1201443). - CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (bsc#1201434) - CVE-2022-30630: io/fs: stack exhaustion in Glob (bsc#1201447). - CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (bsc#1201436) - CVE-2022-30632: path/filepath: stack exhaustion in Glob (bsc#1201445). - CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal (bsc#1201440). Important SUSE bug 1190649 SUSE bug 1201434 SUSE bug 1201436 SUSE bug 1201437 SUSE bug 1201440 SUSE bug 1201443 SUSE bug 1201444 SUSE bug 1201445 SUSE bug 1201447 SUSE bug 1201448 SUSE bug 1202035 CVE-2022-1705 CVE-2022-1962 CVE-2022-28131 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32189 cpe:/o:opensuse:leap:15.4 Security update for go1.18 (Important) openSUSE Leap 15.4 This update for go1.18 fixes the following issues: Update to go version 1.18.5 (bsc#1193742): - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic (bsc#1202035). - CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (bsc#1201434) - CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (bsc#1201436) - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (bsc#1201437). - CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal (bsc#1201440). - CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (bsc#1201443). - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (bsc#1201444). - CVE-2022-30632: path/filepath: stack exhaustion in Glob (bsc#1201445). - CVE-2022-30630: io/fs: stack exhaustion in Glob (bsc#1201447). - CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (bsc#1201448). Important SUSE bug 1193742 SUSE bug 1201434 SUSE bug 1201436 SUSE bug 1201437 SUSE bug 1201440 SUSE bug 1201443 SUSE bug 1201444 SUSE bug 1201445 SUSE bug 1201447 SUSE bug 1201448 SUSE bug 1202035 CVE-2022-1705 CVE-2022-1962 CVE-2022-28131 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32189 cpe:/o:opensuse:leap:15.4 Security update for python-ujson (Moderate) openSUSE Leap 15.4 This update for python-ujson fixes the following issues: - CVE-2022-31116: Fixed improper decoding of escaped surrogate characters (bsc#1201255). - CVE-2022-31117: Fixed a double free while reallocating a buffer for string decoding (bsc#1201254). Moderate SUSE bug 1201254 SUSE bug 1201255 CVE-2022-31116 CVE-2022-31117 cpe:/o:opensuse:leap:15.4 Security update for buildah (Moderate) openSUSE Leap 15.4 This update for buildah fixes the following issues: - CVE-2022-27651: Fixed incorrect default inheritable capabilities for linux container (bsc#1197870). Update to version 1.25.1. The following non-security bugs were fixed: - add workaround for https://bugzilla.opensuse.org/show_bug.cgi?id=1183043 Moderate SUSE bug 1197870 CVE-2022-27651 cpe:/o:opensuse:leap:15.4 Security update for wavpack (Low) openSUSE Leap 15.4 This update for wavpack fixes the following issues: - CVE-2022-2476: Fixed a Null pointer dereference in wvunpack (bsc#1201716). Low SUSE bug 1201716 CVE-2022-2476 cpe:/o:opensuse:leap:15.4 Security update for fwupd (Moderate) openSUSE Leap 15.4 This update for fwupd fixes the following issues: - Ignore non-PCI NVMe devices (e.g. NVMe-over-Fabrics) when probing (bsc#1193921) - package was rebuilt with new UEFI secure boot key. (bsc#1198581) Moderate SUSE bug 1193921 SUSE bug 1198581 cpe:/o:opensuse:leap:15.4 Security update for python-M2Crypto (Important) openSUSE Leap 15.4 This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). Important SUSE bug 1178829 CVE-2020-25657 cpe:/o:opensuse:leap:15.4 Security update for crash (Important) openSUSE Leap 15.4 This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:opensuse:leap:15.4 Security update for java-11-openjdk (Important) openSUSE Leap 15.4 This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.16+8 (July 2022 CPU) - CVE-2022-21540: Improve class compilation (bsc#1201694) - CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692) - CVE-2022-34169: Improve Xalan supports (bsc#1201684) Important SUSE bug 1201684 SUSE bug 1201692 SUSE bug 1201694 CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 cpe:/o:opensuse:leap:15.4 Security update for bind (Important) openSUSE Leap 15.4 This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance (bsc#1192146). - CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders (bsc#1197135). - CVE-2022-0396: Fixed a incorrect handling of TCP connection slots time frame leading to deny of service (bsc#1197136). The following non-security bugs were fixed: - Update to release 9.16.31 (jsc#SLE-24600). - Logrotation broken since dropping chroot (bsc#1200685). - A non-existent initialization script (eg a leftorver 'createNamedConfInclude' in /etc/sysconfig/named) may cause named not to start. A warning message is printed in named.prep and the fact is ignored. Also, the return value of a failed script was not handled properly causing a failed script to not prevent named to start. This is now fixed properly. [bsc#1199044, vendor-files.tar.bz2] Important SUSE bug 1192146 SUSE bug 1197135 SUSE bug 1197136 SUSE bug 1199044 SUSE bug 1200685 CVE-2021-25219 CVE-2021-25220 CVE-2022-0396 cpe:/o:opensuse:leap:15.4 Security update for ncurses (Moderate) openSUSE Leap 15.4 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). Moderate SUSE bug 1198627 CVE-2022-29458 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue (bnc#1200015, bnc#1200494). The following non-security bugs were fixed: - 9p: Fix refcounting during full path walks for fid lookups (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes). - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes). - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes). - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (git-fixes). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes). - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (git-fixes). - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes). - ARM: 9213/1: Print message about disabled Spectre workarounds only once (git-fixes). - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (git-fixes). - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes). - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes). - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes). - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (git-fixes). - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (git-fixes). - ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes). - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (git-fixes). - ASoC: rt5682: Fix deadlock on resume (git-fixes). - ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes). - ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes). - ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes). - ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes). - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (git-fixes). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711: fix calibrate mutex initialization (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: tas2764: Add post reset delays (git-fixes). - ASoC: tas2764: Correct playback volume range (git-fixes). - ASoC: tas2764: Fix amp gain register offset & default (git-fixes). - ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes). - ASoC: wcd938x: Fix event generation for some controls (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: Add bt_skb_sendmmsg helper (git-fixes). - Bluetooth: Add bt_skb_sendmsg helper (git-fixes). - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes). - Bluetooth: Fix passing NULL to PTR_ERR (git-fixes). - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes). - Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes). - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes). - Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes). - Documentation: add description for net.core.gro_normal_batch (git-fixes). - Documentation: add description for net.sctp.ecn_enable (git-fixes). - Documentation: add description for net.sctp.intl_enable (git-fixes). - Documentation: add description for net.sctp.reconf_enable (git-fixes). - Documentation: fix udp_wmem_min in ip-sysctl.rst (git-fixes). - Documentation: move watch_queue to core-api (git-fixes). - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes). - Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256). - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes). - KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - XArray: Update the LRU list in xas_split() (git-fixes). - arm64: Add HWCAP for self-synchronising virtual counter (git-fixes) - arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682). - arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes) - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes). - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes) - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes). - arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes). - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes) - arm_pmu: Validate single/group leader events (git-fixes). - asm-generic: remove a broken and needless ifdef conditional (git-fixes). - batman-adv: Use netif_rx() (git-fixes). - bcmgenet: add WOL IRQ check (git-fixes). - be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323). - bitfield.h: Fix 'type of reg too small for mask' test (git-fixes). - blk-mq: add one API for waiting until quiesce is done (bsc#1201651). - blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651). - blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes). - can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: m_can: m_can_chip_config(): actually enable internal timestamping (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (git-fixes). - can: rcar_canfd: add __maybe_unused annotation to silence warning (git-fixes). - ceph: fix up non-directory creation in SGID directories (bsc#1201595). - cifs: fix reconnect on smb3 mount types (bsc#1201427). - configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes). - cpufreq: mediatek: Unregister platform device on exit (git-fixes). - cpufreq: mediatek: Use module_init and add module_exit (git-fixes). - cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes). - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391). - crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682). - crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682). - crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682). - crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - add synchronization between mailbox accesses (jsc#SLE-24682). - crypto: octeontx2 - fix missing unlock (jsc#SLE-24682). - crypto: octeontx2 - increase CPT HW instruction queue length (jsc#SLE-24682). - crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682). - crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682). - crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set CIPHER capability for DH895XCC (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#1201258). - device property: Add fwnode_irq_get_byname (jsc#SLE-24569) - device property: Check fwnode->secondary when finding properties (git-fixes). - dm: do not stop request queue after the dm device is suspended (bsc#1201651). - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes). - dma-debug: make things less spammy under memory pressure (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569) - docs: net: dsa: add more info about the other arguments to get_tag_protocol (git-fixes). - docs: net: dsa: delete port_mdb_dump (git-fixes). - docs: net: dsa: document change_tag_protocol (git-fixes). - docs: net: dsa: document port_fast_age (git-fixes). - docs: net: dsa: document port_setup and port_teardown (git-fixes). - docs: net: dsa: document the shutdown behavior (git-fixes). - docs: net: dsa: document the teardown method (git-fixes). - docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes). - docs: net: dsa: remove port_vlan_dump (git-fixes). - docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes). - docs: net: dsa: update probing documentation (git-fixes). - dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes). - dpaa2-eth: destroy workqueue at the end of remove function (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - drbd: fix potential silent data corruption (git-fixes). - drivers: net: smc911x: Check for error irq (git-fixes). - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (git-fixes). - drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes). - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (git-fixes). - drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes). - drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes). - drm/i915/dg2: Add Wa_22011100796 (git-fixes). - drm/i915/gt: Serialize GRDOM access between multiple engine resets (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915/uc: correctly track uc_fw init failure (git-fixes). - drm/i915: Fix a race between vma / object destruction and unbinding (git-fixes). - drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes). - drm/mediatek: Detect CMDQ execution timeout (git-fixes). - drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes). - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes). - dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571) - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (git-fixes). - e1000e: Enable GPT clock before sending message to CSME (git-fixes). - efi/x86: use naked RET on mixed mode call wrapper (git-fixes). - erofs: fix deadlock when shrink erofs slab (git-fixes). - ethernet: Fix error handling in xemaclite_of_probe (git-fixes). - ethtool: Fix get module eeprom fallback (bsc#1201323). - exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725). - exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725). - exfat: Drop superfluous new line for error messages (bsc#1201725). - exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix referencing wrong parent directory information after renaming (git-fixes). - exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes). - exfat: use updated exfat_chain directly during renaming (git-fixes). - export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes). - fat: add ratelimit to fat*_ent_bread() (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fix race between exit_itimers() and /proc/pid/timers (git-fixes). - fjes: Check for error irq (git-fixes). - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes). - fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593). - fuse: make sure reclaim does not write the inode (bsc#1201592). - gpio: gpio-xilinx: Fix integer overflow (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571) - gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571) - gve: Recording rx queue before sending to napi (git-fixes). - hwmon: (occ) Prevent power cap command overwriting poll response (git-fixes). - hwmon: (occ) Remove sequence numbering and checksum calculation (git-fixes). - hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes). - i2c: smbus: Check for parent device before dereference (git-fixes). - i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569) - i2c: tegra: Add SMBus block read function (jsc#SLE-24569) - i2c: tegra: Add the ACPI support (jsc#SLE-24569) - i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569) - ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes). - ice: Fix error with handling of bonding MTU (git-fixes). - ice: Fix race condition during interface enslave (git-fixes). - ice: stop disabling VFs due to PF error responses (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (git-fixes). - inet_diag: fix kernel-infoleak for UDP sockets (git-fixes). - iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes). - iov_iter: fix build issue due to possible type mis-match (git-fixes). - irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#SLE-24682). - irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes). - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI workaround for phy_device changes (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kABI workaround for snd-soc-rt5682-* (git-fixes). - kABI: fix adding field to scsi_device (git-fixes). - kABI: fix adding field to ufs_hba (git-fixes). - kABI: fix change of iscsi_host_remove() arguments (bsc#1198410). - kABI: fix removal of iscsi_destroy_conn (bsc#1198410). - kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for 'i2c: smbus: Use device_*() functions instead of of_*()' - kabi/severities: Exclude ppc kvm - kabi/severities: add intel ice - kabi/severities: add stmmac network driver local symbols - kabi/severities: ignore dropped symbol rt5682_headset_detect - kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/kasan)). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes). - kselftest/vm: fix tests build with old libc (git-fixes). - kselftest: Fix vdso_test_abi return status (git-fixes). - kselftest: signal all child processes (git-fixes). - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes). - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes). - landlock: Add clang-format exceptions (git-fixes). - landlock: Change landlock_add_rule(2) argument check ordering (git-fixes). - landlock: Change landlock_restrict_self(2) check ordering (git-fixes). - landlock: Create find_rule() from unmask_layers() (git-fixes). - landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes). - landlock: Fix landlock_add_rule(2) documentation (git-fixes). - landlock: Fix same-layer rule unions (git-fixes). - landlock: Format with clang-format (git-fixes). - landlock: Reduce the maximum number of layers to 16 (git-fixes). - landlock: Use square brackets around 'landlock-ruleset' (git-fixes). - libceph: fix potential use-after-free on linger ping and resends (bsc#1201596). - lockdep: Correct lock_classes index mapping (git-fixes). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes). - loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes). - macsec: fix NULL deref in macsec_add_rxsa (git-fixes). - macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes). - macsec: limit replay window size with XPN (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/pgalloc)). - memregion: Fix memregion_free() fallback definition (git-fixes). - minix: fix bug when opening a file with O_DIRECT (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/large system hash: avoid possible NULL deref in alloc_large_system_hash (git fixes (mm/pgalloc)). - mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/secretmem)). - mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/vmalloc)). - mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git fixes (mm/vmalloc)). - mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/vmalloc)). - mm: do not try to NUMA-migrate COW pages that have other uses (git fixes (mm/numa)). - mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)). - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes). - mtd: rawnand: gpmi: validate controller clock rate (git-fixes). - natsemi: xtensa: fix section mismatch warnings (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes). - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (git-fixes). - net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes). - net: ag71xx: Fix a potential double free in error handling paths (git-fixes). - net: altera: set a couple error code in probe() (git-fixes). - net: amd-xgbe: Fix skb data length underflow (git-fixes). - net: amd-xgbe: disable interrupts during pci removal (git-fixes). - net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes). - net: annotate data-races on txq->xmit_lock_owner (git-fixes). - net: axienet: Fix TX ring slot available check (git-fixes). - net: axienet: Wait for PhyRstCmplt after core reset (git-fixes). - net: axienet: add missing memory barriers (git-fixes). - net: axienet: fix for TX busy handling (git-fixes). - net: axienet: fix number of TX ring slots for available check (git-fixes). - net: axienet: increase default TX ring size to 128 (git-fixes). - net: axienet: increase reset timeout (git-fixes). - net: axienet: limit minimum TX ring size (git-fixes). - net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes). - net: bcmgenet: Do not claim WOL when its not available (git-fixes). - net: bcmgenet: skip invalid partial checksums (git-fixes). - net: chelsio: cxgb3: check the return value of pci_find_capability() (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account (git-fixes). - net: dpaa_eth: remove dead select in menuconfig FSL_DPAA_ETH (git-fixes). - net: dsa: ar9331: register the mdiobus under devres (git-fixes). - net: dsa: bcm_sf2: do not use devres for mdiobus (git-fixes). - net: dsa: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: felix: do not use devres for mdiobus (git-fixes). - net: dsa: hellcreek: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: lan9303: add VLAN IDs to master device (git-fixes). - net: dsa: lan9303: fix reset on probe (git-fixes). - net: dsa: lantiq_gswip: do not use devres for mdiobus (git-fixes). - net: dsa: microchip: ksz8863: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (git-fixes). - net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding (git-fixes). - net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes). - net: dsa: mv88e6xxx: do not use devres for mdiobus (git-fixes). - net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister (git-fixes). - net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (git-fixes). - net: dsa: xrs700x: be compatible with masters which unregister on shutdown (git-fixes). - net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes). - net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() (git-fixes). - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes). - net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes). - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (git-fixes). - net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: ieee802154: hwsim: Ensure proper channel selection at probe time (git-fixes). - net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes). - net: ipa: add an interconnect dependency (git-fixes). - net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes). - net: ipa: prevent concurrent replenish (git-fixes). - net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes). - net: ks8851: Check for error irq (git-fixes). - net: lantiq_xrx200: fix statistics of received bytes (git-fixes). - net: ll_temac: check the return value of devm_kmalloc() (git-fixes). - net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes). - net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes). - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (git-fixes). - net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes). - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (git-fixes). - net: marvell: prestera: fix incorrect return of port_find (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes). - net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload (git-fixes). - net: mscc: ocelot: fix mutex lock error during ethtool stats read (git-fixes). - net: mscc: ocelot: fix using match before it is set (git-fixes). - net: mv643xx_eth: process retval from of_get_mac_address (git-fixes). - net: mvpp2: fix XDP rx queues registering (git-fixes). - net: phy: Do not trigger state machine while in suspend (git-fixes). - net: phylink: Force link down and retrigger resolve on interface change (git-fixes). - net: phylink: Force retrigger in case of latched link-fail indicator (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: sfp: fix high power modules without diagnostic monitoring (git-fixes). - net: sfp: ignore disabled SFP node (git-fixes). - net: sparx5: Fix add vlan when invalid operation (git-fixes). - net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes). - net: stmmac: Add platform level debug register dump feature (git-fixes). - net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support (git-fixes). - net: stmmac: configure PTP clock source prior to PTP initialization (git-fixes). - net: stmmac: dump gmac4 DMA registers correctly (git-fixes). - net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes). - net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL (git-fixes). - net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode (git-fixes). - net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes). - net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request (git-fixes). - net: stmmac: ensure PTP time register reads are consistent (git-fixes). - net: stmmac: fix return value of __setup handler (git-fixes). - net: stmmac: fix tc flower deletion for VLAN priority Rx steering (git-fixes). - net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() (git-fixes). - net: stmmac: ptp: fix potentially overflowing expression (git-fixes). - net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes). - net: stmmac: skip only stmmac_ptp_register when resume from suspend (git-fixes). - net: sxgbe: fix return value of __setup handler (git-fixes). - net: systemport: Add global locking for descriptor lifecycle (git-fixes). - net: usb: Correct PHY handling of smsc95xx (git-fixes). - net: usb: Correct reset handling of smsc95xx (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - netdevsim: do not overwrite read only ethtool parms (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes). - nilfs2: fix lockdep warnings during disk space reclamation (git-fixes). - nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes). - nouveau/svm: Fix to migrate all requested pages (git-fixes). - nvme-auth: retry command if DNR bit is not set (bsc#1201675). - nvme: add APIs for stopping/starting admin queue (bsc#1201651). - nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651). - nvme: consider also host_iface when checking ip options (bsc#1199670). - nvme: implement In-Band authentication (jsc#SLE-20183). - nvme: kabi fixes for in-band authentication (bsc#1199086). - nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated (bsc#1201651). - nvme: paring quiesce/unquiesce (bsc#1201651). - nvme: prepare for pairing quiescing and unquiescing (bsc#1201651). - nvme: wait until quiesce is done (bsc#1201651). - nvmet-auth: expire authentication sessions (jsc#SLE-20183). - nvmet: implement basic In-Band Authentication (jsc#SLE-20183). - octeontx2-af: Add a 'rvu_free_bitmap()' function (gix-fixes). - octeontx2-af: Do not fixup all VF action entries (git-fixes). - octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes). - octeontx2-af: Fix some memory leaks in the error handling path of 'cgx_lmac_init()' (git-fixes). - octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces (git-fixes). - octeontx2-pf: Forward error codes to VF (git-fixes). - optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes). - page_alloc: fix invalid watemark check on a negative value (git fixes (mm/pgalloc)). - perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578). - perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute (jsc#SLE-24578). - perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578). - perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#SLE-24578). - pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes). - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes). - pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes). - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - ppp: ensure minimum packet size in ppp_write() (git-fixes). - qede: validate non LSO skb length (git-fixes). - r8152: fix a WOL issue (git-fixes). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - reset: Fix devm bulk optional exclusive control getter (git-fixes). - rocker: fix a sleeping in atomic bug (git-fixes). - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules. - rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258). - samples/landlock: Add clang-format exceptions (git-fixes). - samples/landlock: Fix path_list memory leak (git-fixes). - samples/landlock: Format with clang-format (git-fixes). - scripts/dtc: Call pkg-config POSIXly correct (git-fixes). - scripts/gdb: change kernel config dumping method (git-fixes). - scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes). - scripts: sphinx-pre-install: add required ctex dependency (git-fixes). - scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651). - scsi: core: sd: Add silence_suspend flag to suppress some PM messages (git-fixes). - scsi: iscsi: Add helper functions to manage iscsi_cls_conn (bsc#1198410). - scsi: iscsi: Add helper to remove a session from the kernel (bsc#1198410). - scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#1198410). - scsi: iscsi: Clean up bound endpoints during shutdown (bsc#1198410). - scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes). - scsi: iscsi: Fix HW conn removal use after free (bsc#1198410). - scsi: iscsi: Fix session removal on shutdown (bsc#1198410). - scsi: libiscsi: Teardown iscsi_cls_conn gracefully (bsc#1198410). - scsi: lpfc: Fix mailbox command failure during driver initialization (git-fixes). - scsi: make sure that request queue queiesce and unquiesce balanced (bsc#1201651). - scsi: megaraid: Clear READ queue map's nr_queues (git-fixes). - scsi: qedi: Use QEDI_MODE_NORMAL for error handling (bsc#1198410). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_debug: Do not call kcalloc() if size arg is zero (git-fixes). - scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes). - scsi: scsi_debug: Fix zone transition to full condition (git-fixes). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes). - scsi: ufs: Fix a deadlock in the error handler (git-fixes). - scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes). - scsi: ufs: Remove dead code (git-fixes). - scsi: ufs: core: scsi_get_lba() error fix (git-fixes). - seccomp: Invalidate seccomp mode to catch death failures (git-fixes). - selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130). - selftest/vm: fix map_fixed_noreplace test failure (git-fixes). - selftest/vm: verify mmap addr in mremap_test (git-fixes). - selftest/vm: verify remap destination address in mremap_test (git-fixes). - selftests, x86: fix how check_cc.sh is being invoked (git-fixes). - selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes). - selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes). - selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes). - selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes). - selftests/ftrace: make kprobe profile testcase description unique (git-fixes). - selftests/landlock: Add clang-format exceptions (git-fixes). - selftests/landlock: Add tests for O_PATH (git-fixes). - selftests/landlock: Add tests for unknown access rights (git-fixes). - selftests/landlock: Extend access right tests to directories (git-fixes). - selftests/landlock: Extend tests for minimal valid attribute size (git-fixes). - selftests/landlock: Format with clang-format (git-fixes). - selftests/landlock: Fully test file rename with 'remove' access (git-fixes). - selftests/landlock: Make tests build with old libc (git-fixes). - selftests/landlock: Normalize array assignment (git-fixes). - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes). - selftests/memfd: clean up mapping in mfd_fail_write (git-fixes). - selftests/memfd: remove unused variable (git-fixes). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes). - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes). - selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes). - selftests/net: timestamping: Fix bind_phc check (git-fixes). - selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes). - selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes). - selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes). - selftests/resctrl: Fix null pointer dereference on open failed (git-fixes). - selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes). - selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (git-fixes). - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes). - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes). - selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes). - selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes). - selftests/rseq: Introduce rseq_get_abi() helper (git-fixes). - selftests/rseq: Introduce thread pointer getters (git-fixes). - selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes). - selftests/rseq: Remove useless assignment to cpu variable (git-fixes). - selftests/rseq: Remove volatile from __rseq_abi (git-fixes). - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes). - selftests/rseq: introduce own copy of rseq uapi header (git-fixes). - selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes). - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes). - selftests/seccomp: Do not call read() on TTY from background pgrp (git-fixes). - selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes). - selftests/sgx: Treat CC as one argument (git-fixes). - selftests/vm/transhuge-stress: fix ram size thinko (git-fixes). - selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes). - selftests/x86: Add validity check and allow field splitting (git-fixes). - selftests/zram01.sh: Fix compression ratio calculation (git-fixes). - selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes). - selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes). - selftests: Add duplicate config only for MD5 VRF tests (git-fixes). - selftests: Fix IPv6 address bind tests (git-fixes). - selftests: Fix raw socket bind tests with VRF (git-fixes). - selftests: add ping test with ping_group_range tuned (git-fixes). - selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes). - selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes). - selftests: cgroup: Test open-time credential usage for migration checks (git-fixes). - selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes). - selftests: fixup build warnings in pidfd / clone3 tests (git-fixes). - selftests: forwarding: fix error message in learning_test (git-fixes). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes). - selftests: futex: Use variable MAKE instead of make (git-fixes). - selftests: gpio: fix gpio compiling error (git-fixes). - selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes). - selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes). - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes). - selftests: mlxsw: resource_scale: Fix return value (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes). - selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes). - selftests: mptcp: add csum mib check for mptcp_connect (git-fixes). - selftests: mptcp: fix diag instability (git-fixes). - selftests: mptcp: fix ipv6 routing setup (git-fixes). - selftests: mptcp: more stable diag tests (git-fixes). - selftests: net: Correct case name (git-fixes). - selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes). - selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes). - selftests: net: tls: remove unused variable and code (git-fixes). - selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes). - selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes). - selftests: netfilter: add a vrf+conntrack testcase (git-fixes). - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes). - selftests: netfilter: disable rp_filter on router (git-fixes). - selftests: netfilter: fix exit value for nft_concat_range (git-fixes). - selftests: nft_concat_range: add test for reload with no element add/del (git-fixes). - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes). - selftests: openat2: Add missing dependency in Makefile (git-fixes). - selftests: openat2: Print also errno in failure messages (git-fixes). - selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes). - selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes). - selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes). - selftests: rtc: Increase test timeout so that all tests run (git-fixes). - selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes). - selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes). - selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes). - selftests: vm: fix clang build error multiple output files (git-fixes). - selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes). - serial: 8250: Fix PM usage_count for console handover (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570) - spi: amd: Limit max transfer and message size (git-fixes). - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (git-fixes). - spi: tegra210-quad: add acpi support (jsc#SLE-24570) - spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570) - spi: tegra210-quad: combined sequence mode (jsc#SLE-24570) - spi: tegra210-quad: use device_reset method (jsc#SLE-24570) - spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570) - supported.conf: mark drivers/nvme/common as supported (jsc#SLE-20183) - supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported. - supported.conf: rvu_mbox as supported (jsc#SLE-24682) - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes). - tee: fix put order in teedev_close_context() (git-fixes). - tee: optee: do not check memref size on return from Secure World (git-fixes). - tee: tee_get_drvdata(): fix description of return value (git-fixes). - testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes). - testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes). - testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes). - tests: fix idmapped mount_setattr test (git-fixes). - tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes). - tools/nolibc: fix incorrect truncation of exit code (git-fixes). - tools/nolibc: i386: fix initial stack alignment (git-fixes). - tools/nolibc: x86-64: Fix startup code bug (git-fixes). - tools/testing/scatterlist: add missing defines (git-fixes). - tty: n_gsm: Modify CR,PF bit when config requester (git-fixes). - tty: n_gsm: Save dlci address open status when config requester (git-fixes). - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes). - tty: n_gsm: fix decoupled mux resource (git-fixes). - tty: n_gsm: fix encoding of command/response bit (git-fixes). - tty: n_gsm: fix frame reception handling (git-fixes). - tty: n_gsm: fix incorrect UA handling (git-fixes). - tty: n_gsm: fix insufficient txframe size (git-fixes). - tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes). - tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes). - tty: n_gsm: fix malformed counter for out of frame data (git-fixes). - tty: n_gsm: fix missing explicit ldisc flush (git-fixes). - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes). - tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes). - tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes). - tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes). - tty: n_gsm: fix reset fifo race condition (git-fixes). - tty: n_gsm: fix restart handling via CLD command (git-fixes). - tty: n_gsm: fix software flow control handling (git-fixes). - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes). - tty: n_gsm: fix wrong DLCI release order (git-fixes). - tty: n_gsm: fix wrong command frame length field encoding (git-fixes). - tty: n_gsm: fix wrong command retry handling (git-fixes). - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes). - tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes). - tun: avoid double free in tun_free_netdev (git-fixes). - tun: fix bonding active backup with arp monitoring (git-fixes). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes). - tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes). - uaccess: fix type mismatch warnings from access_ok() (git-fixes). - ucounts: Base set_cred_ucounts changes on the real user (git-fixes). - ucounts: Fix rlimit max values check (git-fixes). - ucounts: Fix systemd LimitNPROC with private users regression (git-fixes). - ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes). - ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes). - udmabuf: add back sanity check (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: serial: ftdi_sio: add Belimo device ids (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usbnet: Run unregister_netdev() before unbind() again (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - userfaultfd/selftests: fix hugetlb area allocations (git-fixes). - veth: Do not record rx queue hint in veth_xmit (git-fixes). - veth: ensure skb entering GRO are not cloned (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (git-fixes). - vsock/virtio: enable VQs early on probe (git-fixes). - vsock/virtio: initialize vdev->priv before using VQs (git-fixes). - vsock/virtio: read the negotiated features before using VQs (git-fixes). - vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes). - vt: fix memory overlapping when deleting chars in the buffer (git-fixes). - watch-queue: remove spurious double semicolon (git-fixes). - watch_queue: Fix missing locking in add_watch_to_object() (git-fixes). - watch_queue: Fix missing rcu annotation (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1190497). - x86/entry: Remove skip_r11rcx (bsc#1201524). - x86/ibt,xen: Sprinkle the ENDBR (bsc#1201471). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes). - xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes). - xhci: dbc: refactor xhci_dbc_init() (git-fixes). - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). - zonefs: Clear inode information flags on inode creation (git-fixes). - zonefs: Fix management of open zones (git-fixes). - zonefs: add MODULE_ALIAS_FS (git-fixes). Important SUSE bug 1190256 SUSE bug 1190497 SUSE bug 1198410 SUSE bug 1198829 SUSE bug 1199086 SUSE bug 1199291 SUSE bug 1199364 SUSE bug 1199665 SUSE bug 1199670 SUSE bug 1200015 SUSE bug 1200465 SUSE bug 1200494 SUSE bug 1200644 SUSE bug 1200651 SUSE bug 1201258 SUSE bug 1201323 SUSE bug 1201381 SUSE bug 1201391 SUSE bug 1201427 SUSE bug 1201458 SUSE bug 1201471 SUSE bug 1201524 SUSE bug 1201592 SUSE bug 1201593 SUSE bug 1201595 SUSE bug 1201596 SUSE bug 1201635 SUSE bug 1201651 SUSE bug 1201675 SUSE bug 1201691 SUSE bug 1201705 SUSE bug 1201725 SUSE bug 1201846 SUSE bug 1201930 SUSE bug 1201954 SUSE bug 1201958 CVE-2021-33655 CVE-2022-1462 CVE-2022-21505 CVE-2022-29581 CVE-2022-32250 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 91.12 * changed: Support for Google Talk chat accounts removed * fixed: OpenPGP signatures were broken when 'Primary Password' dialog remained open * fixed: Various security fixes - Security fixes (MFSA 2022-31) (bsc#1201758): - CVE-2022-36319: Fixed mouse Position spoofing with CSS transforms (bmo#1737722) - CVE-2022-36318: Fixed directory indexes for bundled resources reflected URL parameters (bmo#1771774) Important SUSE bug 1201758 CVE-2022-36318 CVE-2022-36319 cpe:/o:opensuse:leap:15.4 Security update for python-codecov (Moderate) openSUSE Leap 15.4 This update for python-codecov fixes the following issues: - CVE-2019-10800: Fixed sanitization of gcov arguments before being being provided to the popen method (bsc#1201494). Moderate SUSE bug 1201494 CVE-2019-10800 cpe:/o:opensuse:leap:15.4 Security update for libnbd (Moderate) openSUSE Leap 15.4 This update for libnbd fixes the following issues: - CVE-2022-0485: Fixed a missing error handling that may create corrupted destination image (bsc#1195636). Moderate SUSE bug 1195636 CVE-2022-0485 cpe:/o:opensuse:leap:15.4 Security update for sssd (Moderate) openSUSE Leap 15.4 This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommand (bsc#1189492). - Add 'ldap_ignore_unreadable_references' parameter to skip unreadable objects referenced by 'member' attributte (bsc#1190775) - Fix 32-bit libraries package. Libraries were moved from sssd to sssd-common but baselibs.conf was not updated accordingly (bsc#1182058, bsc#1196166) - Remove caches only when performing a package downgrade. The sssd daemon takes care of upgrading the database format when necessary (bsc#1195552) Moderate SUSE bug 1182058 SUSE bug 1189492 SUSE bug 1190775 SUSE bug 1195552 SUSE bug 1196166 CVE-2021-3621 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2585: Fixed use-after-free in POSIX CPU timer (bnc#1202094). - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-26373: Fixed CPU info leak via post-barrier RSB predictions (bsc#1201726). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). The following non-security bugs were fixed: - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes). - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes). - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (git-fixes). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes). - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (git-fixes). - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes). - ARM: 9213/1: Print message about disabled Spectre workarounds only once (git-fixes). - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (git-fixes). - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes). - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes). - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (git-fixes). - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (git-fixes). - ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes). - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (git-fixes). - ASoC: rt5682: Fix deadlock on resume (git-fixes). - ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes). - ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes). - ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes). - ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes). - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (git-fixes). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711: fix calibrate mutex initialization (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: tas2764: Add post reset delays (git-fixes). - ASoC: tas2764: Correct playback volume range (git-fixes). - ASoC: tas2764: Fix amp gain register offset & default (git-fixes). - ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes). - ASoC: wcd938x: Fix event generation for some controls (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes). - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes). - Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - arm64: Add HWCAP for self-synchronising virtual counter (git-fixes) - arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682). - arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes) - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes). - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes) - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes). - arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes). - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes) - batman-adv: Use netif_rx() (git-fixes). - bcmgenet: add WOL IRQ check (git-fixes). - be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323). - blk-mq: add one API for waiting until quiesce is done (bsc#1201651). - blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651). - blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes). - can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: m_can: m_can_chip_config(): actually enable internal timestamping (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (git-fixes). - ceph: fix up non-directory creation in SGID directories (bsc#1201595). - cpufreq: mediatek: Unregister platform device on exit (git-fixes). - cpufreq: mediatek: Use module_init and add module_exit (git-fixes). - cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes). - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391). - crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682). - crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682). - crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682). - crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - add synchronization between mailbox accesses (jsc#SLE-24682). - crypto: octeontx2 - fix missing unlock (jsc#SLE-24682). - crypto: octeontx2 - increase CPT HW instruction queue length (jsc#SLE-24682). - crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682). - crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682). - crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set CIPHER capability for DH895XCC (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#1201258). - device property: Add fwnode_irq_get_byname (jsc#SLE-24569) - dm: do not stop request queue after the dm device is suspended (bsc#1201651). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569) - docs: net: dsa: add more info about the other arguments to get_tag_protocol (git-fixes). - docs: net: dsa: delete port_mdb_dump (git-fixes). - docs: net: dsa: document change_tag_protocol (git-fixes). - docs: net: dsa: document port_fast_age (git-fixes). - docs: net: dsa: document port_setup and port_teardown (git-fixes). - docs: net: dsa: document the shutdown behavior (git-fixes). - docs: net: dsa: document the teardown method (git-fixes). - docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes). - docs: net: dsa: remove port_vlan_dump (git-fixes). - docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes). - docs: net: dsa: update probing documentation (git-fixes). - dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes). - dpaa2-eth: destroy workqueue at the end of remove function (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - drbd: fix potential silent data corruption (git-fixes). - drivers: net: smc911x: Check for error irq (git-fixes). - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (git-fixes). - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (git-fixes). - drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes). - drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes). - drm/i915/dg2: Add Wa_22011100796 (git-fixes). - drm/i915/gt: Serialize GRDOM access between multiple engine resets (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915/uc: correctly track uc_fw init failure (git-fixes). - drm/i915: Fix a race between vma / object destruction and unbinding (git-fixes). - drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes). - drm/mediatek: Detect CMDQ execution timeout (git-fixes). - drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes). - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes). - dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571) - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (git-fixes). - e1000e: Enable GPT clock before sending message to CSME (git-fixes). - efi/x86: use naked RET on mixed mode call wrapper (git-fixes). - ethernet: Fix error handling in xemaclite_of_probe (git-fixes). - ethtool: Fix get module eeprom fallback (bsc#1201323). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fjes: Check for error irq (git-fixes). - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes). - fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593). - fuse: make sure reclaim does not write the inode (bsc#1201592). - gpio: gpio-xilinx: Fix integer overflow (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571) - gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571) - gve: Recording rx queue before sending to napi (git-fixes). - hwmon: (occ) Prevent power cap command overwriting poll response (git-fixes). - hwmon: (occ) Remove sequence numbering and checksum calculation (git-fixes). - hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes). - i2c: smbus: Check for parent device before dereference (git-fixes). - i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569) - i2c: tegra: Add SMBus block read function (jsc#SLE-24569) - i2c: tegra: Add the ACPI support (jsc#SLE-24569) - i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569) - ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes). - ice: Fix error with handling of bonding MTU (git-fixes). - ice: Fix race condition during interface enslave (git-fixes). - ice: stop disabling VFs due to PF error responses (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (git-fixes). - irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#SLE-24682). - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI workaround for phy_device changes (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kABI workaround for snd-soc-rt5682-* (git-fixes). - kABI: fix adding field to scsi_device (git-fixes). - kABI: fix adding field to ufs_hba (git-fixes). - kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for 'i2c: smbus: Use device_*() functions instead of of_*()' - kabi/severities: add intel ice - kabi/severities: add stmmac network driver local symbols - kabi/severities: ignore dropped symbol rt5682_headset_detect - kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/kasan)). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - libceph: fix potential use-after-free on linger ping and resends (bsc#1201596). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/pgalloc)). - memregion: Fix memregion_free() fallback definition (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/large system hash: avoid possible NULL deref in alloc_large_system_hash (git fixes (mm/pgalloc)). - mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/secretmem)). - mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/vmalloc)). - mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git fixes (mm/vmalloc)). - mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/vmalloc)). - mm: do not try to NUMA-migrate COW pages that have other uses (git fixes (mm/numa)). - mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)). - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes). - natsemi: xtensa: fix section mismatch warnings (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes). - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (git-fixes). - net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes). - net: ag71xx: Fix a potential double free in error handling paths (git-fixes). - net: altera: set a couple error code in probe() (git-fixes). - net: amd-xgbe: Fix skb data length underflow (git-fixes). - net: amd-xgbe: disable interrupts during pci removal (git-fixes). - net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes). - net: annotate data-races on txq->xmit_lock_owner (git-fixes). - net: axienet: Fix TX ring slot available check (git-fixes). - net: axienet: Wait for PhyRstCmplt after core reset (git-fixes). - net: axienet: add missing memory barriers (git-fixes). - net: axienet: fix for TX busy handling (git-fixes). - net: axienet: fix number of TX ring slots for available check (git-fixes). - net: axienet: increase default TX ring size to 128 (git-fixes). - net: axienet: increase reset timeout (git-fixes). - net: axienet: limit minimum TX ring size (git-fixes). - net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes). - net: bcmgenet: Do not claim WOL when its not available (git-fixes). - net: bcmgenet: skip invalid partial checksums (git-fixes). - net: chelsio: cxgb3: check the return value of pci_find_capability() (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account (git-fixes). - net: dsa: ar9331: register the mdiobus under devres (git-fixes). - net: dsa: bcm_sf2: do not use devres for mdiobus (git-fixes). - net: dsa: felix: do not use devres for mdiobus (git-fixes). - net: dsa: lan9303: add VLAN IDs to master device (git-fixes). - net: dsa: lan9303: fix reset on probe (git-fixes). - net: dsa: lantiq_gswip: do not use devres for mdiobus (git-fixes). - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (git-fixes). - net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding (git-fixes). - net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes). - net: dsa: mv88e6xxx: do not use devres for mdiobus (git-fixes). - net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister (git-fixes). - net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (git-fixes). - net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes). - net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() (git-fixes). - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes). - net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes). - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (git-fixes). - net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: ieee802154: hwsim: Ensure proper channel selection at probe time (git-fixes). - net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes). - net: ipa: add an interconnect dependency (git-fixes). - net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes). - net: ipa: prevent concurrent replenish (git-fixes). - net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes). - net: ks8851: Check for error irq (git-fixes). - net: lantiq_xrx200: fix statistics of received bytes (git-fixes). - net: ll_temac: check the return value of devm_kmalloc() (git-fixes). - net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes). - net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes). - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (git-fixes). - net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes). - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (git-fixes). - net: marvell: prestera: fix incorrect return of port_find (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes). - net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload (git-fixes). - net: mscc: ocelot: fix mutex lock error during ethtool stats read (git-fixes). - net: mscc: ocelot: fix using match before it is set (git-fixes). - net: mv643xx_eth: process retval from of_get_mac_address (git-fixes). - net: mvpp2: fix XDP rx queues registering (git-fixes). - net: phy: Do not trigger state machine while in suspend (git-fixes). - net: phylink: Force link down and retrigger resolve on interface change (git-fixes). - net: phylink: Force retrigger in case of latched link-fail indicator (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: sfp: fix high power modules without diagnostic monitoring (git-fixes). - net: sfp: ignore disabled SFP node (git-fixes). - net: sparx5: Fix add vlan when invalid operation (git-fixes). - net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes). - net: stmmac: Add platform level debug register dump feature (git-fixes). - net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support (git-fixes). - net: stmmac: configure PTP clock source prior to PTP initialization (git-fixes). - net: stmmac: dump gmac4 DMA registers correctly (git-fixes). - net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes). - net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL (git-fixes). - net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode (git-fixes). - net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes). - net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request (git-fixes). - net: stmmac: ensure PTP time register reads are consistent (git-fixes). - net: stmmac: fix return value of __setup handler (git-fixes). - net: stmmac: fix tc flower deletion for VLAN priority Rx steering (git-fixes). - net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() (git-fixes). - net: stmmac: ptp: fix potentially overflowing expression (git-fixes). - net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes). - net: stmmac: skip only stmmac_ptp_register when resume from suspend (git-fixes). - net: sxgbe: fix return value of __setup handler (git-fixes). - net: systemport: Add global locking for descriptor lifecycle (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - netdevsim: do not overwrite read only ethtool parms (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - nvme: add APIs for stopping/starting admin queue (bsc#1201651). - nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651). - nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated (bsc#1201651). - nvme: paring quiesce/unquiesce (bsc#1201651). - nvme: prepare for pairing quiescing and unquiescing (bsc#1201651). - nvme: wait until quiesce is done (bsc#1201651). - octeontx2-af: Do not fixup all VF action entries (git-fixes). - octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes). - octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces (git-fixes). - octeontx2-pf: Forward error codes to VF (git-fixes). - page_alloc: fix invalid watemark check on a negative value (git fixes (mm/pgalloc)). - perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578). - perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute (jsc#SLE-24578). - perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578). - perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#SLE-24578). - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - posix_cpu_timers: fix race between exit_itimers() and /proc/pid/timers (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - ppp: ensure minimum packet size in ppp_write() (git-fixes). - qede: validate non LSO skb length (git-fixes). - r8152: fix a WOL issue (git-fixes). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - reset: Fix devm bulk optional exclusive control getter (git-fixes). - rocker: fix a sleeping in atomic bug (git-fixes). - rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258). - sched/core: Do not requeue task on CPU excluded from cpus_mask (bnc#1199356). - scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651). - scsi: core: sd: Add silence_suspend flag to suppress some PM messages (git-fixes). - scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes). - scsi: lpfc: Fix mailbox command failure during driver initialization (git-fixes). - scsi: make sure that request queue queiesce and unquiesce balanced (bsc#1201651). - scsi: scsi_debug: Do not call kcalloc() if size arg is zero (git-fixes). - scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes). - scsi: scsi_debug: Fix zone transition to full condition (git-fixes). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes). - scsi: ufs: Fix a deadlock in the error handler (git-fixes). - scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes). - scsi: ufs: Remove dead code (git-fixes). - scsi: ufs: core: scsi_get_lba() error fix (git-fixes). - serial: 8250: Fix PM usage_count for console handover (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570) - spi: amd: Limit max transfer and message size (git-fixes). - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (git-fixes). - spi: tegra210-quad: add acpi support (jsc#SLE-24570) - spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570) - spi: tegra210-quad: combined sequence mode (jsc#SLE-24570) - spi: tegra210-quad: use device_reset method (jsc#SLE-24570) - spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570) - supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported. - supported.conf: rvu_mbox as supported (jsc#SLE-24682) - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes). - tee: fix put order in teedev_close_context() (git-fixes). - tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes). - tun: fix bonding active backup with arp monitoring (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: serial: ftdi_sio: add Belimo device ids (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - veth: Do not record rx queue hint in veth_xmit (git-fixes). - veth: ensure skb entering GRO are not cloned (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (git-fixes). - vt: fix memory overlapping when deleting chars in the buffer (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1190497). Important SUSE bug 1190256 SUSE bug 1190497 SUSE bug 1199291 SUSE bug 1199356 SUSE bug 1199665 SUSE bug 1201258 SUSE bug 1201323 SUSE bug 1201391 SUSE bug 1201458 SUSE bug 1201592 SUSE bug 1201593 SUSE bug 1201595 SUSE bug 1201596 SUSE bug 1201635 SUSE bug 1201651 SUSE bug 1201691 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201846 SUSE bug 1201930 SUSE bug 1202094 CVE-2021-33655 CVE-2022-21505 CVE-2022-2585 CVE-2022-26373 CVE-2022-29581 cpe:/o:opensuse:leap:15.4 Security update for ceph (Important) openSUSE Leap 15.4 This update for ceph fixes the following issues: - Update to 16.2.9-536-g41a9f9a5573: + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979) - Update to 16.2.9-158-gd93952c7eea: + cmake: check for python(\d)\.(\d+) when building boost + make-dist: patch boost source to support python 3.10 - Update to ceph-16.2.9-58-ge2e5cb80063: + (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths - Update to 16.2.9.50-g7d9f12156fb: + (jsc#SES-2515) High-availability NFS export + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit - Update to 16.2.7-969-g6195a460d89 + (jsc#SES-2515) High-availability NFS export Important SUSE bug 1194131 SUSE bug 1195359 SUSE bug 1196044 SUSE bug 1196785 SUSE bug 1200064 SUSE bug 1200553 CVE-2021-3979 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: - Update to version 2.36.5 (bsc#1201980): - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when using GTK4. - Fix LTO builds with GCC. - Fix several crashes and rendering issues. - Security fixes: - CVE-2022-32792: Fixed processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to UI spoofing. Important SUSE bug 1201980 CVE-2022-32792 CVE-2022-32816 cpe:/o:opensuse:leap:15.4 Security update for rsync (Important) openSUSE Leap 15.4 This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write when connecting to a malicious server (bsc#1201840). Important SUSE bug 1201840 CVE-2022-29154 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: - Update to version 2.36.5 (bsc#1201980): - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when using GTK4. - Fix LTO builds with GCC. - Fix several crashes and rendering issues. - Security fixes: - CVE-2022-32792: Fixed processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to UI spoofing. Important SUSE bug 1201980 CVE-2022-32792 CVE-2022-32816 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598). - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940). The following non-security bugs were fixed: - cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926). - cifs: To match file servers, make sure the server hostname matches (bsc#1201926). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926). - cifs: set a minimum of 120s for next dns resolution (bsc#1201926). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) - x86/entry: Remove skip_r11rcx (bsc#1201644). Important SUSE bug 1195775 SUSE bug 1195926 SUSE bug 1198484 SUSE bug 1198829 SUSE bug 1200442 SUSE bug 1200598 SUSE bug 1200910 SUSE bug 1201429 SUSE bug 1201635 SUSE bug 1201636 SUSE bug 1201644 SUSE bug 1201926 SUSE bug 1201930 SUSE bug 1201940 CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-20166 CVE-2022-36946 cpe:/o:opensuse:leap:15.4 Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate) openSUSE Leap 15.4 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs Moderate SUSE bug 1195916 SUSE bug 1196696 CVE-2020-29651 cpe:/o:opensuse:leap:15.4 Security update for podman (Important) openSUSE Leap 15.4 This update for podman fixes the following issues: Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image to a public registry and run arbitrary code in the victim's context via the 'podman top' command (bsc#1182428). - CVE-2022-27191: Fixed a potential crash via SSH under specific configurations (bsc#1197284). - CVE-2022-21698: Fixed a potential denial of service that affected servers that used Prometheus instrumentation (bsc#1196338). Important SUSE bug 1182428 SUSE bug 1196338 SUSE bug 1197284 CVE-2022-1227 CVE-2022-21698 CVE-2022-27191 cpe:/o:opensuse:leap:15.4 Security update for ntfs-3g_ntfsprogs (Important) openSUSE Leap 15.4 This update for ntfs-3g_ntfsprogs fixes the following issues: Updated to version 2022.5.17 (bsc#1199978): - CVE-2022-30783: Fixed an issue where messages between NTFS-3G and the kernel could be intercepted when using libfuse-lite. - CVE-2022-30784: Fixed a memory exhaustion issue when opening a crafted NTFS image. - CVE-2022-30785: Fixed a bug where arbitrary memory read and write operations could be achieved whe using libfuse-lite. - CVE-2022-30786: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30787: Fixed an integer underflow which enabled arbitrary memory read operations when using libfuse-lite. - CVE-2022-30788: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30789: Fixed a memory corruption issue when opening a crafted NTFS image. Important SUSE bug 1199978 CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789 cpe:/o:opensuse:leap:15.4 Security update for nodejs10 (Important) openSUSE Leap 15.4 This update for nodejs10 fixes the following issues: - CVE-2021-22930, CVE-2021-22940: Fixed two memory corruption issues during HTTP/2 stream cancellation (bsc#1188917, bsc#1189368). - CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2021-22960, CVE-2021-22959: Fixed multiple HTTP request smuggling issues in the underlying HTTP parser (bsc#1201325, bsc#1201326, bsc#1201327, bsc#1191602, bsc#1191601). - CVE-2022-32212: Fixed a DNS rebinding issue caused by improper IPv4 validation (bsc#1201328). Important SUSE bug 1188917 SUSE bug 1189368 SUSE bug 1191601 SUSE bug 1191602 SUSE bug 1201325 SUSE bug 1201326 SUSE bug 1201327 SUSE bug 1201328 CVE-2021-22930 CVE-2021-22940 CVE-2021-22959 CVE-2021-22960 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 15.4 This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u345 (icedtea-3.24.0) - CVE-2022-21540: Fixed a potential Java sandbox bypass (bsc#1201694). - CVE-2022-21541: Fixed a potential Java sandbox bypass (bsc#1201692). - CVE-2022-34169: Fixed an issue where arbitrary bytecode could be executed via a malicious stylesheet (bsc#1201684). - Non-security fixes: - Allowed for customization of PKCS12 keystores (bsc#1195163). Important SUSE bug 1195163 SUSE bug 1201684 SUSE bug 1201692 SUSE bug 1201694 CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 cpe:/o:opensuse:leap:15.4 Security update for systemd-presets-common-SUSE (Moderate) openSUSE Leap 15.4 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) Moderate SUSE bug 1199524 SUSE bug 1200485 CVE-2022-1706 cpe:/o:opensuse:leap:15.4 Security update for u-boot (Important) openSUSE Leap 15.4 This update for u-boot fixes the following issues: - CVE-2022-33103: Fixed a flaw in the squashfs subsystem that could lead to arbitrary code execution (bsc#1201213). Important SUSE bug 1201213 CVE-2022-33103 cpe:/o:opensuse:leap:15.4 Security update for rubygem-rails-html-sanitizer (Moderate) openSUSE Leap 15.4 This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2022-32209: Fixed a potential content injection under specific configurations (bsc#1201183). Moderate SUSE bug 1201183 CVE-2022-32209 cpe:/o:opensuse:leap:15.4 Security update for perl-HTTP-Daemon (Moderate) openSUSE Leap 15.4 This update for perl-HTTP-Daemon fixes the following issues: - CVE-2022-31081: Fixed request smuggling in HTTP::Daemon (bsc#1201157). Moderate SUSE bug 1201157 CVE-2022-31081 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616). - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154). - CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598) - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bnc#1200015). - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940). The following non-security bugs were fixed: - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes). - FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes). - Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676). - Fixed battery detection problem on macbooks (bnc#1201206). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes). - KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes). - KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes). - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes). - KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (git-fixes). - KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes). - KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes). - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes). - KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes). - Sort in RETbleed backport into the sorted section Now that it is upstream.. - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - amd-xgbe: Update DMA coherency values (git-fixes). - arm64 module: set plt* section addresses to 0x0 (git-fixes) - arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes) - arm64: asm: Add new-style position independent function annotations (git-fixes) - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes) - arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes) - arm64: dts: marvell: espressobin: add ethernet alias (git-fixes) - arm64: dts: mcbin: support 2W SFP modules (git-fixes) - arm64: fix compat syscall return truncation (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64: module: rework special section handling (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: stackleak: fix current_top_of_stack() (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes) - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ax88179_178a: add ethtool_op_get_ts_info() (git-fixes). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes). - block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes). - block: Fix fsync always failed if once failed (git-fixes). - block: Fix wrong offset in bio_truncate() (git-fixes). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: do not delete queue kobject before its children (git-fixes). - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes). - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364). - bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559). - bpf: Add in-kernel split BTF support (jsc#SLE-24559). - bpf: Assign ID to vmlinux BTF and return extra info for BTF in GET_OBJ_INFO (jsc#SLE-24559). - bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559). - bpf: Load and verify kernel module BTFs (jsc#SLE-24559). - bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559). - bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - config: enable DEBUG_INFO_BTF This option allows users to access the btf type information for vmlinux but not kernel modules. - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - cxgb4: Fix the -Wmisleading-indentation warning (git-fixes). - dm btree remove: assign new_root only when removal succeeds (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm integrity: conditionally disable 'recalculate' feature (git-fixes). - dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm integrity: fix the maximum number of arguments (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm persistent data: packed struct should have an aligned() attribute too (git-fixes). - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes). - dm snapshot: fix crash with transient storage and zero chunk size (git-fixes). - dm snapshot: flush merged data before committing metadata (git-fixes). - dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes). - dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm verity: fix FEC for RS roots unaligned to block size (git-fixes). - dm: fix mempool NULL pointer race when completing IO (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix potential silent data corruption (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/net: Fix kABI in tun.c (git-fixes). - drivers: net: fix memory leak in atusb_probe (git-fixes). - drivers: net: fix memory leak in peak_usb_create_dev (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - ftgmac100: Restart MAC HW once (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - hex2bin: make the function hex_to_bin constant-time (git-fixes). - hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364). - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364). - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364). - i2c: Fix a potential use after free (git-fixes). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kabi: create module private struct to hold btf size/data (jsc#SLE-24559). - kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (jsc#SLE-24559). - kbuild: Skip module BTF generation for out-of-tree external modules (jsc#SLE-24559). - kbuild: add marker for build log of *.mod.o (jsc#SLE-24559). - kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild (jsc#SLE-24559). - kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559). - kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559). - kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559). - lib/string.c: implement stpcpy (git-fixes). - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes). - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes). - linux/random.h: Use false with bool (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1178134). - macvlan: remove redundant null check on data (git-fixes). - md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md: Set prev_flush_start and flush_bio in an atomic way (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: rc: increase rc-mm tolerance and add debug message (git-fixes). - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes). - media: rtl28xxu: add missing sleep before probing slave demod (git-fixes). - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes). - media: smipcie: fix interrupt handling and IR timeout (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes). - media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes). - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memregion: Fix memregion_free() fallback definition (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364). - net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364). - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes). - net/sonic: Fix some resource leaks in error handling paths (git-fixes). - net: ag71xx: remove unnecessary MTU reservation (git-fixes). - net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes). - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes). - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes). - net: amd-xgbe: Reset link when the link never comes back (git-fixes). - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes). - net: axienet: Handle deferred probe on clock properly (git-fixes). - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes). - net: dsa: bcm_sf2: put device node before return (git-fixes). - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes). - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes). - net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes). - net: enetc: keep RX ring consumer index in sync with hardware (git-fixes). - net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes). - net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes). - net: hns3: fix error mask definition of flow director (git-fixes). - net: hso: bail out on interrupt URB allocation failure (git-fixes). - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes). - net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes). - net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes). - net: macb: add function to disable all macb clocks (git-fixes). - net: macb: restore cmp registers on resume path (git-fixes). - net: macb: unprepare clocks in case of failure (git-fixes). - net: mscc: Fix OF_MDIO config check (git-fixes). - net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes). - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes). - net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes). - net: stmmac: stop each tx channel independently (git-fixes). - net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes). - net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nvme: consider also host_iface when checking ip options (bsc#1199670). - octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - profiling: fix shift-out-of-bounds bugs (git fixes). - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - random: remove useless header comment (git fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules. - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)). - sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)). - scripts: dummy-tools, add pahole (jsc#SLE-24559). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: ufs: Release clock if DMA map fails (git-fixes). - scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - spi: &lt;linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes). - spi: amd: Limit max transfer and message size (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)). - usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1178134). - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). Important SUSE bug 1178134 SUSE bug 1196616 SUSE bug 1198829 SUSE bug 1199364 SUSE bug 1199647 SUSE bug 1199665 SUSE bug 1199670 SUSE bug 1200015 SUSE bug 1200521 SUSE bug 1200598 SUSE bug 1200644 SUSE bug 1200651 SUSE bug 1200762 SUSE bug 1200910 SUSE bug 1201196 SUSE bug 1201206 SUSE bug 1201251 SUSE bug 1201381 SUSE bug 1201429 SUSE bug 1201442 SUSE bug 1201458 SUSE bug 1201635 SUSE bug 1201636 SUSE bug 1201644 SUSE bug 1201645 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 SUSE bug 1201846 SUSE bug 1201930 SUSE bug 1201940 SUSE bug 1201954 SUSE bug 1201956 SUSE bug 1201958 SUSE bug 1202154 CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2022-1116 CVE-2022-1462 CVE-2022-20166 CVE-2022-21505 CVE-2022-2318 CVE-2022-26365 CVE-2022-2639 CVE-2022-29581 CVE-2022-32250 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-36946 cpe:/o:opensuse:leap:15.4 Security update for cosign (Important) openSUSE Leap 15.4 This update for cosign fixes the following issues: - Updated to 1.10.1 (jsc#SLE-23879): - CVE-2022-35929: Fixed an issue where cosign verify-attestation --type could report false positives when there was at least one attestation with a valid signature and there were no attestations of the type being verified (bsc#1202157). Important SUSE bug 1202157 CVE-2022-35929 cpe:/o:opensuse:leap:15.4 Security update for dpdk (Important) openSUSE Leap 15.4 This update of dpdk fixes the following issue: - Fix to read PCI device name as UTF strings (bsc#1198873) - Allow configuring thread granularity of Kernel NIC Interface (bsc#1195172) - Rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1195172 SUSE bug 1198581 SUSE bug 1198873 cpe:/o:opensuse:leap:15.4 Security update for raptor (Moderate) openSUSE Leap 15.4 This update for raptor fixes the following issues: - CVE-2020-25713: Fixed an out of bounds access triggered via a malformed input file (bsc#1178903). Moderate SUSE bug 1178903 CVE-2020-25713 cpe:/o:opensuse:leap:15.4 Security update for python-lxml (Important) openSUSE Leap 15.4 This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253). Important SUSE bug 1201253 CVE-2022-2309 cpe:/o:opensuse:leap:15.4 Security update for gnutls (Important) openSUSE Leap 15.4 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). Non-security fixes: - FIPS: Check minimum keylength for symmetric key generation [bsc#1190698] - FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698] - FIPS: Provides interface for running library self tests on-demand [bsc#1198979] Important SUSE bug 1190698 SUSE bug 1198979 SUSE bug 1202020 CVE-2022-2509 cpe:/o:opensuse:leap:15.4 Security update for libyang (Important) openSUSE Leap 15.4 This update for libyang fixes the following issues: - CVE-2021-28905: Fixed a reachable assertion which could be exploited by an attacker to cause a denial of service (bsc#1186377). Important SUSE bug 1186377 CVE-2021-28905 cpe:/o:opensuse:leap:15.4 Security update for open-vm-tools (Important) openSUSE Leap 15.4 This update for open-vm-tools fixes the following issues: - Updated to version 12.1.0 (build 20219665) (bsc#1202733): - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657). Important SUSE bug 1202657 SUSE bug 1202733 CVE-2022-31676 cpe:/o:opensuse:leap:15.4 Security update for libslirp (Moderate) openSUSE Leap 15.4 This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365). Non-security fixes: - Fix the version header (bsc#1201551) Moderate SUSE bug 1187365 SUSE bug 1201551 CVE-2021-3593 cpe:/o:opensuse:leap:15.4 Security update for postgresql10 (Important) openSUSE Leap 15.4 This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Important SUSE bug 1202368 CVE-2022-2625 cpe:/o:opensuse:leap:15.4 Security update for zlib (Important) openSUSE Leap 15.4 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). Important SUSE bug 1202175 CVE-2022-37434 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.4 This update for java-1_8_0-ibm fixes the following issues: - Updated to Java 8.0 Service Refresh 7 Fix Pack 11 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). Important SUSE bug 1201684 SUSE bug 1201685 SUSE bug 1201692 SUSE bug 1201694 SUSE bug 1202427 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 cpe:/o:opensuse:leap:15.4 Security update for gstreamer-plugins-good (Important) openSUSE Leap 15.4 This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). Important SUSE bug 1201688 SUSE bug 1201693 SUSE bug 1201702 SUSE bug 1201704 SUSE bug 1201706 SUSE bug 1201707 SUSE bug 1201708 CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 cpe:/o:opensuse:leap:15.4 Security update for ucode-intel (Moderate) openSUSE Leap 15.4 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ Moderate SUSE bug 1201727 CVE-2022-21233 cpe:/o:opensuse:leap:15.4 Security update for postgresql13 (Important) openSUSE Leap 15.4 This update for postgresql13 fixes the following issues: - Update to 13.8: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Important SUSE bug 1198166 SUSE bug 1202368 CVE-2022-2625 cpe:/o:opensuse:leap:15.4 Security update for postgresql12 (Important) openSUSE Leap 15.4 This update for postgresql12 fixes the following issues: - Update to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Important SUSE bug 1198166 SUSE bug 1202368 CVE-2022-2625 cpe:/o:opensuse:leap:15.4 Security update for postgresql14 (Important) openSUSE Leap 15.4 This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). - Upgrade to version 14.4 (bsc#1200437) - Release notes: https://www.postgresql.org/docs/release/14.4/ - Release announcement: https://www.postgresql.org/about/news/p-2470/ - Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437) - Pin to llvm13 until the next patchlevel update (bsc#1198166) Important SUSE bug 1198166 SUSE bug 1200437 SUSE bug 1202368 CVE-2022-2625 cpe:/o:opensuse:leap:15.4 Security update for freerdp (Important) openSUSE Leap 15.4 This update for freerdp fixes the following issues: - Fixed two input validation issues (bsc#1191895): - CVE-2021-41159: Fixed an improper validation of client input for gateway connections. - CVE-2021-41160: Fixed improper region checks that could lead to memory corruption. Important SUSE bug 1191895 CVE-2021-41159 CVE-2021-41160 cpe:/o:opensuse:leap:15.4 Security update for gdk-pixbuf (Moderate) openSUSE Leap 15.4 This update for gdk-pixbuf fixes the following issues: Update to version 2.42.8, including the following: - CVE-2021-46829: Fixed a heap-based buffer overflow when compositing or clearing frames in GIF files (bsc#1201826). Moderate SUSE bug 1201826 CVE-2021-46829 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Moderate) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2022-2719: Fixed a reachable assertion that could lead to denial of service via a crafted file (bsc#1202250). - CVE-2022-28463: Fixed a buffer overflow that could be triggered by a crafted input file (bsc#1199350). Moderate SUSE bug 1199350 SUSE bug 1202250 CVE-2022-2719 CVE-2022-28463 cpe:/o:opensuse:leap:15.4 Security update for curl (Low) openSUSE Leap 15.4 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). Low SUSE bug 1202593 CVE-2022-35252 cpe:/o:opensuse:leap:15.4 Security update for php-composer2 (Important) openSUSE Leap 15.4 This update for php-composer2 fixes the following issues: - CVE-2022-24828: Fixed a code injection issue that affected integrators using specific APIs to read untrusted input files (bsc#1198494). Important SUSE bug 1198494 CVE-2022-24828 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.13.0 ESR (bsc#1202645): - CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling. - CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions. - CVE-2022-38478: Fixed various memory safety issues. Important SUSE bug 1202645 CVE-2022-38472 CVE-2022-38473 CVE-2022-38478 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-openj9 (Important) openSUSE Leap 15.4 This update for java-1_8_0-openj9 fixes the following issues: - Updated to OpenJDK 8u345 build 01 with OpenJ9 0.33.0 virtual machine: - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). - Updated to OpenJDK 8u332 build 09 with OpenJ9 0.32.0 virtual machine: - CVE-2021-41041: Failed an issue that could allow unverified methods to be invoked using MethodHandles (bsc#1198935). - CVE-2022-21426: Fixed a remote partial denial of service issue (component: JAXP) (bsc#1198672). - CVE-2022-21434: Fixed an issue that could allow a remote attacker to update, insert or delete data (component: Libraries) (bsc#1198674). - CVE-2022-21443: Fixed a remote partial denial of service issue (component: Libraries) (bsc#1198675). - CVE-2022-21476: Fixed an issue that could allow unauthorized access to confidential data (component: Libraries) (bsc#1198671). - CVE-2022-21496: Fixed an issue that could allow a remote attacker to update, insert or delete data (component: JNDI) (bsc#1198673). Important SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 SUSE bug 1198935 SUSE bug 1201684 SUSE bug 1201692 SUSE bug 1201694 CVE-2021-41041 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 cpe:/o:opensuse:leap:15.4 Security update for python-Flask-Security-Too (Important) openSUSE Leap 15.4 This update for python-Flask-Security-Too fixes the following issues: - CVE-2021-21241: Fixed an issue where GET requests lacking CSRF protection to certain endpoints could return the user's authentication token (bsc#1181058). Important SUSE bug 1181058 CVE-2021-21241 cpe:/o:opensuse:leap:15.4 Security update for libostree (Important) openSUSE Leap 15.4 This update for libostree fixes the following issues: - CVE-2014-9862: Fixed a memory corruption issue that could be triggered when diffing binary files (bsc#1201770). Important SUSE bug 1201770 CVE-2014-9862 cpe:/o:opensuse:leap:15.4 Security update for openvswitch (Moderate) openSUSE Leap 15.4 This update for openvswitch fixes the following issues: - CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524). Moderate SUSE bug 1188524 CVE-2021-36980 cpe:/o:opensuse:leap:15.4 Security update for openvswitch (Moderate) openSUSE Leap 15.4 This update for openvswitch fixes the following issues: - CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524). Moderate SUSE bug 1188524 CVE-2021-36980 cpe:/o:opensuse:leap:15.4 Security update for python-bottle (Important) openSUSE Leap 15.4 This update for python-bottle fixes the following issues: - CVE-2022-31799: Fixed an error mishandling issue that could lead to remote denial of service (bsc#1200286). Important SUSE bug 1200286 CVE-2022-31799 cpe:/o:opensuse:leap:15.4 Security update for gimp (Moderate) openSUSE Leap 15.4 This update for gimp fixes the following issues: - CVE-2022-32990: Fixed an unhandled exception which may lead to denial of service (bsc#1201192). Moderate SUSE bug 1201192 CVE-2022-32990 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Moderate) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2021-20224: Fixed an integer overflow that could be triggered via a crafted file (bsc#1202800). - CVE-2022-2719: Fixed a reachable assertion that could lead to denial of service via a crafted file (bsc#1202250). Moderate SUSE bug 1202250 SUSE bug 1202800 CVE-2021-20224 CVE-2022-2719 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: - Updated to version 2.36.7 (bsc#1202807): - CVE-2022-32893: Fixed an issue that would be triggered when processing malicious web content and that could lead to arbitrary code execution. - Fixed several crashes and rendering issues. - Updated to version 2.36.6: - Fixed handling of touchpad scrolling on GTK4 builds - Fixed WebKitGTK not allowing to be used from non-main threads (bsc#1202169). - Fixed several crashes and rendering issues Important SUSE bug 1202169 SUSE bug 1202807 CVE-2022-32893 cpe:/o:opensuse:leap:15.4 Security update for icu (Moderate) openSUSE Leap 15.4 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). Moderate SUSE bug 1193951 CVE-2020-21913 cpe:/o:opensuse:leap:15.4 Security update for icu (Moderate) openSUSE Leap 15.4 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). Moderate SUSE bug 1193951 CVE-2020-21913 cpe:/o:opensuse:leap:15.4 Security update for gdk-pixbuf (Important) openSUSE Leap 15.4 This update for gdk-pixbuf fixes the following issues: Update to version 2.42.9: - CVE-2021-44648: Fixed overflow vulnerability in lzw code size (bsc#1194633). Bugfixes: - Fixed loading of larger images (glgo#GNOME/gdk-pixbuf#216). - Avoided bashism in baselibs postscript (bsc#1195391). Important SUSE bug 1194633 SUSE bug 1195391 CVE-2021-44648 cpe:/o:opensuse:leap:15.4 Security update for mariadb (Important) openSUSE Leap 15.4 This update for mariadb fixes the following issues: - Updated to 10.6.9: - CVE-2022-32082: Fixed a reachable assertion that would crash the server (bsc#1201162). - CVE-2022-32089: Fixed a segmentation fault that coudl be triggered via a crafted query (bsc#1201169). - CVE-2022-32081: Fixed a buffer overflow on instant ADD/DROP of generated column (bsc#1201161). - CVE-2022-32091: Fixed a memory corruption issue that could be triggered via a crafted query (bsc#1201170). - CVE-2022-32084: Fixed a segmentation fault on INSERT SELECT queries (bsc#1201164). - Additionaly, the following issues were previously fixed: - CVE-2022-32088: Fixed a server crash when using ORDER BY with window function and UNION(bsc#1201168). - CVE-2022-32087: Fixed a segmentation fault that could be triggered via a crafted query (bsc#1201167). - CVE-2022-32086: Fixed a server crash on INSERT SELECT queries (bsc#1201166). - CVE-2022-32085: Fixed a segmentation fault that could be triggered via a crafted query (bsc#1201165). - CVE-2022-32083: Fixed a segmentation fault that could be triggered via a crafted query (bsc#1201163). Bugfixes: - Update mysql-systemd-helper to be aware of custom group (bsc#1200105). Important SUSE bug 1200105 SUSE bug 1201161 SUSE bug 1201162 SUSE bug 1201163 SUSE bug 1201164 SUSE bug 1201165 SUSE bug 1201166 SUSE bug 1201167 SUSE bug 1201168 SUSE bug 1201169 SUSE bug 1201170 CVE-2022-32081 CVE-2022-32082 CVE-2022-32083 CVE-2022-32084 CVE-2022-32085 CVE-2022-32086 CVE-2022-32087 CVE-2022-32088 CVE-2022-32089 CVE-2022-32091 cpe:/o:opensuse:leap:15.4 Security update for libyajl (Moderate) openSUSE Leap 15.4 This update for libyajl fixes the following issues: - CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405). Moderate SUSE bug 1198405 CVE-2022-24795 cpe:/o:opensuse:leap:15.4 Important security update for SUSE Manager Client Tools (Important) openSUSE Leap 15.4 This update fixes the following issues: ansible: - Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133) * CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) (bsc#1187725) * CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) (bsc#1188061) * ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) (bsc#1176460) - Update to 2.9.22: * CVE-2021-3447 (bsc#1183684) multiple modules expose secured values * CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option * CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values * CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values * CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module dracut-saltboot: - Require e2fsprogs (bsc#1202614) - Update to version 0.1.1657643023.0d694ce * Update dracut-saltboot dependencies (bsc#1200970) * Fix network loading when ipappend is used in pxe config * Add new information messages golang-github-QubitProducts-exporter_exporter: - Remove license file from %doc mgr-daemon: - Version 4.3.5-1 * Update translation strings mgr-virtualization: - Version 4.3.6-1 * Report all VMs in poller, not only running ones (bsc#1199528) prometheus-blackbox_exporter: - Exclude s390 arch python-hwdata: - Declare the LICENSE file as license and not doc spacecmd: - Version 4.3.14-1 * Fix missing argument on system_listmigrationtargets (bsc#1201003) * Show correct help on calling kickstart_importjson with no arguments * Fix tracebacks on spacecmd kickstart_export (bsc#1200591) * Change proxy container config default filename to end with tar.gz * Update translation strings spacewalk-client-tools: - Version 4.3.11-1 * Update translation strings uyuni-common-libs: - Version 4.3.5-1 * Fix reposync issue about 'rpm.hdr' object has no attribute 'get' uyuni-proxy-systemd-services: - Version 4.3.6-1 * Expose port 80 (bsc#1200142) * Use volumes rather than bind mounts * TFTPD to listen on udp port (bsc#1200968) * Add TAG variable in configuration * Fix containers namespaces in configuration zypp-plugin-spacewalk: - 1.0.13 * Log in before listing channels. (bsc#1197963, bsc#1193585) Important SUSE bug 1176460 SUSE bug 1180816 SUSE bug 1180942 SUSE bug 1181119 SUSE bug 1181935 SUSE bug 1183684 SUSE bug 1187725 SUSE bug 1188061 SUSE bug 1193585 SUSE bug 1197963 SUSE bug 1199528 SUSE bug 1200142 SUSE bug 1200591 SUSE bug 1200968 SUSE bug 1200970 SUSE bug 1201003 SUSE bug 1202614 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 CVE-2021-20228 CVE-2021-3447 CVE-2021-3583 CVE-2021-3620 cpe:/o:opensuse:leap:15.4 Security update for yast2-samba-provision (Moderate) openSUSE Leap 15.4 This update for yast2-samba-provision fixes the following issues: Security issue fixed: - CVE-2018-17956: Fixed a credentials leak (bsc#1117597). Non-Security issues fixed: - Stop packaging docdir, it only contained the license which is now in licensedir. (bsc#1184897) - Catch and show internal python exceptions. (bsc#1140548) - Show a dialog with provision details or errors. (bsc#1132676) - Add metainfo (fate#319035) Moderate SUSE bug 1117597 SUSE bug 1132676 SUSE bug 1140548 SUSE bug 1184897 CVE-2018-17956 cpe:/o:opensuse:leap:15.4 Security update for vim (Important) openSUSE Leap 15.4 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0313: - CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902). - CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903). - CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904). - CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249). - CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356). - CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359). - CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363). - CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414). - CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552). - CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270). - CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697). - CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698). - CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700). - CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701). - CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732). - CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132). - CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133). - CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134). - CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135). - CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136). - CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150). - CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151). - CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152). - CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153). - CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154). - CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155). - CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863). - CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046). - CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049). - CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050). - CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051). - CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420). - CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421). - CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511). - CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512). - CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515). - CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599). - CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687). - CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689). - CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862). Bugfixes: - Fixing vim error on startup (bsc#1200884). - Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620). Important SUSE bug 1200270 SUSE bug 1200697 SUSE bug 1200698 SUSE bug 1200700 SUSE bug 1200701 SUSE bug 1200732 SUSE bug 1200884 SUSE bug 1200902 SUSE bug 1200903 SUSE bug 1200904 SUSE bug 1201132 SUSE bug 1201133 SUSE bug 1201134 SUSE bug 1201135 SUSE bug 1201136 SUSE bug 1201150 SUSE bug 1201151 SUSE bug 1201152 SUSE bug 1201153 SUSE bug 1201154 SUSE bug 1201155 SUSE bug 1201249 SUSE bug 1201356 SUSE bug 1201359 SUSE bug 1201363 SUSE bug 1201620 SUSE bug 1201863 SUSE bug 1202046 SUSE bug 1202049 SUSE bug 1202050 SUSE bug 1202051 SUSE bug 1202414 SUSE bug 1202420 SUSE bug 1202421 SUSE bug 1202511 SUSE bug 1202512 SUSE bug 1202515 SUSE bug 1202552 SUSE bug 1202599 SUSE bug 1202687 SUSE bug 1202689 SUSE bug 1202862 CVE-2022-1720 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581 CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923 CVE-2022-2946 CVE-2022-3016 cpe:/o:opensuse:leap:15.4 Security update for keepalived (Important) openSUSE Leap 15.4 This update for keepalived fixes the following issues: - CVE-2021-44225: Fix a potential privilege escalation due to insufficient control in the D-Bus policy (bsc#1193115). Bugfixes: - Set ProtectKernelModules to false in service file (bsc#1202808). Important SUSE bug 1193115 SUSE bug 1202808 CVE-2021-44225 cpe:/o:opensuse:leap:15.4 Security update for samba (Important) openSUSE Leap 15.4 This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976). - CVE-2022-32743: Implement validated dnsHostName write rights (bso#14833)(bsc#1202803). Bugfixes: - Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102). Important SUSE bug 1200102 SUSE bug 1202803 SUSE bug 1202976 CVE-2022-1615 CVE-2022-32743 cpe:/o:opensuse:leap:15.4 Security update for libyang (Important) openSUSE Leap 15.4 This update for libyang fixes the following issues: - CVE-2021-28906: Fixed missing check in read_yin_leaf that can lead to DoS (bsc#1186378) - CVE-2021-28904: Fixed missing check in ext_get_plugin that lead to DoS (bsc#1186376). - CVE-2021-28903: Fixed stack overflow in lyxml_parse_mem (bsc#1186375). - CVE-2021-28902: Fixed missing check in read_yin_container that can lead to DoS (bsc#1186374). Important SUSE bug 1186374 SUSE bug 1186375 SUSE bug 1186376 SUSE bug 1186378 CVE-2021-28902 CVE-2021-28903 CVE-2021-28904 CVE-2021-28906 cpe:/o:opensuse:leap:15.4 Security update for frr (Important) openSUSE Leap 15.4 This update for frr fixes the following issues: - CVE-2022-37032: Fixed out-of-bounds read in the BGP daemon that may lead to information disclosure or denial of service (bsc#1202023). - CVE-2019-25074: Fixed a memory leak in the IS-IS daemon that may lead to server memory exhaustion (bsc#1202022). Important SUSE bug 1202022 SUSE bug 1202023 CVE-2019-25074 CVE-2022-37032 cpe:/o:opensuse:leap:15.4 Security update for bluez (Important) openSUSE Leap 15.4 This update for bluez fixes the following issues: - CVE-2022-0204: Fixed check if the prepare writes would append more than the allowed maximum attribute length (bsc#1194704). Important SUSE bug 1194704 CVE-2022-0204 cpe:/o:opensuse:leap:15.4 Security update for qpdf (Important) openSUSE Leap 15.4 This update for qpdf fixes the following issues: - CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514). Important SUSE bug 1188514 CVE-2021-36978 cpe:/o:opensuse:leap:15.4 Security update for clamav (Important) openSUSE Leap 15.4 This update for clamav fixes the following issues: clamav was updated to 0.103.7 (bsc#1202986) * Upgrade the vendored UnRAR library to version 6.1.7. * Fix logical signature 'Intermediates' feature. * Relax constraints on slightly malformed zip archives that contain overlapping file entries. Important SUSE bug 1202986 cpe:/o:opensuse:leap:15.4 Security update for nodejs16 (Moderate) openSUSE Leap 15.4 This update for nodejs16 fixes the following issues: - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request (bsc#1202382). - CVE-2022-35948: Fixed CRLF injection via Content-Type (bsc#1202383). - CVE-2022-29244: Fixed npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace (bsc#1200517). - CVE-2022-31150: Fixed CRLF injection in node-undici (bsc#1201710). Bugfixes: - Enable crypto-policies for SLE15 SP4+ and TW (bsc#1200303) Moderate SUSE bug 1200303 SUSE bug 1200517 SUSE bug 1201710 SUSE bug 1202382 SUSE bug 1202383 CVE-2022-29244 CVE-2022-31150 CVE-2022-35948 CVE-2022-35949 cpe:/o:opensuse:leap:15.4 Security update for freetype2 (Moderate) openSUSE Leap 15.4 This update for freetype2 fixes the following issues: - CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830). - CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832). - CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823). Non-security fixes: - Updated to version 2.10.4 Moderate SUSE bug 1198823 SUSE bug 1198830 SUSE bug 1198832 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 cpe:/o:opensuse:leap:15.4 Security update for rubygem-kramdown (Important) openSUSE Leap 15.4 This update for rubygem-kramdown fixes the following issues: - CVE-2020-14001: Fixed processing template options inside documents allowing unintended read access or embedded Ruby code execution (bsc#1174297). Important SUSE bug 1174297 CVE-2020-14001 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272). - CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). The following non-security bugs were fixed: - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ARM: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes). - ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes). - ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes). - ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: x86: accept userspace interrupt only if no event is injected (git-fixes). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes). - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: qcom: Fix pipe clock imbalance (git-fixes). - SUNRPC reverting d03727b248d0 ('NFSv4 fix CLOSE not waiting for direct IO compeletion') (git-fixes). - SUNRPC: Clean up scheduling of autoclose (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722). - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720). - blk-iocost: fix weight updates of inner active iocgs (bsc#1202717). - blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722). - blktrace: fix blk_rq_merge documentation (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: m_can: process interrupt only when not runtime suspended (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810). - ceph: do not truncate file in atomic_open (bsc#1202811). - cgroup: Trace event cgroup id fields should be u64 (git-fixes). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes). - coresight: cti: Correct the parameter for pm_runtime_put (git-fixes). - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - ehea: fix error return code in ehea_restart_qps() (git-fixes). - enetc: Fix endianness issues for enetc_qos (git-fixes). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - fuse: Remove the control interface for virtio-fs (bsc#1203137). - fuse: ioctl: translate ENOSYS (bsc#1203136). - fuse: limit nsec (bsc#1203135). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - ice: report supported and advertised autoneg using PHY capabilities (git-fixes). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: ssif: initialize ssif_info->client early (git-fixes). - ixgbevf: add correct exception tracing for XDP (git-fixes). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - kabi/severities: add stmmac driver local sumbols - kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kfifo: fix kfifo_to_user() return type (git-fixes). - kfifo: fix ternary sign extension bugs (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - net/mlx5e: Check for needed capability for cvlan matching (git-fixes). - net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes). - net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes). - net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: mt7530: fix VLAN traffic leaks (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: enetc: unmap DMA in enetc_send_cmd() (git-fixes). - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes). - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes). - net: ethernet: ezchip: fix error handling (git-fixes). - net: ethernet: ezchip: remove redundant check (git-fixes). - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes). - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes). - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes). - net: fec_ptp: add clock rate zero check (git-fixes). - net: ftgmac100: Fix crash when removing driver (git-fixes). - net: hdlc_x25: Return meaningful error code in x25_open (git-fixes). - net: hns: Fix kernel-doc (git-fixes). - net: lantiq: fix memory corruption in RX ring (git-fixes). - net: lapbether: Prevent racing when checking whether the netif is running (git-fixes). - net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes). - net: netcp: Fix an error message (git-fixes). - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmicro: handle clk_prepare() failure during init (git-fixes). - net: stmmac: Modify configuration method of EEE timers (git-fixes). - net: stmmac: Use resolved link config in mac_link_up() (git-fixes). - net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes). - net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - nfsd: fix use-after-free due to delegation race (git-fixes). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - ocfs2: drop acl cache for directories too (bsc#1191667). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). - octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes). - perf bench: Share some global variables to fix build with gcc 10 (git-fixes). - pinctrl/rockchip: fix gpio device creation (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: Staticify functions without prototypes (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: define get_cycles macro for arch-override (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - profiling: fix shift too large makes kernel panic (git-fixes). - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: fix 2KB pgtable release race (git-fixes). - s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - selftests: futex: Use variable MAKE instead of make (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes). - silence nfscache allocation warnings with kvzalloc (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - tee: optee: Fix incorrect page free bug (git-fixes). - thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes). - usb: dwc3: ep0: Fix delay status handling (git-fixes). - usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes). - usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes). - usb: dwc3: gadget: Remove unnecessary checks (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Store resource index of start cmd (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings. - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - xfs: Fix assert failure in xfs_setattr_size() (git-fixes). - xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: mark a data structure sick if there are cross-referencing errors (git-fixes). - xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes). Important SUSE bug 1023051 SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1179722 SUSE bug 1179723 SUSE bug 1181862 SUSE bug 1191662 SUSE bug 1191667 SUSE bug 1191881 SUSE bug 1192594 SUSE bug 1192968 SUSE bug 1194272 SUSE bug 1194535 SUSE bug 1197158 SUSE bug 1197755 SUSE bug 1197756 SUSE bug 1197757 SUSE bug 1197760 SUSE bug 1197763 SUSE bug 1197920 SUSE bug 1198971 SUSE bug 1199291 SUSE bug 1200431 SUSE bug 1200845 SUSE bug 1200868 SUSE bug 1200869 SUSE bug 1200870 SUSE bug 1200871 SUSE bug 1200872 SUSE bug 1200873 SUSE bug 1201019 SUSE bug 1201420 SUSE bug 1201610 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201948 SUSE bug 1202096 SUSE bug 1202097 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202393 SUSE bug 1202396 SUSE bug 1202447 SUSE bug 1202564 SUSE bug 1202577 SUSE bug 1202636 SUSE bug 1202672 SUSE bug 1202701 SUSE bug 1202708 SUSE bug 1202709 SUSE bug 1202710 SUSE bug 1202711 SUSE bug 1202712 SUSE bug 1202713 SUSE bug 1202714 SUSE bug 1202715 SUSE bug 1202716 SUSE bug 1202717 SUSE bug 1202718 SUSE bug 1202720 SUSE bug 1202722 SUSE bug 1202745 SUSE bug 1202756 SUSE bug 1202810 SUSE bug 1202811 SUSE bug 1202860 SUSE bug 1202895 SUSE bug 1202898 SUSE bug 1203063 SUSE bug 1203098 SUSE bug 1203107 SUSE bug 1203116 SUSE bug 1203117 SUSE bug 1203135 SUSE bug 1203136 SUSE bug 1203137 CVE-2016-3695 CVE-2020-27784 CVE-2021-4155 CVE-2021-4203 CVE-2022-20368 CVE-2022-20369 CVE-2022-2588 CVE-2022-26373 CVE-2022-2663 CVE-2022-2905 CVE-2022-2977 CVE-2022-3028 CVE-2022-36879 CVE-2022-39188 CVE-2022-39190 cpe:/o:opensuse:leap:15.4 Security update for perl (Moderate) openSUSE Leap 15.4 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). Moderate SUSE bug 1047178 CVE-2017-6512 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Updated to Mozilla Thunderbird 102.2.2: - CVE-2022-3033: Fixed leaking of sensitive information when composing a response to an HTML email with a META refresh tag (bsc#1203007). - CVE-2022-3032: Fixed missing blocking of remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute (bsc#1203007). - CVE-2022-3034: Fixed issue where iframe element in an HTML email could trigger a network request (bsc#1203007). - CVE-2022-36059: Fixed DoS in Matrix SDK bundled with Thunderbird service attack (bsc#1203007). - CVE-2022-38472: Fixed Address bar spoofing via XSLT error handling (bsc#1202645). - CVE-2022-38473: Fixed cross-origin XSLT Documents inheriting the parent's permissions (bsc#1202645). - CVE-2022-38476: Fixed data race and potential use-after-free in PK11_ChangePW (bsc#1202645). - CVE-2022-38477: Fixed memory safety bugs (bsc#1202645). - CVE-2022-38478: Fixed memory safety bugs (bsc#1202645). - CVE-2022-36319: Fixed mouse position spoofing with CSS transforms (bsc#1201758). - CVE-2022-36318: Fixed directory indexes for bundled resources reflected URL parameters (bsc#1201758). - CVE-2022-36314: Fixed unexpected network loads when opening local .lnk files (bsc#1201758). - CVE-2022-2505: Fixed memory safety bugs (bsc#1201758). - CVE-2022-34479: Fixed vulnerability which could overlay the address bar with web content (bsc#1200793). - CVE-2022-34470: Fixed use-after-free in nsSHistory (bsc#1200793). - CVE-2022-34468: Fixed CSP sandbox header without `allow-scripts` bypass via retargeted javascript (bsc#1200793). - CVE-2022-2226: Fixed emails with a mismatching OpenPGP signature date incorrectly accepted as valid (bsc#1200793). - CVE-2022-34481: Fixed integer overflow in ReplaceElementsAt (bsc#1200793). - CVE-2022-31744: Fixed CSP bypass enabling stylesheet injection (bsc#1200793). - CVE-2022-34472: Fixed unavailable PAC file resulting in OCSP requests being blocked (bsc#1200793). - CVE-2022-34478: Fixed Microsoft protocols attacks if a user accepts a prompt (bsc#1200793). - CVE-2022-2200: Fixed vulnerability where undesired attributes could be set as part of prototype pollution (bsc#1200793). - CVE-2022-34484: Fixed memory safety bugs (bsc#1200793). Important SUSE bug 1200793 SUSE bug 1201758 SUSE bug 1202645 SUSE bug 1203007 CVE-2022-2200 CVE-2022-2226 CVE-2022-2505 CVE-2022-3032 CVE-2022-3033 CVE-2022-3034 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 CVE-2022-36059 CVE-2022-36314 CVE-2022-36318 CVE-2022-36319 CVE-2022-38472 CVE-2022-38473 CVE-2022-38476 CVE-2022-38477 CVE-2022-38478 cpe:/o:opensuse:leap:15.4 Security update for libgit2 (Important) openSUSE Leap 15.4 This update for libgit2 fixes the following issues: - CVE-2022-24765: Fixed potential command injection via git worktree (bsc#1198234). - CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431). Important SUSE bug 1198234 SUSE bug 1201431 CVE-2022-24765 CVE-2022-29187 cpe:/o:opensuse:leap:15.4 Security update for 389-ds (Moderate) openSUSE Leap 15.4 This update for 389-ds fixes the following issues: - CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470). Non-security fixes: - Update to version 2.0.16~git20.219f047ae: * Fix missing 'not' in description * CI - makes replication/acceptance_test.py::test_modify_entry more robust * fix repl keep alive event interval * Sync_repl may crash while managing invalid cookie * Hostname when set to localhost causing failures in other tests * lib389 - do not set backend name to lowercase * keep alive update event starts too soon * Fix various memory leaks * UI - LDAP Editor is not updated when we switch instances * Supplier should do periodic updates - Update sudoers schema to support UTF-8 (bsc#1197998) - Update to version 2.0.16~git9.e2a858a86: * UI - Various fixes and RFE's for UI * Remove problematic language from source code * CI - disable TLS hostname checking * Update npm and cargo packages * Support ECDSA private keys for TLS Moderate SUSE bug 1197998 SUSE bug 1202470 CVE-2022-2850 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bnc#1203041). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681). - CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bnc#1202623). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bnc#1202558). - CVE-2022-28693: Fixed x86/speculation behavior by disabling RRSBA (bsc#1201455). - CVE-2022-28356: Fixed a refcount leak bug that was found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors that may have allowed information disclosure via local access (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-2585: Fixed missing cleanup of CPU timers before freeing them during exec (bsc#1202094). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-1184: Fixed an use-after-free flaw in fs/ext4/namei.c:dx_insert_block() in the filesystem sub-component (bnc#1198577). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1199515). - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). The following non-security bugs were fixed: - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes). - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: VIOT: Fix ACS setup (git-fixes). - ACPI: processor/idle: Annotate more functions to live in cpuidle section (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: thermal: drop an always true check (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544). - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Add endianness annotations (git-fixes). - ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes). - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ALSA: usb-audio: Support jack detection on Dell dock (git-fixes). - ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes). - ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes). - ARM: OMAP2+: display: Fix refcount leak bug (git-fixes). - ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes). - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes). - ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes). - ARM: dts: ast2500-evb: fix board compatible (git-fixes). - ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes). - ARM: dts: ast2600-evb: fix board compatible (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: do not keep ldo2 enabled all the time (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (git-fixes). - ARM: dts: at91: sama5d2_icp: do not keep vdd_other enabled all the time (git-fixes). - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes). - ARM: dts: imx6ul: add missing properties for sram (git-fixes). - ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes). - ARM: dts: imx6ul: fix csi node compatible (git-fixes). - ARM: dts: imx6ul: fix keypad compatible (git-fixes). - ARM: dts: imx6ul: fix lcdif node compatible (git-fixes). - ARM: dts: imx6ul: fix qspi node compatible (git-fixes). - ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes). - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes). - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes). - ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes). - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes). - ARM: findbit: fix overflowing offset (git-fixes). - ARM: shmobile: rcar-gen2: Increase refcount for new reference (git-fixes). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (git-fixes). - ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes). - ASoC: fsl_asrc: force cast the asrc_format type (git-fixes). - ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes). - ASoC: imx-audmux: Silence a clang warning (git-fixes). - ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes). - ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes). - ASoC: mchp-spdifrx: disable end of block interrupt on failures (git-fixes). - ASoC: mt6359: Fix refcount leak bug (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (git-fixes). - ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes). - ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (git-fixes). - ASoC: samsung: change neo1973_audio from a global to static (git-fixes). - ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2770: Fix handling of mute/unmute (git-fixes). - ASoC: tas2770: Set correct FSYNC polarity (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (git-fixes). - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes). - Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes). - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - Documentation: ACPI: EINJ: Fix obsolete example (git-fixes). - Documentation: PM: Drop pme_interrupt reference (git-fixes). - Documentation: dm writecache: Render status list as list (git-fixes). - Documentation: fix sctp_wmem in ip-sysctl.rst (git-fixes). - Documentation: siphash: Fix typo in the name of offsetofend macro (git-fixes). - EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768). - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes). - HID: add Lenovo Yoga C630 battery quirk (git-fixes). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: amd_sfh: Add NULL check for hid device (git-fixes). - HID: amd_sfh: Handle condition of 'no sensors' (git-fixes). - HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - HID: hid-input: add Surface Go battery quirk (git-fixes). - HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes). - HID: multitouch: new device class fix Lenovo X12 trackpad sticky (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fies). - HID: thrustmaster: Add sparco wheel and fix array length (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - Input: exc3000 - fix return value check of wait_for_completion_timeout (git-fixes). - Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes). - Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - add additional TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - merge quirk tables (git-fies). - Input: i8042 - move __initconst to fix code styling warning (git-fies). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes). - KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes). - KVM: MMU: shadow nested paging does not have PKU (git-fixes). - KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init (bsc#1194869). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations (bsc#1194869). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1194869). - KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt (bsc#1194869). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0 (git-fixes). - KVM: SVM: Do not intercept #GP for SEV guests (git-fixes). - KVM: SVM: Unwind 'speculative' RIP advancement if INTn injection 'fails' (git-fixes). - KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes). - KVM: VMX: Print VM-instruction error as unsigned (git-fixes). - KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled (git-fixes). - KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes). - KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes). - KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (git-fixes). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required (git-fixes). - KVM: nVMX: do not use vcpu->arch.efer when checking host state on nested state load (git-fixes). - KVM: x86/mmu: Do not freak out if pml5_root is NULL on 4-level host (git-fixes). - KVM: x86/mmu: Move 'invalid' check out of kvm_tdp_mmu_get_root() (git-fixes). - KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU (git-fixes). - KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes). - KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes). - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (git-fixes). - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (git-fixes). - KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: SVM: do not passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() (git-fixes). - KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes). - KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes). - KVM: x86: revalidate steal time cache if MSR value changes (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (git-fixes). - NFSD: Fix ia_size underflow (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI/AER: Iterate over error counters instead of error strings (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: endpoint: Do not stop controller when unbinding endpoint function (git-fixes). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes). - PM: hibernate: defer device probing when resuming from hibernation (git-fixes). - Revert 'clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops' (git-fixes). - Revert 'drivers/video/backlight/platform_lcd.c: add support for device tree based probe' (git-fixes). - Revert 'drm/i915: Hold reference to intel_context over life of i915_request' (git-fixes). - Revert 'drm/udl: Kill pending URBs at suspend and disconnect' (bsc#1195917). - Revert 'ipv6: Honor all IPv6 PIO Valid Lifetime values' (bsc#1202989). - Revert 'net: usb: ax88179_178a needs FLAG_SEND_ZLP' (git-fixes). - Revert 'scripts/mod/modpost.c: permit '.cranges' secton for sh64 architecture.' (git-fixes). - Revert 'usb: gadget: udc-xilinx: replace memcpy with memcpy_toio' (git-fixes). - Revert 'x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV' (bsc#1190497). - SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now useless comments (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: serial: ch314: use usb_control_msg_recv() (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - apparmor: Fix failed mount permission check error message (git-fixes). - apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes). - apparmor: fix aa_label_asxprint return check (git-fixes). - apparmor: fix absroot causing audited secids to begin with = (git-fixes). - apparmor: fix overlapping attachment computation (git-fixes). - apparmor: fix quiet_denied for file rules (git-fixes). - apparmor: fix reference count leak in aa_pivotroot() (git-fixes). - apparmor: fix setting unconfined mode on a loaded profile (git-fixes). - arm64: Do not forget syscall when starting a new thread (git-fixes). - arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes). - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes). - arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes). - arm64: dts: mt8192: Fix idle-states entry-method (git-fixes). - arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes). - arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes). - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (git-fixes). - arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes). - arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes). - arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (git-fixes). - arm64: dts: renesas: beacon: Fix regulator node names (git-fixes). - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes). - arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes). - arm64: fix rodata=full (git-fixes). - arm64: kasan: Revert 'arm64: mte: reset the page tag in page->flags' (git-fixes). - arm64: set UXN on swapper page tables (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes). - arm64: tegra: Fixup SYSRAM references (git-fixes). - arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ath11k: Fix incorrect debug_mask mappings (git-fixes). - ath11k: fix netdev open race (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). - ax25: Fix ax25 session cleanup problems (git-fixes). - block: Fix fsync always failed if once failed (bsc#1202779). - block: Fix wrong offset in bio_truncate() (bsc#1202780). - block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781). - block: only mark bio as tracked if it really is tracked (bsc#1202782). - bnx2x: Invalidate fastpath HSI version for VFs (git-fixes). - bnx2x: Utilize firmware 7.13.21.0 (git-fixes). - btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (git-fixes). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: mcp251x: Fix race condition on receive interrupt (git-fixes). - can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes). - can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (git-fixes). - can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202823). - ceph: do not truncate file in atomic_open (bsc#1202824). - ceph: use correct index when encoding client supported features (bsc#1202822). - cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: mediatek: reset: Fix written reset bit offset (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (git-fixes). - clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (git-fixes). - clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (git-fixes). - clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (git-fixes). - clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (git-fixes). - clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (git-fixes). - clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (git-fixes). - clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes). - cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes). - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes). - crypto: ccp - During shutdown, check SEV data pointer before using (git-fixes). - crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (git-fixes). - crypto: hisilicon - Kunpeng916 crypto driver do not sleep when in softirq (git-fixes). - crypto: hisilicon/hpre - do not use GFP_KERNEL to alloc mem during softirq (git-fixes). - crypto: hisilicon/sec - do not sleep when in softirq (git-fixes). - crypto: hisilicon/sec - fix auth key size error (git-fixes). - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes). - crypto: sun8i-ss - do not allocate memory when handling hash requests (git-fixes). - crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes). - crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes). - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes). - dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes). - dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (git-fixes). - dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (git-fixes). - dmaengine: sf-pdma: Add multithread support for a DMA channel (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler() (git-fixes). - docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes). - docs: zh_CN: fix a broken reference (git-fixes). - dpaa2-eth: fix ethtool statistics (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/iio: Remove all strcpy() uses (git-fixes). - drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes). - drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes). - drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes). - drm/amd/display: Avoid MPC infinite loop (git-fixes). - drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes). - drm/amd/display: Fix pixel clock programming (git-fixes). - drm/amd/display: Fix surface optimization regression on Carrizo (git-fixes). - drm/amd/display: For stereo keep 'FLIP_ANY_FRAME' (git-fixes). - drm/amd/display: Reset DMCUB before HW init (git-fixes). - drm/amd/display: Revert 'drm/amd/display: turn DPMS off on connector unplug' (git-fixes). - drm/amd/display: avoid doing vm_init multiple time (git-fixes). - drm/amd/display: clear optc underflow before turn off odm clock (git-fixes). - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes). - drm/amdgpu: Remove one duplicated ef removal (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes). - drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/display: avoid warnings when registering dual panel backlight (git-fixes). - drm/i915/gt: Skip TLB invalidations once wedged (git-fixes). - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - drm/i915: fix null pointer dereference (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: Allow commands to be sent during video mode (git-fixes). - drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes). - drm/mediatek: Modify dsi funcs to atomic operations (git-fixes). - drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/dpu: Fix for non-visible planes (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes). - drm/msm: Fix dirtyfb refcounting (git-fixes). - drm/nouveau/acpi: Do not print error when we get -EINPROGRESS from pm_runtime (git-fixes). - drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes). - drm/nouveau: Do not pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/nouveau: recognise GA103 (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/shmem-helper: Add missing vunmap on error (git-fixes). - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes). - drm/udl: Add parameter to set number of URBs (bsc#1195917). - drm/udl: Add reset_resume (bsc#1195917) - drm/udl: Do not re-initialize stuff at retrying the URB list allocation (bsc#1195917). - drm/udl: Drop unneeded alignment (bsc#1195917). - drm/udl: Enable damage clipping (bsc#1195917). - drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list() (bsc#1195917). - drm/udl: Fix potential URB leaks (bsc#1195917). - drm/udl: Increase the default URB list size to 20 (bsc#1195917). - drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917). - drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917). - drm/udl: Replace semaphore with a simple wait queue (bsc#1195917). - drm/udl: Restore display mode on resume (bsc#1195917) - drm/udl: Suppress error print for -EPROTO at URB completion (bsc#1195917). - drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917). - drm/udl: Sync pending URBs at the end of suspend (bsc#1195917). - drm/vc4: change vc4_dma_range_matches from a global to static (git-fixes). - drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes). - drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Disable audio if dmas property is present but empty (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes). - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes). - dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes). - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes). - dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (git-fixes). - dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes). - dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes). - dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (git-fixes). - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (git-fies). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fast commit may miss tracking unwritten range during ftruncate (bsc#1202759). - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1202771). - ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling in ext4_fc_record_modified_inode() (bsc#1202767). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix fallocate to use file_modified to update permissions consistently (bsc#1202769). - ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE (bsc#1202757). - ext4: fix fs corruption when tring to remove a non-empty directory with IO error (bsc#1202768). - ext4: fix incorrect type issue during replay_del_range (bsc#1202867). - ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits' (bsc#1202764). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix super block checksum incorrect after mount (bsc#1202773). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: initialize err_blk before calling __ext4_get_inode_loc (bsc#1202763). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: make sure to reset inode lockdep class when quota enabling fails (bsc#1202761). - ext4: mark group as trimmed only if it was fully scanned (bsc#1202770). - ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766). - ext4: prevent used blocks from being allocated during fast commit replay (bsc#1202765). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - ext4: use ext4_ext_remove_space() for fast commit replay delete range (bsc#1202758). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies). - filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1202774). - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (git-fixes). - firmware: tegra: Fix error check return value of debugfs_create_file() (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fix race between exit_itimers() and /proc/pid/timers (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - ftrace/x86: Add back ftrace_expected assignment (git-fixes). - fuse: ioctl: translate ENOSYS (bsc#1203139). - fuse: limit nsec (bsc#1203138). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - grub: Fix symbol `grub_disk_get_size' not found (bsc#1201361 bsc#1192968). - habanalabs/gaudi: fix shift out of bounds (git-fixes). - habanalabs/gaudi: mask constant value before cast (git-fixes). - hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (git-fixes). - hwmon: (drivetemp) Add module alias (git-fixes). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - hwmon: (sht15) Fix wrong assumptions in device remove callback (git-fixes). - i2c: Fix a potential use after free (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - i2c: mxs: Silence a clang warning (git-fixes). - i2c: npcm: Capitalize the one-line comment (git-fixes). - i2c: npcm: Correct slave role behavior (git-fixes). - i2c: npcm: Remove own slave addresses 2:10 (git-fixes). - ice: fix 'scheduling while atomic' on aux critical err interrupt (git-fixes). - ieee80211: add EHT 1K aggregation definitions (bsc#1202131). - ieee80211: change HE nominal packet padding value defines (bsc#1202131). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: bma400: Fix the scale min and max macro values (git-fixes). - iio: accel: bma400: Reordering of header files (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3300: Fix alignment for DMA safety (git-fixes). - iio: ad7292: Prevent regulator double disable (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7292: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7923: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: max1241: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: common: ssp: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5766: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes). - iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - interconnect: imx: fix max_node_id (git-fixes). - io_uring: add a schedule point in io_add_buffers() (git-fixes). - io_uring: terminate manual loop iterator loop correctly for non-vecs (git-fixes). - iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes). - iommu/amd: Enable swiotlb in all cases (git-fixes). - iommu/amd: Fix I/O page table memory leak (git-fixes). - iommu/amd: Recover from event log overflow (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes). - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/dart: Add missing module owner to ops structure (git-fixes). - iommu/dart: check return value after calling platform_get_resource() (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes). - iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes). - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (git-fixes). - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find (git-fixes). - iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Drop stop marker messages (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301). - iommu/vt-d: Refactor iommu information of each domain (bsc#1200301). - iommu/vt-d: Remove global g_iommus array (bsc#1200301). - iommu/vt-d: Remove intel_iommu::domains (bsc#1200301). - iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301). - iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - iommu: Fix potential use-after-free during probe (git-fixes). - ipmi: fix initialization when workqueue allocation fails (git-fixes). - irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes). - iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131). - iwlwifi: Add support for getting rf id with blank otp (bsc#1202131). - iwlwifi: Add support for more BZ HWs (bsc#1202131). - iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131). - iwlwifi: BZ Family SW reset support (bsc#1202131). - iwlwifi: Configure FW debug preset via module param (bsc#1202131). - iwlwifi: Fix FW name for gl (bsc#1202131). - iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131). - iwlwifi: Fix syntax errors in comments (bsc#1202131). - iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131). - iwlwifi: Read the correct addresses when getting the crf id (bsc#1202131). - iwlwifi: Start scratch debug register for Bz family (bsc#1202131). - iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131). - iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131). - iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131). - iwlwifi: add new Qu-Hr device (bsc#1202131). - iwlwifi: add new ax1650 killer device (bsc#1202131). - iwlwifi: add new device id 7F70 (bsc#1202131). - iwlwifi: add new pci SoF with JF (bsc#1202131). - iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131). - iwlwifi: add support for BNJ HW (bsc#1202131). - iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131). - iwlwifi: add support for Bz-Z HW (bsc#1202131). - iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131). - iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131). - iwlwifi: allow rate-limited error messages (bsc#1202131). - iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131). - iwlwifi: api: remove ttl field from TX command (bsc#1202131). - iwlwifi: api: remove unused RX status bits (bsc#1202131). - iwlwifi: avoid variable shadowing (bsc#1202131). - iwlwifi: avoid void pointer arithmetic (bsc#1202131). - iwlwifi: bump FW API to 67 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 68 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 69 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 70 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 71 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 72 for AX devices (bsc#1202131). - iwlwifi: cfg: add support for 1K BA queue (bsc#1202131). - iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131). - iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131). - iwlwifi: dbg: check trigger data before access (bsc#1202131). - iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131). - iwlwifi: dbg: in sync mode do not call schedule (bsc#1202131). - iwlwifi: dbg: treat dbgc allocation failure when tlv is missing (bsc#1202131). - iwlwifi: dbg: treat non active regions as unsupported regions (bsc#1202131). - iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write (bsc#1202131). - iwlwifi: de-const properly where needed (bsc#1202131). - iwlwifi: debugfs: remove useless double condition (bsc#1202131). - iwlwifi: do not dump_stack() when we get an unexpected interrupt (bsc#1202131). - iwlwifi: do not use __unused as variable name (bsc#1202131). - iwlwifi: drv: load tlv debug data earlier (bsc#1202131). - iwlwifi: dump CSR scratch from outer function (bsc#1202131). - iwlwifi: dump RCM error tables (bsc#1202131). - iwlwifi: dump both TCM error tables if present (bsc#1202131). - iwlwifi: dump host monitor data when NIC does not init (bsc#1202131). - iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi: eeprom: clean up macros (bsc#1202131). - iwlwifi: fix LED dependencies (bsc#1202131). - iwlwifi: fix debug TLV parsing (bsc#1202131). - iwlwifi: fix fw/img.c license statement (bsc#1202131). - iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131). - iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131). - iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131). - iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131). - iwlwifi: fw: add support for splitting region type bits (bsc#1202131). - iwlwifi: fw: api: add link to PHY context command struct v1 (bsc#1202131). - iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131). - iwlwifi: fw: fix some scan kernel-doc (bsc#1202131). - iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131). - iwlwifi: fw: make dump_start callback void (bsc#1202131). - iwlwifi: fw: remove dead error log code (bsc#1202131). - iwlwifi: implement reset flow for Bz devices (bsc#1202131). - iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131). - iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131). - iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131). - iwlwifi: make some functions friendly to sparse (bsc#1202131). - iwlwifi: move symbols into a separate namespace (bsc#1202131). - iwlwifi: mvm/api: define system control command (bsc#1202131). - iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131). - iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131). - iwlwifi: mvm: Add support for a new version of scan request command (bsc#1202131). - iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131). - iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131). - iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131). - iwlwifi: mvm: Do not fail if PPAG isn't supported (bsc#1202131). - iwlwifi: mvm: Fix wrong documentation for scan request command (bsc#1202131). - iwlwifi: mvm: Passively scan non PSC channels only when requested so (bsc#1202131). - iwlwifi: mvm: Read acpi dsm to get channel activation bitmap (bsc#1202131). - iwlwifi: mvm: Remove antenna c references (bsc#1202131). - iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions (bsc#1202131). - iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and RX_NO_DATA_NOTIF (bsc#1202131). - iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131). - iwlwifi: mvm: Support new version of ranging response notification (bsc#1202131). - iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131). - iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131). - iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131). - iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed (bsc#1202131). - iwlwifi: mvm: add a flag to reduce power command (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131). - iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131). - iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131). - iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131). - iwlwifi: mvm: add some missing command strings (bsc#1202131). - iwlwifi: mvm: add support for 160Mhz in ranging measurements (bsc#1202131). - iwlwifi: mvm: add support for CT-KILL notification version 2 (bsc#1202131). - iwlwifi: mvm: add support for IMR based on platform (bsc#1202131). - iwlwifi: mvm: add support for OCE scan (bsc#1202131). - iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131). - iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131). - iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting (bsc#1202131). - iwlwifi: mvm: always remove the session protection after association (bsc#1202131). - iwlwifi: mvm: always store the PPAG table as the latest version (bsc#1202131). - iwlwifi: mvm: always use 4K RB size by default (bsc#1202131). - iwlwifi: mvm: change old-SN drop threshold (bsc#1202131). - iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif() (bsc#1202131). - iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131). - iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131). - iwlwifi: mvm: correctly set channel flags (bsc#1202131). - iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131). - iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131). - iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131). - iwlwifi: mvm: d3: use internal data representation (bsc#1202131). - iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131). - iwlwifi: mvm: do not get address of mvm->fwrt just to dereference as a pointer (bsc#1202131). - iwlwifi: mvm: do not send BAID removal to the FW during hw_restart (bsc#1202131). - iwlwifi: mvm: do not trust hardware queue number (bsc#1202131). - iwlwifi: mvm: drop too short packets silently (bsc#1202131). - iwlwifi: mvm: extend session protection on association (bsc#1202131). - iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc() (bsc#1202131). - iwlwifi: mvm: fix a stray tab (bsc#1202131). - iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1202131). - iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131). - iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131). - iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs() (bsc#1202131). - iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131). - iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131). - iwlwifi: mvm: improve log when processing CSA (bsc#1202131). - iwlwifi: mvm: isolate offload assist (checksum) calculation (bsc#1202131). - iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131). - iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131). - iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131). - iwlwifi: mvm: optionally suppress assert log (bsc#1202131). - iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131). - iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW (bsc#1202131). - iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131). - iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131). - iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD (bsc#1202131). - iwlwifi: mvm: remove card state notification code (bsc#1202131). - iwlwifi: mvm: remove cipher scheme support (bsc#1202131). - iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211() (bsc#1202131). - iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131). - iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131). - iwlwifi: mvm: remove session protection on disassoc (bsc#1202131). - iwlwifi: mvm: remove session protection upon station removal (bsc#1202131). - iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131). - iwlwifi: mvm: rfi: update rfi table (bsc#1202131). - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (bsc#1202131). - iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131). - iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS (bsc#1202131). - iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131). - iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions (bsc#1202131). - iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131). - iwlwifi: mvm: support RLC configuration command (bsc#1202131). - iwlwifi: mvm: support new BAID allocation command (bsc#1202131). - iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131). - iwlwifi: mvm: support v3 of station HE context command (bsc#1202131). - iwlwifi: mvm: update BAID allocation command again (bsc#1202131). - iwlwifi: mvm: update RFI TLV (bsc#1202131). - iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131). - iwlwifi: mvm: update rate scale in moving back to assoc state (bsc#1202131). - iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131). - iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131). - iwlwifi: nvm: Correct HE capability (bsc#1202131). - iwlwifi: parse debug exclude data from firmware file (bsc#1202131). - iwlwifi: parse error tables from debug TLVs (bsc#1202131). - iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131). - iwlwifi: pcie: add jacket bit to device configuration parsing (bsc#1202131). - iwlwifi: pcie: add support for MS devices (bsc#1202131). - iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131). - iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131). - iwlwifi: pcie: fix constant-conversion warning (bsc#1202131). - iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131). - iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131). - iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow (bsc#1202131). - iwlwifi: pcie: refactor dev_info lookup (bsc#1202131). - iwlwifi: pcie: remove duplicate entry (bsc#1202131). - iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131). - iwlwifi: pcie: retake ownership after reset (bsc#1202131). - iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131). - iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131). - iwlwifi: pcie: try to grab NIC access early (bsc#1202131). - iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131). - iwlwifi: pnvm: print out the version properly (bsc#1202131). - iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131). - iwlwifi: propagate (const) type qualifier (bsc#1202131). - iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131). - iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131). - iwlwifi: remove command ID argument from queue allocation (bsc#1202131). - iwlwifi: remove contact information (bsc#1202131). - iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131). - iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131). - iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131). - iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131). - iwlwifi: remove unused macros (bsc#1202131). - iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF (bsc#1202131). - iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1202131). - iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131). - iwlwifi: scan: Modify return value of a function (bsc#1202131). - iwlwifi: support 4-bits in MAC step value (bsc#1202131). - iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131). - iwlwifi: support new queue allocation command (bsc#1202131). - iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131). - iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC configuration (bsc#1202131). - iwlwifi: use 4k queue size for Bz A-step (bsc#1202131). - iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131). - iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131). - iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131). - iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131). - iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131). - iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131). - iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131). - iwlwifi: yoyo: fw debug config from context info and preset (bsc#1202131). - iwlwifi: yoyo: send hcmd to fw after dump collection completes (bsc#1202131). - iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131). - iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131). - iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131). - iwlwifi: yoyo: support for ROM usniffer (bsc#1202131). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410). - kabi/severities: add Qlogic qed symbols - kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471 - kabi/severities: add hisilicon hns3 symbols - kabi/severities: add microchip dsa drivers - kabi/severities: ignore kABI changes in mwifiex drivers Those symbols are used only locally in mwifiex (sub-)modules. - kabi/severities: octeontx2 driver (jsc#SLE-24682) - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kbuild: fix the modules order between drivers and libs (git-fixes). - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (git-fixes). - kcm: fix strp_init() order and cleanup (git-fies). - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals. - kfifo: fix kfifo_to_user() return type (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - lib/smp_processor_id: fix imbalanced instrumentation_end() call (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1190497). - locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes). - loop: Check for overflow while configuring loop (git-fies). - mac80211: fix a memory leak where sta_info is not freed (git-fixes). - mac80211: introduce channel switch disconnect function (bsc#1202131). - marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md/raid1: fix missing bitmap update w/o WriteMostly devices (bsc#1203036). - media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (git-fixes). - media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (git-fixes). - media: cedrus: h265: Fix flag name (git-fixes). - media: cedrus: hevc: Add check for invalid timestamp (git-fixes). - media: driver/nxp/imx-jpeg: fix a unexpected return value problem (git-fixes). - media: hantro: postproc: Fix motion vector space size (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: hevc: Embedded indexes in RPS (git-fixes). - media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes). - media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes). - media: pvrusb2: fix memory leak in pvr_probe (git-fixes). - media: tw686x: Fix memory leak in tw686x_video_init (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (git-fixes). - mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes). kABI: Fix kABI after 'mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse' (git-fixes). - mm/rmap: Fix anon_vma-degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mmc: block: Add single read for 4k sector cards (git-fixes). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes). - mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (git-fixes). - mmc: mxcmmc: Silence a clang warning (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mmc: tmio: avoid glitches when resetting (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes). - mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes). - mtd: dataflash: Add SPI ID table (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes). - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - musb: fix USB_MUSB_TUSB6010 dependency (git-fixes). - mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes). - n_gsm: remove unused parameters from gsm_error() (git-fixes). - net: asix: fix 'can't send until first packet is send' issue (git-fixes). - net: bcmgenet: Use stronger register read/writes to assure ordering (git-fixes). - net: dsa: b53: Add SPI ID table (git-fixes). - net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (git-fixes). - net: dsa: felix: purge skb from TX timestamping queue if it cannot be sent (git-fies). - net: dsa: hellcreek: Add STP forwarding rule (git-fixes). - net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes). - net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports (git-fixes). - net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes). - net: dsa: microchip: implement multi-bridge support (git-fixes). - net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family (git-fixes). - net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() (git-fixes). - net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes). - net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X (git-fixes). - net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family (git-fixes). - net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed (git-fixes). - net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver (git-fixes). - net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() (git-fixes). - net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes). - net: dsa: mv88e6xxx: error handling for serdes_power functions (git-fixes). - net: dsa: mv88e6xxx: fix 'do not use PHY_DETECT on internal PHY's' (git-fixes). - net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes). - net: dsa: qca8k: fix MTU calculation (git-fixes). - net: dsa: seville: register the mdiobus under devres (git-fixes). - net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib (git-fies). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: hns3: clean residual vf config after disable sriov (git-fixes). - net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (git-fixes). - net: marvell: prestera: fix incorrect structure access (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: create a function that replaces an existing VCAP filter (git-fixes). - net: mscc: ocelot: do not dereference NULL pointers with shared tc filters (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mscc: ocelot: fix incorrect balancing with down LAG ports (git-fixes). - net: mscc: ocelot: set up traps for PTP packets (git-fixes). - net: openvswitch: do not send internal clone attribute to the userspace (git-fixes). - net: openvswitch: fix leak of nested actions (git-fixes). - net: openvswitch: fix misuse of the cached connection on tuple changes (git-fixes). - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes). - net: phy: Do not WARN for PHY_READY state in mdio_bus_phy_resume() (git-fixes). - net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes). - net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode (git-fixes). - net: ptp: add a definition for the UDP port for IEEE 1588 general messages (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmmac: clean up impossible condition (git-fixes). - net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1194904). - net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904). - net: stmmac: fix off-by-one error in sanity check (git-fixes). - net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: make USB_RTL8153_ECM non user configurable (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - nmi: Extend NMI watchdog's timer during LPM (bsc#1202872 ltc#197920). - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bnc#1189999 (Scheduler functional and performance backports)). - nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113). - nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - nvmet: Expose max queues to configfs (bsc#1201865). - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778). - ocfs2: fix a deadlock when commit trans (bsc#1202776). - octeontx2-af: Add KPU changes to parse NGIO as separate layer (jsc#SLE-24682). - octeontx2-af: Add PTP device id for CN10K and 95O silcons (jsc#SLE-24682). - octeontx2-af: Add SDP interface support (jsc#SLE-24682). - octeontx2-af: Add debug messages for failures (jsc#SLE-24682). - octeontx2-af: Add external ptp input clock (jsc#SLE-24682). - octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682). - octeontx2-af: Add mbox to retrieve bandwidth profile free count (jsc#SLE-24682). - octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682). - octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682). - octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682). - octeontx2-af: Allow to configure flow tag LSB byte as RSS adder (jsc#SLE-24682). - octeontx2-af: Change the order of queue work and interrupt disable (jsc#SLE-24682). - octeontx2-af: Do not enable Pause frames by default (jsc#SLE-24682). - octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682). - octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682). - octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682). - octeontx2-af: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-af: Fix interrupt name strings (jsc#SLE-24682). - octeontx2-af: Fix spelling mistake 'Makesure' -> 'Make sure' (jsc#SLE-24682). - octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682). - octeontx2-af: Flow control resource management (jsc#SLE-24682). - octeontx2-af: Handle return value in block reset (jsc#SLE-24682). - octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682). - octeontx2-af: Increase link credit restore polling timeout (jsc#SLE-24682). - octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682). - octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682). - octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682). - octeontx2-af: Modify install flow error codes (jsc#SLE-24682). - octeontx2-af: Optimize KPU1 processing for variable-length headers (jsc#SLE-24682). - octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682). - octeontx2-af: Priority flow control configuration support (jsc#SLE-24682). - octeontx2-af: Remove channel verification while installing MCAM rules (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable blkaddr (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable pin (jsc#SLE-24682). - octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682). - octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682). - octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc (jsc#SLE-24682). - octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682). - octeontx2-af: Use ptp input clock info from firmware data (jsc#SLE-24682). - octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682). - octeontx2-af: add proper return codes for AF mailbox handlers (jsc#SLE-24682). - octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682). - octeontx2-af: cn10K: support for sched lmtst and other features (jsc#SLE-24682). - octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682). - octeontx2-af: cn10k: RPM hardware timestamp configuration (jsc#SLE-24682). - octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682). - octeontx2-af: cn10k: Use appropriate register for LMAC enable (jsc#SLE-24682). - octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682). - octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682). - octeontx2-af: configure npc for cn10k to allow packets from cpt (jsc#SLE-24682). - octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682). - octeontx2-af: debugfs: Minor changes (jsc#SLE-24682). - octeontx2-af: debugfs: do not corrupt user memory (jsc#SLE-24682). - octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682). - octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682). - octeontx2-af: fix array bound error (jsc#SLE-24682). - octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682). - octeontx2-af: initialize action variable (jsc#SLE-24682). - octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682). - octeontx2-af: remove redudant second error check on variable err (jsc#SLE-24682). - octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682). - octeontx2-af: verify CQ context updates (jsc#SLE-24682). - octeontx2-nic: fix mixed module build (jsc#SLE-24682). - octeontx2-nicvf: Add PTP hardware clock support to NIX VF (jsc#SLE-24682). - octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682). - octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682). - octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682). - octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682). - octeontx2-pf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682). - octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682). - octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682). - octeontx2-pf: Do not mask out supported link modes (jsc#SLE-24682). - octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682). - octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682). - octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682). - octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (jsc#SLE-24682). - octeontx2-pf: Simplify the receive buffer size calculation (jsc#SLE-24682). - octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682). - octeontx2-pf: Unify flow management variables (jsc#SLE-24682). - octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682). - octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682). - octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682). - octeontx2-pf: cn10k: Ensure valid pointers are freed to aura (jsc#SLE-24682). - octeontx2-pf: cn10k: add support for new ptp timestamp format (jsc#SLE-24682). - octeontx2-pf: devlink params support to set mcam entry count (jsc#SLE-24682). - octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (jsc#SLE-24682). - octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682). - octeontx2-vf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2: Move devlink registration to be last devlink command (jsc#SLE-24682). - openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes). - openvswitch: Fixed nd target mask field in the flow dump (git-fixes). - pci: Add support for ACPI RST reset method (jsc#SLE-19359 jsc#SLE-24572). - perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes). - phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (git-fixes). - phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes). - pinctrl: amd: Do not save/restore interrupt status and wake status bits (git-fixes). - pinctrl: intel: Check against matching data instead of ACPI companion (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: qcom: sm8250: Fix PDC map (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - platform/chrome: cros_ec: Always expose last resume result (git-fixes). - platform/chrome: cros_ec_proto: do not show MKBP version if unsupported (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (git-fixes). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - proc: fix a dentry lock race between release_task and lookup (git-fixes). - proc: fix dentry/inode overinstantiating under /proc/${pid}/net (git-fixes). - profiling: fix shift too large makes kernel panic (git-fixes). - pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes). - pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data() (git-fixes). - pwm: lpc18xx: Fix period handling (git-fixes). - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes). - r8152: fix the RX FIFO settings when suspending (git-fixes). - r8152: fix the units of some registers for RTL8156A (git-fixes). - random: remove useless header comment (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - regulator: pca9450: Remove restrictions for regulator-name (git-fixes). - regulator: qcom_smd: Fix pm8916_pldo range (git-fixes). - remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (git-fixes). - remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (git-fixes). - remoteproc: qcom: pas: Check if coredump is enabled (git-fixes). - remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes). - rose: check NULL rose_loopback_neigh->loopback (git-fixes). - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+. - rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious. - rpm/kernel-source.spec.in: simplify finding of broken symlinks 'find -xtype l' will report them, so use that to make the search a bit faster (without using shell). - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes). - rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes). - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes). - s390/cpumf: Handle events cycles and instructions identical (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add() (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322). - s390/stp: clock_delta should be signed (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler functional and performance backports)). - sched/core: Do not requeue task on CPU excluded from cpus_mask (bnc#1199356). - sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes) - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999 (Scheduler functional and performance backports)). - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git fixes (sched/fair)). - sched/fair: Remove redundant word ' *' (bnc#1189999 (Scheduler functional and performance backports)). - sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes) - sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes) - sched: Allow newidle balancing to bail out of load_balance (bnc#1189999 (Scheduler functional and performance backports)). - sched: Fix the check of nr_running at queue wakelist (bnc#1189999 (Scheduler functional and performance backports)). - sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bnc#1189999 (Scheduler functional and performance backports)). Refresh - sched: Remove unused function group_first_cpu() (bnc#1189999). - scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes). - scsi: hisi_sas: Keep controller active between ISR of phyup and the event being processed (bsc#1202471). - scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471). - scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization (bsc#1198410). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (git-fixes). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: ufs: core: Fix another task management completion race (git-fixes). - scsi: ufs: core: Fix task management completion timeout race (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - selftests/seccomp: Fix compile warning when CC=clang (git-fixes). - selftests: kvm: set rax before vmcall (git-fixes). - selftests: timers: clocksource-switch: fix passing errors from child (git-fixes). - selftests: timers: valid-adjtimex: build fix for newer toolchains (git-fixes). - selinux: Add boundary check in put_entry() (git-fixes). - selinux: access superblock_security_struct in LSM blob way (git-fixes). - selinux: check return value of sel_make_avc_files (git-fixes). - selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes). - selinux: fix double free of cond_list on error paths (git-fixes). - selinux: fix memleak in security_read_state_kernel() (git-fixes). - selinux: fix misuse of mutex_is_locked() (git-fixes). - selinux: use correct type for context length (git-fixes). - serial: 8250: Add proper clock handling for OxSemi PCIe devices (git-fixes). - serial: 8250: Export ICR access helpers for internal use (git-fixes). - serial: 8250: Fold EndRun device support into OxSemi Tornado code (git-fixes). - serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: 8250_fsl: Do not report FE, PE and OE twice (git-fixes). - serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes). - serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: fsl: select FSL_GUTS driver for DPIO (git-fixes). - soc: imx: gpcv2: Assert reset before ungating clock (git-fixes). - soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes). - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (git-fixes). - soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes). - soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - soundwire: qcom: Check device status before reading devid (git-fixes). - soundwire: qcom: fix device status array range (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: Fix simplification of devm_spi_register_controller (git-fixes). - spi: dt-bindings: cadence: add missing 'required' (git-fixes). - spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes). - spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (git-fixes). - spi: spi-altera-dfl: Fix an error handling path (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - supported.conf: added drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp and changed all octeontx2 modules as supported (jsc#SLE-24682) - supported.conf: mark lib/objagg supported as dependency of mlxsw - supported.conf: mark mlxsw modules supported (jsc#SLE-23766) - thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1201308). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (git-fixes). - trace/osnoise: Add migrate-disabled field to the osnoise header (git-fixes). - trace/timerlat: Add migrate-disabled field to the timerlat header (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tracing: Fix sleeping while atomic in kdb ftdump (git-fixes). - tracing: Have filter accept 'common_cpu' to be consistent (git-fixes). - tracing: Use a struct alignof to determine trace event field alignment (git-fixes). - tty: 8250: Add support for Brainboxes PX cards (git-fixes). - tty: n_gsm: Modify CR,PF bit printk info when config requester (git-fixes). - tty: n_gsm: Modify cr bit value when config requester (git-fixes). - tty: n_gsm: Modify gsmtty driver register method when config requester (git-fixes). - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (git-fixes). - tty: n_gsm: avoid call of sleeping functions from atomic context (git-fixes). - tty: n_gsm: clean up dead code in gsm_queue() (git-fixes). - tty: n_gsm: clean up implicit CR bit encoding in address field (git-fixes). - tty: n_gsm: clean up indenting in gsm_queue() (git-fixes). - tty: n_gsm: fix DM command (git-fixes). - tty: n_gsm: fix broken virtual tty handling (git-fixes). - tty: n_gsm: fix deadlock and link starvation in outgoing data path (git-fixes). - tty: n_gsm: fix flow control handling in tx path (git-fixes). - tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes). - tty: n_gsm: fix missing mux reset on config change at responder (git-fixes). - tty: n_gsm: fix missing timer to handle stalled links (git-fixes). - tty: n_gsm: fix non flow control frames during mux flow off (git-fixes). - tty: n_gsm: fix packet re-transmission without open control channel (git-fixes). - tty: n_gsm: fix race condition in gsmld_write() (git-fixes). - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (git-fixes). - tty: n_gsm: fix tty registration before control channel open (git-fixes). - tty: n_gsm: fix user open not possible at responder until initiator open (git-fixes). - tty: n_gsm: fix wrong T1 retry count handling (git-fixes). - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (git-fixes). - tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes). - tty: n_gsm: replace kicktimer with delayed_work (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: fsl_lpuart: correct the count of break characters (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - udf: Fix crash after seekdir (bsc#1194592). - udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes). - usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (git-fixes). - usb: cdns3 fix use-after-free at workaround 2 (git-fixes). - usb: cdns3: Do not use priv_dev uninitialized in cdns3_gadget_ep_enable() (git-fixes). - usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes). - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (git-fixes). - usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes). - usb: cdns3: fix random warning message when driver load (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (git-fixes). - usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes). - usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (git-fixes). - usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (git-fixes). - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes). - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (git-fixes). - usb: dwc3: gadget: fix high speed multiplier setting (git-fixes). - usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes). - usb: dwc3: qcom: Add helper functions to enable,disable wake irqs (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings (git-fixes). - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes). - usb: gadget: f_uac2: fix superspeed transfer (git-fixes). - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: smsc95xx: Avoid link settings race on interrupt reception (git-fixes). - usbnet: smsc95xx: Do not clear read-only PHY interrupt (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes). - venus: pm_helpers: Fix warning in OPP during probe (git-fixes). - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - vfio: Clear the caps->buf to NULL after free (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vrf: do not run conntrack on vrf with !dflt qdisc (git-fixes). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (git-fixes). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211: limit A-MSDU subframes for client too (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (git-fies). - wifi: rtw88: check the return value of alloc_workqueue() (git-fixes). - wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131). - x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (bsc#1190497). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497). - x86/sev: Define the Linux-specific guest termination reasons (bsc#1190497). - x86/sev: Save the negotiated GHCB version (bsc#1190497). - xen/gntdev: fix unmap notification order (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). - xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes). - xfs: fix soft lockup via spinning in filestream ag selection loop (git-fixes). - xfs: fix use-after-free in xattr node block inactivation (git-fixes). - xfs: fold perag loop iteration logic into helper function (git-fixes). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: only bother with sync_filesystem during readonly remount (git-fixes). - xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: remove incorrect ASSERT in xfs_rename (git-fixes). - xfs: rename the next_agno perag iteration variable (git-fixes). - xfs: reorder iunlink remove operation in xfs_ifree (git-fixes). - xfs: revert 'xfs: actually bump warning counts when we send warnings' (git-fixes). - xfs: terminate perag iteration reliably on agcount (git-fixes). - xfs: use invalidate_lock to check the state of mmap_lock (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xfs: use setattr_copy to set vfs inode attributes (git-fixes). Important SUSE bug 1023051 SUSE bug 1032323 SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1189999 SUSE bug 1190497 SUSE bug 1192968 SUSE bug 1194592 SUSE bug 1194869 SUSE bug 1194904 SUSE bug 1195480 SUSE bug 1195917 SUSE bug 1196616 SUSE bug 1197158 SUSE bug 1197391 SUSE bug 1197755 SUSE bug 1197756 SUSE bug 1197757 SUSE bug 1197763 SUSE bug 1198410 SUSE bug 1198577 SUSE bug 1198702 SUSE bug 1198971 SUSE bug 1199356 SUSE bug 1199515 SUSE bug 1200301 SUSE bug 1200313 SUSE bug 1200431 SUSE bug 1200544 SUSE bug 1200845 SUSE bug 1200868 SUSE bug 1200869 SUSE bug 1200870 SUSE bug 1200871 SUSE bug 1200872 SUSE bug 1200873 SUSE bug 1201019 SUSE bug 1201308 SUSE bug 1201361 SUSE bug 1201442 SUSE bug 1201455 SUSE bug 1201489 SUSE bug 1201610 SUSE bug 1201726 SUSE bug 1201768 SUSE bug 1201865 SUSE bug 1201940 SUSE bug 1201948 SUSE bug 1201956 SUSE bug 1202094 SUSE bug 1202096 SUSE bug 1202097 SUSE bug 1202113 SUSE bug 1202131 SUSE bug 1202154 SUSE bug 1202262 SUSE bug 1202265 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202385 SUSE bug 1202393 SUSE bug 1202447 SUSE bug 1202471 SUSE bug 1202558 SUSE bug 1202564 SUSE bug 1202623 SUSE bug 1202636 SUSE bug 1202672 SUSE bug 1202681 SUSE bug 1202710 SUSE bug 1202711 SUSE bug 1202712 SUSE bug 1202713 SUSE bug 1202715 SUSE bug 1202716 SUSE bug 1202757 SUSE bug 1202758 SUSE bug 1202759 SUSE bug 1202761 SUSE bug 1202762 SUSE bug 1202763 SUSE bug 1202764 SUSE bug 1202765 SUSE bug 1202766 SUSE bug 1202767 SUSE bug 1202768 SUSE bug 1202769 SUSE bug 1202770 SUSE bug 1202771 SUSE bug 1202773 SUSE bug 1202774 SUSE bug 1202775 SUSE bug 1202776 SUSE bug 1202778 SUSE bug 1202779 SUSE bug 1202780 SUSE bug 1202781 SUSE bug 1202782 SUSE bug 1202783 SUSE bug 1202822 SUSE bug 1202823 SUSE bug 1202824 SUSE bug 1202860 SUSE bug 1202867 SUSE bug 1202872 SUSE bug 1202898 SUSE bug 1202989 SUSE bug 1203036 SUSE bug 1203041 SUSE bug 1203063 SUSE bug 1203098 SUSE bug 1203107 SUSE bug 1203117 SUSE bug 1203138 SUSE bug 1203139 SUSE bug 1203159 CVE-2016-3695 CVE-2020-36516 CVE-2021-33135 CVE-2021-4037 CVE-2022-1184 CVE-2022-20368 CVE-2022-20369 CVE-2022-2585 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-28356 CVE-2022-28693 CVE-2022-2873 CVE-2022-2905 CVE-2022-2938 CVE-2022-2959 CVE-2022-2977 CVE-2022-3028 CVE-2022-3078 CVE-2022-36879 CVE-2022-36946 CVE-2022-39188 CVE-2022-39190 cpe:/o:opensuse:leap:15.4 Security update for ruby2.5 (Moderate) openSUSE Leap 15.4 This update for ruby2.5 fixes the following issues: - CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse (bsc#1193081). Moderate SUSE bug 1193081 CVE-2021-41819 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bnc#1203041). - CVE-2022-28356: Fixed a refcount leak bug that was found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bnc#1202623). - CVE-2022-28693: Fixed x86/speculation behavior by disabling RRSBA (bsc#1201455). - CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1199515). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681 bnc#1202685). - CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940 bnc#1201941 bnc#1202312 bnc#1202874). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bnc#1202558). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2022-32250: Fixed a privilege escalation issue in net/netfilter/nf_tables_api.c that allowed a local user to became root (bnc#1200015). The following non-security bugs were fixed: - 9p: Fix refcounting during full path walks for fid lookups (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes). - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes). - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: VIOT: Fix ACS setup (git-fixes). - ACPI: processor/idle: Annotate more functions to live in cpuidle section (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: thermal: drop an always true check (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544). - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Add endianness annotations (git-fixes). - ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes). - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ALSA: usb-audio: Support jack detection on Dell dock (git-fixes). - ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes). - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes). - ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes). - ARM: OMAP2+: display: Fix refcount leak bug (git-fixes). - ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes). - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes). - ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes). - ARM: dts: ast2500-evb: fix board compatible (git-fixes). - ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes). - ARM: dts: ast2600-evb: fix board compatible (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: do not keep ldo2 enabled all the time (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (git-fixes). - ARM: dts: at91: sama5d2_icp: do not keep vdd_other enabled all the time (git-fixes). - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes). - ARM: dts: imx6ul: add missing properties for sram (git-fixes). - ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes). - ARM: dts: imx6ul: fix csi node compatible (git-fixes). - ARM: dts: imx6ul: fix keypad compatible (git-fixes). - ARM: dts: imx6ul: fix lcdif node compatible (git-fixes). - ARM: dts: imx6ul: fix qspi node compatible (git-fixes). - ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes). - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes). - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes). - ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes). - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes). - ARM: findbit: fix overflowing offset (git-fixes). - ARM: shmobile: rcar-gen2: Increase refcount for new reference (git-fixes). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (git-fixes). - ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes). - ASoC: fsl_asrc: force cast the asrc_format type (git-fixes). - ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes). - ASoC: imx-audmux: Silence a clang warning (git-fixes). - ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes). - ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes). - ASoC: mchp-spdifrx: disable end of block interrupt on failures (git-fixes). - ASoC: mt6359: Fix refcount leak bug (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (git-fixes). - ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes). - ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (git-fixes). - ASoC: samsung: change neo1973_audio from a global to static (git-fixes). - ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2770: Fix handling of mute/unmute (git-fixes). - ASoC: tas2770: Set correct FSYNC polarity (git-fixes). - Bluetooth: Add bt_skb_sendmmsg helper (git-fixes). - Bluetooth: Add bt_skb_sendmsg helper (git-fixes). - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes). - Bluetooth: Fix passing NULL to PTR_ERR (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes). - Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes). - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (git-fixes). - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes). - Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes). - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768). - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes). - HID: add Lenovo Yoga C630 battery quirk (git-fixes). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: amd_sfh: Add NULL check for hid device (git-fixes). - HID: amd_sfh: Handle condition of 'no sensors' (git-fixes). - HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - HID: hid-input: add Surface Go battery quirk (git-fixes). - HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes). - HID: multitouch: new device class fix Lenovo X12 trackpad sticky (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fies). - HID: thrustmaster: Add sparco wheel and fix array length (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - Input: exc3000 - fix return value check of wait_for_completion_timeout (git-fixes). - Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes). - Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - add additional TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - merge quirk tables (git-fies). - Input: i8042 - move __initconst to fix code styling warning (git-fies). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes). - KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes). - KVM: MMU: shadow nested paging does not have PKU (git-fixes). - KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init (bsc#1194869). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations (bsc#1194869). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1194869). - KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt (bsc#1194869). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0 (git-fixes). - KVM: SVM: Do not intercept #GP for SEV guests (git-fixes). - KVM: SVM: Unwind 'speculative' RIP advancement if INTn injection 'fails' (git-fixes). - KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes). - KVM: VMX: Print VM-instruction error as unsigned (git-fixes). - KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled (git-fixes). - KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes). - KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes). - KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: nVMX: Defer APICv updates while L2 is active until L1 is active (git-fixes). - KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (git-fixes). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required (git-fixes). - KVM: nVMX: do not use vcpu->arch.efer when checking host state on nested state load (git-fixes). - KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes). - KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes). - KVM: x86/mmu: Do not freak out if pml5_root is NULL on 4-level host (git-fixes). - KVM: x86/mmu: Move 'invalid' check out of kvm_tdp_mmu_get_root() (git-fixes). - KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU (git-fixes). - KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes). - KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes). - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (git-fixes). - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (git-fixes). - KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: SVM: do not passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() (git-fixes). - KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes). - KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes). - KVM: x86: revalidate steal time cache if MSR value changes (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (git-fixes). - NFSD: Fix ia_size underflow (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI/AER: Iterate over error counters instead of error strings (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: endpoint: Do not stop controller when unbinding endpoint function (git-fixes). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes). - PM: hibernate: defer device probing when resuming from hibernation (git-fixes). - SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now useless comments (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: serial: ch314: use usb_control_msg_recv() (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - XArray: Update the LRU list in xas_split() (git-fixes). - apparmor: Fix failed mount permission check error message (git-fixes). - apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes). - apparmor: fix aa_label_asxprint return check (git-fixes). - apparmor: fix absroot causing audited secids to begin with = (git-fixes). - apparmor: fix overlapping attachment computation (git-fixes). - apparmor: fix quiet_denied for file rules (git-fixes). - apparmor: fix reference count leak in aa_pivotroot() (git-fixes). - apparmor: fix setting unconfined mode on a loaded profile (git-fixes). - arm64: Do not forget syscall when starting a new thread (git-fixes). - arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes). - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes). - arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes). - arm64: dts: mt8192: Fix idle-states entry-method (git-fixes). - arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes). - arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes). - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (git-fixes). - arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes). - arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes). - arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (git-fixes). - arm64: dts: renesas: beacon: Fix regulator node names (git-fixes). - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes). - arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes). - arm64: fix rodata=full (git-fixes). - arm64: kasan: Revert 'arm64: mte: reset the page tag in page->flags' (git-fixes). - arm64: set UXN on swapper page tables (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes). - arm64: tegra: Fixup SYSRAM references (git-fixes). - arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes). - arm64: tegra: Update Tegra234 BPMP channel addresses (git-fixes). - arm_pmu: Validate single/group leader events (git-fixes). - asm-generic: remove a broken and needless ifdef conditional (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ath11k: Fix incorrect debug_mask mappings (git-fixes). - ath11k: fix netdev open race (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). - ax25: Fix ax25 session cleanup problems (git-fixes). - bitfield.h: Fix 'type of reg too small for mask' test (git-fixes). - block: Fix fsync always failed if once failed (bsc#1202779). - block: Fix wrong offset in bio_truncate() (bsc#1202780). - block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781). - block: only mark bio as tracked if it really is tracked (bsc#1202782). - bnx2x: Invalidate fastpath HSI version for VFs (git-fixes). - bnx2x: Utilize firmware 7.13.21.0 (git-fixes). - btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (git-fixes). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: mcp251x: Fix race condition on receive interrupt (git-fixes). - can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes). - can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (git-fixes). - can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202823). - ceph: do not truncate file in atomic_open (bsc#1202824). - ceph: use correct index when encoding client supported features (bsc#1202822). - cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - cifs: fix reconnect on smb3 mount types (bsc#1201427). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: mediatek: reset: Fix written reset bit offset (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (git-fixes). - clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (git-fixes). - clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (git-fixes). - clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (git-fixes). - clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (git-fixes). - clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (git-fixes). - clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (git-fixes). - clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes). - configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes). - cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes). - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes). - crypto: ccp - During shutdown, check SEV data pointer before using (git-fixes). - crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (git-fixes). - crypto: hisilicon - Kunpeng916 crypto driver do not sleep when in softirq (git-fixes). - crypto: hisilicon/hpre - do not use GFP_KERNEL to alloc mem during softirq (git-fixes). - crypto: hisilicon/sec - do not sleep when in softirq (git-fixes). - crypto: hisilicon/sec - fix auth key size error (git-fixes). - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes). - crypto: sun8i-ss - do not allocate memory when handling hash requests (git-fixes). - crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes). - crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes). - device property: Check fwnode->secondary when finding properties (git-fixes). - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes). - dma-debug: make things less spammy under memory pressure (git-fixes). - dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes). - dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes). - dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (git-fixes). - dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (git-fixes). - dmaengine: sf-pdma: Add multithread support for a DMA channel (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler() (git-fixes). - docs/kernel-parameters: Update descriptions for 'mitigations=' param with retbleed (git-fixes). - docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes). - docs: zh_CN: fix a broken reference (git-fixes). - dpaa2-eth: fix ethtool statistics (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/iio: Remove all strcpy() uses (git-fixes). - drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes). - drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes). - drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes). - drm/amd/display: Avoid MPC infinite loop (git-fixes). - drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes). - drm/amd/display: Fix pixel clock programming (git-fixes). - drm/amd/display: Fix surface optimization regression on Carrizo (git-fixes). - drm/amd/display: For stereo keep 'FLIP_ANY_FRAME' (git-fixes). - drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes). - drm/amd/display: Optimize bandwidth on following fast update (git-fixes). - drm/amd/display: Reset DMCUB before HW init (git-fixes). - drm/amd/display: Revert 'drm/amd/display: turn DPMS off on connector unplug' (git-fixes). - drm/amd/display: avoid doing vm_init multiple time (git-fixes). - drm/amd/display: clear optc underflow before turn off odm clock (git-fixes). - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes). - drm/amdgpu: Remove one duplicated ef removal (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes). - drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/display: avoid warnings when registering dual panel backlight (git-fixes). - drm/i915/gt: Skip TLB invalidations once wedged (git-fixes). - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - drm/i915: fix null pointer dereference (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: Allow commands to be sent during video mode (git-fixes). - drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes). - drm/mediatek: Modify dsi funcs to atomic operations (git-fixes). - drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (git-fixes). - drm/msm/dpu: Fix for non-visible planes (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes). - drm/msm: Fix dirtyfb refcounting (git-fixes). - drm/nouveau/acpi: Do not print error when we get -EINPROGRESS from pm_runtime (git-fixes). - drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes). - drm/nouveau: Do not pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/nouveau: recognise GA103 (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/shmem-helper: Add missing vunmap on error (git-fixes). - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes). - drm/udl: Add parameter to set number of URBs (bsc#1195917). - drm/udl: Add reset_resume (bsc#1195917) - drm/udl: Do not re-initialize stuff at retrying the URB list allocation (bsc#1195917). - drm/udl: Drop unneeded alignment (bsc#1195917). - drm/udl: Enable damage clipping (bsc#1195917). - drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list() (bsc#1195917). - drm/udl: Fix potential URB leaks (bsc#1195917). - drm/udl: Increase the default URB list size to 20 (bsc#1195917). - drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917). - drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917). - drm/udl: Replace semaphore with a simple wait queue (bsc#1195917). - drm/udl: Restore display mode on resume (bsc#1195917) - drm/udl: Suppress error print for -EPROTO at URB completion (bsc#1195917). - drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917). - drm/udl: Sync pending URBs at the end of suspend (bsc#1195917). - drm/vc4: change vc4_dma_range_matches from a global to static (git-fixes). - drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes). - drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Disable audio if dmas property is present but empty (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes). - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes). - dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes). - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes). - dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (git-fixes). - dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes). - dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes). - dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (git-fixes). - eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (git-fixes). - erofs: fix deadlock when shrink erofs slab (git-fixes). - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (git-fies). - exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725). - exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725). - exfat: Drop superfluous new line for error messages (bsc#1201725). - exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix referencing wrong parent directory information after renaming (git-fixes). - exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes). - exfat: use updated exfat_chain directly during renaming (git-fixes). - export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fast commit may miss tracking unwritten range during ftruncate (bsc#1202759). - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1202771). - ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling in ext4_fc_record_modified_inode() (bsc#1202767). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix fallocate to use file_modified to update permissions consistently (bsc#1202769). - ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE (bsc#1202757). - ext4: fix fs corruption when tring to remove a non-empty directory with IO error (bsc#1202768). - ext4: fix incorrect type issue during replay_del_range (bsc#1202867). - ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits' (bsc#1202764). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix super block checksum incorrect after mount (bsc#1202773). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: initialize err_blk before calling __ext4_get_inode_loc (bsc#1202763). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: make sure to reset inode lockdep class when quota enabling fails (bsc#1202761). - ext4: mark group as trimmed only if it was fully scanned (bsc#1202770). - ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766). - ext4: prevent used blocks from being allocated during fast commit replay (bsc#1202765). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - ext4: use ext4_ext_remove_space() for fast commit replay delete range (bsc#1202758). - fat: add ratelimit to fat*_ent_bread() (git-fixes). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies). - filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1202774). - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (git-fixes). - firmware: tegra: Fix error check return value of debugfs_create_file() (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fix race between exit_itimers() and /proc/pid/timers (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - ftrace/x86: Add back ftrace_expected assignment (git-fixes). - fuse: ioctl: translate ENOSYS (bsc#1203139). - fuse: limit nsec (bsc#1203138). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - habanalabs/gaudi: fix shift out of bounds (git-fixes). - habanalabs/gaudi: mask constant value before cast (git-fixes). - hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (git-fixes). - hwmon: (drivetemp) Add module alias (git-fixes). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - hwmon: (sht15) Fix wrong assumptions in device remove callback (git-fixes). - i2c: Fix a potential use after free (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - i2c: mxs: Silence a clang warning (git-fixes). - i2c: npcm: Capitalize the one-line comment (git-fixes). - i2c: npcm: Correct slave role behavior (git-fixes). - i2c: npcm: Remove own slave addresses 2:10 (git-fixes). - ice: fix 'scheduling while atomic' on aux critical err interrupt (git-fixes). - ieee80211: add EHT 1K aggregation definitions (bsc#1202131). - ieee80211: change HE nominal packet padding value defines (bsc#1202131). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: bma400: Fix the scale min and max macro values (git-fixes). - iio: accel: bma400: Reordering of header files (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3300: Fix alignment for DMA safety (git-fixes). - iio: ad7292: Prevent regulator double disable (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7292: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7923: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: max1241: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: common: ssp: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5766: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes). - iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes). - inet_diag: fix kernel-infoleak for UDP sockets (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - interconnect: imx: fix max_node_id (git-fixes). - io_uring: add a schedule point in io_add_buffers() (git-fixes). - io_uring: terminate manual loop iterator loop correctly for non-vecs (git-fixes). - iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes). - iommu/amd: Enable swiotlb in all cases (git-fixes). - iommu/amd: Fix I/O page table memory leak (git-fixes). - iommu/amd: Recover from event log overflow (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes). - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/dart: Add missing module owner to ops structure (git-fixes). - iommu/dart: check return value after calling platform_get_resource() (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes). - iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes). - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (git-fixes). - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find (git-fixes). - iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Drop stop marker messages (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301). - iommu/vt-d: Refactor iommu information of each domain (bsc#1200301). - iommu/vt-d: Remove global g_iommus array (bsc#1200301). - iommu/vt-d: Remove intel_iommu::domains (bsc#1200301). - iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301). - iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - iommu: Fix potential use-after-free during probe (git-fixes). - iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes). - iov_iter: fix build issue due to possible type mis-match (git-fixes). - ipmi: fix initialization when workqueue allocation fails (git-fixes). - irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes). - irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes). - iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131). - iwlwifi: Add support for getting rf id with blank otp (bsc#1202131). - iwlwifi: Add support for more BZ HWs (bsc#1202131). - iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131). - iwlwifi: BZ Family SW reset support (bsc#1202131). - iwlwifi: Configure FW debug preset via module param (bsc#1202131). - iwlwifi: Fix FW name for gl (bsc#1202131). - iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131). - iwlwifi: Fix syntax errors in comments (bsc#1202131). - iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131). - iwlwifi: Read the correct addresses when getting the crf id (bsc#1202131). - iwlwifi: Start scratch debug register for Bz family (bsc#1202131). - iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131). - iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131). - iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131). - iwlwifi: add new Qu-Hr device (bsc#1202131). - iwlwifi: add new ax1650 killer device (bsc#1202131). - iwlwifi: add new device id 7F70 (bsc#1202131). - iwlwifi: add new pci SoF with JF (bsc#1202131). - iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131). - iwlwifi: add support for BNJ HW (bsc#1202131). - iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131). - iwlwifi: add support for Bz-Z HW (bsc#1202131). - iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131). - iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131). - iwlwifi: allow rate-limited error messages (bsc#1202131). - iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131). - iwlwifi: api: remove ttl field from TX command (bsc#1202131). - iwlwifi: api: remove unused RX status bits (bsc#1202131). - iwlwifi: avoid variable shadowing (bsc#1202131). - iwlwifi: avoid void pointer arithmetic (bsc#1202131). - iwlwifi: bump FW API to 67 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 68 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 69 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 70 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 71 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 72 for AX devices (bsc#1202131). - iwlwifi: cfg: add support for 1K BA queue (bsc#1202131). - iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131). - iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131). - iwlwifi: dbg: check trigger data before access (bsc#1202131). - iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131). - iwlwifi: dbg: in sync mode do not call schedule (bsc#1202131). - iwlwifi: dbg: treat dbgc allocation failure when tlv is missing (bsc#1202131). - iwlwifi: dbg: treat non active regions as unsupported regions (bsc#1202131). - iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write (bsc#1202131). - iwlwifi: de-const properly where needed (bsc#1202131). - iwlwifi: debugfs: remove useless double condition (bsc#1202131). - iwlwifi: do not dump_stack() when we get an unexpected interrupt (bsc#1202131). - iwlwifi: do not use __unused as variable name (bsc#1202131). - iwlwifi: drv: load tlv debug data earlier (bsc#1202131). - iwlwifi: dump CSR scratch from outer function (bsc#1202131). - iwlwifi: dump RCM error tables (bsc#1202131). - iwlwifi: dump both TCM error tables if present (bsc#1202131). - iwlwifi: dump host monitor data when NIC does not init (bsc#1202131). - iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi: eeprom: clean up macros (bsc#1202131). - iwlwifi: fix LED dependencies (bsc#1202131). - iwlwifi: fix debug TLV parsing (bsc#1202131). - iwlwifi: fix fw/img.c license statement (bsc#1202131). - iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131). - iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131). - iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131). - iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131). - iwlwifi: fw: add support for splitting region type bits (bsc#1202131). - iwlwifi: fw: api: add link to PHY context command struct v1 (bsc#1202131). - iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131). - iwlwifi: fw: fix some scan kernel-doc (bsc#1202131). - iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131). - iwlwifi: fw: make dump_start callback void (bsc#1202131). - iwlwifi: fw: remove dead error log code (bsc#1202131). - iwlwifi: implement reset flow for Bz devices (bsc#1202131). - iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131). - iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131). - iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131). - iwlwifi: make some functions friendly to sparse (bsc#1202131). - iwlwifi: move symbols into a separate namespace (bsc#1202131). - iwlwifi: mvm/api: define system control command (bsc#1202131). - iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131). - iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131). - iwlwifi: mvm: Add support for a new version of scan request command (bsc#1202131). - iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131). - iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131). - iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131). - iwlwifi: mvm: Do not fail if PPAG isn't supported (bsc#1202131). - iwlwifi: mvm: Fix wrong documentation for scan request command (bsc#1202131). - iwlwifi: mvm: Passively scan non PSC channels only when requested so (bsc#1202131). - iwlwifi: mvm: Read acpi dsm to get channel activation bitmap (bsc#1202131). - iwlwifi: mvm: Remove antenna c references (bsc#1202131). - iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions (bsc#1202131). - iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and RX_NO_DATA_NOTIF (bsc#1202131). - iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131). - iwlwifi: mvm: Support new version of ranging response notification (bsc#1202131). - iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131). - iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131). - iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131). - iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed (bsc#1202131). - iwlwifi: mvm: add a flag to reduce power command (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131). - iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131). - iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131). - iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131). - iwlwifi: mvm: add some missing command strings (bsc#1202131). - iwlwifi: mvm: add support for 160Mhz in ranging measurements (bsc#1202131). - iwlwifi: mvm: add support for CT-KILL notification version 2 (bsc#1202131). - iwlwifi: mvm: add support for IMR based on platform (bsc#1202131). - iwlwifi: mvm: add support for OCE scan (bsc#1202131). - iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131). - iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131). - iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting (bsc#1202131). - iwlwifi: mvm: always remove the session protection after association (bsc#1202131). - iwlwifi: mvm: always store the PPAG table as the latest version (bsc#1202131). - iwlwifi: mvm: always use 4K RB size by default (bsc#1202131). - iwlwifi: mvm: change old-SN drop threshold (bsc#1202131). - iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif() (bsc#1202131). - iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131). - iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131). - iwlwifi: mvm: correctly set channel flags (bsc#1202131). - iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131). - iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131). - iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131). - iwlwifi: mvm: d3: use internal data representation (bsc#1202131). - iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131). - iwlwifi: mvm: do not get address of mvm->fwrt just to dereference as a pointer (bsc#1202131). - iwlwifi: mvm: do not send BAID removal to the FW during hw_restart (bsc#1202131). - iwlwifi: mvm: do not trust hardware queue number (bsc#1202131). - iwlwifi: mvm: drop too short packets silently (bsc#1202131). - iwlwifi: mvm: extend session protection on association (bsc#1202131). - iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc() (bsc#1202131). - iwlwifi: mvm: fix a stray tab (bsc#1202131). - iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1202131). - iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131). - iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131). - iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs() (bsc#1202131). - iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131). - iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131). - iwlwifi: mvm: improve log when processing CSA (bsc#1202131). - iwlwifi: mvm: isolate offload assist (checksum) calculation (bsc#1202131). - iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131). - iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131). - iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131). - iwlwifi: mvm: optionally suppress assert log (bsc#1202131). - iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131). - iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW (bsc#1202131). - iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131). - iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131). - iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD (bsc#1202131). - iwlwifi: mvm: remove card state notification code (bsc#1202131). - iwlwifi: mvm: remove cipher scheme support (bsc#1202131). - iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211() (bsc#1202131). - iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131). - iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131). - iwlwifi: mvm: remove session protection on disassoc (bsc#1202131). - iwlwifi: mvm: remove session protection upon station removal (bsc#1202131). - iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131). - iwlwifi: mvm: rfi: update rfi table (bsc#1202131). - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (bsc#1202131). - iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131). - iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS (bsc#1202131). - iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131). - iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions (bsc#1202131). - iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131). - iwlwifi: mvm: support RLC configuration command (bsc#1202131). - iwlwifi: mvm: support new BAID allocation command (bsc#1202131). - iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131). - iwlwifi: mvm: support v3 of station HE context command (bsc#1202131). - iwlwifi: mvm: update BAID allocation command again (bsc#1202131). - iwlwifi: mvm: update RFI TLV (bsc#1202131). - iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131). - iwlwifi: mvm: update rate scale in moving back to assoc state (bsc#1202131). - iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131). - iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131). - iwlwifi: nvm: Correct HE capability (bsc#1202131). - iwlwifi: parse debug exclude data from firmware file (bsc#1202131). - iwlwifi: parse error tables from debug TLVs (bsc#1202131). - iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131). - iwlwifi: pcie: add jacket bit to device configuration parsing (bsc#1202131). - iwlwifi: pcie: add support for MS devices (bsc#1202131). - iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131). - iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131). - iwlwifi: pcie: fix constant-conversion warning (bsc#1202131). - iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131). - iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131). - iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow (bsc#1202131). - iwlwifi: pcie: refactor dev_info lookup (bsc#1202131). - iwlwifi: pcie: remove duplicate entry (bsc#1202131). - iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131). - iwlwifi: pcie: retake ownership after reset (bsc#1202131). - iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131). - iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131). - iwlwifi: pcie: try to grab NIC access early (bsc#1202131). - iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131). - iwlwifi: pnvm: print out the version properly (bsc#1202131). - iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131). - iwlwifi: propagate (const) type qualifier (bsc#1202131). - iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131). - iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131). - iwlwifi: remove command ID argument from queue allocation (bsc#1202131). - iwlwifi: remove contact information (bsc#1202131). - iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131). - iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131). - iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131). - iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131). - iwlwifi: remove unused macros (bsc#1202131). - iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF (bsc#1202131). - iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1202131). - iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131). - iwlwifi: scan: Modify return value of a function (bsc#1202131). - iwlwifi: support 4-bits in MAC step value (bsc#1202131). - iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131). - iwlwifi: support new queue allocation command (bsc#1202131). - iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131). - iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC configuration (bsc#1202131). - iwlwifi: use 4k queue size for Bz A-step (bsc#1202131). - iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131). - iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131). - iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131). - iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131). - iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131). - iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131). - iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131). - iwlwifi: yoyo: fw debug config from context info and preset (bsc#1202131). - iwlwifi: yoyo: send hcmd to fw after dump collection completes (bsc#1202131). - iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131). - iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131). - iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131). - iwlwifi: yoyo: support for ROM usniffer (bsc#1202131). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410). - kabi/severities: Exclude ppc kvm - kabi/severities: add Qlogic qed symbols - kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471 - kabi/severities: add hisilicon hns3 symbols - kabi/severities: add microchip dsa drivers - kabi/severities: ignore kABI changes in mwifiex drivers Those symbols are used only locally in mwifiex (sub-)modules. - kabi/severities: octeontx2 driver (jsc#SLE-24682) - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kbuild: fix the modules order between drivers and libs (git-fixes). - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (git-fixes). - kcm: fix strp_init() order and cleanup (git-fies). - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - kfifo: fix kfifo_to_user() return type (git-fixes). - kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes). - kselftest/vm: fix tests build with old libc (git-fixes). - kselftest: Fix vdso_test_abi return status (git-fixes). - kselftest: signal all child processes (git-fixes). - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes). - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes). - landlock: Add clang-format exceptions (git-fixes). - landlock: Change landlock_add_rule(2) argument check ordering (git-fixes). - landlock: Change landlock_restrict_self(2) check ordering (git-fixes). - landlock: Create find_rule() from unmask_layers() (git-fixes). - landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes). - landlock: Fix landlock_add_rule(2) documentation (git-fixes). - landlock: Fix same-layer rule unions (git-fixes). - landlock: Format with clang-format (git-fixes). - landlock: Reduce the maximum number of layers to 16 (git-fixes). - landlock: Use square brackets around 'landlock-ruleset' (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - lib/smp_processor_id: fix imbalanced instrumentation_end() call (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1190497). - lockdep: Correct lock_classes index mapping (git-fixes). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes). - locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes). - loop: Check for overflow while configuring loop (git-fies). - loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - mac80211: fix a memory leak where sta_info is not freed (git-fixes). - mac80211: introduce channel switch disconnect function (bsc#1202131). - macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes). - macsec: fix NULL deref in macsec_add_rxsa (git-fixes). - macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes). - macsec: limit replay window size with XPN (git-fixes). - marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md/raid1: fix missing bitmap update w/o WriteMostly devices (bsc#1203036). - media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (git-fixes). - media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (git-fixes). - media: cedrus: h265: Fix flag name (git-fixes). - media: cedrus: hevc: Add check for invalid timestamp (git-fixes). - media: driver/nxp/imx-jpeg: fix a unexpected return value problem (git-fixes). - media: hantro: postproc: Fix motion vector space size (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: hevc: Embedded indexes in RPS (git-fixes). - media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes). - media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes). - media: pvrusb2: fix memory leak in pvr_probe (git-fixes). - media: tw686x: Fix memory leak in tw686x_video_init (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (git-fixes). - mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - minix: fix bug when opening a file with O_DIRECT (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mmc: block: Add single read for 4k sector cards (git-fixes). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes). - mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (git-fixes). - mmc: mxcmmc: Silence a clang warning (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mmc: tmio: avoid glitches when resetting (git-fixes). - msft-hv-2570-hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - mt76: mt7615: do not update pm stats in case of error (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes). - mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes). - mtd: dataflash: Add SPI ID table (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes). - mtd: rawnand: arasan: Update NAND bus clock instead of system clock (git-fixes). - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (git-fixes). - mtd: rawnand: gpmi: validate controller clock rate (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - musb: fix USB_MUSB_TUSB6010 dependency (git-fixes). - mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes). - n_gsm: remove unused parameters from gsm_error() (git-fixes). - net: asix: fix 'can't send until first packet is send' issue (git-fixes). - net: bcmgenet: Use stronger register read/writes to assure ordering (git-fixes). - net: dsa: b53: Add SPI ID table (git-fixes). - net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (git-fixes). - net: dsa: felix: purge skb from TX timestamping queue if it cannot be sent (git-fies). - net: dsa: hellcreek: Add STP forwarding rule (git-fixes). - net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes). - net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports (git-fixes). - net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes). - net: dsa: microchip: implement multi-bridge support (git-fixes). - net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family (git-fixes). - net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() (git-fixes). - net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes). - net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X (git-fixes). - net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family (git-fixes). - net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed (git-fixes). - net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver (git-fixes). - net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() (git-fixes). - net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes). - net: dsa: mv88e6xxx: error handling for serdes_power functions (git-fixes). - net: dsa: mv88e6xxx: fix 'do not use PHY_DETECT on internal PHY's' (git-fixes). - net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes). - net: dsa: qca8k: fix MTU calculation (git-fixes). - net: dsa: seville: register the mdiobus under devres (git-fixes). - net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib (git-fies). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: hns3: clean residual vf config after disable sriov (git-fixes). - net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (git-fixes). - net: marvell: prestera: fix incorrect structure access (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: create a function that replaces an existing VCAP filter (git-fixes). - net: mscc: ocelot: do not dereference NULL pointers with shared tc filters (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mscc: ocelot: fix incorrect balancing with down LAG ports (git-fixes). - net: mscc: ocelot: set up traps for PTP packets (git-fixes). - net: openvswitch: do not send internal clone attribute to the userspace (git-fixes). - net: openvswitch: fix leak of nested actions (git-fixes). - net: openvswitch: fix misuse of the cached connection on tuple changes (git-fixes). - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes). - net: phy: Do not WARN for PHY_READY state in mdio_bus_phy_resume() (git-fixes). - net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes). - net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode (git-fixes). - net: ptp: add a definition for the UDP port for IEEE 1588 general messages (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmmac: clean up impossible condition (git-fixes). - net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1194904). - net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904). - net: stmmac: fix off-by-one error in sanity check (git-fixes). - net: usb: Correct PHY handling of smsc95xx (git-fixes). - net: usb: Correct reset handling of smsc95xx (git-fixes). - net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: make USB_RTL8153_ECM non user configurable (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes). - nilfs2: fix lockdep warnings during disk space reclamation (git-fixes). - nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes). - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bnc#1189999 (Scheduler functional and performance backports)). - nouveau/svm: Fix to migrate all requested pages (git-fixes). - nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113). - nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265). - nvme-auth: retry command if DNR bit is not set (bsc#1201675). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme: consider also host_iface when checking ip options (bsc#1199670). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - nvme: implement In-Band authentication (jsc#SLE-20183). - nvme: kabi fixes for in-band authentication (bsc#1199086). - nvmet-auth: expire authentication sessions (jsc#SLE-20183). - nvmet: Expose max queues to configfs (bsc#1201865). - nvmet: implement basic In-Band Authentication (jsc#SLE-20183). - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778). - ocfs2: fix a deadlock when commit trans (bsc#1202776). - octeontx2-af: Add KPU changes to parse NGIO as separate layer (jsc#SLE-24682). - octeontx2-af: Add PTP device id for CN10K and 95O silcons (jsc#SLE-24682). - octeontx2-af: Add SDP interface support (jsc#SLE-24682). - octeontx2-af: Add debug messages for failures (jsc#SLE-24682). - octeontx2-af: Add external ptp input clock (jsc#SLE-24682). - octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682). - octeontx2-af: Add mbox to retrieve bandwidth profile free count (jsc#SLE-24682). - octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682). - octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682). - octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682). - octeontx2-af: Allow to configure flow tag LSB byte as RSS adder (jsc#SLE-24682). - octeontx2-af: Change the order of queue work and interrupt disable (jsc#SLE-24682). - octeontx2-af: Do not enable Pause frames by default (jsc#SLE-24682). - octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682). - octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682). - octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682). - octeontx2-af: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-af: Fix interrupt name strings (jsc#SLE-24682). - octeontx2-af: Fix spelling mistake 'Makesure' -> 'Make sure' (jsc#SLE-24682). - octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682). - octeontx2-af: Flow control resource management (jsc#SLE-24682). - octeontx2-af: Handle return value in block reset (jsc#SLE-24682). - octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682). - octeontx2-af: Increase link credit restore polling timeout (jsc#SLE-24682). - octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682). - octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682). - octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682). - octeontx2-af: Modify install flow error codes (jsc#SLE-24682). - octeontx2-af: Optimize KPU1 processing for variable-length headers (jsc#SLE-24682). - octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682). - octeontx2-af: Priority flow control configuration support (jsc#SLE-24682). - octeontx2-af: Remove channel verification while installing MCAM rules (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable blkaddr (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable pin (jsc#SLE-24682). - octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682). - octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682). - octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc (jsc#SLE-24682). - octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682). - octeontx2-af: Use ptp input clock info from firmware data (jsc#SLE-24682). - octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682). - octeontx2-af: add proper return codes for AF mailbox handlers (jsc#SLE-24682). - octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682). - octeontx2-af: cn10K: support for sched lmtst and other features (jsc#SLE-24682). - octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682). - octeontx2-af: cn10k: RPM hardware timestamp configuration (jsc#SLE-24682). - octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682). - octeontx2-af: cn10k: Use appropriate register for LMAC enable (jsc#SLE-24682). - octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682). - octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682). - octeontx2-af: configure npc for cn10k to allow packets from cpt (jsc#SLE-24682). - octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682). - octeontx2-af: debugfs: Minor changes (jsc#SLE-24682). - octeontx2-af: debugfs: do not corrupt user memory (jsc#SLE-24682). - octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682). - octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682). - octeontx2-af: fix array bound error (jsc#SLE-24682). - octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682). - octeontx2-af: initialize action variable (jsc#SLE-24682). - octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682). - octeontx2-af: remove redudant second error check on variable err (jsc#SLE-24682). - octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682). - octeontx2-af: verify CQ context updates (jsc#SLE-24682). - octeontx2-nic: fix mixed module build (jsc#SLE-24682). - octeontx2-nicvf: Add PTP hardware clock support to NIX VF (jsc#SLE-24682). - octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682). - octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682). - octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682). - octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682). - octeontx2-pf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682). - octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682). - octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682). - octeontx2-pf: Do not mask out supported link modes (jsc#SLE-24682). - octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682). - octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682). - octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682). - octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (jsc#SLE-24682). - octeontx2-pf: Simplify the receive buffer size calculation (jsc#SLE-24682). - octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682). - octeontx2-pf: Unify flow management variables (jsc#SLE-24682). - octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682). - octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682). - octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682). - octeontx2-pf: cn10k: Ensure valid pointers are freed to aura (jsc#SLE-24682). - octeontx2-pf: cn10k: add support for new ptp timestamp format (jsc#SLE-24682). - octeontx2-pf: devlink params support to set mcam entry count (jsc#SLE-24682). - octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (jsc#SLE-24682). - octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682). - octeontx2-vf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2: Move devlink registration to be last devlink command (jsc#SLE-24682). - openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes). - openvswitch: Fixed nd target mask field in the flow dump (git-fixes). - openvswitch: always update flow key after nat (git-fixes). - optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes). - perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes). - phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (git-fixes). - phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes). - pinctrl: amd: Do not save/restore interrupt status and wake status bits (git-fixes). - pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes). - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes). - pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes). - pinctrl: intel: Check against matching data instead of ACPI companion (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: qcom: sm8250: Fix PDC map (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - platform/chrome: cros_ec: Always expose last resume result (git-fixes). - platform/chrome: cros_ec_proto: do not show MKBP version if unsupported (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (git-fixes). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - proc: fix a dentry lock race between release_task and lookup (git-fixes). - proc: fix dentry/inode overinstantiating under /proc/${pid}/net (git-fixes). - profiling: fix shift too large makes kernel panic (git-fixes). - pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes). - pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data() (git-fixes). - pwm: lpc18xx: Fix period handling (git-fixes). - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes). - r8152: fix the RX FIFO settings when suspending (git-fixes). - r8152: fix the units of some registers for RTL8156A (git-fixes). - random: remove useless header comment (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - regulator: pca9450: Remove restrictions for regulator-name (git-fixes). - regulator: qcom_smd: Fix pm8916_pldo range (git-fixes). - remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (git-fixes). - remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (git-fixes). - remoteproc: qcom: pas: Check if coredump is enabled (git-fixes). - remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes). - rose: check NULL rose_loopback_neigh->loopback (git-fixes). - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) - rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes). - rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes). - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes). - s390/cpumf: Handle events cycles and instructions identical (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add() (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322). - s390/stp: clock_delta should be signed (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - samples/landlock: Add clang-format exceptions (git-fixes). - samples/landlock: Fix path_list memory leak (git-fixes). - samples/landlock: Format with clang-format (git-fixes). - sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler functional and performance backports)). - sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes) - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999 (Scheduler functional and performance backports)). - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git fixes (sched/fair)). - sched/fair: Remove redundant word ' *' (bnc#1189999 (Scheduler functional and performance backports)). - sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes) - sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes) - sched: Allow newidle balancing to bail out of load_balance (bnc#1189999 (Scheduler functional and performance backports)). - sched: Fix the check of nr_running at queue wakelist (bnc#1189999 (Scheduler functional and performance backports)). - sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bnc#1189999 (Scheduler functional and performance backports)). Refresh - sched: Remove unused function group_first_cpu() (bnc#1189999 (Scheduler functional and performance backports)). - scripts/dtc: Call pkg-config POSIXly correct (git-fixes). - scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes). - scripts/gdb: change kernel config dumping method (git-fixes). - scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes). - scripts: sphinx-pre-install: add required ctex dependency (git-fixes). - scsi: hisi_sas: Keep controller active between ISR of phyup and the event being processed (bsc#1202471). - scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471). - scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization (bsc#1198410). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: megaraid: Clear READ queue map's nr_queues (git-fixes). - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (git-fixes). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: ufs: core: Fix another task management completion race (git-fixes). - scsi: ufs: core: Fix task management completion timeout race (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - seccomp: Invalidate seccomp mode to catch death failures (git-fixes). - selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130). - selftest/vm: fix map_fixed_noreplace test failure (git-fixes). - selftest/vm: verify mmap addr in mremap_test (git-fixes). - selftest/vm: verify remap destination address in mremap_test (git-fixes). - selftests, x86: fix how check_cc.sh is being invoked (git-fixes). - selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes). - selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes). - selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes). - selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes). - selftests/ftrace: make kprobe profile testcase description unique (git-fixes). - selftests/landlock: Add clang-format exceptions (git-fixes). - selftests/landlock: Add tests for O_PATH (git-fixes). - selftests/landlock: Add tests for unknown access rights (git-fixes). - selftests/landlock: Extend access right tests to directories (git-fixes). - selftests/landlock: Extend tests for minimal valid attribute size (git-fixes). - selftests/landlock: Format with clang-format (git-fixes). - selftests/landlock: Fully test file rename with 'remove' access (git-fixes). - selftests/landlock: Make tests build with old libc (git-fixes). - selftests/landlock: Normalize array assignment (git-fixes). - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes). - selftests/memfd: clean up mapping in mfd_fail_write (git-fixes). - selftests/memfd: remove unused variable (git-fixes). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes). - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes). - selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes). - selftests/net: timestamping: Fix bind_phc check (git-fixes). - selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes). - selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes). - selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes). - selftests/resctrl: Fix null pointer dereference on open failed (git-fixes). - selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes). - selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (git-fixes). - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes). - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes). - selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes). - selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes). - selftests/rseq: Introduce rseq_get_abi() helper (git-fixes). - selftests/rseq: Introduce thread pointer getters (git-fixes). - selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes). - selftests/rseq: Remove useless assignment to cpu variable (git-fixes). - selftests/rseq: Remove volatile from __rseq_abi (git-fixes). - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes). - selftests/rseq: introduce own copy of rseq uapi header (git-fixes). - selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes). - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes). - selftests/seccomp: Do not call read() on TTY from background pgrp (git-fixes). - selftests/seccomp: Fix compile warning when CC=clang (git-fixes). - selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes). - selftests/sgx: Treat CC as one argument (git-fixes). - selftests/vm/transhuge-stress: fix ram size thinko (git-fixes). - selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes). - selftests/x86: Add validity check and allow field splitting (git-fixes). - selftests/zram01.sh: Fix compression ratio calculation (git-fixes). - selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes). - selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes). - selftests: Add duplicate config only for MD5 VRF tests (git-fixes). - selftests: Fix IPv6 address bind tests (git-fixes). - selftests: Fix raw socket bind tests with VRF (git-fixes). - selftests: add ping test with ping_group_range tuned (git-fixes). - selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes). - selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes). - selftests: cgroup: Test open-time credential usage for migration checks (git-fixes). - selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes). - selftests: fixup build warnings in pidfd / clone3 tests (git-fixes). - selftests: forwarding: fix error message in learning_test (git-fixes). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes). - selftests: futex: Use variable MAKE instead of make (git-fixes). - selftests: gpio: fix gpio compiling error (git-fixes). - selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes). - selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes). - selftests: kvm: set rax before vmcall (git-fixes). - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes). - selftests: mlxsw: resource_scale: Fix return value (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes). - selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes). - selftests: mptcp: add csum mib check for mptcp_connect (git-fixes). - selftests: mptcp: fix diag instability (git-fixes). - selftests: mptcp: fix ipv6 routing setup (git-fixes). - selftests: mptcp: more stable diag tests (git-fixes). - selftests: net: Correct case name (git-fixes). - selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes). - selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes). - selftests: net: tls: remove unused variable and code (git-fixes). - selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes). - selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes). - selftests: netfilter: add a vrf+conntrack testcase (git-fixes). - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes). - selftests: netfilter: disable rp_filter on router (git-fixes). - selftests: netfilter: fix exit value for nft_concat_range (git-fixes). - selftests: nft_concat_range: add test for reload with no element add/del (git-fixes). - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes). - selftests: openat2: Add missing dependency in Makefile (git-fixes). - selftests: openat2: Print also errno in failure messages (git-fixes). - selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes). - selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes). - selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes). - selftests: rtc: Increase test timeout so that all tests run (git-fixes). - selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes). - selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes). - selftests: timers: clocksource-switch: fix passing errors from child (git-fixes). - selftests: timers: valid-adjtimex: build fix for newer toolchains (git-fixes). - selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes). - selftests: vm: fix clang build error multiple output files (git-fixes). - selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes). - selinux: Add boundary check in put_entry() (git-fixes). - selinux: access superblock_security_struct in LSM blob way (git-fixes). - selinux: check return value of sel_make_avc_files (git-fixes). - selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes). - selinux: fix double free of cond_list on error paths (git-fixes). - selinux: fix memleak in security_read_state_kernel() (git-fixes). - selinux: fix misuse of mutex_is_locked() (git-fixes). - selinux: use correct type for context length (git-fixes). - serial: 8250: Add proper clock handling for OxSemi PCIe devices (git-fixes). - serial: 8250: Export ICR access helpers for internal use (git-fixes). - serial: 8250: Fold EndRun device support into OxSemi Tornado code (git-fixes). - serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: 8250_fsl: Do not report FE, PE and OE twice (git-fixes). - serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes). - serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes). - soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: fsl: select FSL_GUTS driver for DPIO (git-fixes). - soc: imx: gpcv2: Assert reset before ungating clock (git-fixes). - soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes). - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (git-fixes). - soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes). - soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - soundwire: qcom: Check device status before reading devid (git-fixes). - soundwire: qcom: fix device status array range (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: Fix simplification of devm_spi_register_controller (git-fixes). - spi: dt-bindings: cadence: add missing 'required' (git-fixes). - spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes). - spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (git-fixes). - spi: spi-altera-dfl: Fix an error handling path (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - tee: optee: do not check memref size on return from Secure World (git-fixes). - tee: tee_get_drvdata(): fix description of return value (git-fixes). - testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes). - testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes). - testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes). - tests: fix idmapped mount_setattr test (git-fixes). - thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1201308). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes). - tools/nolibc: fix incorrect truncation of exit code (git-fixes). - tools/nolibc: i386: fix initial stack alignment (git-fixes). - tools/nolibc: x86-64: Fix startup code bug (git-fixes). - tools/testing/scatterlist: add missing defines (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (git-fixes). - trace/osnoise: Add migrate-disabled field to the osnoise header (git-fixes). - trace/timerlat: Add migrate-disabled field to the timerlat header (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tracing: Fix sleeping while atomic in kdb ftdump (git-fixes). - tracing: Have filter accept 'common_cpu' to be consistent (git-fixes). - tracing: Use a struct alignof to determine trace event field alignment (git-fixes). - tty: 8250: Add support for Brainboxes PX cards (git-fixes). - tty: n_gsm: Delete gsm_disconnect when config requester (git-fixes). - tty: n_gsm: Delete gsmtty open SABM frame when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit printk info when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit when config requester (git-fixes). - tty: n_gsm: Modify cr bit value when config requester (git-fixes). - tty: n_gsm: Modify gsmtty driver register method when config requester (git-fixes). - tty: n_gsm: Save dlci address open status when config requester (git-fixes). - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (git-fixes). - tty: n_gsm: avoid call of sleeping functions from atomic context (git-fixes). - tty: n_gsm: clean up dead code in gsm_queue() (git-fixes). - tty: n_gsm: clean up implicit CR bit encoding in address field (git-fixes). - tty: n_gsm: clean up indenting in gsm_queue() (git-fixes). - tty: n_gsm: fix DM command (git-fixes). - tty: n_gsm: fix broken virtual tty handling (git-fixes). - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes). - tty: n_gsm: fix deadlock and link starvation in outgoing data path (git-fixes). - tty: n_gsm: fix decoupled mux resource (git-fixes). - tty: n_gsm: fix encoding of command/response bit (git-fixes). - tty: n_gsm: fix flow control handling in tx path (git-fixes). - tty: n_gsm: fix frame reception handling (git-fixes). - tty: n_gsm: fix incorrect UA handling (git-fixes). - tty: n_gsm: fix insufficient txframe size (git-fixes). - tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes). - tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes). - tty: n_gsm: fix malformed counter for out of frame data (git-fixes). - tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes). - tty: n_gsm: fix missing explicit ldisc flush (git-fixes). - tty: n_gsm: fix missing mux reset on config change at responder (git-fixes). - tty: n_gsm: fix missing timer to handle stalled links (git-fixes). - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes). - tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes). - tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes). - tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes). - tty: n_gsm: fix non flow control frames during mux flow off (git-fixes). - tty: n_gsm: fix packet re-transmission without open control channel (git-fixes). - tty: n_gsm: fix race condition in gsmld_write() (git-fixes). - tty: n_gsm: fix reset fifo race condition (git-fixes). - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (git-fixes). - tty: n_gsm: fix restart handling via CLD command (git-fixes). - tty: n_gsm: fix software flow control handling (git-fixes). - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes). - tty: n_gsm: fix tty registration before control channel open (git-fixes). - tty: n_gsm: fix user open not possible at responder until initiator open (git-fixes). - tty: n_gsm: fix wrong DLCI release order (git-fixes). - tty: n_gsm: fix wrong T1 retry count handling (git-fixes). - tty: n_gsm: fix wrong command frame length field encoding (git-fixes). - tty: n_gsm: fix wrong command retry handling (git-fixes). - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (git-fixes). - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes). - tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes). - tty: n_gsm: replace kicktimer with delayed_work (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: fsl_lpuart: correct the count of break characters (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - tun: avoid double free in tun_free_netdev (git-fixes). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes). - tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes). - uaccess: fix type mismatch warnings from access_ok() (git-fixes). - ucounts: Base set_cred_ucounts changes on the real user (git-fixes). - ucounts: Fix rlimit max values check (git-fixes). - ucounts: Fix systemd LimitNPROC with private users regression (git-fixes). - ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes). - ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes). - udf: Fix crash after seekdir (bsc#1194592). - udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes). - udmabuf: add back sanity check (git-fixes). - usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (git-fixes). - usb: cdns3 fix use-after-free at workaround 2 (git-fixes). - usb: cdns3: Do not use priv_dev uninitialized in cdns3_gadget_ep_enable() (git-fixes). - usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes). - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (git-fixes). - usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes). - usb: cdns3: fix random warning message when driver load (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (git-fixes). - usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes). - usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (git-fixes). - usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (git-fixes). - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes). - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (git-fixes). - usb: dwc3: gadget: fix high speed multiplier setting (git-fixes). - usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes). - usb: dwc3: qcom: Add helper functions to enable,disable wake irqs (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings (git-fixes). - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes). - usb: gadget: f_uac2: fix superspeed transfer (git-fixes). - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: Run unregister_netdev() before unbind() again (git-fixes). - usbnet: smsc95xx: Avoid link settings race on interrupt reception (git-fixes). - usbnet: smsc95xx: Do not clear read-only PHY interrupt (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling (git-fixes). - userfaultfd/selftests: fix hugetlb area allocations (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes). - venus: pm_helpers: Fix warning in OPP during probe (git-fixes). - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - vfio: Clear the caps->buf to NULL after free (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vrf: do not run conntrack on vrf with !dflt qdisc (git-fixes). - vsock/virtio: enable VQs early on probe (git-fixes). - vsock/virtio: initialize vdev->priv before using VQs (git-fixes). - vsock/virtio: read the negotiated features before using VQs (git-fixes). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes). - watch-queue: remove spurious double semicolon (git-fixes). - watch_queue: Fix missing locking in add_watch_to_object() (git-fixes). - watch_queue: Fix missing rcu annotation (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (git-fixes). - watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211: limit A-MSDU subframes for client too (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (git-fies). - wifi: rtw88: check the return value of alloc_workqueue() (git-fixes). - wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131). - x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (bsc#1190497). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497). - x86/sev: Define the Linux-specific guest termination reasons (bsc#1190497). - x86/sev: Save the negotiated GHCB version (bsc#1190497). - xen/gntdev: fix unmap notification order (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). - xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes). - xfs: fix soft lockup via spinning in filestream ag selection loop (git-fixes). - xfs: fix use-after-free in xattr node block inactivation (git-fixes). - xfs: fold perag loop iteration logic into helper function (git-fixes). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: only bother with sync_filesystem during readonly remount (git-fixes). - xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: remove incorrect ASSERT in xfs_rename (git-fixes). - xfs: rename the next_agno perag iteration variable (git-fixes). - xfs: reorder iunlink remove operation in xfs_ifree (git-fixes). - xfs: revert 'xfs: actually bump warning counts when we send warnings' (git-fixes). - xfs: terminate perag iteration reliably on agcount (git-fixes). - xfs: use invalidate_lock to check the state of mmap_lock (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xfs: use setattr_copy to set vfs inode attributes (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes). - xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes). - xhci: dbc: refactor xhci_dbc_init() (git-fixes). - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). - zonefs: Clear inode information flags on inode creation (git-fixes). - zonefs: Fix management of open zones (git-fixes). - zonefs: add MODULE_ALIAS_FS (git-fixes). Important SUSE bug 1023051 SUSE bug 1032323 SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1190497 SUSE bug 1194592 SUSE bug 1194869 SUSE bug 1194904 SUSE bug 1195480 SUSE bug 1195917 SUSE bug 1196616 SUSE bug 1197158 SUSE bug 1197391 SUSE bug 1197755 SUSE bug 1197756 SUSE bug 1197757 SUSE bug 1197763 SUSE bug 1198410 SUSE bug 1198971 SUSE bug 1199086 SUSE bug 1199364 SUSE bug 1199670 SUSE bug 1200313 SUSE bug 1200431 SUSE bug 1200465 SUSE bug 1200544 SUSE bug 1200845 SUSE bug 1200868 SUSE bug 1200869 SUSE bug 1200870 SUSE bug 1200871 SUSE bug 1200872 SUSE bug 1200873 SUSE bug 1201019 SUSE bug 1201308 SUSE bug 1201427 SUSE bug 1201442 SUSE bug 1201455 SUSE bug 1201489 SUSE bug 1201610 SUSE bug 1201675 SUSE bug 1201725 SUSE bug 1201768 SUSE bug 1201940 SUSE bug 1201956 SUSE bug 1201958 SUSE bug 1202096 SUSE bug 1202097 SUSE bug 1202113 SUSE bug 1202131 SUSE bug 1202154 SUSE bug 1202262 SUSE bug 1202265 SUSE bug 1202312 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202385 SUSE bug 1202393 SUSE bug 1202447 SUSE bug 1202471 SUSE bug 1202558 SUSE bug 1202564 SUSE bug 1202623 SUSE bug 1202636 SUSE bug 1202672 SUSE bug 1202681 SUSE bug 1202710 SUSE bug 1202711 SUSE bug 1202712 SUSE bug 1202713 SUSE bug 1202715 SUSE bug 1202716 SUSE bug 1202757 SUSE bug 1202758 SUSE bug 1202759 SUSE bug 1202761 SUSE bug 1202762 SUSE bug 1202763 SUSE bug 1202764 SUSE bug 1202765 SUSE bug 1202766 SUSE bug 1202767 SUSE bug 1202768 SUSE bug 1202769 SUSE bug 1202770 SUSE bug 1202771 SUSE bug 1202773 SUSE bug 1202774 SUSE bug 1202775 SUSE bug 1202776 SUSE bug 1202778 SUSE bug 1202779 SUSE bug 1202780 SUSE bug 1202781 SUSE bug 1202782 SUSE bug 1202783 SUSE bug 1202822 SUSE bug 1202823 SUSE bug 1202824 SUSE bug 1202860 SUSE bug 1202867 SUSE bug 1202874 SUSE bug 1202898 SUSE bug 1203036 SUSE bug 1203041 SUSE bug 1203063 SUSE bug 1203107 SUSE bug 1203117 SUSE bug 1203138 SUSE bug 1203139 SUSE bug 1203159 CVE-2016-3695 CVE-2020-36516 CVE-2021-33135 CVE-2021-4037 CVE-2022-20368 CVE-2022-20369 CVE-2022-2588 CVE-2022-2639 CVE-2022-2663 CVE-2022-28356 CVE-2022-28693 CVE-2022-2873 CVE-2022-2905 CVE-2022-2938 CVE-2022-2959 CVE-2022-2977 CVE-2022-3028 CVE-2022-3078 CVE-2022-32250 CVE-2022-36879 CVE-2022-36946 CVE-2022-39188 CVE-2022-39190 cpe:/o:opensuse:leap:15.4 Security update for libtirpc (Important) openSUSE Leap 15.4 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). Important SUSE bug 1201680 CVE-2021-46828 cpe:/o:opensuse:leap:15.4 Security update for libarchive (Moderate) openSUSE Leap 15.4 This update for libarchive fixes the following issues: - CVE-2021-23177: Fixed symlink ACL extraction that modifies ACLs of the target system (bsc#1192425). Moderate SUSE bug 1192425 CVE-2021-23177 cpe:/o:opensuse:leap:15.4 Security update for sqlite3 (Moderate) openSUSE Leap 15.4 This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). sqlite was updated to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. Update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. [boo#1201783] Update to 3.39.1: * Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view * Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. * Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. * Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. * Enhance the sqlite_stmt virtual table so that it buffers all of its output. Update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value '3') from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. Update to 3.38.5: * Fix a blunder in the CLI of the 3.38.4 release Update to 3.38.4: * fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key Update to 3.38.3: * Fix a case of the query planner be overly aggressive with optimizing automatic-index and Bloom-filter construction, using inappropriate ON clause terms to restrict the size of the automatic-index or Bloom filter, and resulting in missing rows in the output. * Other minor patches. See the timeline for details. Update to 3.38.2: * Fix a problem with the Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. * Other minor patches. - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). Update to 3.38.1: * Fix problems with the new Bloom filter optimization that might cause some obscure queries to get an incorrect answer. * Fix the localtime modifier of the date and time functions so that it preserves fractional seconds. * Fix the sqlite_offset SQL function so that it works correctly even in corner cases such as when the argument is a virtual column or the column of a view. * Fix row value IN operator constraints on virtual tables so that they work correctly even if the virtual table implementation relies on bytecode to filter rows that do not satisfy the constraint. * Other minor fixes to assert() statements, test cases, and documentation. See the source code timeline for details. Update to 3.38.0 * Add the -> and ->> operators for easier processing of JSON * The JSON functions are now built-ins * Enhancements to date and time functions * Rename the printf() SQL function to format() for better compatibility, with alias for backwards compatibility. * Add the sqlite3_error_offset() interface for helping localize an SQL error to a specific character in the input SQL text * Enhance the interface to virtual tables * CLI columnar output modes are enhanced to correctly handle tabs and newlines embedded in text, and add options like '--wrap N', '--wordwrap on', and '--quote' to the columnar output modes. * Query planner enhancements using a Bloom filter to speed up large analytic queries, and a balanced merge tree to evaluate UNION or UNION ALL compound SELECT statements that have an ORDER BY clause. * The ALTER TABLE statement is changed to silently ignores entries in the sqlite_schema table that do not parse when PRAGMA writable_schema=ON Update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change Update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. Updated to 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ('START') is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert extension when a column has no collating sequence. Moderate SUSE bug 1189802 SUSE bug 1195773 SUSE bug 1201783 CVE-2021-36690 CVE-2022-35737 cpe:/o:opensuse:leap:15.4 Security update for wireshark (Moderate) openSUSE Leap 15.4 This update for wireshark fixes the following issues: Updated to Wireshark 3.6.8: - CVE-2022-3190: Fixed F5 Ethernet Trailer dissector infinite loop (bsc#1203388). - CVE-2021-4186: Fixed Gryphon dissector crash (bsc#1194165). Moderate SUSE bug 1194165 SUSE bug 1203388 CVE-2021-4186 CVE-2022-3190 cpe:/o:opensuse:leap:15.4 Security update for vsftpd (Important) openSUSE Leap 15.4 This update for vsftpd fixes the following issues: - CVE-2021-3618: Enforced security checks against ALPACA attack (bsc#1187678, bsc#1187686, PM-3322). Bugfixes: - Fixed a seccomp failure in FIPS mode when SSL was enabled (bsc#1052900). - Allowed wait4() to be called so that the broker can wait for its child processes (bsc#1021387). - Allowed sendto() syscall when /dev/log support is enabled (bsc#786024). Important SUSE bug 1021387 SUSE bug 1052900 SUSE bug 1187678 SUSE bug 1187686 SUSE bug 786024 CVE-2021-3618 cpe:/o:opensuse:leap:15.4 Security update for go1.18 (Important) openSUSE Leap 15.4 This update for go1.18 fixes the following issues: Update to go version 1.18.6 (bsc#1193742): - CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors after sending GOAWAY (bsc#1203185). Important SUSE bug 1193742 SUSE bug 1203185 CVE-2022-27664 cpe:/o:opensuse:leap:15.4 Security update for go1.19 (Important) openSUSE Leap 15.4 This update for go1.19 fixes the following issues: Update to go version 1.19.1 (bsc#1200441): - CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors after sending GOAWAY (bsc#1203185). - CVE-2022-32190: Fixed missing stripping of relative path components in net/url JoinPath (bsc#1203186). Important SUSE bug 1200441 SUSE bug 1203185 SUSE bug 1203186 CVE-2022-27664 CVE-2022-32190 cpe:/o:opensuse:leap:15.4 Security update for oniguruma (Important) openSUSE Leap 15.4 This update for oniguruma fixes the following issues: - CVE-2019-19246: Fixed an out of bounds access during regular expression matching (bsc#1157805). - CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression (bsc#1164569). - CVE-2019-19203: Fixed an out of bounds access when performing a string search (bsc#1164550). - CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a crafted regular expression, which could lead to denial of service (bsc#1150130). - CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179). - CVE-2019-13224: Fixed a potential use-after-free when handling multiple different encodings (bsc#1142847). Important SUSE bug 1142847 SUSE bug 1150130 SUSE bug 1157805 SUSE bug 1164550 SUSE bug 1164569 SUSE bug 1177179 CVE-2019-13224 CVE-2019-16163 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2020-26159 cpe:/o:opensuse:leap:15.4 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important) openSUSE Leap 15.4 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: The kubevirt stack was updated to version 0.54.0 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v0.54.0 Security fixes: - CVE-2022-1798: Fix arbitrary file read on the host from KubeVirt VMs (bsc#1202516) Security fixes in vendored dependencies: - CVE-2022-1996: Fixed go-restful CORS bypass bsc#1200528) - CVE-2022-29162: Fixed runc incorrect handling of inheritable capabilities in default configuration (bsc#1199460) - Fix containerdisk unmount logic - Support topology spread constraints - Update libvirt-go to fix memory leak - Pack nft rules and nsswitch.conf for virt-handler - Only create 1MiB-aligned disk images (bsc#1199603) - Avoid to return nil failure message - Use semantic equality comparison - Drop kubevirt-psp-caasp.yaml - Allow to configure utility containers for update test - Symlink nsswitch.conf and nft rules to proper locations - Drop unused package libvirt-client - Install vim-small instead of vim - Remove unneeded libvirt-daemon-driver-storage-core - Install missing packages ethtool and gawk. Fixes bsc#1199392 Important SUSE bug 1199392 SUSE bug 1199460 SUSE bug 1199603 SUSE bug 1200528 SUSE bug 1202516 CVE-2022-1798 CVE-2022-1996 CVE-2022-29162 cpe:/o:opensuse:leap:15.4 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important) openSUSE Leap 15.4 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.51.0 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.51.0 Security issues fixed in vendored dependencies: - CVE-2022-1996: Fixed CORS bypass (bsc#1200528) - Include additional tools used by cdi-importer: cdi-containerimage-server cdi-image-size-detection cdi-source-update-poller - Pack only cdi-operator and cdi-cr release manifests - Install tar for cloning filesystem PVCs Important SUSE bug 1200528 CVE-2022-1996 cpe:/o:opensuse:leap:15.4 Security update for dpdk (Important) openSUSE Leap 15.4 This update for dpdk fixes the following issues: - CVE-2022-2132: Fixed DoS when a vhost header crosses more than two descriptors and exhausts all mbufs (bsc#1202903). - CVE-2022-28199: Fixed buffer overflow in the vhost code (bsc#1202956). Important SUSE bug 1202903 SUSE bug 1202956 CVE-2022-2132 CVE-2022-28199 cpe:/o:opensuse:leap:15.4 Security update for rubygem-rack (Moderate) openSUSE Leap 15.4 This update for rubygem-rack fixes the following issues: - CVE-2020-8184: Fixed vulnerability where percent-encoded cookies can be used to overwrite existing prefixed cookie names (bsc#1173351). - CVE-2020-8161: Fixed directory traversal in Rack:Directory (bsc#1172037). Moderate SUSE bug 1172037 SUSE bug 1173351 CVE-2020-8161 CVE-2020-8184 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: - CVE-2022-32893: Fixed several crashes and rendering issues (bsc#1202807). - Fixed WebKitGTK not allow to be used from non-main threads (bsc#1202169). Important SUSE bug 1202169 SUSE bug 1202807 CVE-2022-32893 cpe:/o:opensuse:leap:15.4 Security update for permissions (Moderate) openSUSE Leap 15.4 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). Moderate SUSE bug 1203018 CVE-2022-31252 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 102.3.0esr ESR (bsc#1200793, bsc#1201758, bsc#1202645, bsc#1203477): - CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages. - CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads. - CVE-2022-40958: Fixed bypassing secure context restriction for cookies with __Host and __Secure prefix. - CVE-2022-40956: Fixed content-security-policy base-uri bypass. - CVE-2022-40957: Fixed incoherent instruction cache when building WASM on ARM64. - CVE-2022-40962: Fixed memory safety bugs. - CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling. - CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions. - CVE-2022-38478: Fixed various memory safety issues. - CVE-2022-38476: Fixed data race and potential use-after-free in PK11_ChangePW. - CVE-2022-38477: Fixed memory safety bugs. - CVE-2022-36319: Fixed mouse position spoofing with CSS transforms. - CVE-2022-36318: Fixed directory indexes for bundled resources reflected URL parameters. - CVE-2022-36314: Fixed unexpected network loads when opening local .lnk files. - CVE-2022-2505: Fixed memory safety bugs. - CVE-2022-34479: Fixed vulnerabilty where a popup window could be resized in a way to overlay the address bar with web content. - CVE-2022-34470: Fixed use-after-free in nsSHistory. - CVE-2022-34468: Fixed bypass of CSP sandbox header without `allow-scripts` via retargeted javascript: URI. - CVE-2022-34482: Fixed drag and drop of malicious image that could have led to malicious executable and potential code execution. - CVE-2022-34483: Fixed drag and drop of malicious image that could have led to malicious executable and potential code execution. - CVE-2022-34476: Fixed vulnerability where ASN.1 parser could have been tricked into accepting malformed ASN.1. - CVE-2022-34481: Fixed potential integer overflow in ReplaceElementsAt - CVE-2022-34474: Fixed vulnerability where sandboxed iframes could redirect to external schemes. - CVE-2022-34469: Fixed TLS certificate errors on HSTS-protected domains which could be bypassed by the user on Firefox for Android. - CVE-2022-34471: Fixed vulnerability where a compromised server could trick a browser into an addon downgrade. - CVE-2022-34472: Fixed vulnerability where an unavailable PAC file resulted in OCSP requests being blocked. - CVE-2022-34478: Fixed vulnerability where Microsoft protocols can be attacked if a user accepts a prompt. - CVE-2022-2200: Fixed vulnerability where undesired attributes could be set as part of prototype pollution. - CVE-2022-34480: Fixed free of uninitialized pointer in lg_init. - CVE-2022-34477: Fixed vulnerability in MediaError message property leaking information on cross-origin same-site pages. - CVE-2022-34475: Fixed vulnerability where the HTML Sanitizer could have been bypassed via same-origin script via use tags. - CVE-2022-34473: Fixed vulnerability where the HTML Sanitizer could have been bypassed via use tags. - CVE-2022-34484: Fixed memory safety bugs. - CVE-2022-34485: Fixed memory safety bugs. Important SUSE bug 1200793 SUSE bug 1201758 SUSE bug 1202645 SUSE bug 1203477 CVE-2022-2200 CVE-2022-2505 CVE-2022-34468 CVE-2022-34469 CVE-2022-34470 CVE-2022-34471 CVE-2022-34472 CVE-2022-34473 CVE-2022-34474 CVE-2022-34475 CVE-2022-34476 CVE-2022-34477 CVE-2022-34478 CVE-2022-34479 CVE-2022-34480 CVE-2022-34481 CVE-2022-34482 CVE-2022-34483 CVE-2022-34484 CVE-2022-34485 CVE-2022-36314 CVE-2022-36318 CVE-2022-36319 CVE-2022-38472 CVE-2022-38473 CVE-2022-38476 CVE-2022-38477 CVE-2022-38478 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962 cpe:/o:opensuse:leap:15.4 Security update for snakeyaml (Important) openSUSE Leap 15.4 This update for snakeyaml fixes the following issues: - CVE-2022-38750: Fixed uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (bsc#1203158). - CVE-2022-38749: Fixed StackOverflowError for many open unmatched brackets (bsc#1203149). - CVE-2022-38752: Fixed uncaught exception in java.base/java.util.ArrayList.hashCode (bsc#1203154). - CVE-2022-38751: Fixed unrestricted data matched with Regular Expressions (bsc#1203153). - CVE-2022-25857: Fixed denial of service vulnerability due missing to nested depth limitation for collections (bsc#1202932). Important SUSE bug 1202932 SUSE bug 1203149 SUSE bug 1203153 SUSE bug 1203154 SUSE bug 1203158 CVE-2020-13936 CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 CVE-2022-38752 cpe:/o:opensuse:leap:15.4 Security update for unzip (Moderate) openSUSE Leap 15.4 This update for unzip fixes the following issues: - CVE-2022-0530: Fixed SIGSEGV during the conversion of an utf-8 string to a local string (bsc#1196177). - CVE-2022-0529: Fixed heap out-of-bound writes and reads during conversion of wide string to local string (bsc#1196180) Moderate SUSE bug 1196177 SUSE bug 1196180 CVE-2022-0529 CVE-2022-0530 cpe:/o:opensuse:leap:15.4 Security update for libcaca (Moderate) openSUSE Leap 15.4 This update for libcaca fixes the following issues: - CVE-2021-3410: Fixed overflow when multiplying large ints (bsc#1182731). Moderate SUSE bug 1182731 CVE-2021-3410 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2022-1012: Fixed a memory leak problem that was found in the TCP source port generation algorithm in net/ipv4/tcp.c (bnc#1199482). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-29581: Fixed improper update of reference count vulnerability in net/sched that allowed a local attacker to cause privilege escalation to root (bnc#1199665). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). The following non-security bugs were fixed: - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - cifs: fix error paths in cifs_tree_connect() (bsc#1177440). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: skip trailing separators of prefix paths (bsc#1188944). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - objtool: Add --backtrace support (bsc#1202396). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Allow no-op CFI ops in alternatives (bsc#1202396). - objtool: Convert insn type to enum (bsc#1202396). - objtool: Do not use ignore flag for fake jumps (bsc#1202396). - objtool: Fix !CFI insn_state propagation (bsc#1202396). - objtool: Fix ORC vs alternatives (bsc#1202396). - objtool: Fix sibling call detection (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Remove check preventing branches within alternative (bsc#1202396). - objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396). - objtool: Rename struct cfi_state (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Rewrite alt->skip_orig (bsc#1202396). - objtool: Set insn->func for alternatives (bsc#1202396). - objtool: Support conditional retpolines (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - objtool: Track original function across branches (bsc#1202396). - objtool: Uniquely identify alternative instruction groups (bsc#1202396). - objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153 bsc#1202335). - tcp: change source port randomizarion at connect() time (bsc#1180153 bsc#1202335). Important SUSE bug 1177440 SUSE bug 1180153 SUSE bug 1188944 SUSE bug 1191881 SUSE bug 1194535 SUSE bug 1196616 SUSE bug 1197158 SUSE bug 1199482 SUSE bug 1199665 SUSE bug 1201019 SUSE bug 1201420 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201948 SUSE bug 1202096 SUSE bug 1202097 SUSE bug 1202154 SUSE bug 1202335 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202393 SUSE bug 1202396 SUSE bug 1202672 SUSE bug 1202897 SUSE bug 1202898 SUSE bug 1203098 SUSE bug 1203107 CVE-2020-36516 CVE-2021-4203 CVE-2022-1012 CVE-2022-20368 CVE-2022-20369 CVE-2022-21385 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-29581 CVE-2022-2977 CVE-2022-3028 CVE-2022-36879 CVE-2022-39188 cpe:/o:opensuse:leap:15.4 Security update for dpdk (Important) openSUSE Leap 15.4 This update for dpdk fixes the following issues: - CVE-2022-2132: Fixed DoS when a vhost header crosses more than two descriptors and exhausts all mbufs (bsc#1202903). Important SUSE bug 1202903 CVE-2022-2132 cpe:/o:opensuse:leap:15.4 Security update for rust1.62 (Moderate) openSUSE Leap 15.4 This update for rust1.62 fixes the following issues: - CVE-2022-36113: Fixed symlink hijack vulnerability (bsc#1203433). - CVE-2022-36114: Fixed zip bomb vulnerability (bsc#1203431). Moderate SUSE bug 1203431 SUSE bug 1203433 CVE-2022-36113 CVE-2022-36114 cpe:/o:opensuse:leap:15.4 Security update for slurm_18_08 (Important) openSUSE Leap 15.4 This update for slurm_18_08 fixes the following issues: - CVE-2022-31251: Fixed a potential security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed an architectural flaw can be exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a vulnerability where an unprivileged user can send data to arbitrary unix socket as root (bsc#1199279). Important SUSE bug 1199278 SUSE bug 1199279 SUSE bug 1201674 CVE-2022-29500 CVE-2022-29501 CVE-2022-31251 cpe:/o:opensuse:leap:15.4 Security update for slurm (Important) openSUSE Leap 15.4 This update for slurm fixes the following issues: - CVE-2022-31251: Fixed a potential security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed an architectural flaw can be exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a vulnerability where an unprivileged user can send data to arbitrary unix socket as root (bsc#1199279). Important SUSE bug 1199278 SUSE bug 1199279 SUSE bug 1201674 CVE-2022-29500 CVE-2022-29501 CVE-2022-31251 cpe:/o:opensuse:leap:15.4 Security update for python310 (Important) openSUSE Leap 15.4 This update for python310 fixes the following issues: Updated to version 3.10.7: - CVE-2020-10735: Fixed DoS due to missing limit of amount of digits when converting text to int (bsc#1203125). - CVE-2021-28861: Fixed an open redirect in the http server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 SUSE bug 1203125 CVE-2020-10735 CVE-2021-28861 cpe:/o:opensuse:leap:15.4 Security update for python39 (Important) openSUSE Leap 15.4 This update for python39 fixes the following issues: python39 was updated to version 3.9.14: - CVE-2020-10735: Fixed DoS due to int() type in PyLong_FromString() not limiting amount of digits when converting text to int (bsc#1203125). - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 SUSE bug 1203125 CVE-2020-10735 CVE-2021-28861 cpe:/o:opensuse:leap:15.4 Security update for cosign (Important) openSUSE Leap 15.4 This update for cosign fixes the following issues: Updated to version 1.12.0 (jsc#SLE-23879): - CVE-2022-36056: Fixed verify-blob could successfully verify an artifact when verification should have failed (bsc#1203430). Important SUSE bug 1203430 CVE-2022-36056 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Moderate) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2022-3213: Fixed heap buffer overflow when processing a malformed TIFF file (bsc#1203450). Moderate SUSE bug 1203450 CVE-2022-3213 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Updated to version 2.36.8 (bsc#1203530): - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution. Important SUSE bug 1203530 CVE-2022-32886 CVE-2022-32912 cpe:/o:opensuse:leap:15.4 Security update for expat (Important) openSUSE Leap 15.4 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). Important SUSE bug 1203438 CVE-2022-40674 cpe:/o:opensuse:leap:15.4 Security update for slurm (Important) openSUSE Leap 15.4 This update for slurm fixes the following issues: - CVE-2022-31251: Fixed a potential security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed an architectural flaw can be exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a vulnerability where an unprivileged user can send data to arbitrary unix socket as root (bsc#1199279). Important SUSE bug 1199278 SUSE bug 1199279 SUSE bug 1201674 CVE-2022-29500 CVE-2022-29501 CVE-2022-31251 cpe:/o:opensuse:leap:15.4 Security update for slurm_20_02 (Important) openSUSE Leap 15.4 This update for slurm_20_02 fixes the following issues: - CVE-2022-31251: Fixed security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed architectural flaw that can be exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed vulnerability where an unprivileged user can send data to arbitrary unix socket as root (bsc#1199279). Bugfixes: - Fixed qstat error message (torque wrapper) (bsc#1186646). Important SUSE bug 1186646 SUSE bug 1199278 SUSE bug 1199279 SUSE bug 1201674 CVE-2022-29500 CVE-2022-29501 CVE-2022-31251 cpe:/o:opensuse:leap:15.4 Security update for libgit2 (Important) openSUSE Leap 15.4 This update for libgit2 fixes the following issues: - CVE-2022-24765: Fixed potential command injection via git worktree (bsc#1198234). - CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431). Important SUSE bug 1198234 SUSE bug 1201431 CVE-2022-24765 CVE-2022-29187 cpe:/o:opensuse:leap:15.4 Security update for libgit2 (Important) openSUSE Leap 15.4 This update for libgit2 fixes the following issues: - Fixed DoS by oob write in constructed commit object with a very large number of parents (bsc#1158981). - CVE-2019-1352: Fixed git on Windows being unaware of NTFS Alternate Data Streams (bnc#1158790). - CVE-2022-24765: Fixed potential command injection via git worktree (bsc#1198234). - CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431). Important SUSE bug 1158790 SUSE bug 1158981 SUSE bug 1198234 SUSE bug 1201431 CVE-2019-1352 CVE-2022-24765 CVE-2022-29187 cpe:/o:opensuse:leap:15.4 Security update for colord (Moderate) openSUSE Leap 15.4 This update for colord fixes the following issues: - CVE-2021-42523: Fixed a small memory leak in sqlite3_exec (bsc#1202802). Moderate SUSE bug 1202802 CVE-2021-42523 cpe:/o:opensuse:leap:15.4 Security update for python (Important) openSUSE Leap 15.4 This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 CVE-2021-28861 cpe:/o:opensuse:leap:15.4 Security update for libjpeg-turbo (Moderate) openSUSE Leap 15.4 This update for libjpeg-turbo fixes the following issues: - CVE-2020-35538: Fixed null pointer dereference in jcopy_sample_rows() function (bsc#1202915). Moderate SUSE bug 1202915 CVE-2020-35538 cpe:/o:opensuse:leap:15.4 Security update for cifs-utils (Moderate) openSUSE Leap 15.4 This update for cifs-utils fixes the following issues: - Fix changelog to include Bugzilla and CVE tracker id numbers missing from previous update Moderate SUSE bug 1198976 CVE-2022-29869 cpe:/o:opensuse:leap:15.4 Security update for squid (Important) openSUSE Leap 15.4 This update for squid fixes the following issues: Updated squid to version 5.7: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677). - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680). Important SUSE bug 1203677 SUSE bug 1203680 CVE-2022-41317 CVE-2022-41318 cpe:/o:opensuse:leap:15.4 Security update for slurm (Important) openSUSE Leap 15.4 This update for slurm fixes the following issues: - CVE-2022-31251: Fixed a potential security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to arbitrary unix socket as root (bsc#1199279). Important SUSE bug 1199278 SUSE bug 1199279 SUSE bug 1201674 CVE-2022-29500 CVE-2022-29501 CVE-2022-31251 cpe:/o:opensuse:leap:15.4 Security update for postgresql-jdbc (Important) openSUSE Leap 15.4 This update for postgresql-jdbc fixes the following issues: - CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170). Important SUSE bug 1202170 CVE-2022-31197 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Updated to version 2.36.8 (bsc#1203530): - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution. Important SUSE bug 1203530 CVE-2022-32886 CVE-2022-32912 cpe:/o:opensuse:leap:15.4 Security update for LibVNCServer (Moderate) openSUSE Leap 15.4 This update for LibVNCServer fixes the following issues: - CVE-2020-29260: Fixed memory leakage via rfbClientCleanup() (bsc#1203106). Moderate SUSE bug 1203106 CVE-2020-29260 cpe:/o:opensuse:leap:15.4 Security update for python3 (Important) openSUSE Leap 15.4 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 CVE-2021-28861 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Low) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2021-3574: Fixed memory leaks with convert command (bsc#1203212). Low SUSE bug 1203212 CVE-2021-3574 cpe:/o:opensuse:leap:15.4 Security update for rubygem-puma (Important) openSUSE Leap 15.4 This update for rubygem-puma fixes the following issues: Updated to version 4.3.12: - CVE-2022-24790: Fixed HTTP request smuggling if proxy is not RFC7230 compliant (bsc#1197818). Important SUSE bug 1197818 CVE-2022-24790 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bnc#1198189). - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bnc#1203389). - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066). The following non-security bugs were fixed: - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bsc#1203767). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699). - ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wm_adsp: Add support for 'toggle' preloaders (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - bnx2x: fix built-in kernel driver load failure (git-fixes). - bnx2x: fix driver load from initrd (git-fixes). - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - build mlx in x86_64/azure as modules again (bsc#1203701) There is little gain by having the drivers built into the kernel. Having them as modules allows easy replacement by third party drivers. - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - cgroup: Fix threadgroup_rwsem &lt;-> cpus_read_lock() deadlock (bsc#1196869). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - dt-bindings: hwmon: (mr75203) fix 'intel,vm-map' property to be optional (git-fixes). - EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - eth: sun: cassini: remove dead code (git-fixes). - explicit set MODULE_SIG_HASH in azure config (bsc#1203933) Setting this option became mandatory in Feb 2022. While the lack of this option did not cause issues with automated builds, a manual osc build started to fail due to incorrect macro expansion. - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203798). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - ice: Allow operation with reduced device MSI-X (bsc#1201987). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - ice: fix crash when writing timestamp on RX rings (git-fixes). - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - ice: Fix race during aux device (un)plugging (git-fixes). - ice: Match on all profiles in slow-path (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - kABI workaround for spi changes (bsc#1203699). - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - kABI: fix adding another field to scsi_device (bsc#1203039). - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - kbuild: disable header exports for UML in a straightforward way (git-fixes). - kexec_file: drop weak attribute from functions (bsc#1196444). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - KVM: X86: Fix when shadow_root_level=5 && guest root_level&lt;4 (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - lockd: detect and reject lock arguments that overflow (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - media: imx-jpeg: Correct some definition according specification (git-fixes). - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - media: rkvdec: Disable H.264 error detection (git-fixes). - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - media: vsp1: Fix offset calculation for plane cropping. - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mlxsw: i2c: Fix initialization error flow (git-fixes). - mm: Fix PASID use-after-free issue (bsc#1203908). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - net: bcmgenet: hide status block before TX timestamping (git-fixes). - net: bcmgenet: Revert 'Use stronger register read/writes to assure ordering' (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - net: ftgmac100: access hardware register after clock ready (git-fixes). - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - net: ipa: get rid of a duplicate initialization (git-fixes). - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - net: ipa: record proper RX transaction count (git-fixes). - net: macb: Fix PTP one step sync support (git-fixes). - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - net: phy: at803x: move page selection fix to config_init (git-fixes). - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - net: stmmac: only enable DMA interrupts when ready (git-fixes). - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - net: stmmac: remove unused get_addr() callback (git-fixes). - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - net: wwan: iosm: remove pointless null check (git-fixes). - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - net/mlx5: Drain fw_reset when removing device (git-fixes). - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: fix problems with __nfs42_ssc_open (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - of: device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - parisc/sticon: fix reverse colors (bsc#1152489) - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - PCI: Correct misspelled words (git-fixes). - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - pNFS/flexfiles: Report RDMA connection errors to the server (git-fixes). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - regulator: core: Clean up on enable failure (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Fix spelling mistake 'definiton' -> 'definition' (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: fsl_lpuart: Reset prior to registration (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - struct ehci_hcd: hide new element going into a hole (git-fixes). - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - USB: add quirks for Lenovo OneLink+ Dock (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: Drop commas after SoC match table sentinels (git-fixes). - USB: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes). - USB: dwc3: gadget: Refactor pullup() (git-fixes). - USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - USB: hub: avoid warm port reset during USB3 disconnect (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS &lt;0x0b05:0x1932> to IGNORE_UAS (git-fixes). - USB: storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - USB: typec: tipd: Add an additional overflow check (git-fixes). - USB: typec: tipd: Do not read/write more bytes than required (git-fixes). - USB: typec: ucsi: Remove incorrect warning (git-fixes). - USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - vt: Clear selection before changing the font (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkback: fix persistent grants negotiation (git-fixes). - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - xen-blkfront: Handle NULL gendisk (git-fixes). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes). - xhci: Allocate separate command structures for each LPM command (git-fixes). Important SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1185032 SUSE bug 1190497 SUSE bug 1194023 SUSE bug 1194869 SUSE bug 1195917 SUSE bug 1196444 SUSE bug 1196869 SUSE bug 1197659 SUSE bug 1198189 SUSE bug 1200622 SUSE bug 1201309 SUSE bug 1201310 SUSE bug 1201987 SUSE bug 1202095 SUSE bug 1202960 SUSE bug 1203039 SUSE bug 1203066 SUSE bug 1203101 SUSE bug 1203197 SUSE bug 1203263 SUSE bug 1203338 SUSE bug 1203360 SUSE bug 1203361 SUSE bug 1203389 SUSE bug 1203410 SUSE bug 1203505 SUSE bug 1203552 SUSE bug 1203664 SUSE bug 1203693 SUSE bug 1203699 SUSE bug 1203701 SUSE bug 1203767 SUSE bug 1203769 SUSE bug 1203794 SUSE bug 1203798 SUSE bug 1203893 SUSE bug 1203902 SUSE bug 1203906 SUSE bug 1203908 SUSE bug 1203933 SUSE bug 1203935 SUSE bug 1203939 SUSE bug 1203969 SUSE bug 1203987 SUSE bug 1203992 CVE-2022-1263 CVE-2022-2586 CVE-2022-3202 CVE-2022-3239 CVE-2022-3303 CVE-2022-39189 CVE-2022-41218 CVE-2022-41848 CVE-2022-41849 cpe:/o:opensuse:leap:15.4 Security update for qemu (Important) openSUSE Leap 15.4 This update for qemu fixes the following issues: - CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. (bsc#1182282) - CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. (bsc#1198035) - CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap buffer overflow. (bsc#1198037) - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Important SUSE bug 1175144 SUSE bug 1182282 SUSE bug 1192115 SUSE bug 1198035 SUSE bug 1198037 SUSE bug 1198038 CVE-2021-3409 CVE-2021-4206 CVE-2021-4207 CVE-2022-0216 CVE-2022-35414 cpe:/o:opensuse:leap:15.4 Security update for exiv2 (Important) openSUSE Leap 15.4 This update for exiv2 fixes the following issues: - CVE-2021-37621: Fixed denial of service due to infinite loop in Image:printIFDStructure (bsc#1189333). - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read() (bsc#1189332). - CVE-2021-37619: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1189331). - CVE-2021-37618: Fixed out-of-bounds read in Exiv2:Jp2Image:printStructure (bsc#1189330). - CVE-2021-32617: Fixed denial of service inside inefficient algorithm (quadratic complexity) (bsc#1186192). - CVE-2021-31292: Fixed integer overflow in CrwMap:encode0x1810 (bsc#1188756). - CVE-2021-31291: Fixed heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service (bsc#1188733). - CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1185447). - CVE-2020-18899: Fixed uncontrolled memory allocation (bsc#1189636). - CVE-2020-18898: Fixed remote denial of service in printIFDStructure function (bsc#1189780). - CVE-2018-8977: Fixed remote denial of service in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (bsc#1086798). - CVE-2018-8976: Fixed remote denial of service in image.cpp Exiv2::Internal::stringFormat via out-of-bounds read (bsc#1086810). - CVE-2018-5772: Fixed segmentation fault caused by uncontrolled recursion inthe Exiv2::Image::printIFDStructure (bsc#1076579). - CVE-2018-18915: Fixed an infinite loop in the Exiv2:Image:printIFDStructure function (bsc#1114690). - CVE-2018-10772: Fixed segmentation fault when the function Exiv2::tEXtToDataBuf() is finished (bsc#1092096). Important SUSE bug 1076579 SUSE bug 1086798 SUSE bug 1086810 SUSE bug 1092096 SUSE bug 1114690 SUSE bug 1185447 SUSE bug 1186192 SUSE bug 1188733 SUSE bug 1188756 SUSE bug 1189330 SUSE bug 1189331 SUSE bug 1189332 SUSE bug 1189333 SUSE bug 1189636 SUSE bug 1189780 CVE-2018-10772 CVE-2018-18915 CVE-2018-5772 CVE-2018-8976 CVE-2018-8977 CVE-2020-18898 CVE-2020-18899 CVE-2021-29470 CVE-2021-31291 CVE-2021-31292 CVE-2021-32617 CVE-2021-37618 CVE-2021-37619 CVE-2021-37620 CVE-2021-37621 cpe:/o:opensuse:leap:15.4 Security update for nodejs14 (Moderate) openSUSE Leap 15.4 This update for nodejs14 fixes the following issues: Updated to version 14.20.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). Moderate SUSE bug 1201325 SUSE bug 1203832 CVE-2022-32213 CVE-2022-35256 cpe:/o:opensuse:leap:15.4 Security update for nodejs12 (Moderate) openSUSE Leap 15.4 This update for nodejs12 fixes the following issues: - CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832). - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). Moderate SUSE bug 1201325 SUSE bug 1203832 CVE-2022-32213 CVE-2022-35256 cpe:/o:opensuse:leap:15.4 Security update for rubygem-activesupport-5_1 (Moderate) openSUSE Leap 15.4 This update for rubygem-activesupport-5_1 fixes the following issues: - CVE-2022-27777: Fixed cross-site scripting vulnerability in Action View tag helper (bsc#1199060). Moderate SUSE bug 1199060 CVE-2022-27777 cpe:/o:opensuse:leap:15.4 Security update for libreoffice (Important) openSUSE Leap 15.4 This update for libreoffice fixes the following issues: Updated to version 7.3.6.2 (jsc#SLE-23447): - CVE-2022-3140: Fixed macro URL arbitrary script execution (bsc#1203209). - CVE-2022-26305: Fixed execution of untrusted Macros due to improper certificate validation (bsc#1201868). - CVE-2022-26307: Fixed weak Master Keys in password storage (bsc#1201872). Important SUSE bug 1201868 SUSE bug 1201872 SUSE bug 1203209 CVE-2022-26305 CVE-2022-26307 CVE-2022-3140 cpe:/o:opensuse:leap:15.4 Security update for buildah (Important) openSUSE Leap 15.4 This update for buildah fixes the following issues: Buildah was updated to version 1.27.1: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed a possible information disclosure and modification (bsc#1202812). Important SUSE bug 1167864 SUSE bug 1181961 SUSE bug 1202812 CVE-2020-10696 CVE-2021-20206 CVE-2022-2990 cpe:/o:opensuse:leap:15.4 Security update for nodejs16 (Important) openSUSE Leap 15.4 This update for nodejs16 fixes the following issues: Updated to version 16.17.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding (bsc#1201327). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). - CVE-2022-35255: FIxed weak randomness in WebCrypto keygen (bsc#1203831). Important SUSE bug 1201325 SUSE bug 1201327 SUSE bug 1203831 SUSE bug 1203832 CVE-2022-32213 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 cpe:/o:opensuse:leap:15.4 Security update for php8 (Important) openSUSE Leap 15.4 This update for php8 fixes the following issues: - php8 was updated to version 8.0.24 - php8 was updated to version 8.0.23 (jsc#SLE-23639). - CVE-2021-21703: Fixed a local privilege escalation via PHP-FPM. (bsc#1192050) - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) - Fixed missing devel package requires pear and pecl extensions (jsc#SLE-24723, bsc#1200772). Important SUSE bug 1192050 SUSE bug 1200772 SUSE bug 1203867 SUSE bug 1203870 CVE-2021-21703 CVE-2022-31628 CVE-2022-31629 cpe:/o:opensuse:leap:15.4 Security update for helm (Important) openSUSE Leap 15.4 This update for helm fixes the following issues: helm was updated to version 3.9.4: * CVE-2022-36055: Fixed denial of service through string value parsing (bsc#1203054). * Updating the certificates used for testing * Updating index handling helm was updated to version 3.9.3: - CVE-2022-1996: Updated kube-openapi to fix an issue that could result in a CORS protection bypass (bsc#1200528). * Fix missing array length check on release helm was updated to version 3.9.2: * Update of the circleci image helm was updated to version 3.9.1: * Update to support Kubernetes 1.24.2 * Improve logging and safety of statefulSetReady * Make token caching an opt-in feature * Bump github.com/lib/pq from 1.10.5 to 1.10.6 * Bump github.com/Masterminds/squirrel from 1.5.2 to 1.5.3 helm was updated to version 3.9.0: * Added a --quiet flag to helm lint * Added a --post-renderer-args flag to support arguments being passed to the post renderer * Added more checks during the signing process * Updated to add Kubernetes 1.24 support helm was updated to version 3.8.2: * Bump oras.land/oras-go from 1.1.0 to 1.1.1 * Fixing downloader plugin error handling * Simplify testdata charts * Simplify testdata charts * Add tests for multi-level dependencies. * Fix value precedence * Bumping Kubernetes package versions * Updating vcs to latest version * Dont modify provided transport * Pass http getter as pointer in tests * Add docs block * Add transport option and tests * Reuse http transport * Updating Kubernetes libs to 0.23.4 (latest) * fix: remove deadcode * fix: helm package tests * fix: helm package with dependency update for charts with OCI dependencies * Fix typo Unset the env var before func return in Unit Test * add legal name check * maint: fix syntax error in deploy.sh * linting issue fixed * only apply overwrite if version is canary * overwrite flag added to az storage blob upload-batch * Avoid querying for OCI tags can explicit version provided in chart dependencies * Management of bearer tokens for tag listing * Updating Kubernetes packages to 1.23.3 * refactor: use `os.ReadDir` for lightweight directory reading * Add IngressClass to manifests to be (un)installed * feat(comp): Shell completion for OCI * Fix install memory/goroutine leak Important SUSE bug 1200528 SUSE bug 1203054 CVE-2022-1996 CVE-2022-36055 cpe:/o:opensuse:leap:15.4 Security update for clone-master-clean-up (Moderate) openSUSE Leap 15.4 This update for clone-master-clean-up fixes the following issues: - CVE-2021-32000: Fixed some potentially dangerous file system operations (bsc#1181050). Bugfixes: - Fixed clone-master-clean-up failing to remove btrfs snapshots (bsc#1203651). Moderate SUSE bug 1181050 SUSE bug 1203651 CVE-2021-32000 cpe:/o:opensuse:leap:15.4 Security update for go1.18 (Important) openSUSE Leap 15.4 This update for go1.18 fixes the following issues: Updated to version 1.18.7 (bsc#1193742): - CVE-2022-41715: Fixed memory exhaustion in regexp/syntax (bsc#1204023). - CVE-2022-2879: Fixed unbounded memory consumption when reading headers in archive/tar (bsc#1204024). - CVE-2022-2880: Fixed ReverseProxy forwarding unparseable query parameters (bsc#1204025). Important SUSE bug 1193742 SUSE bug 1204023 SUSE bug 1204024 SUSE bug 1204025 CVE-2022-2879 CVE-2022-2880 CVE-2022-41715 cpe:/o:opensuse:leap:15.4 Security update for go1.19 (Important) openSUSE Leap 15.4 This update for go1.19 fixes the following issues: Updated to version 1.19.2 (bsc#1200441): - CVE-2022-41715: Fixed memory exhaustion in regexp/syntax (bsc#1204023). - CVE-2022-2879: Fixed unbounded memory consumption when reading headers in archive/tar (bsc#1204024). - CVE-2022-2880: Fixed ReverseProxy forwarding unparseable query parameters (bsc#1204025). Important SUSE bug 1200441 SUSE bug 1204023 SUSE bug 1204024 SUSE bug 1204025 CVE-2022-2879 CVE-2022-2880 CVE-2022-41715 cpe:/o:opensuse:leap:15.4 Security update for jasper (Moderate) openSUSE Leap 15.4 This update for jasper fixes the following issues: - CVE-2022-2963: Fixed memory leaks in function cmdopts_parse (bsc#1202642). Moderate SUSE bug 1202642 CVE-2022-2963 cpe:/o:opensuse:leap:15.4 Security update for bind (Important) openSUSE Leap 15.4 This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). Bugfixes: - Changed ownership of /var/lib/named/master from named:named to root:root (bsc#1201247) Important SUSE bug 1201247 SUSE bug 1203614 SUSE bug 1203619 SUSE bug 1203620 CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 cpe:/o:opensuse:leap:15.4 Security update for libksba (Critical) openSUSE Leap 15.4 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). Critical SUSE bug 1204357 CVE-2022-3515 cpe:/o:opensuse:leap:15.4 Security update for tiff (Important) openSUSE Leap 15.4 This update for tiff fixes the following issues: - CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968). - CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973). - CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971). - CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466). - CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467). - CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468). - CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026). Important SUSE bug 1201723 SUSE bug 1201971 SUSE bug 1202026 SUSE bug 1202466 SUSE bug 1202467 SUSE bug 1202468 SUSE bug 1202968 SUSE bug 1202971 SUSE bug 1202973 CVE-2022-0561 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-34266 CVE-2022-34526 cpe:/o:opensuse:leap:15.4 Security update for libxml2 (Important) openSUSE Leap 15.4 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). Important SUSE bug 1204366 SUSE bug 1204367 CVE-2022-40303 CVE-2022-40304 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-20008: Fixed local information disclosure due to possibility to read kernel heap memory via mmc_blk_read_single of block.c (bnc#1199564). - CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin and load untrusted and unverified kernel modules and firmware (bnc#1202677). - CVE-2022-32296: Fixed vulnerability where TCP servers were allowed to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bnc#1203987). The following non-security bugs were fixed: - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bnc#1201309, jsc#PED-529). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. Important SUSE bug 1199564 SUSE bug 1200288 SUSE bug 1201309 SUSE bug 1202677 SUSE bug 1202960 SUSE bug 1203552 SUSE bug 1203769 SUSE bug 1203987 CVE-2022-20008 CVE-2022-2503 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-41218 CVE-2022-41848 cpe:/o:opensuse:leap:15.4 Security update for multipath-tools (Important) openSUSE Leap 15.4 This update for multipath-tools fixes the following issues: - CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739) - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) - libmultipath: fix find_multipaths_timeout for unknown hardware (bsc#1201483) - multipath-tools: fix 'multipath -ll' for Native NVME Multipath devices (bsc#1201483) - multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346, bsc#1197570) - multipathd: avoid delays during uevent processing (bsc#1199347) - multipathd: Don't keep starting TUR threads, if they always hang. (bsc#1199345) - Fix busy loop with delayed_reconfigure (bsc#1199342) - multipath.conf: add support for 'protocol' subsection in 'overrides' section to set certain config options by protocol. - Removed the previously deprecated options getuid_callout, config_dir, multipath_dir, pg_timeout - Add disclaimer about vendor support - Change built-in defaults for NVMe: group by prio, and immediate failback - Fixes for minor issues reported by coverity - Fix for memory leak with uid_attrs - Updates for built in hardware db - Logging improvements - multipathd: use remove_map_callback for delayed reconfigure - Fix handling of path addition in read-only arrays on NVMe - Updates of built-in hardware database - libmultipath: only warn once about unsupported dev_loss_tmo Important SUSE bug 1197570 SUSE bug 1199342 SUSE bug 1199345 SUSE bug 1199346 SUSE bug 1199347 SUSE bug 1201483 SUSE bug 1202616 SUSE bug 1202739 CVE-2022-41973 CVE-2022-41974 cpe:/o:opensuse:leap:15.4 Security update for multipath-tools (Important) openSUSE Leap 15.4 This update for multipath-tools fixes the following issues: - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) Important SUSE bug 1202616 SUSE bug 1202739 SUSE bug 1204325 CVE-2022-41974 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: - Updated to version 102.4.0 ESR (bsc#1204421) - CVE-2022-42927: Fixed same-origin policy violation that could have leaked cross-origin URLs. - CVE-2022-42928: Fixed memory Corruption in JS Engine. - CVE-2022-42929: Fixed denial of Service via window.print. - CVE-2022-42932: Fixed memory safety bugs. Important SUSE bug 1204421 CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 cpe:/o:opensuse:leap:15.4 Security update for xen (Moderate) openSUSE Leap 15.4 This update for xen fixes the following issues: Updated to version 4.16.2 (bsc#1027519): - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). Bugfixes: - Fixed Xen DomU unable to emulate audio device (bsc#1201994). - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). Moderate SUSE bug 1027519 SUSE bug 1167608 SUSE bug 1201631 SUSE bug 1201994 SUSE bug 1203806 SUSE bug 1203807 CVE-2022-33746 CVE-2022-33748 cpe:/o:opensuse:leap:15.4 Security update for bind (Important) openSUSE Leap 15.4 This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). Important SUSE bug 1203614 SUSE bug 1203619 SUSE bug 1203620 CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 cpe:/o:opensuse:leap:15.4 Security update for python-paramiko (Important) openSUSE Leap 15.4 This update for python-paramiko fixes the following issues: Updated to version 2.4.3: - CVE-2018-1000805: Fixed authentication bypass (bsc#1111151). Bugfixes: - Fixed Ed25519 key handling for certain key comment lengths (bsc#1200603). Important SUSE bug 1111151 SUSE bug 1200603 CVE-2018-1000805 cpe:/o:opensuse:leap:15.4 Security update for python-waitress (Important) openSUSE Leap 15.4 This update for python-waitress fixes the following issues: - CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling. (bsc#1197255) Important SUSE bug 1197255 CVE-2022-24761 cpe:/o:opensuse:leap:15.4 Security update for golang-github-prometheus-node_exporter (Moderate) openSUSE Leap 15.4 This update for golang-github-prometheus-node_exporter fixes the following issues: (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239, jsc#SUMA-114, CVE-2022-21698) Moderate SUSE bug 1196338 CVE-2022-21698 cpe:/o:opensuse:leap:15.4 Security update for SUSE Manager Client Tools (Moderate) openSUSE Leap 15.4 This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1661440542.6cbe0da * Use standard susemanager.conf * Move image services to dracut-saltboot package * Use salt bundle golang-github-lusitaniae-apache_exporter: - Update to upstream release 0.11.0 (jsc#SLE-24791) * Add TLS support * Switch to logger, please check --log.level and --log.format flags - Update to version 0.10.1 * Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data - Update to version 0.10.0 * Add Apache Proxy and other metrics - Update to version 0.8.0 * Change commandline flags * Add metrics: Apache version, request duration total - Adapted to build on Enterprise Linux 8 - Require building with Go 1.15 - Add %license macro for LICENSE file grafana: - Update to version 8.3.10 + Security: * CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535) * CVE-2022-31107: Fixes OAuth account takeover vulnerability (bsc#1201539) - Update to version 8.3.9 + Bug fixes: * Geomap: Display legend * Prometheus: Fix timestamp truncation - Update to version 8.3.7 + Bug fix: * Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted. - Update to version 8.3.6 + Features and enhancements: * Cloud Monitoring: Reduce request size when listing labels. * Explore: Show scalar data result in a table instead of graph. * Snapshots: Updates the default external snapshot server URL. * Table: Makes footer not overlap table content. * Tempo: Add request histogram to service graph datalink. * Tempo: Add time range to tempo search query behind a feature flag. * Tempo: Auto-clear results when changing query type. * Tempo: Display start time in search results as relative time. * CloudMonitoring: Fix resource labels in query editor. * Cursor sync: Apply the settings without saving the dashboard. * LibraryPanels: Fix for Error while cleaning library panels. * Logs Panel: Fix timestamp parsing for string dates without timezone. * Prometheus: Fix some of the alerting queries that use reduce/math operation. * TablePanel: Fix ad-hoc variables not working on default datasources. * Text Panel: Fix alignment of elements. * Variables: Fix for constant variables in self referencing links. - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565) mgr-daemon: - Version 4.3.6-1 * Update translation strings spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) spacewalk-client-tools: - Version 4.3.12-1 * Update translation strings uyuni-common-libs: - Version 4.3.6-1 * Do not allow creating path if nonexistent user or group in fileutils. Moderate SUSE bug 1198903 SUSE bug 1201535 SUSE bug 1201539 CVE-2022-31097 CVE-2022-31107 cpe:/o:opensuse:leap:15.4 Security update for grafana (Important) openSUSE Leap 15.4 This update for grafana fixes the following issues: Updated to version 8.3.10 (jsc#SLE-24565, jsc#SLE-23422, jsc#SLE-23439): - CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535). - CVE-2022-31107: Fixed OAuth account takeover vulnerability (bsc#1201539). - CVE-2022-21702: Fixed XSS through attacker-controlled data source (bsc#1195726). - CVE-2022-21703: Fixed Cross Site Request Forgery (bsc#1195727). - CVE-2022-21713: Fixed Teams API IDOR (bsc#1195728). Important SUSE bug 1195726 SUSE bug 1195727 SUSE bug 1195728 SUSE bug 1201535 SUSE bug 1201539 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 CVE-2022-31097 CVE-2022-31107 cpe:/o:opensuse:leap:15.4 Recommended update for bind (Important) openSUSE Leap 15.4 This update for bind fixes the following issues: Update to release 9.16.33: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-3080: Fixed assertion failure when there was a stale CNAME in the cache for the incoming query and the stale-answer-client-timeout option is set to 0 (bsc#1203618). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). - Add systemd drop-in directory for named service (bsc#1201689). - Add modified createNamedConfInclude script and README-bind.chrootenv (bsc#1203250). - Feature Changes: - Response Rate Limiting (RRL) code now treats all QNAMEs that are subject to wildcard processing within a given zone as the same name, to prevent circumventing the limits enforced by RRL. - Zones using dnssec-policy now require dynamic DNS or inline-signing to be configured explicitly. - A backward-compatible approach was implemented for encoding internationalized domain names (IDN) in dig and converting the domain to IDNA2008 form; if that fails, BIND tries an IDNA2003 conversion. - The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically disabled on systems where they are disallowed by the security policy. Primary zones using those algorithms need to be migrated to new algorithms prior to running on these systems, as graceful migration to different DNSSEC algorithms is not possible when RSASHA1 is disallowed by the operating system. - Log messages related to fetch limiting have been improved to provide more complete information. Specifically, the final counts of allowed and spilled fetches are now logged before the counter object is destroyed. - Non-dynamic zones that inherit dnssec-policy from the view or options blocks were not marked as inline-signed and therefore never scheduled to be re-signed. This has been fixed. - The old max-zone-ttl zone option was meant to be superseded by the max-zone-ttl option in dnssec-policy; however, the latter option was not fully effective. This has been corrected: zones no longer load if they contain TTLs greater than the limit configured in dnssec-policy. For zones with both the old max-zone-ttl option and dnssec-policy configured, the old option is ignored, and a warning is generated. - rndc dumpdb -expired was fixed to include expired RRsets, even if stale-cache-enable is set to no and the cache-cleaning time window has passed. (jsc#SLE-24600) Important SUSE bug 1201689 SUSE bug 1203250 SUSE bug 1203614 SUSE bug 1203618 SUSE bug 1203619 SUSE bug 1203620 CVE-2022-2795 CVE-2022-3080 CVE-2022-38177 CVE-2022-38178 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. (bnc#1203514) - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent. (bnc#1203290) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564) - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471) The following non-security bugs were fixed: - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: fix spelling mistakes (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - arm64/mm: Validate hotplug range before creating linear mapping (git-fixes) - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - JFS: fix GPF in diFree (bsc#1203389). - JFS: fix memleak in jfs_mount (git-fixes). - JFS: more checks for invalid superblock (git-fixes). - JFS: prevent NULL deref in diFree (bsc#1203389). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: KEYS: s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvmet: Expose max queues to configfs (bsc#1201865). - of: device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - regulator: core: Clean up on enable failure (git-fixes). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - struct ehci_hcd: hide new member (git-fixes). - struct otg_fsm: hide new boolean member in gap (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix misplaced barrier in call_decode (git-fixes). - SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - USB: otg-fsm: Fix hrtimer list corruption (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: ch341: name prescaler, divisor registers (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS &lt;0x0b05:0x1932> to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). Important SUSE bug 1177471 SUSE bug 1185032 SUSE bug 1194023 SUSE bug 1196444 SUSE bug 1197659 SUSE bug 1199564 SUSE bug 1200313 SUSE bug 1200622 SUSE bug 1201309 SUSE bug 1201310 SUSE bug 1201489 SUSE bug 1201645 SUSE bug 1201865 SUSE bug 1201990 SUSE bug 1202095 SUSE bug 1202341 SUSE bug 1202385 SUSE bug 1202677 SUSE bug 1202960 SUSE bug 1202984 SUSE bug 1203159 SUSE bug 1203290 SUSE bug 1203313 SUSE bug 1203389 SUSE bug 1203410 SUSE bug 1203424 SUSE bug 1203514 SUSE bug 1203552 SUSE bug 1203622 SUSE bug 1203737 SUSE bug 1203769 SUSE bug 1203770 SUSE bug 1203906 SUSE bug 1203909 SUSE bug 1203935 SUSE bug 1203939 SUSE bug 1203987 SUSE bug 1203992 SUSE bug 1204051 SUSE bug 1204059 SUSE bug 1204060 SUSE bug 1204125 SUSE bug 1204289 SUSE bug 1204290 SUSE bug 1204291 SUSE bug 1204292 CVE-2020-16119 CVE-2022-20008 CVE-2022-2503 CVE-2022-2586 CVE-2022-3169 CVE-2022-3239 CVE-2022-3303 CVE-2022-40768 CVE-2022-41218 CVE-2022-41222 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 cpe:/o:opensuse:leap:15.4 Security update for libmad (Important) openSUSE Leap 15.4 This update for libmad fixes the following issues: - CVE-2017-8373: Fixed heap-based buffer overflow in mad_layer_III (bsc#1036968). - CVE-2017-8372: Fixed assertion failure in layer3.c (bsc#1036969). Important SUSE bug 1036968 SUSE bug 1036969 CVE-2017-8372 CVE-2017-8373 cpe:/o:opensuse:leap:15.4 Security update for telnet (Important) openSUSE Leap 15.4 This update for telnet fixes the following issues: - CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759). Important SUSE bug 1203759 CVE-2022-39028 cpe:/o:opensuse:leap:15.4 Security update for libtasn1 (Critical) openSUSE Leap 15.4 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) Critical SUSE bug 1204690 CVE-2021-46848 cpe:/o:opensuse:leap:15.4 Security update for curl (Important) openSUSE Leap 15.4 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). Important SUSE bug 1204383 SUSE bug 1204386 CVE-2022-32221 CVE-2022-42916 cpe:/o:opensuse:leap:15.4 Security update for qemu (Moderate) openSUSE Leap 15.4 This update for qemu fixes the following issues: - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Moderate SUSE bug 1192115 SUSE bug 1198038 SUSE bug 1201367 CVE-2022-0216 CVE-2022-35414 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 102.4.0 (bsc#1204421) * changed: Thunderbird will automatically detect and repair OpenPGP key storage corruption caused by using the profile import tool in Thunderbird 102 * fixed: POP message download into a large folder (~13000 messages) caused Thunderbird to temporarily freeze * fixed: Forwarding messages with special characters in Subject failed on Windows * fixed: Links for FileLink attachments were not added when attachment filename contained Unicode characters * fixed: Address Book display pane continued to show contacts after deletion * fixed: Printing address book did not include all contact details * fixed: CardDAV contacts without a Name property did not save to Google Contacts * fixed: 'Publish Calendar' did not work * fixed: Calendar database storage improvements * fixed: Incorrectly handled error responses from CalDAV servers sometimes caused events to disappear from calendar * fixed: Various visual and UX improvements - Mozilla Thunderbird 102.3.3 * new: Option added to show containing address book for a contact when using `All Address Books` in vertical mode (bmo#1778871) * changed: Thunderbird will try to use POP NTLM authentication even if not advertised by server (bmo#1793349) * changed: Task List and Today Pane sidebars will no longer load when not visible (bmo#1788549) * fixed: Sending a message while a recipient pill was being modified did not save changes (bmo#1779785) * fixed: Nickname column was not available in horizontal view of Address Book (bmo#1778000) * fixed: Multiline organization values were displayed across two columns in horizontal view of Address Book (bmo#1777780) * fixed: Contact vCard fields with multiple values such as Categories were truncated when saved (bmo#1792399) * fixed: ICS calendar files with a `FREEBUSY` property could not be imported (bmo#1783441) * fixed: Thunderbird would hang if calendar event exceeded the year 2035 (bmo#1789999) - Mozilla Thunderbird 102.3.2 * changed: Thunderbird will try to use POP CRAM-MD5 authentication even if not advertised by server (bmo#1789975) * fixed: Checking messages on POP3 accounts caused POP folder to lock if mail server was slow or non-responsive (bmo#1792451) * fixed: Newsgroups named with consecutive dots would not appear when refreshing list of newsgroups (bmo#1787789) * fixed: Sending news articles containing lines starting with dot were sometimes clipped (bmo#1787955) * fixed: CardDAV server sync silently failed if sync token expired (bmo#1791183) * fixed: Contacts from LDAP on macOS address books were not displayed (bmo#1791347) * fixed: Chat account input now accepts URIs for supported chat protocols (bmo#1776706) * fixed: Chat ScreenName field was not migrated to new address book (bmo#1789990) * fixed: Creating a New Event from the Today Pane used the currently selected day from the main calendar instead of from the Today Pane (bmo#1791203) * fixed: `New Event` button in Today Pane was incorrectly disabled sometimes (bmo#1792058) * fixed: Event reminder windows did not close after being dismissed or snoozed (bmo#1791228) * fixed: Improved performance of recurring event date calculation (bmo#1787677) * fixed: Quarterly calendar events on the last day of the month repeated one month early (bmo#1789362) * fixed: Thunderbird would hang if calendar event exceeded the year 2035 (bmo#1789999) * fixed: Whitespace in calendar events was incorrectly handled when upgrading from Thunderbird 91 to 102 (bmo#1790339) * fixed: Various visual and UX improvements (bmo#1755623,bmo#17 83903,bmo#1785851,bmo#1786434,bmo#1787286,bmo#1788151,bmo#178 9728,bmo#1790499) - Mozilla Thunderbird 102.3.1 * changed: Compose window encryption options now only appear for encryption technologies that have already been configured (bmo#1788988) * changed: Number of contacts in currently selected address book now displayed at bottom of Address Book list column (bmo#1745571) * fixed: Password prompt did not include server hostname for POP servers (bmo#1786920) * fixed: `Edit Contact` was missing from Contacts sidebar context menus (bmo#1771795) * fixed: Address Book contact lists cut off display of some characters, the result being unreadable (bmo#1780909) * fixed: Menu items for dark-themed alarm dialog were invisible on Windows 7 (bmo#1791738) * fixed: Various security fixes MFSA 2022-43 (bsc#1204411) * CVE-2022-39249 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators * CVE-2022-39250 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to a device verification attack * CVE-2022-39251 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack * CVE-2022-39236 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue - Mozilla Thunderbird 102.3 * changed: Thunderbird will no longer attempt to import account passwords when importing from another Thunderbird profile in order to prevent profile corruption and permanent data loss. (bmo#1790605) * changed: Devtools performance profile will use Thunderbird presets instead of Web Developer presets (bmo#1785954) * fixed: Thunderbird startup performance improvements (bmo#1785967) * fixed: Saving email source and images failed (bmo#1777323,bmo#1778804) * fixed: Error message was shown repeatedly when temporary disk space was full (bmo#1788580) * fixed: Attaching OpenPGP keys without a set size to non- encrypted messages briefly displayed a size of zero bytes (bmo#1788952) * fixed: Global Search entry box initially contained 'undefined' (bmo#1780963) * fixed: Delete from POP Server mail filter rule intermittently failed to trigger (bmo#1789418) * fixed: Connections to POP3 servers without UIDL support failed (bmo#1789314) * fixed: Pop accounts with 'Fetch headers only' set downloaded complete messages if server did not advertise TOP capability (bmo#1789356) * fixed: 'File -> New -> Address Book Contact' from Compose window did not work (bmo#1782418) * fixed: Attach 'My vCard' option in compose window was not available (bmo#1787614) * fixed: Improved performance of matching a contact to an email address (bmo#1782725) * fixed: Address book only recognized a contact's first two email addresses (bmo#1777156) * fixed: Address book search and autocomplete failed if a contact vCard could not be parsed (bmo#1789793) * fixed: Downloading NNTP messages for offline use failed (bmo#1785773) * fixed: NNTP client became stuck when connecting to Public- Inbox servers (bmo#1786203) * fixed: Various visual and UX improvements (bmo#1782235,bmo#1787448,bmo#1788725,bmo#1790324) * fixed: Various security fixes * unresolved: No dedicated 'Department' field in address book (bmo#1777780) MFSA 2022-42 (bsc#1203477) * CVE-2022-3266 (bmo#1767360) Out of bounds read when decoding H264 * CVE-2022-40959 (bmo#1782211) Bypassing FeaturePolicy restrictions on transient pages * CVE-2022-40960 (bmo#1787633) Data-race when parsing non-UTF-8 URLs in threads * CVE-2022-40958 (bmo#1779993) Bypassing Secure Context restriction for cookies with __Host and __Secure prefix * CVE-2022-40956 (bmo#1770094) Content-Security-Policy base-uri bypass * CVE-2022-40957 (bmo#1777604) Incoherent instruction cache when building WASM on ARM64 * CVE-2022-3155 (bmo#1789061) Attachment files saved to disk on macOS could be executed without warning * CVE-2022-40962 (bmo#1776655, bmo#1777574, bmo#1784835, bmo#1785109, bmo#1786502, bmo#1789440) Memory safety bugs fixed in Thunderbird 102.3 Important SUSE bug 1203477 SUSE bug 1204411 SUSE bug 1204421 CVE-2022-3155 CVE-2022-3266 CVE-2022-39236 CVE-2022-39249 CVE-2022-39250 CVE-2022-39251 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962 cpe:/o:opensuse:leap:15.4 Security update for openjpeg2 (Important) openSUSE Leap 15.4 This update for openjpeg2 fixes the following issues: - CVE-2018-20846: Fixed OOB read in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205). - CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789). - CVE-2020-27814: Fixed heap buffer overflow in lib/openjp2/mqc.c (bsc#1179594), - CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821). - CVE-2020-27841: Fixed buffer over-read in lib/openjp2/pi.c (bsc#1180042). - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043). - CVE-2020-27843: Fixed OOB read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044). - CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046). Important SUSE bug 1140205 SUSE bug 1149789 SUSE bug 1179594 SUSE bug 1179821 SUSE bug 1180042 SUSE bug 1180043 SUSE bug 1180044 SUSE bug 1180046 CVE-2018-20846 CVE-2018-21010 CVE-2020-27814 CVE-2020-27824 CVE-2020-27841 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 cpe:/o:opensuse:leap:15.4 Security update for dbus-1 (Important) openSUSE Leap 15.4 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). Important SUSE bug 1087072 SUSE bug 1204111 SUSE bug 1204112 SUSE bug 1204113 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 cpe:/o:opensuse:leap:15.4 Security update for libconfuse0 (Important) openSUSE Leap 15.4 This update for libconfuse0 fixes the following issues: - CVE-2022-40320: Fixed a heap-based buffer over-read in cfg_tilde_expand in confuse.c (bsc#1203326). Important SUSE bug 1203326 CVE-2022-40320 cpe:/o:opensuse:leap:15.4 Security update for podman (Moderate) openSUSE Leap 15.4 This update for podman fixes the following issues: - CVE-2022-2989: Fixed possible information disclosure and modification (bsc#1202809). Moderate SUSE bug 1202809 CVE-2022-2989 cpe:/o:opensuse:leap:15.4 Security update for hsqldb (Important) openSUSE Leap 15.4 This update for hsqldb fixes the following issues: - CVE-2022-41853: Fixed insufficient input sanitization (bsc#1204521). Important SUSE bug 1204521 CVE-2022-41853 cpe:/o:opensuse:leap:15.4 Security update for hdf5 (Important) openSUSE Leap 15.4 This update for hdf5 fixes the following issues: - CVE-2021-46244: Fixed division by zero leading to DoS (bsc#1195215). - CVE-2018-13867: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1101906). - CVE-2018-16438: Fixed out of bounds read in H5L_extern_query at H5Lexternal.c (bsc#1107069). - CVE-2020-10812: Fixed NULL pointer dereference (bsc#1167400). - CVE-2021-45830: Fixed heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c (bsc#1194375). - CVE-2019-8396: Fixed buffer overflow in function H5O__layout_encode in H5Olayout.c (bsc#1125882). - CVE-2018-11205: Fixed out of bounds read was discovered in H5VM_memcpyvv in H5VM.c (bsc#1093663). - CVE-2021-46242: Fixed heap-use-after free via the component H5AC_unpin_entry (bsc#1195212). - CVE-2021-45833: Fixed stack buffer overflow vulnerability (bsc#1194366). - CVE-2018-14031: Fixed heap-based buffer over-read in the function H5T_copy in H5T.c (bsc#1101475). - CVE-2018-17439: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1111598). Important SUSE bug 1093663 SUSE bug 1101475 SUSE bug 1101906 SUSE bug 1107069 SUSE bug 1111598 SUSE bug 1125882 SUSE bug 1167400 SUSE bug 1194366 SUSE bug 1194375 SUSE bug 1195212 SUSE bug 1195215 CVE-2018-11205 CVE-2018-13867 CVE-2018-14031 CVE-2018-16438 CVE-2018-17439 CVE-2019-8396 CVE-2020-10812 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242 CVE-2021-46244 cpe:/o:opensuse:leap:15.4 Security update for hdf5 (Important) openSUSE Leap 15.4 This update for hdf5 fixes the following issues: - CVE-2021-46244: Fixed division by zero leading to DoS (bsc#1195215). - CVE-2018-13867: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1101906). - CVE-2018-16438: Fixed out of bounds read in H5L_extern_query at H5Lexternal.c (bsc#1107069). - CVE-2020-10812: Fixed NULL pointer dereference (bsc#1167400). - CVE-2021-45830: Fixed heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c (bsc#1194375). - CVE-2019-8396: Fixed buffer overflow in function H5O__layout_encode in H5Olayout.c (bsc#1125882). - CVE-2018-11205: Fixed out of bounds read was discovered in H5VM_memcpyvv in H5VM.c (bsc#1093663). - CVE-2021-46242: Fixed heap-use-after free via the component H5AC_unpin_entry (bsc#1195212). - CVE-2021-45833: Fixed stack buffer overflow vulnerability (bsc#1194366). - CVE-2018-14031: Fixed heap-based buffer over-read in the function H5T_copy in H5T.c (bsc#1101475). - CVE-2018-17439: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1111598). Important SUSE bug 1093663 SUSE bug 1101475 SUSE bug 1101906 SUSE bug 1107069 SUSE bug 1111598 SUSE bug 1125882 SUSE bug 1167400 SUSE bug 1194366 SUSE bug 1194375 SUSE bug 1195212 SUSE bug 1195215 CVE-2018-11205 CVE-2018-13867 CVE-2018-14031 CVE-2018-16438 CVE-2018-17439 CVE-2019-8396 CVE-2020-10812 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242 CVE-2021-46244 cpe:/o:opensuse:leap:15.4 Security update for php7 (Moderate) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) Moderate SUSE bug 1203867 SUSE bug 1203870 CVE-2022-31628 CVE-2022-31629 cpe:/o:opensuse:leap:15.4 Security update for podofo (Moderate) openSUSE Leap 15.4 This update for podofo fixes the following issues: - CVE-2018-12983: Fixed a stack overrun (bsc#1099719). Moderate SUSE bug 1099719 CVE-2018-12983 cpe:/o:opensuse:leap:15.4 Security update for python-Flask-Security (Moderate) openSUSE Leap 15.4 This update for python-Flask-Security fixes the following issues: - CVE-2021-23385: Fixed open redirect (bsc#1202105). Moderate SUSE bug 1202105 CVE-2021-23385 cpe:/o:opensuse:leap:15.4 Security update for nodejs10 (Moderate) openSUSE Leap 15.4 This update for nodejs10 fixes the following issues: - CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832). - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). Moderate SUSE bug 1201325 SUSE bug 1203832 CVE-2022-32213 CVE-2022-35256 cpe:/o:opensuse:leap:15.4 Security update for gnome-desktop (Moderate) openSUSE Leap 15.4 This update for gnome-desktop fixes the following issues: - CVE-2019-11460: Fixed sandbox issue that allowed bypassing from a compromised thumbnailer (bsc#1133043). Moderate SUSE bug 1133043 CVE-2019-11460 cpe:/o:opensuse:leap:15.4 Security update for openssl-3 (Critical) openSUSE Leap 15.4 This update for openssl-3 fixes the following issues: - CVE-2022-3358: Fixed vulnerability where a custom cipher passed to EVP_CipherInit() could lead into NULL encryption being unexpectedly used (bsc#1204226). - CVE-2022-3602: Fixed a buffer overflow in the X.509 email address. (bsc#1204714) - CVE-2022-3786: Fixed another buffer overflow related to X.509 email address. (bsc#1204714) Critical SUSE bug 1204226 SUSE bug 1204714 CVE-2022-3358 CVE-2022-3602 CVE-2022-3786 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bnc#1198189). - CVE-2022-32296: Fixed a bug which allowed TCP servers to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bnc#1203389). - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) The following non-security bugs were fixed: - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bsc#1203767). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699). - ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wm_adsp: Add support for 'toggle' preloaders (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - bnx2x: fix built-in kernel driver load failure (git-fixes). - bnx2x: fix driver load from initrd (git-fixes). - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - cgroup: Fix threadgroup_rwsem cpus_read_lock() deadlock (bsc#1196869). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - dt-bindings: hwmon: (mr75203) fix 'intel,vm-map' property to be optional (git-fixes). - EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - eth: sun: cassini: remove dead code (git-fixes). - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203798). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - ice: Allow operation with reduced device MSI-X (bsc#1201987). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - ice: fix crash when writing timestamp on RX rings (git-fixes). - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - ice: Fix race during aux device (un)plugging (git-fixes). - ice: Match on all profiles in slow-path (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - kABI workaround for spi changes (bsc#1203699). - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - kABI: fix adding another field to scsi_device (bsc#1203039). - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - kbuild: disable header exports for UML in a straightforward way (git-fixes). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - KVM: X86: Fix when shadow_root_level=5 and guest root_level 4 (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - lockd: detect and reject lock arguments that overflow (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - media: imx-jpeg: Correct some definition according specification (git-fixes). - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - media: rkvdec: Disable H.264 error detection (git-fixes). - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - media: vsp1: Fix offset calculation for plane cropping. - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mlxsw: i2c: Fix initialization error flow (git-fixes). - mm: Fix PASID use-after-free issue (bsc#1203908). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - net: bcmgenet: hide status block before TX timestamping (git-fixes). - net: bcmgenet: Revert 'Use stronger register read/writes to assure ordering' (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - net: ftgmac100: access hardware register after clock ready (git-fixes). - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - net: ipa: get rid of a duplicate initialization (git-fixes). - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - net: ipa: record proper RX transaction count (git-fixes). - net: macb: Fix PTP one step sync support (git-fixes). - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - net: phy: at803x: move page selection fix to config_init (git-fixes). - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - net: stmmac: only enable DMA interrupts when ready (git-fixes). - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - net: stmmac: remove unused get_addr() callback (git-fixes). - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - net: wwan: iosm: remove pointless null check (git-fixes). - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - net/mlx5: Drain fw_reset when removing device (git-fixes). - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: fix problems with __nfs42_ssc_open (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Report RDMA connection errors to the server (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of/fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - parisc/sticon: fix reverse colors (bsc#1152489) - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - PCI: Correct misspelled words (git-fixes). - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - regulator: core: Clean up on enable failure (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Fix spelling mistake 'definiton' 'definition' (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: fsl_lpuart: Reset prior to registration (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - struct ehci_hcd: hide new element going into a hole (git-fixes). - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: add quirks for Lenovo OneLink+ Dock (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: Drop commas after SoC match table sentinels (git-fixes). - USB: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes). - USB: dwc3: gadget: Refactor pullup() (git-fixes). - USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - USB: Fix memory leak in usbnet_disconnect() (git-fixes). - USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - USB: hub: avoid warm port reset during USB3 disconnect (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS 0x0b05:0x1932 to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - USB: typec: tipd: Add an additional overflow check (git-fixes). - USB: typec: tipd: Do not read/write more bytes than required (git-fixes). - USB: typec: ucsi: Remove incorrect warning (git-fixes). - USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - vt: Clear selection before changing the font (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkback: fix persistent grants negotiation (git-fixes). - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - xen-blkfront: Handle NULL gendisk (git-fixes). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes). - xhci: Allocate separate command structures for each LPM command (git-fixes). Important SUSE bug 1185032 SUSE bug 1190497 SUSE bug 1194023 SUSE bug 1194869 SUSE bug 1195917 SUSE bug 1196444 SUSE bug 1196869 SUSE bug 1197659 SUSE bug 1198189 SUSE bug 1200288 SUSE bug 1200622 SUSE bug 1201309 SUSE bug 1201310 SUSE bug 1201987 SUSE bug 1202095 SUSE bug 1202960 SUSE bug 1203039 SUSE bug 1203066 SUSE bug 1203101 SUSE bug 1203197 SUSE bug 1203263 SUSE bug 1203338 SUSE bug 1203360 SUSE bug 1203361 SUSE bug 1203389 SUSE bug 1203410 SUSE bug 1203505 SUSE bug 1203552 SUSE bug 1203664 SUSE bug 1203693 SUSE bug 1203699 SUSE bug 1203767 SUSE bug 1203769 SUSE bug 1203770 SUSE bug 1203794 SUSE bug 1203798 SUSE bug 1203893 SUSE bug 1203902 SUSE bug 1203906 SUSE bug 1203908 SUSE bug 1203935 SUSE bug 1203939 SUSE bug 1203987 SUSE bug 1203992 SUSE bug 1204051 SUSE bug 1204059 SUSE bug 1204060 SUSE bug 1204125 CVE-2022-1263 CVE-2022-2586 CVE-2022-3202 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-39189 CVE-2022-41218 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Important SUSE bug 1204412 SUSE bug 1204416 CVE-2022-3550 CVE-2022-3551 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Important SUSE bug 1204412 SUSE bug 1204416 CVE-2022-3550 CVE-2022-3551 cpe:/o:opensuse:leap:15.4 Security update for ntfs-3g_ntfsprogs (Important) openSUSE Leap 15.4 This update for ntfs-3g_ntfsprogs fixes the following issues: - CVE-2022-40284: Fixed incorrect validation of some of the NTFS metadata that could cause buffer overflow (bsc#1204734). Important SUSE bug 1204734 CVE-2022-40284 cpe:/o:opensuse:leap:15.4 Security update for python-Flask-Security-Too (Moderate) openSUSE Leap 15.4 This update for python-Flask-Security-Too fixes the following issues: - CVE-2021-23385: Fixed open redirect (bsc#1202105). Moderate SUSE bug 1202105 CVE-2021-23385 cpe:/o:opensuse:leap:15.4 Security update for rubygem-loofah (Moderate) openSUSE Leap 15.4 This update for rubygem-loofah fixes the following issues: - CVE-2019-15587: Fixed issue in sanitization of crafted SVG elements (bsc#1154751). Moderate SUSE bug 1154751 CVE-2019-15587 cpe:/o:opensuse:leap:15.4 Security update for libxml2 (Important) openSUSE Leap 15.4 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). Important SUSE bug 1201978 SUSE bug 1204366 SUSE bug 1204367 CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 cpe:/o:opensuse:leap:15.4 Security update for xmlbeans (Important) openSUSE Leap 15.4 This update for xmlbeans fixes the following issues: - CVE-2021-23926: Fixed XML parsers not protecting from malicious XML input (bsc#1180915). Important SUSE bug 1180915 CVE-2021-23926 cpe:/o:opensuse:leap:15.4 Security update for expat (Important) openSUSE Leap 15.4 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). Important SUSE bug 1204708 CVE-2022-43680 cpe:/o:opensuse:leap:15.4 Security update for exiv2 (Important) openSUSE Leap 15.4 This update for exiv2 fixes the following issues: Updated to version 0.27.5 (jsc#PED-1393): - CVE-2017-1000128: Fixed stack out of bounds read in JPEG2000 parser (bsc#1068871). - CVE-2019-13108: Fixed integer overflow PngImage:readMetadata (bsc#1142675). - CVE-2020-19716: Fixed buffer overflow vulnerability in the Databuf function in types.cpp (bsc#1188645). - CVE-2021-29457: Fixed heap buffer overflow when write metadata into a crafted image file (bsc#1185002). - CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1185447). - CVE-2021-29623: Fixed read of uninitialized memory (bsc#1186053). - CVE-2021-31291: Fixed heap-based buffer overflow in jp2image.cpp (bsc#1188733). - CVE-2021-32617: Fixed denial of service due to inefficient algorithm (bsc#1186192). - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read() (bsc#1189332). - CVE-2021-37621: Fixed DoS due to infinite loop in Image:printIFDStructure (bsc#1189333). - CVE-2021-37622: Fixed DoS due to infinite loop in JpegBase:printStructure (bsc#1189334) - CVE-2021-34334: Fixed DoS due to integer overflow in loop counter(bsc#1189338) - CVE-2021-37623: Fixed DoS due to infinite loop in JpegBase:printStructure (bsc#1189335) - CVE-2021-29463: Fixed out-of-bounds read in webpimage.cpp (bsc#1185913). - CVE-2021-34334: Fixed DoS due to integer overflow in loop counter (bsc#1189338) - CVE-2019-13111: Fixed integer overflow in WebPImage:decodeChunks that lead to denial of service (bsc#1142679) - CVE-2021-29463: Fixed an out-of-bounds read was found in webpimage.cpp (bsc#1185913) Bugfixes: - Fixed build using GCC 11 (bsc#1185218). A new libexiv2-2_27 shared library is shipped, the libexiv2-2_26 is provided only for compatibility now. Please recompile your applications using the exiv2 library. Important SUSE bug 1068871 SUSE bug 1142675 SUSE bug 1142679 SUSE bug 1185002 SUSE bug 1185218 SUSE bug 1185447 SUSE bug 1185913 SUSE bug 1186053 SUSE bug 1186192 SUSE bug 1188645 SUSE bug 1188733 SUSE bug 1189332 SUSE bug 1189333 SUSE bug 1189334 SUSE bug 1189335 SUSE bug 1189338 CVE-2017-1000128 CVE-2019-13108 CVE-2019-13111 CVE-2020-19716 CVE-2021-29457 CVE-2021-29463 CVE-2021-29470 CVE-2021-29623 CVE-2021-31291 CVE-2021-32617 CVE-2021-34334 CVE-2021-37620 CVE-2021-37621 CVE-2021-37622 CVE-2021-37623 cpe:/o:opensuse:leap:15.4 Security update for sendmail (Important) openSUSE Leap 15.4 This update for sendmail fixes the following issues: - CVE-2022-31256: Fixed mail to root privilege escalation via sm-client.pre script (bsc#1204696, bsc#1202937). Important SUSE bug 1202937 SUSE bug 1204696 CVE-2022-31256 cpe:/o:opensuse:leap:15.4 Security update for gstreamer-plugins-base (Moderate) openSUSE Leap 15.4 This update for gstreamer-plugins-base fixes the following issues: - CVE-2021-3522: Fixed ID3v2 tag frame size check and potential invalid reads (bsc#1185448). Moderate SUSE bug 1185448 CVE-2021-3522 cpe:/o:opensuse:leap:15.4 Security update for gstreamer-plugins-good (Moderate) openSUSE Leap 15.4 This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). Moderate SUSE bug 1201688 SUSE bug 1201693 SUSE bug 1201702 SUSE bug 1201704 SUSE bug 1201706 SUSE bug 1201707 SUSE bug 1201708 CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 cpe:/o:opensuse:leap:15.4 Security update for vsftpd (Moderate) openSUSE Leap 15.4 This update for vsftpd fixes the following issues: Bugfixes: - Removed unsupported systemd hardening options (bsc#1196918). Moderate SUSE bug 1196918 cpe:/o:opensuse:leap:15.4 Security update for protobuf (Important) openSUSE Leap 15.4 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) Important SUSE bug 1194530 SUSE bug 1203681 SUSE bug 1204256 CVE-2021-22569 CVE-2022-1941 CVE-2022-3171 cpe:/o:opensuse:leap:15.4 Security update for git (Moderate) openSUSE Leap 15.4 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). Moderate SUSE bug 1204455 SUSE bug 1204456 CVE-2022-39253 CVE-2022-39260 cpe:/o:opensuse:leap:15.4 Security update for python-rsa (Moderate) openSUSE Leap 15.4 This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676). Moderate SUSE bug 1178676 CVE-2020-25658 cpe:/o:opensuse:leap:15.4 Security update for libarchive (Moderate) openSUSE Leap 15.4 This update for libarchive fixes the following issues: - CVE-2021-31566: Fixed vulnerability where libarchive modifies file flags of symlink target (bsc#1192426) - Fixed issue where processing fixup entries may follow symbolic links (bsc#1192427). Moderate SUSE bug 1192426 SUSE bug 1192427 CVE-2021-31566 cpe:/o:opensuse:leap:15.4 Security update for xwayland (Important) openSUSE Leap 15.4 This update for xwayland fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Important SUSE bug 1204412 SUSE bug 1204416 CVE-2022-3550 CVE-2022-3551 cpe:/o:opensuse:leap:15.4 Security update for xterm (Moderate) openSUSE Leap 15.4 This update for xterm fixes the following issues: - CVE-2022-24130: Fixed buffer overflow in set_sixel when Sixel support is enabled (bsc#1195387). Moderate SUSE bug 1195387 CVE-2022-24130 cpe:/o:opensuse:leap:15.4 Security update for busybox (Important) openSUSE Leap 15.4 This update for busybox fixes the following issues: - Enable switch_root With this change virtme --force-initramfs works as expected. - Enable udhcpc busybox was updated to 1.35.0 - Adjust busybox.config for new features in find, date and cpio - Annotate CVEs already fixed in upstream, but not mentioned in .changes yet: * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw * CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes * CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data * CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp * CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data() * CVE-2011-5325 (bsc#951562): tar directory traversal * CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation Important SUSE bug 1064976 SUSE bug 1064978 SUSE bug 1069412 SUSE bug 1099260 SUSE bug 1099263 SUSE bug 1102912 SUSE bug 1121426 SUSE bug 1121428 SUSE bug 1184522 SUSE bug 1192869 SUSE bug 951562 SUSE bug 970662 SUSE bug 970663 SUSE bug 991940 CVE-2011-5325 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2016-6301 CVE-2017-15873 CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747 CVE-2021-28831 CVE-2021-42373 CVE-2021-42374 CVE-2021-42375 CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 cpe:/o:opensuse:leap:15.4 Security update for kubevirt stack (Important) openSUSE Leap 15.4 This update provides rebuilds of the kubevirt containers with up to date base images, fixing various security issues. Important cpe:/o:opensuse:leap:15.4 Security update for containerized-data-importer (Important) openSUSE Leap 15.4 This update rebuilds the current containeried data importer images against current base images, to fix security issues. Important cpe:/o:opensuse:leap:15.4 Security update for python-Mako (Moderate) openSUSE Leap 15.4 This update for python-Mako fixes the following issues: - CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246). Moderate SUSE bug 1203246 CVE-2022-40023 cpe:/o:opensuse:leap:15.4 Security update for freerdp (Moderate) openSUSE Leap 15.4 This update for freerdp fixes the following issues: - CVE-2022-39282: Fix to init data read by `/parallel` command line switch. (bsc#1204258) - CVE-2022-39283: Fix to prevent video channel from reading uninitialized data. (bsc#1204257) Moderate SUSE bug 1204257 SUSE bug 1204258 CVE-2022-39282 CVE-2022-39283 cpe:/o:opensuse:leap:15.4 Security update for libX11 (Moderate) openSUSE Leap 15.4 This update for libX11 fixes the following issues: - CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422). - CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425). Moderate SUSE bug 1204422 SUSE bug 1204425 CVE-2022-3554 CVE-2022-3555 cpe:/o:opensuse:leap:15.4 Security update for LibVNCServer (Moderate) openSUSE Leap 15.4 This update for LibVNCServer fixes the following issues: - CVE-2020-29260: Fixed memory leakage via rfbClientCleanup() (bsc#1203106). Moderate SUSE bug 1203106 CVE-2020-29260 cpe:/o:opensuse:leap:15.4 Security update for dhcp (Moderate) openSUSE Leap 15.4 This update for dhcp fixes the following issues: - CVE-2022-2928: Fixed an option refcount overflow (bsc#1203988). - CVE-2022-2929: Fixed a DHCP memory leak (bsc#1203989). Moderate SUSE bug 1203988 SUSE bug 1203989 CVE-2022-2928 CVE-2022-2929 cpe:/o:opensuse:leap:15.4 Security update for jackson-databind (Important) openSUSE Leap 15.4 This update for jackson-databind fixes the following issues: Update to version 2.13.4.2: - CVE-2022-42003: Fixed missing check in primitive value deserializers to avoid deep wrapper array nesting wrt 'UNWRAP_SINGLE_VALUE_ARRAYS' (bsc#1204370). - CVE-2022-42004: Fixed missing check in 'BeanDeserializer._deserializeFromArray()' to prevent use of deeply nested arrays (bsc#1204369). Important SUSE bug 1204369 SUSE bug 1204370 CVE-2022-42003 CVE-2022-42004 cpe:/o:opensuse:leap:15.4 Security update for 389-ds (Low) openSUSE Leap 15.4 This update for 389-ds fixes the following issues: - CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119). - Update to version 2.0.16~git56.d15a0a7: - Failure to migrate from openldap if pwdPolicyChecker present (bsc#1205146). - Resolve issue with checklist post migration when dds is present (bsc#1204748). - Improve reliability of migrations from openldap when dynamic directory services is configured (bsc#1204493). Low SUSE bug 1194119 SUSE bug 1204493 SUSE bug 1204748 SUSE bug 1205146 CVE-2021-45710 cpe:/o:opensuse:leap:15.4 Security update for php7 (Important) openSUSE Leap 15.4 This update for php7 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont() (bsc#1204979). - CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bsc#1204577). - Version update to 7.4.32 (jsc#SLE-23639) - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) Important SUSE bug 1203867 SUSE bug 1203870 SUSE bug 1204577 SUSE bug 1204979 CVE-2021-21707 CVE-2021-21708 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628 CVE-2022-31629 CVE-2022-31630 CVE-2022-37454 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15-SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent (bnc#1203290). - CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3619: Fixed memory leak in l2cap_recv_acldata() in net/bluetooth/l2cap_core.c of the component (bnc#1204569). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3633: Fixed memory leak in j1939_session_destroy() in net/can/j1939/transport.c (bnc#1204650). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bnc#1203514). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ACPI: video: Make backlight class device registration a separate step (v2) (git-fixes). - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - ALSA: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - ALSA: hda/hdmi: change type for the 'assigned' variable (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - ALSA: hda: cs35l41: Support System Suspend (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - ALSA: hiface: fix repeated words in comments (git-fixes). - ALSA: line6: Replace sprintf() with sysfs_emit() (git-fixes). - ALSA: line6: remove line6_set_raw declaration (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - ALSA: scarlett2: Add support for the internal 'standalone' switch (git-fixes). - ALSA: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - ALSA: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix last interface check for registration (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ALSA: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - ALSA: usb-audio: Register card at the last interface (git-fixes). - ALSA: usb-audio: make read-only array marker static const (git-fixes). - ALSA: usb-audio: remove redundant assignment to variable c (git-fixes). - ALSA: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - ALSA: usb/6fire: fix repeated words in comments (git-fixes). - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - ARM: Drop CMDLINE_* dependency on ATAGS (git-fixes). - ARM: decompressor: Include .data.rel.ro.local (git-fixes). - ARM: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - ARM: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - ARM: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - ARM: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - ARM: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - ARM: dts: imx6dl: add missing properties for sram (git-fixes). - ARM: dts: imx6q: add missing properties for sram (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - ARM: dts: imx6qp: add missing properties for sram (git-fixes). - ARM: dts: imx6sl: add missing properties for sram (git-fixes). - ARM: dts: imx6sll: add missing properties for sram (git-fixes). - ARM: dts: imx6sx: add missing properties for sram (git-fixes). - ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - ARM: dts: integrator: Tag PCI host with device_type (git-fixes). - ARM: dts: kirkwood: lsxl: fix serial line (git-fixes). - ARM: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - ARM: dts: turris-omnia: Add label for wan port (git-fixes). - ARM: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - ASoC: codecs: tx-macro: fix kcontrol put (git-fixes). - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6359: fix tests for platform_get_irq() failure (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: tas2764: Allow mono streams (git-fixes). - ASoC: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2764: Fix mute/unmute (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - ASoC: wm_adsp: Handle optional legacy support (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - Bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - Documentation: devres: add missing I2C helper (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drop verbose nvme logging feature (bsc#1200567). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/core: Fix a nested dead lock as part of ODP flow (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - KVM: VMX: Inject #PF on ENCLS as 'emulated' #PF (git-fixes). - KVM: fix avic_set_running for preemptable kernels (git-fixes). - KVM: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - KVM: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - KVM: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - KVM: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - KVM: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - KVM: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - KVM: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - KVM: x86: Always set kvm_run->if_flag (git-fixes). - KVM: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - KVM: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - KVM: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - KVM: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - KVM: x86: Update vPMCs when retiring branch instructions (git-fixes). - KVM: x86: Update vPMCs when retiring instructions (git-fixes). - KVM: x86: do not report preemption if the steal time cache is stale (git-fixes). - KVM: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - KVM: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - NFS: Fix another fsync() issue after a server reboot (git-fixes). - NFSv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - PCI/ASPM: Ignore L1 PM Substates if device lacks capability (git-fixes). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - PCI: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - RDMA/irdma: Add support for address handle re-use (git-fixes) - RDMA/irdma: Align AE id codes to correct flush code and event (git-fixes) - RDMA/irdma: Do not advertise 1GB page size for x722 (git-fixes) - RDMA/irdma: Fix VLAN connection with wildcard address (git-fixes) - RDMA/irdma: Fix a window for use-after-free (git-fixes) - RDMA/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - RDMA/irdma: Fix sleep from invalid context BUG (git-fixes) - RDMA/irdma: Move union irdma_sockaddr to header file (git-fixes) - RDMA/irdma: Remove the unnecessary variable saddr (git-fixes) - RDMA/irdma: Report RNR NAK generation in device caps (git-fixes) - RDMA/irdma: Report the correct max cqes from query device (git-fixes) - RDMA/irdma: Return correct WC error for bind operation failure (git-fixes) - RDMA/irdma: Return error on MR deregister CQP failure (git-fixes) - RDMA/irdma: Use net_type to check network type (git-fixes) - RDMA/irdma: Validate udata inlen and outlen (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - RDMA/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - RDMA/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: For invalidate compare according to set keys in mr (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/srp: Fix srp_abort() (git-fixes) - RDMA/srp: Handle dev_set_name() failure (git-fixes) - RDMA/srp: Rework the srp_add_port() error path (git-fixes) - RDMA/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - RDMA/srp: Support more than 255 rdma ports (git-fixes) - RDMA/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - RDMA/srpt: Duplicate port name members (git-fixes) - RDMA/srpt: Fix a use-after-free (git-fixes) - RDMA/srpt: Introduce a reference count in struct srpt_device (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - Revert 'workqueue: remove unused cancel_work()' (bsc#1204933). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - build mlx in arm64/azure as modules again (bsc#1203701) There is little gain by having the drivers built into the kernel. Having them as modules allows easy replacement by third party drivers. Change mlx4, mlx5 and mlxfw from built-in to module. - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/komeda: Fix handling of atomic commit in the atomic_commit_tail hook (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - gcov: support GCC 12.1 and newer compilers (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ice: Fix switchdev rules book keeping (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - increase NR_CPUS on azure and follow kernel-default (bsc#1203979) - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes). - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - plip: avoid rcu debug splat (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - regulator: core: Prevent integer underflow (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - remove unused CONFIG_MAXSMP from arm64/azure - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: use 'grep -E' instead of 'egrep' (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing: Add '(fault)' name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes). - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - virt: vbox: convert to use dev_groups (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - xen/gntdev: Prevent leaking grants (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1188238 SUSE bug 1194869 SUSE bug 1196018 SUSE bug 1196632 SUSE bug 1199904 SUSE bug 1200567 SUSE bug 1200692 SUSE bug 1200788 SUSE bug 1202187 SUSE bug 1202686 SUSE bug 1202700 SUSE bug 1202914 SUSE bug 1203098 SUSE bug 1203229 SUSE bug 1203290 SUSE bug 1203435 SUSE bug 1203514 SUSE bug 1203699 SUSE bug 1203701 SUSE bug 1203767 SUSE bug 1203770 SUSE bug 1203802 SUSE bug 1203922 SUSE bug 1203979 SUSE bug 1204017 SUSE bug 1204051 SUSE bug 1204059 SUSE bug 1204060 SUSE bug 1204125 SUSE bug 1204142 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204171 SUSE bug 1204241 SUSE bug 1204353 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204402 SUSE bug 1204413 SUSE bug 1204415 SUSE bug 1204417 SUSE bug 1204428 SUSE bug 1204431 SUSE bug 1204439 SUSE bug 1204470 SUSE bug 1204479 SUSE bug 1204498 SUSE bug 1204533 SUSE bug 1204569 SUSE bug 1204574 SUSE bug 1204575 SUSE bug 1204619 SUSE bug 1204635 SUSE bug 1204637 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204650 SUSE bug 1204653 SUSE bug 1204693 SUSE bug 1204705 SUSE bug 1204719 SUSE bug 1204728 SUSE bug 1204753 SUSE bug 1204868 SUSE bug 1204926 SUSE bug 1204933 SUSE bug 1204934 SUSE bug 1204947 SUSE bug 1204957 SUSE bug 1204963 SUSE bug 1204970 CVE-2022-1882 CVE-2022-2153 CVE-2022-28748 CVE-2022-2964 CVE-2022-2978 CVE-2022-3169 CVE-2022-33981 CVE-2022-3424 CVE-2022-3435 CVE-2022-3521 CVE-2022-3524 CVE-2022-3526 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3619 CVE-2022-3621 CVE-2022-3625 CVE-2022-3628 CVE-2022-3629 CVE-2022-3633 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-40476 CVE-2022-40768 CVE-2022-41674 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43750 cpe:/o:opensuse:leap:15.4 Security update for systemd (Moderate) openSUSE Leap 15.4 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason Moderate SUSE bug 1204179 SUSE bug 1204968 CVE-2022-3821 cpe:/o:opensuse:leap:15.4 Security update for python-Twisted (Low) openSUSE Leap 15.4 This update for python-Twisted fixes the following issues: - CVE-2022-39348: Fixed NameVirtualHost Host header injection (bsc#1204781). Low SUSE bug 1204781 CVE-2022-39348 cpe:/o:opensuse:leap:15.4 Security update for sudo (Important) openSUSE Leap 15.4 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). Important SUSE bug 1204986 CVE-2022-43995 cpe:/o:opensuse:leap:15.4 Security update for nodejs16 (Important) openSUSE Leap 15.4 This update for nodejs16 fixes the following issues: - Update to LTS versino 16.18.1: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). - Update to LTS version 16.18.0: * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() * deps: npm updated to 8.19.2 Important SUSE bug 1205119 CVE-2022-43548 cpe:/o:opensuse:leap:15.4 Security update for python310 (Important) openSUSE Leap 15.4 This update for python310 fixes the following issues: Security fixes: - CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method (bsc#1204886). - CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244). Other fixes: - allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). - Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. - Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled. - Fix undefined behaviour in C code of null pointer arithmetic. - Do not expose KeyWrapper in _functools. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Disable incorrect pickling of the C implemented classmethod descriptors. - Fix AttributeError missing name and obj attributes in . object.__getattribute__() bpo-42316: Document some places . where an assignment expression needs parentheses . - Wrap network errors consistently in urllib FTP support, so the test suite doesn’t fail when a network is available but the public internet is not reachable. - Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used. - Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt). - Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed. - Remove tokenize.NL check from tabnanny. - Make Semaphore run faster. - Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments “name” and “variable” are not specified. Now they are globally unique. - Update bundled libexpat to 2.4.9 - Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. - Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF. - Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str. - Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: don’t call the previous signal handler if it’s NULL. - In inspect, fix overeager replacement of “typing.” in formatting annotations. - Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that it’s not garbage collected - Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings. - Fixed flickering of the turtle window when the tracer is turned off. - Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. - Fix broken asyncio.Semaphore when acquire is cancelled. - Fix ast.unparse() when ImportFrom.level is None - Improve performance of urllib.request.getproxies_environment when there are many environment variables - Fix ! in c domain ref target syntax via a conf.py patch, so it works as intended to disable ref target resolution. - Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe. - Update tutorial introduction output to use 3.10+ SyntaxError invalid range. Important SUSE bug 1204886 SUSE bug 1205244 CVE-2022-42919 CVE-2022-45061 cpe:/o:opensuse:leap:15.4 Security update for php8 (Important) openSUSE Leap 15.4 This update for php8 fixes the following issues: - CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bug#81738) (bsc#1204577). - CVE-2022-31630: Fixed OOB read due to insufficient input validation in imageloadfont() (bug#81739) (bsc#1204979). - version update to 8.0.25 (27 Oct 2022) * Session: Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method). * Streams: Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set). Important SUSE bug 1204577 SUSE bug 1204979 CVE-2022-31630 CVE-2022-37454 cpe:/o:opensuse:leap:15.4 Security update for xen (Important) openSUSE Leap 15.4 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923). Important SUSE bug 1027519 SUSE bug 1193923 SUSE bug 1203806 SUSE bug 1203807 SUSE bug 1204482 SUSE bug 1204483 SUSE bug 1204485 SUSE bug 1204487 SUSE bug 1204488 SUSE bug 1204489 SUSE bug 1204490 SUSE bug 1204494 SUSE bug 1204496 CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVE-2022-42327 cpe:/o:opensuse:leap:15.4 Security update for apache2-mod_wsgi (Moderate) openSUSE Leap 15.4 This update for apache2-mod_wsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634) Moderate SUSE bug 1201634 CVE-2022-2255 cpe:/o:opensuse:leap:15.4 Security update for jsoup (Moderate) openSUSE Leap 15.4 This update for jsoup fixes the following issues: Updated to version 1.15.3: - CVE-2022-36033: Fixed incorrect sanitization of user input in SafeList.preserveRelativeLinks (bsc#1203459). Moderate SUSE bug 1203459 CVE-2022-36033 cpe:/o:opensuse:leap:15.4 Security update for rubygem-nokogiri (Important) openSUSE Leap 15.4 This update for rubygem-nokogiri fixes the following issues: - CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. (bsc#1198408) - CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. (bsc#1199782) Important SUSE bug 1198408 SUSE bug 1199782 CVE-2022-24836 CVE-2022-29181 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - IB/core: Only update PKEY and GID caches on respective events (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/mlx4: Add support for REJ due to timeout (git-fixes) - IB/mlx4: Use port iterator and validation APIs (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB/srpt: Remove redundant assignment to ret (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - KVM: s390: clear kicked_mask before sleeping again (git-fixes). - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - PCI: Dynamically map ECAM regions (bsc#1204382). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/bnxt_re: Add missing spin lock initialization (git-fixes) - RDMA/bnxt_re: Fix query SRQ failure (git-fixes) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/core: Sanitize WQ state received from the userspace (git-fixes) - RDMA/cxgb4: Remove MW support (git-fixes) - RDMA/efa: Free IRQ vectors on error flow (git-fixes) - RDMA/efa: Remove double QP type assignment (git-fixes) - RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - RDMA/mlx5: Set user priority for DCT (git-fixes) - RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix redundant skb_put_zero (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Remove unused pkt->offset (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: Verify port when creating flow rule (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) - Revert 'drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489) - Revert 'drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time' (git-fixes). - Revert 'usb: add quirks for Lenovo OneLink+ Dock' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: aspeed-video: ignore interrupts that are not enabled (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638). - parisc/sticon: fix reverse colors (bsc#1152489) Backporting notes: * context changes - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). Important SUSE bug 1032323 SUSE bug 1065729 SUSE bug 1152489 SUSE bug 1198702 SUSE bug 1200465 SUSE bug 1200788 SUSE bug 1201725 SUSE bug 1202638 SUSE bug 1202686 SUSE bug 1202700 SUSE bug 1203066 SUSE bug 1203098 SUSE bug 1203387 SUSE bug 1203391 SUSE bug 1203496 SUSE bug 1203802 SUSE bug 1204053 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204382 SUSE bug 1204402 SUSE bug 1204415 SUSE bug 1204417 SUSE bug 1204431 SUSE bug 1204439 SUSE bug 1204470 SUSE bug 1204479 SUSE bug 1204574 SUSE bug 1204575 SUSE bug 1204619 SUSE bug 1204635 SUSE bug 1204637 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204653 SUSE bug 1204728 SUSE bug 1204753 SUSE bug 1204754 CVE-2021-4037 CVE-2022-2153 CVE-2022-2964 CVE-2022-2978 CVE-2022-3176 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3625 CVE-2022-3629 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-39189 CVE-2022-42703 CVE-2022-43750 cpe:/o:opensuse:leap:15.4 Security update for go1.19 (Low) openSUSE Leap 15.4 This update for go1.19 fixes the following issues: Update to go 1.19.3 (released 2022-11-01) (bsc#1200441): Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941). Bugfixes: - runtime: lock count' fatal error when cgo is enabled (go#56308). - cmd/compile: libFuzzer instrumentation fakePC overflow on 386 arch (go#56168). - internal/fuzz: array literal initialization causes ICE 'unhandled stmt ASOP' while fuzzing (go#56106). Low SUSE bug 1200441 SUSE bug 1204941 CVE-2022-41716 cpe:/o:opensuse:leap:15.4 Security update for go1.18 (Low) openSUSE Leap 15.4 This update for go1.18 fixes the following issues: Update to go 1.18.8 (released 2022-11-01) (bsc#1193742): Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941). Bugfixes: - runtime: lock count' fatal error when cgo is enabled (go#56308). Low SUSE bug 1193742 SUSE bug 1204941 CVE-2022-41716 cpe:/o:opensuse:leap:15.4 Security update for systemd (Moderate) openSUSE Leap 15.4 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). Moderate SUSE bug 1204179 SUSE bug 1204968 CVE-2022-3821 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 102.5.0 ESR (MFSA 2022-48, bsc#1205270): - CVE-2022-45403: Service Workers might have learned size of cross-origin media files - CVE-2022-45404: Fullscreen notification bypass - CVE-2022-45405: Use-after-free in InputStream implementation - CVE-2022-45406: Use-after-free of a JavaScript Realm - CVE-2022-45408: Fullscreen notification bypass via windowName - CVE-2022-45409: Use-after-free in Garbage Collection - CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy - CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers - CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers - CVE-2022-45416: Keystroke Side-Channel Leakage - CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI - CVE-2022-45420: Iframe contents could be rendered outside the iframe - CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 Important SUSE bug 1205270 CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 cpe:/o:opensuse:leap:15.4 Security update for php7 (Important) openSUSE Leap 15.4 This update for php7 fixes the following issues: - Version update to 7.2.34 [jsc#SLE-23639] - CVE-2022-37454: Fixed SHA-3 buffer overflow (bsc#1204577). - Fix integer overflow in PHP_SHA3##bits (bsc#1204577#c26). Important SUSE bug 1204577 CVE-2015-9253 CVE-2017-8923 CVE-2017-9120 CVE-2018-1000222 CVE-2018-12882 CVE-2018-14851 CVE-2018-17082 CVE-2018-19935 CVE-2018-20783 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11048 CVE-2019-11050 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 CVE-2020-7059 CVE-2020-7060 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7066 CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 CVE-2021-21703 CVE-2021-21704 CVE-2021-21705 CVE-2021-21707 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628 CVE-2022-31629 CVE-2022-37454 cpe:/o:opensuse:leap:15.4 Security update for php7 (Important) openSUSE Leap 15.4 This update for php7 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont() (bsc#1204979). - CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bsc#1204577). - Version update to 7.4.32 (jsc#SLE-23639) - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) Important SUSE bug 1203867 SUSE bug 1203870 SUSE bug 1204577 SUSE bug 1204979 CVE-2017-8923 CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 CVE-2021-21703 CVE-2021-21704 CVE-2021-21705 CVE-2021-21706 CVE-2021-21707 CVE-2021-21708 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628 CVE-2022-31629 CVE-2022-31630 CVE-2022-37454 cpe:/o:opensuse:leap:15.4 Security update for python39 (Important) openSUSE Leap 15.4 This update for python39 fixes the following issues: Security fixes: - CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method (bsc#1204886). - CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244). Other fixes: - Allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). - Update to 3.9.15: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - Update bundled libexpat to 2.4.9 Important SUSE bug 1204886 SUSE bug 1205244 CVE-2022-42919 CVE-2022-45061 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28748: Fixed a leak of kernel memory over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435). - CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck (bnc#1203514). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - acpi: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - acpi: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - acpi: extlog: Handle multiple records (git-fixes). - acpi: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - acpi: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - acpi: video: Make backlight class device registration a separate step (v2) (git-fixes). - acpi: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - alsa: Use del_timer_sync() before freeing timer (git-fixes). - alsa: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - alsa: aoa: Fix I2S device accounting (git-fixes). - alsa: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - alsa: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - alsa: au88x0: use explicitly signed char (git-fixes). - alsa: dmaengine: increment buffer pointer atomically (git-fixes). - alsa: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - alsa: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - alsa: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - alsa: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - alsa: hda/hdmi: change type for the 'assigned' variable (git-fixes). - alsa: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - alsa: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - alsa: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - alsa: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - alsa: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - alsa: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - alsa: hda: Fix position reporting on Poulsbo (git-fixes). - alsa: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - alsa: hda: cs35l41: Support System Suspend (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - alsa: hiface: fix repeated words in comments (git-fixes). - alsa: line6: Replace sprintf() with sysfs_emit() (git-fixes). - alsa: line6: remove line6_set_raw declaration (git-fixes). - alsa: oss: Fix potential deadlock at unregistration (git-fixes). - alsa: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - alsa: rme9652: use explicitly signed char (git-fixes). - alsa: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - alsa: scarlett2: Add support for the internal 'standalone' switch (git-fixes). - alsa: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - alsa: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - alsa: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - alsa: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - alsa: usb-audio: Fix NULL dererence at error path (git-fixes). - alsa: usb-audio: Fix last interface check for registration (git-fixes). - alsa: usb-audio: Fix potential memory leaks (git-fixes). - alsa: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - alsa: usb-audio: Register card at the last interface (git-fixes). - alsa: usb-audio: make read-only array marker static const (git-fixes). - alsa: usb-audio: remove redundant assignment to variable c (git-fixes). - alsa: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - alsa: usb/6fire: fix repeated words in comments (git-fixes). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - arm: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - arm: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - arm: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - arm: Drop CMDLINE_* dependency on ATAGS (git-fixes). - arm: decompressor: Include .data.rel.ro.local (git-fixes). - arm: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - arm: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - arm: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - arm: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - arm: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - arm: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - arm: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - arm: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - arm: dts: imx6dl: add missing properties for sram (git-fixes). - arm: dts: imx6q: add missing properties for sram (git-fixes). - arm: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - arm: dts: imx6qp: add missing properties for sram (git-fixes). - arm: dts: imx6sl: add missing properties for sram (git-fixes). - arm: dts: imx6sll: add missing properties for sram (git-fixes). - arm: dts: imx6sx: add missing properties for sram (git-fixes). - arm: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - arm: dts: integrator: Tag PCI host with device_type (git-fixes). - arm: dts: kirkwood: lsxl: fix serial line (git-fixes). - arm: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - arm: dts: turris-omnia: Add label for wan port (git-fixes). - arm: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - asoc: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - asoc: codecs: tx-macro: fix kcontrol put (git-fixes). - asoc: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - asoc: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - asoc: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - asoc: mt6359: fix tests for platform_get_irq() failure (git-fixes). - asoc: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - asoc: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - asoc: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - asoc: rsnd: Add check for rsnd_mod_power_on (git-fixes). - asoc: tas2764: Allow mono streams (git-fixes). - asoc: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - asoc: tas2764: Fix mute/unmute (git-fixes). - asoc: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - asoc: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - asoc: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - asoc: wm_adsp: Handle optional legacy support (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - bluetooth: L2CAP: Fix user-after-free (git-fixes). - bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) Backporting notes: * also fix default branch - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) Backporting notes: * replace IP_VERSION() with CHIP_ constants - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) Backporting notes: * context changes - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - drop Dell Dock regression fix patch again (bsc#1204719) - drop verbose nvme logging feature (bsc#1200567) - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - gcov: support GCC 12.1 and newer compilers (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hid: hidraw: fix memory leak in hidraw_release() (git-fixes). - hid: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - hid: multitouch: Add memory barriers (git-fixes). - hid: roccat: Fix use-after-free in roccat_read() (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hsi: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - hsi: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ib/core: Fix a nested dead lock as part of ODP flow (git-fixes) - ib/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - ice: Fix switchdev rules book keeping (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - input: i8042 - fix refount leak on sparc (git-fixes). - input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - input: xpad - add supported devices as contributed on github (git-fixes). - input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes). - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - kvm: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - kvm: VMX: Inject #PF on ENCLS as 'emulated' #PF (git-fixes). - kvm: fix avic_set_running for preemptable kernels (git-fixes). - kvm: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - kvm: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - kvm: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - kvm: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - kvm: s390x: fix SCK locking (git-fixes). - kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - kvm: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - kvm: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - kvm: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kvm: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - kvm: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - kvm: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kvm: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - kvm: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - kvm: x86: Always set kvm_run->if_flag (git-fixes). - kvm: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - kvm: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - kvm: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - kvm: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - kvm: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - kvm: x86: Update vPMCs when retiring branch instructions (git-fixes). - kvm: x86: Update vPMCs when retiring instructions (git-fixes). - kvm: x86: do not report preemption if the steal time cache is stale (git-fixes). - kvm: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - kvm: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - kvm: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - move upstreamed BT fixes into sorted section - move upstreamed patches into sorted section - move upstreamed sound patches into sorted section - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nfs: Fix another fsync() issue after a server reboot (git-fixes). - nfsv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - pci/aspm: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - pci/aspm: Ignore L1 PM Substates if device lacks capability (git-fixes). - pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - pci: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - pci: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - pci: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - pci: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - plip: avoid rcu debug splat (git-fixes). - pm: domains: Fix handling of unavailable/disabled idle states (git-fixes). - pm: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - rdma/cma: Fix arguments order in net device validation (git-fixes) - rdma/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - rdma/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - rdma/irdma: Add support for address handle re-use (git-fixes) - rdma/irdma: Align AE id codes to correct flush code and event (git-fixes) - rdma/irdma: Do not advertise 1GB page size for x722 (git-fixes) - rdma/irdma: Fix VLAN connection with wildcard address (git-fixes) - rdma/irdma: Fix a window for use-after-free (git-fixes) - rdma/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - rdma/irdma: Fix sleep from invalid context BUG (git-fixes) - rdma/irdma: Move union irdma_sockaddr to header file (git-fixes) - rdma/irdma: Remove the unnecessary variable saddr (git-fixes) - rdma/irdma: Report RNR NAK generation in device caps (git-fixes) - rdma/irdma: Report the correct max cqes from query device (git-fixes) - rdma/irdma: Return correct WC error for bind operation failure (git-fixes) - rdma/irdma: Return error on MR deregister CQP failure (git-fixes) - rdma/irdma: Use net_type to check network type (git-fixes) - rdma/irdma: Validate udata inlen and outlen (git-fixes) - rdma/mlx5: Add missing check for return value in get namespace flow (git-fixes) - rdma/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - rdma/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - rdma/qedr: Fix reporting QP timeout attribute (git-fixes) - rdma/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - rdma/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - rdma/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - rdma/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - rdma/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - rdma/rxe: Fix rnr retry behavior (git-fixes) - rdma/rxe: Fix the error caused by qp->sk (git-fixes) - rdma/rxe: For invalidate compare according to set keys in mr (git-fixes) - rdma/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - rdma/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - rdma/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - rdma/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - rdma/siw: Pass a pointer to virt_to_page() (git-fixes) - rdma/srp: Fix srp_abort() (git-fixes) - rdma/srp: Handle dev_set_name() failure (git-fixes) - rdma/srp: Rework the srp_add_port() error path (git-fixes) - rdma/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - rdma/srp: Support more than 255 rdma ports (git-fixes) - rdma/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - rdma/srpt: Duplicate port name members (git-fixes) - rdma/srpt: Fix a use-after-free (git-fixes) - rdma/srpt: Introduce a reference count in struct srpt_device (git-fixes) - rdma/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - rdma: remove useless condition in siw_create_cq() (git-fixes) - regulator: core: Prevent integer underflow (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - revert 'SUNRPC: Remove unreachable error condition' (git-fixes). - revert 'crypto: qat - reduce size of mapped region' (git-fixes). - revert 'drm/amdgpu: use dirty framebuffer helper' (git-fixes). - revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - revert 'workqueue: remove unused cancel_work()' (bsc#1204933). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: use 'grep -E' instead of 'egrep' (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing: Add '(fault)' name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes).++ kernel-source.spec (revision 4)Release: &lt;RELEASE>.g76cfe60Provides: %name-srchash-76cfe60e3ab724313d9fba4cf5ebaf12ad49ea0e - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - update kabi files. Refresh from Nov 2022 MU - 5.14.21-150400.24.28.1 - update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch (bsc#1204693). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - virt: vbox: convert to use dev_groups (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - xen/gntdev: Prevent leaking grants (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1188238 SUSE bug 1194869 SUSE bug 1196018 SUSE bug 1196632 SUSE bug 1199904 SUSE bug 1200567 SUSE bug 1200692 SUSE bug 1200788 SUSE bug 1202187 SUSE bug 1202686 SUSE bug 1202700 SUSE bug 1202914 SUSE bug 1203098 SUSE bug 1203229 SUSE bug 1203290 SUSE bug 1203435 SUSE bug 1203514 SUSE bug 1203699 SUSE bug 1203767 SUSE bug 1203802 SUSE bug 1203922 SUSE bug 1204017 SUSE bug 1204142 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204171 SUSE bug 1204241 SUSE bug 1204353 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204402 SUSE bug 1204413 SUSE bug 1204415 SUSE bug 1204417 SUSE bug 1204428 SUSE bug 1204431 SUSE bug 1204439 SUSE bug 1204470 SUSE bug 1204479 SUSE bug 1204498 SUSE bug 1204533 SUSE bug 1204569 SUSE bug 1204574 SUSE bug 1204575 SUSE bug 1204619 SUSE bug 1204635 SUSE bug 1204637 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204650 SUSE bug 1204653 SUSE bug 1204693 SUSE bug 1204705 SUSE bug 1204719 SUSE bug 1204728 SUSE bug 1204753 SUSE bug 1204868 SUSE bug 1204926 SUSE bug 1204933 SUSE bug 1204934 SUSE bug 1204947 SUSE bug 1204957 SUSE bug 1204963 SUSE bug 1204970 CVE-2022-1882 CVE-2022-2153 CVE-2022-28748 CVE-2022-2964 CVE-2022-2978 CVE-2022-3169 CVE-2022-33981 CVE-2022-3424 CVE-2022-3435 CVE-2022-3521 CVE-2022-3524 CVE-2022-3526 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3619 CVE-2022-3621 CVE-2022-3625 CVE-2022-3628 CVE-2022-3629 CVE-2022-3633 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-40476 CVE-2022-40768 CVE-2022-42703 CVE-2022-43750 cpe:/o:opensuse:leap:15.4 Security update for java-11-openjdk (Moderate) openSUSE Leap 15.4 This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.17+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21626: Key X509 usages (bsc#1204471) - CVE-2022-21618: Wider MultiByte (bsc#1204468) Moderate SUSE bug 1203476 SUSE bug 1204468 SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 SUSE bug 1204480 SUSE bug 1204523 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 cpe:/o:opensuse:leap:15.4 Security update for java-17-openjdk (Moderate) openSUSE Leap 15.4 This update for java-17-openjdk fixes the following issues: - Update to jdk-17.0.5+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21618: Wider MultiByte (bsc#1204468) Moderate SUSE bug 1203476 SUSE bug 1204468 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 SUSE bug 1204480 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21628 CVE-2022-39399 cpe:/o:opensuse:leap:15.4 Security update for dpkg (Low) openSUSE Leap 15.4 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). Low SUSE bug 1199944 CVE-2022-1664 cpe:/o:opensuse:leap:15.4 Security update for openjpeg (Important) openSUSE Leap 15.4 This update for openjpeg fixes the following issues: - CVE-2018-20846: Fixed an Out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi. (bsc#1140205) - CVE-2018-21010: Fixed a heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789) - CVE-2020-27824: Fixed an OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821) - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043) - CVE-2020-27843: Fixed an out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044) - CVE-2020-27845: Fixed a heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046) Important SUSE bug 1140205 SUSE bug 1149789 SUSE bug 1179821 SUSE bug 1180043 SUSE bug 1180044 SUSE bug 1180046 CVE-2018-20846 CVE-2018-21010 CVE-2020-27824 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: - Fixed various security issues (MFSA 2022-49, bsc#1205270): * CVE-2022-45403 (bmo#1762078) Service Workers might have learned size of cross-origin media files * CVE-2022-45404 (bmo#1790815) Fullscreen notification bypass * CVE-2022-45405 (bmo#1791314) Use-after-free in InputStream implementation * CVE-2022-45406 (bmo#1791975) Use-after-free of a JavaScript Realm * CVE-2022-45408 (bmo#1793829) Fullscreen notification bypass via windowName * CVE-2022-45409 (bmo#1796901) Use-after-free in Garbage Collection * CVE-2022-45410 (bmo#1658869) ServiceWorker-intercepted requests bypassed SameSite cookie policy * CVE-2022-45411 (bmo#1790311) Cross-Site Tracing was possible via non-standard override headers * CVE-2022-45412 (bmo#1791029) Symlinks may resolve to partially uninitialized buffers * CVE-2022-45416 (bmo#1793676) Keystroke Side-Channel Leakage * CVE-2022-45418 (bmo#1795815) Custom mouse cursor could have been drawn over browser UI * CVE-2022-45420 (bmo#1792643) Iframe contents could be rendered outside the iframe * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061) Memory safety bugs fixed in Thunderbird 102.5 - Fixed various security issues: (MFSA 2022-46, bsc#1204421): * CVE-2022-42927 (bmo#1789128) Same-origin policy violation could have leaked cross-origin URLs * CVE-2022-42928 (bmo#1791520) Memory Corruption in JS Engine * CVE-2022-42929 (bmo#1789439) Denial of Service via window.print * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041) Memory safety bugs fixed in Thunderbird 102.4 - Mozilla Thunderbird 102.5 * changed: `Ctrl+N` shortcut to create new contacts from address book restored (bmo#1751288) * fixed: Account Settings UI did not update to reflect default identity changes (bmo#1782646) * fixed: New POP mail notifications were incorrectly shown for messages marked by filters as read or junk (bmo#1787531) * fixed: Connecting to an IMAP server configured to use `PREAUTH` caused Thunderbird to hang (bmo#1798161) * fixed: Error responses received in greeting header from NNTP servers did not display error message (bmo#1792281) * fixed: News messages sent using 'Send Later' failed to send after going back online (bmo#1794997) * fixed: 'Download/Sync Now...' did not completely sync all newsgroups before going offline (bmo#1795547) * fixed: Username was missing from error dialog on failed login to news server (bmo#1796964) * fixed: Thunderbird can now fetch RSS channel feeds with incomplete channel URL (bmo#1794775) * fixed: Add-on 'Contribute' button in Add-ons Manager did not work (bmo#1795751) * fixed: Help text for `/part` Matrix command was incorrect (bmo#1795578) * fixed: Invite Attendees dialog did not fetch free/busy info for attendees with encoded characters in their name (bmo#1797927) - Mozilla Thunderbird 102.4.2 * changed: 'Address Book' button in Account Central will now create a CardDAV address book instead of a local address book (bmo#1793903) * fixed: Messages fetched from POP server in `Fetch headers only` mode disappeared when moved to different folder by filter action (bmo#1793374) * fixed: Thunderbird re-downloaded locally deleted messages from a POP server when 'Leave messages on server' and 'Until I delete them' were enabled (bmo#1796903) * fixed: Multiple password prompts for the same POP account could be displayed (bmo#1786920) * fixed: IMAP authentication failed on next startup if ImapMail folder was deleted by user (bmo#1793599) * fixed: Retrieving passwords for authenticated NNTP accounts could fail due to obsolete preferences in a users profile on every startup (bmo#1770594) * fixed: `Get Next n Messages` did not consistently fetch all messages requested from NNTP server (bmo#1794185) * fixed: `Get Messages` button unable to fetch messages from NNTP server if root folder not selected (bmo#1792362) * fixed: Thunderbird text branding did not always match locale of localized build (bmo#1786199) * fixed: Thunderbird installer and Thunderbird updater created Windows shortcuts with different names (bmo#1787264) * fixed: LDAP search filters unable to work with non-ASCII characters (bmo#1794306) * fixed: 'Today' highlighting in Calendar Month view did not update after date change at midnight (bmo#1795176) - Mozilla Thunderbird 102.4.1 * new: Thunderbird will now catch and report errors parsing vCards that contain incorrectly formatted dates (bmo#1793415) * fixed: Dynamic language switching did not update interface when switched to right-to-left languages (bmo#1794289) * fixed: Custom header data was discarded after messages were saved as draft and reopened (bmo#195716) * fixed: `-remote` command line argument did not work, affecting integration with various applications such as LibreOffice (bmo#1793323) * fixed: Messages received via some SMS-to-email services could not display images (bmo#1774805) * fixed: VCards with nickname field set could not be edited (bmo#1793877) * fixed: Some recurring events were missing from Agenda on first load (bmo#1771168) * fixed: Download requests for remote ICS calendars incorrectly set 'Accept' header to text/xml (bmo#1793757) * fixed: Monthly events created on the 31st of a month with <30 days placed first occurrence 1-2 days after the beginning of the following month (bmo#1266797) * fixed: Various visual and UX improvements (bmo#1781437,bmo#1785314,bmo#1794139,bmo#1794155,bmo#1794399) * changed: Thunderbird will automatically detect and repair OpenPGP key storage corruption caused by using the profile import tool in Thunderbird 102 (bmo#1790610) * fixed: POP message download into a large folder (~13000 messages) caused Thunderbird to temporarily freeze (bmo#1792675) * fixed: Forwarding messages with special characters in Subject failed on Windows (bmo#1782173) * fixed: Links for FileLink attachments were not added when attachment filename contained Unicode characters (bmo#1789589) * fixed: Address Book display pane continued to show contacts after deletion (bmo#1777808) * fixed: Printing address book did not include all contact details (bmo#1782076) * fixed: CardDAV contacts without a Name property did not save to Google Contacts (bmo#1792101) * fixed: 'Publish Calendar' did not work (bmo#1794471) * fixed: Calendar database storage improvements (bmo#1792124) * fixed: Incorrectly handled error responses from CalDAV servers sometimes caused events to disappear from calendar (bmo#1792923) * fixed: Various visual and UX improvements (bmo#1776093,bmo#17 80040,bmo#1780425,bmo#1792876,bmo#1792872,bmo#1793466,bmo#179 3543) Important SUSE bug 1204421 SUSE bug 1205270 CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 cpe:/o:opensuse:leap:15.4 Security update for frr (Important) openSUSE Leap 15.4 This update for frr fixes the following issues: - CVE-2022-37035: Fixed a possible use-after-free due to a race condition related to bgp_notify_send_with_data() and bgp_process_packet() (bsc#1202085). - CVE-2022-42917: Fixed a privilege escalation from frr to root in frr config creation (bsc#1204124). Important SUSE bug 1202085 SUSE bug 1204124 CVE-2022-37035 CVE-2022-42917 cpe:/o:opensuse:leap:15.4 Security update for grub2 (Important) openSUSE Leap 15.4 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 Important SUSE bug 1205178 SUSE bug 1205182 CVE-2022-2601 CVE-2022-3775 cpe:/o:opensuse:leap:15.4 Security update for binutils (Moderate) openSUSE Leap 15.4 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE=<type> in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) Moderate SUSE bug 1142579 SUSE bug 1185597 SUSE bug 1185712 SUSE bug 1188374 SUSE bug 1191473 SUSE bug 1193929 SUSE bug 1194783 SUSE bug 1197592 SUSE bug 1198237 SUSE bug 1202816 SUSE bug 1202966 SUSE bug 1202967 SUSE bug 1202969 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 cpe:/o:opensuse:leap:15.4 Security update for kubevirt stack (Important) openSUSE Leap 15.4 This update provides rebuilds of the kubevirt containers with up to date base images, fixing various security issues. Important cpe:/o:opensuse:leap:15.4 Security update for krb5 (Important) openSUSE Leap 15.4 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Important SUSE bug 1205126 CVE-2022-42898 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.4 This update for java-1_8_0-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471). - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468). - CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473). - CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472). - CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475). - CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480). - CVE-2022-21549: Fixed exponentials issue (bsc#1201685). - CVE-2022-21541: Fixed an improper restriction of MethodHandle.invokeBasic() (bsc#1201692). - CVE-2022-34169; Fixed an integer truncation issue in Xalan (bsc#1201684). - CVE-2022-21540: Fixed a class compilation issue (bsc#1201694). - Update to Java 8.0 Service Refresh 7 Fix Pack 20. * Security: - The IBM ORB Does Not Support Object-Serialisation Data Filtering - Large Allocation In CipherSuite - Avoid Evaluating Sslalgorithmconstraints Twice - Cache The Results Of Constraint Checks - An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation - Disable SHA-1 Signed Jars For Ea - JSSE Performance Improvement - Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption * Java 8/Orb: - Upgrade ibmcfw.jar To Version o2228.02 * Class Libraries: - Crash In Libjsor.So During An Rdma Failover - High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run - Update Timezone Information To The Latest tzdata2022c * Jit Compiler: - Crash During JIT Compilation - Incorrect JIT Optimization Of Java Code - Incorrect Return From Class.isArray() - Unexpected ClassCastException - Performance Regression When Calling VM Helper Code On X86 * X/Os Extentions: - Add RSA-OAEP Cipher Function To IBMJCECCA - Update to Java 8.0 Service Refresh 7 Fix Pack 16 * Java Virtual Machine - Assertion failure at ClassLoaderRememberedSet.cpp - Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set. - GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set. * JIT Compiler: - Incorrect JIT optimization of Java code - JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC * Reliability and Serviceability: - javacore with 'kill -3' SIGQUIT signal freezes Java process Important SUSE bug 1201684 SUSE bug 1201685 SUSE bug 1201692 SUSE bug 1201694 SUSE bug 1202427 SUSE bug 1204468 SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 SUSE bug 1204480 SUSE bug 1205302 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-34169 CVE-2022-39399 cpe:/o:opensuse:leap:15.4 Security update for redis (Low) openSUSE Leap 15.4 This update for redis fixes the following issues: - CVE-2022-3647: Fixed crash in sigsegvHandler debug function (bsc#1204633). Low SUSE bug 1204633 CVE-2022-3647 cpe:/o:opensuse:leap:15.4 Security update for containerized-data-importer (Important) openSUSE Leap 15.4 This update rebuilds the current containeried data importer images against current base images, to fix security issues. Important cpe:/o:opensuse:leap:15.4 Security update for ffmpeg-4 (Important) openSUSE Leap 15.4 This update for ffmpeg-4 fixes the following issues: - CVE-2022-3964: Fixed out of bounds read in update_block_in_prev_frame() (bsc#1205388). Important SUSE bug 1205388 CVE-2022-3964 cpe:/o:opensuse:leap:15.4 Security update for strongswan (Moderate) openSUSE Leap 15.4 This update for strongswan fixes the following issues: Security issues fixed: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service (bsc#1203556) Feature changes: - Enable Marvell plugin (jsc#SLE-20151) Moderate SUSE bug 1203556 CVE-2022-40617 cpe:/o:opensuse:leap:15.4 Security update for nginx (Important) openSUSE Leap 15.4 This update for nginx fixes the following issues: - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed (bsc#1187685). Important SUSE bug 1187685 CVE-2021-3618 cpe:/o:opensuse:leap:15.4 Security update for keylime (Moderate) openSUSE Leap 15.4 This update for keylime fixes the following issues: - CVE-2022-3500: Fixed vulnerability where a node seems as attested when in reality it is not properly attested (bsc#1204782). Moderate SUSE bug 1204782 CVE-2022-3500 cpe:/o:opensuse:leap:15.4 Security update for net-snmp (Moderate) openSUSE Leap 15.4 This update for net-snmp fixes the following issues: Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203): - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access. - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference. - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. Moderate SUSE bug 1201103 CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810 cpe:/o:opensuse:leap:15.4 Security update for pixman (Important) openSUSE Leap 15.4 This update for pixman fixes the following issues: - CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033). Important SUSE bug 1205033 CVE-2022-44638 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121). - CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122). - CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123). - CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120). - CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124). Update to version 2.38.2: - Fix scrolling issues in some sites having fixed background. - Fix prolonged buffering during progressive live playback. - Fix the build with accessibility disabled. - Fix several crashes and rendering issues. Update to version 2.38.1: - Make xdg-dbus-proxy work if host session bus address is an abstract socket. - Use a single xdg-dbus-proxy process when sandbox is enabled. - Fix high resolution video playback due to unimplemented changeType operation. - Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. - Fix player stucking in buffering (paused) state for progressive streaming. - Do not try to preconnect on link click when link preconnect setting is disabled. - Fix close status code returned when the client closes a WebSocket in some cases. - Fix media player duration calculation. - Fix several crashes and rendering issues. Update to version 2.38.0: - New media controls UI style. - Add new API to set WebView's Content-Security-Policy for web extensions support. - Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var. - MediaSession is enabled by default, allowing remote media control using MPRIS. - Add support for PDF documents using PDF.js. Important SUSE bug 1205120 SUSE bug 1205121 SUSE bug 1205122 SUSE bug 1205123 SUSE bug 1205124 CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 cpe:/o:opensuse:leap:15.4 Security update for exiv2-0_26 (Important) openSUSE Leap 15.4 This update for exiv2-0_26 fixes the following issues: - CVE-2019-17402: Fixed improper validation of the total size to the offset and size leads to a crash in Exiv2::getULong in types.cpp (bsc#1153577). - CVE-2018-20098: Fixed a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header (bsc#1119560). - CVE-2018-17581: Fixed an excessive stack consumption CiffDirectory:readDirectory() at crwimage_int.cpp (bsc#1110282). - CVE-2018-20099: exiv2: infinite loop in Exiv2::Jp2Image::encodeJp2Header (bsc#1119559). - CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562). - CVE-2017-11591: Fixed a floating point exception in Exiv2::ValueType (bsc#1050257). - CVE-2018-11531: Fixed a heap-based buffer overflow in getData in preview.cpp (bsc#1095070). - CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337). - CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231). - CVE-2019-13109: Fixed a denial of service in PngImage:readMetadata (bsc#1142677). - CVE-2019-13110: Fixed an integer-overflow and out-of-bounds read in CiffDirectory:readDirectory leads to denail of service (bsc#1142678). Important SUSE bug 1050257 SUSE bug 1095070 SUSE bug 1110282 SUSE bug 1119559 SUSE bug 1119560 SUSE bug 1119562 SUSE bug 1142677 SUSE bug 1142678 SUSE bug 1153577 SUSE bug 1186231 SUSE bug 1189337 CVE-2017-11591 CVE-2018-11531 CVE-2018-17581 CVE-2018-20097 CVE-2018-20098 CVE-2018-20099 CVE-2019-13109 CVE-2019-13110 CVE-2019-17402 CVE-2021-29473 CVE-2021-32815 cpe:/o:opensuse:leap:15.4 Security update for libarchive (Low) openSUSE Leap 15.4 This update for libarchive fixes the following issues: - CVE-2022-36227: Fixed potential NULL pointer dereference in __archive_write_allocate_filter() (bsc#1205629). Low SUSE bug 1205629 CVE-2022-36227 cpe:/o:opensuse:leap:15.4 Security update for libdb-4_8 (Low) openSUSE Leap 15.4 This update for libdb-4_8 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414). Low SUSE bug 1174414 CVE-2019-2708 cpe:/o:opensuse:leap:15.4 Security update for erlang (Important) openSUSE Leap 15.4 This update for erlang fixes the following issues: - CVE-2022-37026: fixed a client authorization bypass vulnerability for SSL, TLS, and DTLS in Erlang/OTP. [bsc#1205318] Important SUSE bug 1205318 CVE-2022-37026 cpe:/o:opensuse:leap:15.4 Security update for freerdp (Moderate) openSUSE Leap 15.4 This update for freerdp fixes the following issues: - CVE-2022-39318: Fixed division by zero in urbdrc (bsc#1205563). - CVE-2022-39319: Fixed missing input buffer length check in urbdrc (bsc#1205564). Moderate SUSE bug 1205563 SUSE bug 1205564 CVE-2022-39318 CVE-2022-39319 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-openj9 (Important) openSUSE Leap 15.4 This update for java-1_8_0-openj9 fixes the following issues: - Update to OpenJDK 8u352 build 08 with OpenJ9 0.35.0 virtual machine, including Oracle October 2022 CPU changes. - CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473). - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471). - CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475). - CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472). - CVE-2022-3676: Fixed interface than calls can be inlined without a runtime type check (bsc#1204703). Important SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 SUSE bug 1204703 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-3676 cpe:/o:opensuse:leap:15.4 Security update for nodejs12 (Important) openSUSE Leap 15.4 This update for nodejs12 fixes the following issues: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). Important SUSE bug 1205119 CVE-2022-43548 cpe:/o:opensuse:leap:15.4 Security update for nodejs14 (Important) openSUSE Leap 15.4 This update for nodejs14 fixes the following issues: - Update to 14.21.1: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). - Update to 14.21.0: - src: add --openssl-shared-config option Important SUSE bug 1205119 CVE-2022-43548 cpe:/o:opensuse:leap:15.4 Security update for tiff (Important) openSUSE Leap 15.4 This update for tiff fixes the following issues: - CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641). - CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643). - CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644) - CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645). - CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392). Important SUSE bug 1204641 SUSE bug 1204643 SUSE bug 1204644 SUSE bug 1204645 SUSE bug 1205392 CVE-2022-3597 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3970 cpe:/o:opensuse:leap:15.4 Security update for supportutils (Moderate) openSUSE Leap 15.4 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) Moderate SUSE bug 1184689 SUSE bug 1188086 SUSE bug 1192252 SUSE bug 1192648 SUSE bug 1197428 SUSE bug 1200330 SUSE bug 1202269 SUSE bug 1202337 SUSE bug 1202417 SUSE bug 1203818 cpe:/o:opensuse:leap:15.4 Security update for python3 (Important) openSUSE Leap 15.4 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). Important SUSE bug 1188607 SUSE bug 1203125 SUSE bug 1204577 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2022-37454 cpe:/o:opensuse:leap:15.4 Security update for vim (Important) openSUSE Leap 15.4 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). Important SUSE bug 1192478 SUSE bug 1202962 SUSE bug 1203110 SUSE bug 1203152 SUSE bug 1203155 SUSE bug 1203194 SUSE bug 1203272 SUSE bug 1203508 SUSE bug 1203509 SUSE bug 1203796 SUSE bug 1203797 SUSE bug 1203799 SUSE bug 1203820 SUSE bug 1203924 SUSE bug 1204779 CVE-2021-3928 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121). - CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122). - CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123). - CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120). - CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124). Update to version 2.38.2: - Fix scrolling issues in some sites having fixed background. - Fix prolonged buffering during progressive live playback. - Fix the build with accessibility disabled. - Fix several crashes and rendering issues. Update to version 2.38.1: - Make xdg-dbus-proxy work if host session bus address is an abstract socket. - Use a single xdg-dbus-proxy process when sandbox is enabled. - Fix high resolution video playback due to unimplemented changeType operation. - Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. - Fix player stucking in buffering (paused) state for progressive streaming. - Do not try to preconnect on link click when link preconnect setting is disabled. - Fix close status code returned when the client closes a WebSocket in some cases. - Fix media player duration calculation. - Fix several crashes and rendering issues. Update to version 2.38.0: - New media controls UI style. - Add new API to set WebView's Content-Security-Policy for web extensions support. - Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var. - MediaSession is enabled by default, allowing remote media control using MPRIS. - Add support for PDF documents using PDF.js. Important SUSE bug 1205120 SUSE bug 1205121 SUSE bug 1205122 SUSE bug 1205123 SUSE bug 1205124 CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 cpe:/o:opensuse:leap:15.4 Security update for nodejs10 (Important) openSUSE Leap 15.4 This update for nodejs10 fixes the following issues: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). Important SUSE bug 1205119 CVE-2022-43548 cpe:/o:opensuse:leap:15.4 Security update for emacs (Important) openSUSE Leap 15.4 This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822). Important SUSE bug 1205822 CVE-2022-45939 cpe:/o:opensuse:leap:15.4 Security update for bcel (Moderate) openSUSE Leap 15.4 This update for bcel fixes the following issues: - CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing (bsc#1205125). Moderate SUSE bug 1205125 CVE-2022-42920 cpe:/o:opensuse:leap:15.4 Security update for virt-v2v (Moderate) openSUSE Leap 15.4 This update for virt-v2v fixes the following issues: - CVE-2022-2211: Fixed buffer overflow in get_keys (bsc#1201064). Moderate SUSE bug 1201064 CVE-2022-2211 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Update to version 102.5.1: - CVE-2022-45414: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content (bsc#1205941). Important SUSE bug 1205941 CVE-2022-45414 cpe:/o:opensuse:leap:15.4 Security update for buildah (Important) openSUSE Leap 15.4 This update for buildah fixes the following issues: Version update to 1.28.2. - CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812). - CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864). Important SUSE bug 1167864 SUSE bug 1202812 CVE-2020-10696 CVE-2022-2990 cpe:/o:opensuse:leap:15.4 Security update for busybox (Moderate) openSUSE Leap 15.4 This update for busybox fixes the following issues: - CVE-2022-30065: Fixed use-after-free in the AWK applet (bsc#1199744). - CVE-2014-9645: Fixed loading of unwanted module with / in module names (bsc#914660). - Update to 1.35.0 also introduced: - awk: fix printf %%, fix read beyond end of buffer - chrt: silence analyzer warning - libarchive: remove duplicate forward declaration - mount: 'mount -o rw ....' should not fall back to RO mount - ps: fix -o pid=PID,args interpreting entire 'PID,args' as header - tar: prevent malicious archives with long name sizes causing OOM - udhcpc6: fix udhcp_find_option to actually find DHCP6 options - xxd: fix -p -r - support for new optoins added to basename, cpio, date, find, mktemp, wget and others Moderate SUSE bug 1199744 SUSE bug 914660 CVE-2014-9645 CVE-2022-30065 cpe:/o:opensuse:leap:15.4 Security update for rabbitmq-server (Moderate) openSUSE Leap 15.4 This update for rabbitmq-server fixes the following issues: - CVE-2022-31008: Fixed predictable secret seed in URI encryption (bsc#1205267). Moderate SUSE bug 1205267 CVE-2022-31008 cpe:/o:opensuse:leap:15.4 Security update for nautilus (Moderate) openSUSE Leap 15.4 This update for nautilus fixes the following issues: - CVE-2022-37290: Fixed a denial of service caused by pasted ZIP archives (bsc#1205418). Moderate SUSE bug 1205418 CVE-2022-37290 cpe:/o:opensuse:leap:15.4 Security update for go1.19 (Moderate) openSUSE Leap 15.4 This update for go1.19 fixes the following issues: Update to version 1.19.4, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135). - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134). Moderate SUSE bug 1200441 SUSE bug 1206134 SUSE bug 1206135 CVE-2022-41717 CVE-2022-41720 cpe:/o:opensuse:leap:15.4 Security update for go1.18 (Moderate) openSUSE Leap 15.4 This update for go1.18 fixes the following issues: Update to version 1.18.9, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135) - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134) Moderate SUSE bug 1193742 SUSE bug 1206134 SUSE bug 1206135 CVE-2022-41717 CVE-2022-41720 cpe:/o:opensuse:leap:15.4 Security update for tiff (Important) openSUSE Leap 15.4 This update for tiff fixes the following issues: - CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422). - CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642] Important SUSE bug 1204642 SUSE bug 1205422 CVE-2022-3570 CVE-2022-3598 cpe:/o:opensuse:leap:15.4 Security update for grafana (Important) openSUSE Leap 15.4 This update for grafana fixes the following issues: Version update from 8.3.10 to 8.5.13 (jsc#PED-2145): - Security fixes: * CVE-2022-36062: (bsc#1203596) * CVE-2022-35957: (bsc#1203597) * CVE-2022-31107: (bsc#1201539) * CVE-2022-31097: (bsc#1201535) * CVE-2022-29170: (bsc#1199810) * CVE-2021-43813, CVE-2021-43815: (bsc#1193686) * CVE-2021-43798: (bsc#1193492) * CVE-2021-41244: (bsc#1192763) * CVE-2021-41174: (bsc#1192383) * CVE-2021-3711: (bsc#1189520) * CVE-2021-36222: (bsc#1188571) - Features and enhancements: * AccessControl: Disable user remove and user update roles when they do not have the permissions * AccessControl: Provisioning for teams * Alerting: Add custom grouping to Alert Panel * Alerting: Add safeguard for migrations that might cause dataloss * Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled * Alerting: Grafana uses > instead of >= when checking the For duration * Alerting: Move slow queries in the scheduler to another goroutine * Alerting: Remove disabled flag for data source when migrating alerts * Alerting: Show notification tab of legacy alerting only to editor * Alerting: Update migration to migrate only alerts that belon to existing org\dashboard * Alerting: Use expanded labels in dashboard annotations * Alerting: Use time.Ticker instead of alerting.Ticker in ngalert * Analytics: Add user id tracking to google analytics * Angular: Add AngularJS plugin support deprecation plan to docs site * API: Add usage stats preview endpoint * API: Extract OpenAPI specification from source code using go-swagger * Auth: implement auto_sign_up for auth.jwt * Azure monitor Logs: Optimize data fetching in resource picker * Azure Monitor Logs: Order subscriptions in resource picker by name * Azure Monitor: Include datasource ref when interpolating variables. * AzureMonitor: Add support for not equals and startsWith operators when creating Azure Metrics dimension filters. * AzureMonitor: Do not quote variables when a custom 'All' variable option is used * AzureMonitor: Filter list of resources by resourceType * AzureMonitor: Update allowed namespaces * BarChart: color by field, x time field, bar radius, label skipping * Chore: Implement OpenTelemetry in Grafana * Cloud Monitoring: Adds metric type to Metric drop down options * CloudMonitor: Correctly encode default project response * CloudWatch: Add all ElastiCache Redis Metrics * CloudWatch: Add Data Lifecycle Manager metrics and dimension * CloudWatch: Add Missing Elasticache Host-level metrics * CloudWatch: Add multi-value template variable support for log group names in logs query builder * CloudWatch: Add new AWS/ES metrics. #43034, @sunker * Cloudwatch: Add support for AWS/PrivateLink* metrics and dimensions * Cloudwatch: Add support for new AWS/RDS EBS* metrics * Cloudwatch: Add syntax highlighting and autocomplete for 'Metric Search' * Cloudwatch: Add template variable query function for listing log groups * Configuration: Add ability to customize okta login button name and icon * Elasticsearch: Add deprecation notice for < 7.10 versions. * Explore: Support custom display label for exemplar links for Prometheus datasource * Hotkeys: Make time range absolute/permanent * InfluxDB: Use backend for influxDB by default via feature toggle * Legend: Use correct unit for percent and count calculations * Logs: Escape windows newline into single newline * Loki: Add unpack to autocomplete suggestions * Loki: Use millisecond steps in Grafana 8.5.x. * Playlists: Enable sharing direct links to playlists * Plugins: Allow using both Function and Class components for app plugins * Plugins: Expose emotion/react to plugins to prevent load failures * Plugins: Introduce HTTP 207 Multi Status response to api/ds/query * Rendering: Add support for renderer token * Setting: Support configuring feature toggles with bools instead of just passing an array * SQLStore: Prevent concurrent migrations * SSE: Add Mode to drop NaN/Inf/Null in Reduction operations * Tempo: Switch out Select with AsyncSelect component to get loading state in Tempo Search * TimeSeries: Add migration for Graph panel's transform series override * TimeSeries: Add support for negative Y and constant transform * TimeSeries: Preserve null/undefined values when performing negative y transform * Traces: Filter by service/span name and operation in Tempo and Jaeger * Transformations: Add 'JSON' field type to ConvertFieldTypeTransformer * Transformations: Add an All Unique Values Reducer * Transformers: avoid error when the ExtractFields source field is missing - Breaking changes: * For a data source query made via /api/ds/query: + If the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is now '207 Multi Status' instead of '400 Bad gateway' + If the DatasourceQueryMultiStatus feature is not enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is '400 BadRequest' (no breaking change) * For a proxied request, e.g. Grafana's datasource or plugin proxy: + If the request is cancelled, e.g. from the browser/by the client, the HTTP status code is now '499 Client closed' request instead of 502 Bad gateway If the request times out, e.g. takes longer time than allowed, the HTTP status code is now '504 Gateway timeout' instead of '502 Bad gateway'. + The change in behavior is that negative-valued series are now stacked downwards from 0 (in their own stacks), rather than downwards from the top of the positive stacks. We now automatically group stacks by Draw style, Line interpolation, and Bar alignment, making it impossible to stack bars on top of lines, or smooth lines on top of stepped lines + The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards + The Tooltip component provided by @grafana/ui is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new interactive property to true. - Deprecations: * /api/tsdb/query API has been deprecated, please use /api/ds/query instead * AngularJS plugin support is now in a deprecated state. The documentation site has an article with more details on why, when, and how - Bug fixes: * Alerting: Add contact points provisioning API * Alerting: add field for custom slack endpoint * Alerting: Add resolved count to notification title when both firing and resolved present * Alerting: Alert rule should wait For duration when execution error state is Alerting * Alerting: Allow disabling override timings for notification policies * Alerting: Allow serving images from custom url path * Alerting: Apply Custom Headers to datasource queries * Alerting: Classic conditions can now display multiple values * Alerting: correctly show all alerts in a folder * Alerting: Display query from grafana-managed alert rules on /api/v1/rules * Alerting: Do not overwrite existing alert rule condition * Alerting: Enhance support for arbitrary group names in managed alerts * Alerting: Fix access to alerts for viewer with editor permissions when RBAC is disabled * Alerting: Fix anonymous access to alerting * Alerting: Fix migrations by making send_alerts_to field nullable * Alerting: Fix RBAC actions for notification policies * Alerting: Fix use of > instead of >= when checking the For duration * Alerting: Remove double quotes from matchers * API: Include userId, orgId, uname in request logging middleware * Auth: Guarantee consistency of signed SigV4 headers * Azure Monitor : Adding json formatting of error messages in Panel Header Corner and Inspect Error Tab * Azure Monitor: Add 2 more Curated Dashboards for VM Insights * Azure Monitor: Bug Fix for incorrect variable cascading for template variables * Azure Monitor: Fix space character encoding for metrics query link to Azure Portal * Azure Monitor: Fixes broken log queries that use workspace * Azure Monitor: Small bug fixes for Resource Picker * AzureAd Oauth: Fix strictMode to reject users without an assigned role * AzureMonitor: Fixes metric definition for Azure Storage queue/file/blob/table resources * Cloudwatch : Fixed reseting metric name when changing namespace in Metric Query * CloudWatch: Added missing MemoryDB Namespace metrics * CloudWatch: Fix MetricName resetting on Namespace change. * Cloudwatch: Fix template variables in variable queries. * CloudWatch: Fix variable query tag migration * CloudWatch: Handle new error codes for MetricInsights * CloudWatch: List all metrics properly in SQL autocomplete * CloudWatch: Prevent log groups from being removed on query change * CloudWatch: Remove error message when using multi-valued template vars in region field * CloudWatch: Run query on blur in logs query field * CloudWatch: Use default http client from aws-sdk-go * Dashboard: Fix dashboard update permission check * Dashboard: Fixes random scrolling on time range change * Dashboard: Template variables are now correctly persisted when clicking breadcrumb links * DashboardExport: Fix exporting and importing dashboards where query data source ended up as incorrect * DashboardPage: Remember scroll position when coming back panel edit / view panel * Dashboards: Fixes repeating by row and no refresh * Dashboards: Show changes in save dialog * DataSource: Default data source is no longer a persisted state but just the default data source for new panels * DataSourcePlugin API: Allow queries import when changing data source type * Elasticsearch: Respect maxConcurrentShardRequests datasource setting * Explore: Allow users to save Explore state to a new panel in a new dashboard * Explore: Avoid locking timepicker when range is inverted. * Explore: Fix closing split pane when logs panel is used * Explore: Prevent direct access to explore if disabled via feature toggle * Explore: Remove return to panel button * FileUpload: clicking the Upload file button now opens their modal correctly * Gauge: Fixes blank viz when data link exists and orientation was horizontal * GrafanaUI: Fix color of links in error Tooltips in light theme * Histogram Panel: Take decimal into consideration * InfluxDB: Fixes invalid no data alerts. #48295, @yesoreyeram * Instrumentation: Fix HTTP request instrumentation of authentication failures * Instrumentation: Make backend plugin metrics endpoints available with optional authentication * Instrumentation: Proxy status code correction and various improvements * LibraryPanels: Fix library panels not connecting properly in imported dashboards * LibraryPanels: Prevent long descriptions and names from obscuring the delete button * Logger: Use specified format for file logger * Logging: Introduce feature toggle to activate gokit/log format * Logs: Handle missing fields in dataframes better * Loki: Improve unpack parser handling * ManageDashboards: Fix error when deleting all dashboards from folder view * Middleware: Fix IPv6 host parsing in CSRF check * Navigation: Prevent navbar briefly showing on login * NewsPanel: Add support for Atom feeds. #45390, @kaydelaney * OAuth: Fix parsing of ID token if header contains non-string value * Panel Edit: Options search now works correctly when a logarithmic scale option is set * Panel Edit: Visualization search now works correctly with special characters * Plugins Catalog: Fix styling of hyperlinks * Plugins: Add deprecation notice for /api/tsdb/query endpoint * Plugins: Adding support for traceID field to accept variables * Plugins: Ensure catching all appropriate 4xx api/ds/query scenarios * Postgres: Return tables with hyphenated schemes * PostgreSQL: __unixEpochGroup to support arithmetic expression as argument * Profile/Help: Expose option to disable profile section and help menu * Prometheus: Enable new visual query builder by default * Provisioning: Fix duplicate validation when multiple organizations have been configured inserted * RBAC: Fix Anonymous Editors missing dashboard controls * RolePicker: Fix menu position on smaller screens * SAML: Allow disabling of SAML signups * Search: Sort results correctly when using postgres * Security: Fixes minor code scanning security warnings in old vendored javascript libs * Table panel: Fix horizontal scrolling when pagination is enabled * Table panel: Show datalinks for cell display modes JSON View and Gauge derivates * Table: Fix filter crashes table * Table: New pagination option * TablePanel: Add cell inspect option * TablePanel: Do not prefix columns with frame name if multipleframes and override active * TagsInput: Fix tags remove button accessibility issues * Tempo / Trace Viewer: Support Span Links in Trace Viewer * Tempo: Download span references in data inspector * Tempo: Separate trace to logs and loki search datasource config * TextPanel: Sanitize after markdown has been rendered to html * TimeRange: Fixes updating time range from url and browser history * TimeSeries: Fix detection & rendering of sparse datapoints * Timeseries: Fix outside range stale state * TimeSeries: Properly stack series with missing datapoints * TimeSeries: Sort tooltip values based on raw values * Tooltip: Fix links not legible in Tooltips when using light theme * Tooltip: Sort decimals using standard numeric compare * Trace View: Show number of child spans * Transformations: Support escaped characters in key-value pair parsing * Transforms: Labels to fields, fix label picker layout * Variables: Ensure variables in query params are correctly recognised * Variables: Fix crash when changing query variable datasource * Variables: Fixes issue with data source variables not updating queries with variable * Visualizations: Stack negative-valued series downwards - Plugin development fixes: * Card: Increase clickable area when meta items are present. * ClipboardButton: Use a fallback when the Clipboard API is unavailable * Loki: Fix operator description propup from being shortened. * OAuth: Add setting to skip org assignment for external users * Tooltips: Make tooltips non interactive by default * Tracing: Add option to map tag names to log label names in trace to logs settings Important SUSE bug 1188571 SUSE bug 1189520 SUSE bug 1192383 SUSE bug 1192763 SUSE bug 1193492 SUSE bug 1193686 SUSE bug 1199810 SUSE bug 1201535 SUSE bug 1201539 SUSE bug 1203596 SUSE bug 1203597 CVE-2021-36222 CVE-2021-3711 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-29170 CVE-2022-31097 CVE-2022-31107 CVE-2022-35957 CVE-2022-36062 cpe:/o:opensuse:leap:15.4 Security update for SUSE Manager Client Tools (Important) openSUSE Leap 15.4 This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1665997480.587fa10 * Add dependencies on xz and gzip to support compressed images golang-github-boynux-squid_exporter: - Exclude s390 architecture - Enhanced to build on Enterprise Linux 8. grafana: - Version update from 8.3.10 to 8.5.13 (jsc#PED-2145) - Security fixes: * CVE-2022-36062: (bsc#1203596) * CVE-2022-35957: (bsc#1203597) * CVE-2022-31107: (bsc#1201539) * CVE-2022-31097: (bsc#1201535) * CVE-2022-29170: (bsc#1199810) * CVE-2021-43813, CVE-2021-43815: (bsc#1193686) * CVE-2021-43798: (bsc#1193492) * CVE-2021-41244: (bsc#1192763) * CVE-2021-41174: (bsc#1192383) * CVE-2021-3711: (bsc#1189520) * CVE-2021-36222: (bsc#1188571) - Features and enhancements: * AccessControl: Disable user remove and user update roles when they do not have the permissions * AccessControl: Provisioning for teams * Alerting: Add custom grouping to Alert Panel * Alerting: Add safeguard for migrations that might cause dataloss * Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled * Alerting: Grafana uses > instead of >= when checking the For duration * Alerting: Move slow queries in the scheduler to another goroutine * Alerting: Remove disabled flag for data source when migrating alerts * Alerting: Show notification tab of legacy alerting only to editor * Alerting: Update migration to migrate only alerts that belon to existing org\dashboard * Alerting: Use expanded labels in dashboard annotations * Alerting: Use time.Ticker instead of alerting.Ticker in ngalert * Analytics: Add user id tracking to google analytics * Angular: Add AngularJS plugin support deprecation plan to docs site * API: Add usage stats preview endpoint * API: Extract OpenAPI specification from source code using go-swagger * Auth: implement auto_sign_up for auth.jwt * Azure monitor Logs: Optimize data fetching in resource picker * Azure Monitor Logs: Order subscriptions in resource picker by name * Azure Monitor: Include datasource ref when interpolating variables. * AzureMonitor: Add support for not equals and startsWith operators when creating Azure Metrics dimension filters. * AzureMonitor: Do not quote variables when a custom 'All' variable option is used * AzureMonitor: Filter list of resources by resourceType * AzureMonitor: Update allowed namespaces * BarChart: color by field, x time field, bar radius, label skipping * Chore: Implement OpenTelemetry in Grafana * Cloud Monitoring: Adds metric type to Metric drop down options * CloudMonitor: Correctly encode default project response * CloudWatch: Add all ElastiCache Redis Metrics * CloudWatch: Add Data Lifecycle Manager metrics and dimension * CloudWatch: Add Missing Elasticache Host-level metrics * CloudWatch: Add multi-value template variable support for log group names in logs query builder * CloudWatch: Add new AWS/ES metrics. #43034, @sunker * Cloudwatch: Add support for AWS/PrivateLink* metrics and dimensions * Cloudwatch: Add support for new AWS/RDS EBS* metrics * Cloudwatch: Add syntax highlighting and autocomplete for 'Metric Search' * Cloudwatch: Add template variable query function for listing log groups * Configuration: Add ability to customize okta login button name and icon * Elasticsearch: Add deprecation notice for < 7.10 versions. * Explore: Support custom display label for exemplar links for Prometheus datasource * Hotkeys: Make time range absolute/permanent * InfluxDB: Use backend for influxDB by default via feature toggle * Legend: Use correct unit for percent and count calculations * Logs: Escape windows newline into single newline * Loki: Add unpack to autocomplete suggestions * Loki: Use millisecond steps in Grafana 8.5.x. * Playlists: Enable sharing direct links to playlists * Plugins: Allow using both Function and Class components for app plugins * Plugins: Expose emotion/react to plugins to prevent load failures * Plugins: Introduce HTTP 207 Multi Status response to api/ds/query * Rendering: Add support for renderer token * Setting: Support configuring feature toggles with bools instead of just passing an array * SQLStore: Prevent concurrent migrations * SSE: Add Mode to drop NaN/Inf/Null in Reduction operations * Tempo: Switch out Select with AsyncSelect component to get loading state in Tempo Search * TimeSeries: Add migration for Graph panel's transform series override * TimeSeries: Add support for negative Y and constant transform * TimeSeries: Preserve null/undefined values when performing negative y transform * Traces: Filter by service/span name and operation in Tempo and Jaeger * Transformations: Add 'JSON' field type to ConvertFieldTypeTransformer * Transformations: Add an All Unique Values Reducer * Transformers: avoid error when the ExtractFields source field is missing - Breaking changes: * For a data source query made via /api/ds/query: + If the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is now '207 Multi Status' instead of '400 Bad gateway' + If the DatasourceQueryMultiStatus feature is not enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is '400 BadRequest' (no breaking change) * For a proxied request, e.g. Grafana's datasource or plugin proxy: + If the request is cancelled, e.g. from the browser/by the client, the HTTP status code is now '499 Client closed' request instead of 502 Bad gateway If the request times out, e.g. takes longer time than allowed, the HTTP status code is now '504 Gateway timeout' instead of '502 Bad gateway'. + The change in behavior is that negative-valued series are now stacked downwards from 0 (in their own stacks), rather than downwards from the top of the positive stacks. We now automatically group stacks by Draw style, Line interpolation, and Bar alignment, making it impossible to stack bars on top of lines, or smooth lines on top of stepped lines + The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards + The Tooltip component provided by @grafana/ui is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new interactive property to true. - Deprecations: * /api/tsdb/query API has been deprecated, please use /api/ds/query instead * AngularJS plugin support is now in a deprecated state. The documentation site has an article with more details on why, when, and how - Bug fixes: * Alerting: Add contact points provisioning API * Alerting: add field for custom slack endpoint * Alerting: Add resolved count to notification title when both firing and resolved present * Alerting: Alert rule should wait For duration when execution error state is Alerting * Alerting: Allow disabling override timings for notification policies * Alerting: Allow serving images from custom url path * Alerting: Apply Custom Headers to datasource queries * Alerting: Classic conditions can now display multiple values * Alerting: correctly show all alerts in a folder * Alerting: Display query from grafana-managed alert rules on /api/v1/rules * Alerting: Do not overwrite existing alert rule condition * Alerting: Enhance support for arbitrary group names in managed alerts * Alerting: Fix access to alerts for viewer with editor permissions when RBAC is disabled * Alerting: Fix anonymous access to alerting * Alerting: Fix migrations by making send_alerts_to field nullable * Alerting: Fix RBAC actions for notification policies * Alerting: Fix use of > instead of >= when checking the For duration * Alerting: Remove double quotes from matchers * API: Include userId, orgId, uname in request logging middleware * Auth: Guarantee consistency of signed SigV4 headers * Azure Monitor : Adding json formatting of error messages in Panel Header Corner and Inspect Error Tab * Azure Monitor: Add 2 more Curated Dashboards for VM Insights * Azure Monitor: Bug Fix for incorrect variable cascading for template variables * Azure Monitor: Fix space character encoding for metrics query link to Azure Portal * Azure Monitor: Fixes broken log queries that use workspace * Azure Monitor: Small bug fixes for Resource Picker * AzureAd Oauth: Fix strictMode to reject users without an assigned role * AzureMonitor: Fixes metric definition for Azure Storage queue/file/blob/table resources * Cloudwatch : Fixed reseting metric name when changing namespace in Metric Query * CloudWatch: Added missing MemoryDB Namespace metrics * CloudWatch: Fix MetricName resetting on Namespace change. * Cloudwatch: Fix template variables in variable queries. * CloudWatch: Fix variable query tag migration * CloudWatch: Handle new error codes for MetricInsights * CloudWatch: List all metrics properly in SQL autocomplete * CloudWatch: Prevent log groups from being removed on query change * CloudWatch: Remove error message when using multi-valued template vars in region field * CloudWatch: Run query on blur in logs query field * CloudWatch: Use default http client from aws-sdk-go * Dashboard: Fix dashboard update permission check * Dashboard: Fixes random scrolling on time range change * Dashboard: Template variables are now correctly persisted when clicking breadcrumb links * DashboardExport: Fix exporting and importing dashboards where query data source ended up as incorrect * DashboardPage: Remember scroll position when coming back panel edit / view panel * Dashboards: Fixes repeating by row and no refresh * Dashboards: Show changes in save dialog * DataSource: Default data source is no longer a persisted state but just the default data source for new panels * DataSourcePlugin API: Allow queries import when changing data source type * Elasticsearch: Respect maxConcurrentShardRequests datasource setting * Explore: Allow users to save Explore state to a new panel in a new dashboard * Explore: Avoid locking timepicker when range is inverted. * Explore: Fix closing split pane when logs panel is used * Explore: Prevent direct access to explore if disabled via feature toggle * Explore: Remove return to panel button * FileUpload: clicking the Upload file button now opens their modal correctly * Gauge: Fixes blank viz when data link exists and orientation was horizontal * GrafanaUI: Fix color of links in error Tooltips in light theme * Histogram Panel: Take decimal into consideration * InfluxDB: Fixes invalid no data alerts. #48295, @yesoreyeram * Instrumentation: Fix HTTP request instrumentation of authentication failures * Instrumentation: Make backend plugin metrics endpoints available with optional authentication * Instrumentation: Proxy status code correction and various improvements * LibraryPanels: Fix library panels not connecting properly in imported dashboards * LibraryPanels: Prevent long descriptions and names from obscuring the delete button * Logger: Use specified format for file logger * Logging: Introduce feature toggle to activate gokit/log format * Logs: Handle missing fields in dataframes better * Loki: Improve unpack parser handling * ManageDashboards: Fix error when deleting all dashboards from folder view * Middleware: Fix IPv6 host parsing in CSRF check * Navigation: Prevent navbar briefly showing on login * NewsPanel: Add support for Atom feeds. #45390, @kaydelaney * OAuth: Fix parsing of ID token if header contains non-string value * Panel Edit: Options search now works correctly when a logarithmic scale option is set * Panel Edit: Visualization search now works correctly with special characters * Plugins Catalog: Fix styling of hyperlinks * Plugins: Add deprecation notice for /api/tsdb/query endpoint * Plugins: Adding support for traceID field to accept variables * Plugins: Ensure catching all appropriate 4xx api/ds/query scenarios * Postgres: Return tables with hyphenated schemes * PostgreSQL: __unixEpochGroup to support arithmetic expression as argument * Profile/Help: Expose option to disable profile section and help menu * Prometheus: Enable new visual query builder by default * Provisioning: Fix duplicate validation when multiple organizations have been configured inserted * RBAC: Fix Anonymous Editors missing dashboard controls * RolePicker: Fix menu position on smaller screens * SAML: Allow disabling of SAML signups * Search: Sort results correctly when using postgres * Security: Fixes minor code scanning security warnings in old vendored javascript libs * Table panel: Fix horizontal scrolling when pagination is enabled * Table panel: Show datalinks for cell display modes JSON View and Gauge derivates * Table: Fix filter crashes table * Table: New pagination option * TablePanel: Add cell inspect option * TablePanel: Do not prefix columns with frame name if multipleframes and override active * TagsInput: Fix tags remove button accessibility issues * Tempo / Trace Viewer: Support Span Links in Trace Viewer * Tempo: Download span references in data inspector * Tempo: Separate trace to logs and loki search datasource config * TextPanel: Sanitize after markdown has been rendered to html * TimeRange: Fixes updating time range from url and browser history * TimeSeries: Fix detection & rendering of sparse datapoints * Timeseries: Fix outside range stale state * TimeSeries: Properly stack series with missing datapoints * TimeSeries: Sort tooltip values based on raw values * Tooltip: Fix links not legible in Tooltips when using light theme * Tooltip: Sort decimals using standard numeric compare * Trace View: Show number of child spans * Transformations: Support escaped characters in key-value pair parsing * Transforms: Labels to fields, fix label picker layout * Variables: Ensure variables in query params are correctly recognised * Variables: Fix crash when changing query variable datasource * Variables: Fixes issue with data source variables not updating queries with variable * Visualizations: Stack negative-valued series downwards - Plugin development fixes: * Card: Increase clickable area when meta items are present. * ClipboardButton: Use a fallback when the Clipboard API is unavailable * Loki: Fix operator description propup from being shortened. * OAuth: Add setting to skip org assignment for external users * Tooltips: Make tooltips non interactive by default * Tracing: Add option to map tag names to log label names in trace to logs settings prometheus-blackbox_exporter: - Add requirement for go1.18 (bsc#1203599) spacecmd: - Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove 'Undefined return code' from debug messages (bsc#1203283) spacewalk-client-tools: - Version 4.3.13-1 * Update translation strings uyuni-proxy-systemd-services: - Version 4.3.7-1 * Expose /etc/sysconfig/proxy variables to container services (bsc#1202945) Important SUSE bug 1188571 SUSE bug 1189520 SUSE bug 1192383 SUSE bug 1192763 SUSE bug 1193492 SUSE bug 1193686 SUSE bug 1199810 SUSE bug 1201535 SUSE bug 1201539 SUSE bug 1202945 SUSE bug 1203283 SUSE bug 1203596 SUSE bug 1203597 SUSE bug 1203599 CVE-2021-36222 CVE-2021-3711 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-29170 CVE-2022-31097 CVE-2022-31107 CVE-2022-35957 CVE-2022-36062 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-openjdk (Moderate) openSUSE Leap 15.4 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u352 (icedtea-3.25.0): - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475). - CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471). - CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472). Moderate SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 cpe:/o:opensuse:leap:15.4 Security update for wireshark (Important) openSUSE Leap 15.4 This update for wireshark fixes the following issues: Update to version 3.6.10: - CVE-2022-3725: OPUS dissector crash (bsc#1204822). - Multiple dissector infinite loops (bsc#1206189). - Kafka dissector memory exhaustion (bsc#1206190). Important SUSE bug 1204822 SUSE bug 1206189 SUSE bug 1206190 CVE-2022-3725 cpe:/o:opensuse:leap:15.4 Security update for libtpms (Moderate) openSUSE Leap 15.4 This update for libtpms fixes the following issues: - CVE-2021-3623: Fixed out-of-bounds access when trying to resume the state of the vTPM (bsc#1187767) Moderate SUSE bug 1187767 SUSE bug 1204556 CVE-2021-3623 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 102.6.0 ESR (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 Important SUSE bug 1206242 CVE-2022-46872 CVE-2022-46874 CVE-2022-46875 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 cpe:/o:opensuse:leap:15.4 Security update for containerd (Important) openSUSE Leap 15.4 This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). Important SUSE bug 1197284 SUSE bug 1206065 SUSE bug 1206235 CVE-2022-23471 CVE-2022-27191 cpe:/o:opensuse:leap:15.4 Security update for capnproto (Moderate) openSUSE Leap 15.4 This update for capnproto fixes the following issues: - CVE-2022-46149: Fixed out of bounds read when handling a list of lists (bsc#1205968). Moderate SUSE bug 1205968 CVE-2022-46149 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Important SUSE bug 1205874 SUSE bug 1205875 SUSE bug 1205876 SUSE bug 1205877 SUSE bug 1205878 SUSE bug 1205879 SUSE bug 1206017 CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Important SUSE bug 1205874 SUSE bug 1205875 SUSE bug 1205876 SUSE bug 1205877 SUSE bug 1205878 SUSE bug 1205879 SUSE bug 1206017 CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 cpe:/o:opensuse:leap:15.4 Security update for xwayland (Important) openSUSE Leap 15.4 This update for xwayland fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) Important SUSE bug 1205874 SUSE bug 1205875 SUSE bug 1205876 SUSE bug 1205877 SUSE bug 1205878 SUSE bug 1205879 SUSE bug 1206017 CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 cpe:/o:opensuse:leap:15.4 Security update for apache2-mod_wsgi (Moderate) openSUSE Leap 15.4 This update for apache2-mod_wsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634) Moderate SUSE bug 1201634 CVE-2022-2255 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bnc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bnc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bnc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c of the component IPsec (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() of the component IPv6 Handler (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). - CVE-2022-41850: Fixed a use-after-free in roccat_report_event in drivers/hid/hid-roccat.c (bnc#1203960). The following non-security bugs were fixed: - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - Fix formatting of client smbdirect RDMA logging (bsc#1193629). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - Revert 'net: phy: meson-gxl: improve link-up behavior' (git-fixes). - Revert 'tty: n_gsm: avoid call of sleeping functions from atomic context' (git-fixes). - Revert 'tty: n_gsm: replace kicktimer with delayed_work' (git-fixes). - Revert 'usb: dwc3: disable USB core PHY management' (git-fixes). - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix rodata=full again (git-fixes) - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in &lt;linux/genhd.h> (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix readdir cache race (bsc#1205331). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kABI: Fix kABI after 'KVM: x86/pmu: Use different raw event masks for AMD and Intel' (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Save and restore pins in 'direct IRQ' mode (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390: fix nospec table alignments (git-fixes). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous 'to' in a comment (git-fixes). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - tools: hv: Remove an extraneous 'the' (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). Important SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1164051 SUSE bug 1184350 SUSE bug 1189297 SUSE bug 1190256 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1202341 SUSE bug 1203183 SUSE bug 1204631 SUSE bug 1204636 SUSE bug 1204693 SUSE bug 1204810 SUSE bug 1204850 SUSE bug 1205007 SUSE bug 1205100 SUSE bug 1205111 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205149 SUSE bug 1205153 SUSE bug 1205220 SUSE bug 1205331 SUSE bug 1205428 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205617 SUSE bug 1205653 SUSE bug 1205744 SUSE bug 1205764 SUSE bug 1205796 SUSE bug 1205882 SUSE bug 1205993 SUSE bug 1206035 SUSE bug 1206036 SUSE bug 1206037 SUSE bug 1206046 SUSE bug 1206047 SUSE bug 1206051 SUSE bug 1206056 SUSE bug 1206057 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206147 SUSE bug 1206149 SUSE bug 1206207 SUSE bug 1206273 CVE-2022-2602 CVE-2022-3176 CVE-2022-3566 CVE-2022-3567 CVE-2022-3635 CVE-2022-3643 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45869 CVE-2022-45888 CVE-2022-45934 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3545: Fixed a use-after-free vulnerability is area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in KVM when attempting to set a SynIC IRQ (bsc#1200788). The following non-security bugs were fixed: - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017). - hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017). - hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017). - hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017). - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017). - hv_netvsc: Sync offloading features to VF NIC (git-fixes). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017, bsc#1205617). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: hv: Support for create interrupt v3 (git-fixes). - PCI: hv: Use struct_size() helper (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - Revert 'scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()' (bsc#1204017). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - sunrpc: Re-purpose trace_svc_process (bsc#1205006). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to 'Hyper-V' (git-fixes). Important SUSE bug 1198702 SUSE bug 1199365 SUSE bug 1200788 SUSE bug 1200845 SUSE bug 1201455 SUSE bug 1202686 SUSE bug 1203008 SUSE bug 1203183 SUSE bug 1203290 SUSE bug 1203322 SUSE bug 1203514 SUSE bug 1203860 SUSE bug 1203960 SUSE bug 1204017 SUSE bug 1204166 SUSE bug 1204170 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204402 SUSE bug 1204414 SUSE bug 1204415 SUSE bug 1204424 SUSE bug 1204431 SUSE bug 1204432 SUSE bug 1204439 SUSE bug 1204446 SUSE bug 1204479 SUSE bug 1204574 SUSE bug 1204576 SUSE bug 1204631 SUSE bug 1204635 SUSE bug 1204636 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204653 SUSE bug 1204850 SUSE bug 1204868 SUSE bug 1205006 SUSE bug 1205128 SUSE bug 1205220 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205617 SUSE bug 1205671 SUSE bug 1205796 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206207 CVE-2021-4037 CVE-2022-2153 CVE-2022-28693 CVE-2022-2964 CVE-2022-3169 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3567 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-3903 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42703 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Update to version 102.6 (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6 Important SUSE bug 1206242 CVE-2022-46872 CVE-2022-46874 CVE-2022-46875 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - Fix formatting of client smbdirect RDMA logging (bsc#1193629). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix rodata=full again (git-fixes) - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in &lt;linux/genhd.h> (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix readdir cache race (bsc#1205331). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kABI: Fix kABI after 'KVM: x86/pmu: Use different raw event masks for AMD and Intel' (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Save and restore pins in 'direct IRQ' mode (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390: fix nospec table alignments (git-fixes). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous 'to' in a comment (git-fixes). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - tools: hv: Remove an extraneous 'the' (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). Important SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1164051 SUSE bug 1184350 SUSE bug 1189297 SUSE bug 1190256 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1202341 SUSE bug 1203183 SUSE bug 1203391 SUSE bug 1203511 SUSE bug 1203960 SUSE bug 1204228 SUSE bug 1204405 SUSE bug 1204414 SUSE bug 1204631 SUSE bug 1204636 SUSE bug 1204693 SUSE bug 1204780 SUSE bug 1204810 SUSE bug 1204850 SUSE bug 1205007 SUSE bug 1205100 SUSE bug 1205111 SUSE bug 1205113 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205149 SUSE bug 1205153 SUSE bug 1205220 SUSE bug 1205264 SUSE bug 1205282 SUSE bug 1205331 SUSE bug 1205332 SUSE bug 1205427 SUSE bug 1205428 SUSE bug 1205473 SUSE bug 1205507 SUSE bug 1205514 SUSE bug 1205521 SUSE bug 1205567 SUSE bug 1205616 SUSE bug 1205617 SUSE bug 1205653 SUSE bug 1205671 SUSE bug 1205679 SUSE bug 1205683 SUSE bug 1205700 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205711 SUSE bug 1205744 SUSE bug 1205764 SUSE bug 1205796 SUSE bug 1205882 SUSE bug 1205993 SUSE bug 1206035 SUSE bug 1206036 SUSE bug 1206037 SUSE bug 1206045 SUSE bug 1206046 SUSE bug 1206047 SUSE bug 1206048 SUSE bug 1206049 SUSE bug 1206050 SUSE bug 1206051 SUSE bug 1206056 SUSE bug 1206057 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206147 SUSE bug 1206149 SUSE bug 1206207 CVE-2022-2602 CVE-2022-3176 CVE-2022-3566 CVE-2022-3567 CVE-2022-3635 CVE-2022-3643 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45869 CVE-2022-45888 CVE-2022-45934 cpe:/o:opensuse:leap:15.4 Security update for openssl-3 (Important) openSUSE Leap 15.4 This update for openssl-3 fixes the following issues: - CVE-2022-3996: Fixed X.509 Policy Constraints Double Locking (bsc#1206374) Important SUSE bug 1206374 CVE-2022-3786 CVE-2022-3996 cpe:/o:opensuse:leap:15.4 Security update for cni (Important) openSUSE Leap 15.4 This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Important SUSE bug 1181961 CVE-2021-20206 cpe:/o:opensuse:leap:15.4 Security update for cni-plugins (Important) openSUSE Leap 15.4 This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Important SUSE bug 1181961 CVE-2021-20206 cpe:/o:opensuse:leap:15.4 Security update for curl (Important) openSUSE Leap 15.4 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). Important SUSE bug 1206308 SUSE bug 1206309 CVE-2022-43551 CVE-2022-43552 cpe:/o:opensuse:leap:15.4 Security update for helm (Moderate) openSUSE Leap 15.4 This update for helm fixes the following issues: Update to version 3.10.3: - CVE-2022-23524: Fixed a denial of service in the string value parsing (bsc#1206467). - CVE-2022-23525: Fixed a denial of service with the repository index file (bsc#1206469). - CVE-2022-23526: Fixed a denial of service in the schema file handling (bsc#1206471). Moderate SUSE bug 1181419 SUSE bug 1206467 SUSE bug 1206469 SUSE bug 1206471 CVE-2021-21272 CVE-2022-1996 CVE-2022-23524 CVE-2022-23525 CVE-2022-23526 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes). - ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use 'unsigned long' for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using &lt; 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1156395 SUSE bug 1184350 SUSE bug 1189297 SUSE bug 1192761 SUSE bug 1199657 SUSE bug 1200845 SUSE bug 1201455 SUSE bug 1201469 SUSE bug 1203144 SUSE bug 1203746 SUSE bug 1203960 SUSE bug 1204017 SUSE bug 1204142 SUSE bug 1204215 SUSE bug 1204228 SUSE bug 1204241 SUSE bug 1204328 SUSE bug 1204414 SUSE bug 1204446 SUSE bug 1204636 SUSE bug 1204693 SUSE bug 1204780 SUSE bug 1204791 SUSE bug 1204810 SUSE bug 1204827 SUSE bug 1204850 SUSE bug 1204868 SUSE bug 1204934 SUSE bug 1204957 SUSE bug 1204963 SUSE bug 1204967 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205220 SUSE bug 1205264 SUSE bug 1205329 SUSE bug 1205330 SUSE bug 1205428 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205567 SUSE bug 1205617 SUSE bug 1205671 SUSE bug 1205700 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205753 SUSE bug 1205796 SUSE bug 1205984 SUSE bug 1205985 SUSE bug 1205986 SUSE bug 1205987 SUSE bug 1205988 SUSE bug 1205989 SUSE bug 1206032 SUSE bug 1206037 SUSE bug 1206207 CVE-2022-2602 CVE-2022-28693 CVE-2022-29900 CVE-2022-29901 CVE-2022-3567 CVE-2022-3628 CVE-2022-3635 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3633: Fixed a memory leak in j1939_session_destroy of the file net/can/j1939/transport.c (bsc#1204650). - CVE-2022-3114: Fixed a denial of service in imx_register_uart_clocks() in drivers/clk/imx/clk.c (bsc#1206391). - CVE-2022-3619: Fixed a memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (bsc#1204569). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-3545: Fixed a use-after-free vulnerability is area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in KVM when attempting to set a SynIC IRQ (bsc#1200788). - CVE-2022-33981: Fixed a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function (bsc#1200692). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). - CVE-2022-3625: Fixed a user-after-free vulnerability in devlink_param_set/devlink_param_get of the file net/core/devlink.c (bsc#1204637). - CVE-2022-3535: Fixed a memory leak in mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bsc#1204417). - CVE-2022-39189: Fixed an issue were an unprivileged guest users can compromise the guest kernel because TLB flush operations were mishandled in certain KVM_VCPU_PREEMPTED situations (bsc#1203066). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-2978: Fixed a use-after-free in the NILFS file system (bsc#1202700). - CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577). - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bsc#1198189). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-20369: Fixed possible out of bounds write due to improper input validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bsc#1202347). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bsc#1202095). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-26373: Fixed CPU information leak via post-barrier RSB predictions (bsc#1201726). - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154). - CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bsc#1202097). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a denial of service. (bsc#1197391) - CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bsc#1202558). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202860). - CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bsc#1202623). - CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bsc#1202681). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-3028: Fixed a race condition that was found in the IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously (bsc#1202898). - CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bsc#1203041). - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bsc#1203389). - CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bsc#1200015). - CVE-2022-32296: Fixed vulnerability where TCP servers were allowed to identify clients by observing what source ports are used (bsc#1200288). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bsc#1203552). - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bsc#1203769). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bsc#1204353). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bsc#1204619). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bsc#1201948). - CVE-2022-36946: Fixed a denial of service inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bsc#1201940). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bsc#1203107). - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bsc#1203117). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bsc#1203435). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bsc#1202960). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bsc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bsc#1203992). - CVE-2022-42719: Fixed remote code execution with wlan frames when parsing a multi-BSSID element (bsc#1204051). - CVE-2022-42720: Fixed remote code execution due to refcounting bugs (bsc#1204059). - CVE-2022-42721: Fixed remote code execution due list corruption in the wlan stack (bsc#1204060). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bsc#1199515). - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bsc#1177471) - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bsc#1196616). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bsc#1023051). The following non-security bugs were fixed: - 9p: Fix refcounting during full path walks for fid lookups (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes). - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes). - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: VIOT: Fix ACS setup (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bsc#1203767). - ACPI: processor/idle: Annotate more functions to live in cpuidle section (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - ACPI: thermal: drop an always true check (git-fixes). - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ACPI: video: Make backlight class device registration a separate step (v2) (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ALSA: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - ALSA: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - ALSA: hda/hdmi: change type for the 'assigned' variable (git-fixes). - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (git-fixes). - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Support System Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (git-fixes). - ALSA: hiface: fix repeated words in comments (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: line6: Replace sprintf() with sysfs_emit() (git-fixes). - ALSA: line6: remove line6_set_raw declaration (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - ALSA: scarlett2: Add support for the internal 'standalone' switch (git-fixes). - ALSA: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add endianness annotations (git-fixes). - ALSA: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes). - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes). - ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: Fix last interface check for registration (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ALSA: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Register card at the last interface (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ALSA: usb-audio: Support jack detection on Dell dock (git-fixes). - ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ALSA: usb-audio: make read-only array marker static const (git-fixes). - ALSA: usb-audio: remove redundant assignment to variable c (git-fixes). - ALSA: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - ALSA: usb/6fire: fix repeated words in comments (git-fixes). - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes). - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - ARM: Drop CMDLINE_* dependency on ATAGS (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes). - ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes). - ARM: OMAP2+: display: Fix refcount leak bug (git-fixes). - ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes). - ARM: decompressor: Include .data.rel.ro.local (git-fixes). - ARM: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - ARM: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - ARM: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - ARM: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ARM: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - ARM: dts: ast2500-evb: fix board compatible (git-fixes). - ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes). - ARM: dts: ast2600-evb: fix board compatible (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: do not keep ldo2 enabled all the time (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (git-fixes). - ARM: dts: at91: sama5d2_icp: do not keep vdd_other enabled all the time (git-fixes). - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (git-fixes). - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - ARM: dts: imx6dl: add missing properties for sram (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx6q: add missing properties for sram (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes). - ARM: dts: imx6qp: add missing properties for sram (git-fixes). - ARM: dts: imx6sl: add missing properties for sram (git-fixes). - ARM: dts: imx6sll: add missing properties for sram (git-fixes). - ARM: dts: imx6sx: add missing properties for sram (git-fixes). - ARM: dts: imx6ul: add missing properties for sram (git-fixes). - ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes). - ARM: dts: imx6ul: fix csi node compatible (git-fixes). - ARM: dts: imx6ul: fix keypad compatible (git-fixes). - ARM: dts: imx6ul: fix lcdif node compatible (git-fixes). - ARM: dts: imx6ul: fix qspi node compatible (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes). - ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - ARM: dts: integrator: Tag PCI host with device_type (git-fixes). - ARM: dts: kirkwood: lsxl: fix serial line (git-fixes). - ARM: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes). - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes). - ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes). - ARM: dts: turris-omnia: Add label for wan port (git-fixes). - ARM: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes). - ARM: findbit: fix overflowing offset (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ARM: shmobile: rcar-gen2: Increase refcount for new reference (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: tx-macro: fix kcontrol put (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (git-fixes). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699). - ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_asrc: force cast the asrc_format type (git-fixes). - ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: imx-audmux: Silence a clang warning (git-fixes). - ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mchp-spdifrx: disable end of block interrupt on failures (git-fixes). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - ASoC: mt6359: Fix refcount leak bug (git-fixes). - ASoC: mt6359: fix tests for platform_get_irq() failure (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes). - ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (git-fixes). - ASoC: samsung: change neo1973_audio from a global to static (git-fixes). - ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Allow mono streams (git-fixes). - ASoC: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2764: Fix mute/unmute (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2770: Fix handling of mute/unmute (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: tas2770: Set correct FSYNC polarity (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - ASoC: wm_adsp: Add support for 'toggle' preloaders (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Handle optional legacy support (git-fixes). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Add bt_skb_sendmmsg helper (git-fixes). - Bluetooth: Add bt_skb_sendmsg helper (git-fixes). - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: Fix passing NULL to PTR_ERR (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes). - Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes). - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes). - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (git-fixes). - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes). - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Documentation: ACPI: EINJ: Fix obsolete example (git-fixes). - Documentation: PM: Drop pme_interrupt reference (git-fixes). - Documentation: add description for net.core.gro_normal_batch (git-fixes). - Documentation: add description for net.sctp.ecn_enable (git-fixes). - Documentation: add description for net.sctp.intl_enable (git-fixes). - Documentation: add description for net.sctp.reconf_enable (git-fixes). - Documentation: devres: add missing I2C helper (git-fixes). - Documentation: dm writecache: Render status list as list (git-fixes). - Documentation: fix sctp_wmem in ip-sysctl.rst (git-fixes). - Documentation: fix udp_wmem_min in ip-sysctl.rst (git-fixes). - Documentation: move watch_queue to core-api (git-fixes). - Documentation: siphash: Fix typo in the name of offsetofend macro (git-fixes). - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497). - EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768). - Enable livepatching related packages on -RT (jsc#PED-1706) - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes). - HID: add Lenovo Yoga C630 battery quirk (git-fixes). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: amd_sfh: Add NULL check for hid device (git-fixes). - HID: amd_sfh: Handle condition of 'no sensors' (git-fixes). - HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - HID: hid-input: add Surface Go battery quirk (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: multitouch: new device class fix Lenovo X12 trackpad sticky (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fies). - HID: thrustmaster: Add sparco wheel and fix array length (git-fixes). - HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/core: Fix a nested dead lock as part of ODP flow (git-fixes) - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: exc3000 - fix return value check of wait_for_completion_timeout (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes). - Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - add additional TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: i8042 - merge quirk tables (git-fies). - Input: i8042 - move __initconst to fix code styling warning (git-fies). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - Input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes). - KVM-x86-Avoid-theoretical-NULL-pointer-dereference-i.patch - KVM-x86-Check-lapic_in_kernel-before-attempting-to-s.patch - KVM-x86-Forbid-VMM-to-set-SYNIC-STIMER-MSRs-when-Syn.patch - KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes). - KVM: MMU: shadow nested paging does not have PKU (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init (bsc#1194869). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations (bsc#1194869). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1194869). - KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt (bsc#1194869). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0 (git-fixes). - KVM: SVM: Do not intercept #GP for SEV guests (git-fixes). - KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: Unwind 'speculative' RIP advancement if INTn injection 'fails' (git-fixes). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes). - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - KVM: VMX: Inject #PF on ENCLS as 'emulated' #PF (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: Print VM-instruction error as unsigned (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled (git-fixes). - KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes). - KVM: X86: Fix when shadow_root_level=5 && guest root_level&lt;4 (git-fixes). - KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes). - KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: fix avic_set_running for preemptable kernels (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Defer APICv updates while L2 is active until L1 is active (git-fixes). - KVM: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (git-fixes). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - KVM: nVMX: do not use vcpu->arch.efer when checking host state on nested state load (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes). - KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - KVM: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - KVM: x86/mmu: Do not freak out if pml5_root is NULL on 4-level host (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: Move 'invalid' check out of kvm_tdp_mmu_get_root() (git-fixes). - KVM: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes). - KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes). - KVM: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - KVM: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - KVM: x86: Always set kvm_run->if_flag (git-fixes). - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (git-fixes). - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (git-fixes). - KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (git-fixes). - KVM: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - KVM: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - KVM: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: SVM: do not passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Update vPMCs when retiring branch instructions (git-fixes). - KVM: x86: Update vPMCs when retiring instructions (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes). - KVM: x86: do not report preemption if the steal time cache is stale (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes). - KVM: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - KVM: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes). - KVM: x86: revalidate steal time cache if MSR value changes (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - NFS: Fix another fsync() issue after a server reboot (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (git-fixes). - NFSD: Fix ia_size underflow (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - NFSv4.1: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSv4.2 fix problems with __nfs42_ssc_open (git-fixes). - NFSv4.2: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSv4: Fix races in the legacy idmapper upcall (git-fixes). - NFSv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI/AER: Iterate over error counters instead of error strings (git-fixes). - PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - PCI/ASPM: Ignore L1 PM Substates if device lacks capability (git-fixes). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: Correct misspelled words (git-fixes). - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: endpoint: Do not stop controller when unbinding endpoint function (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - PCI: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - PM: hibernate: defer device probing when resuming from hibernation (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Add support for address handle re-use (git-fixes) - RDMA/irdma: Align AE id codes to correct flush code and event (git-fixes) - RDMA/irdma: Do not advertise 1GB page size for x722 (git-fixes) - RDMA/irdma: Fix VLAN connection with wildcard address (git-fixes) - RDMA/irdma: Fix a window for use-after-free (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - RDMA/irdma: Fix sleep from invalid context BUG (git-fixes) - RDMA/irdma: Move union irdma_sockaddr to header file (git-fixes) - RDMA/irdma: Remove the unnecessary variable saddr (git-fixes) - RDMA/irdma: Report RNR NAK generation in device caps (git-fixes) - RDMA/irdma: Report the correct max cqes from query device (git-fixes) - RDMA/irdma: Return correct WC error for bind operation failure (git-fixes) - RDMA/irdma: Return error on MR deregister CQP failure (git-fixes) - RDMA/irdma: Use net_type to check network type (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/irdma: Validate udata inlen and outlen (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - RDMA/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - RDMA/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: For invalidate compare according to set keys in mr (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/srp: Fix srp_abort() (git-fixes) - RDMA/srp: Handle dev_set_name() failure (git-fixes) - RDMA/srp: Rework the srp_add_port() error path (git-fixes) - RDMA/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - RDMA/srp: Support more than 255 rdma ports (git-fixes) - RDMA/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - RDMA/srpt: Duplicate port name members (git-fixes) - RDMA/srpt: Fix a use-after-free (git-fixes) - RDMA/srpt: Introduce a reference count in struct srpt_device (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - Refresh nvme in-band authentication patches (bsc#1199086) - Refresh patches.suse/iommu-vt-d-Acquiring-lock-in-domain-ID-allocation-helpers Fix spin deadlock in intel_iommu (bsc#1203505) - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1202131) Now iwlwifi queries *-72.ucode, but again, this is non-existing version. Correct to the existing *-71.ucode - Refresh patches.suse/ppc64-kdump-Limit-kdump-base-to-512MB.patch to upstream version. - Remove doubly applied amdgpu patches - Replace the in-house patch by the above upstream version, patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch. - Revert 'ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations' (bsc#1203699). - Revert 'ALSA: usb-audio: Split endpoint setups for hw_params and prepare' (git-fixes). - Revert 'SUNRPC: Remove unreachable error condition' (git-fixes). - Revert 'arm64: Mitigate MTE issues with str{n}cmp()' (git-fixes) - Revert 'clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops' (git-fixes). - Revert 'constraints: increase disk space for all architectures' (bsc#1203693). This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca. - Revert 'crypto: qat - reduce size of mapped region' (git-fixes). - Revert 'drivers/video/backlight/platform_lcd.c: add support for device tree based probe' (git-fixes). - Revert 'drm/amdgpu: use dirty framebuffer helper' (git-fixes). - Revert 'drm/i915: Hold reference to intel_context over life of i915_request' (git-fixes). - Revert 'drm/udl: Kill pending URBs at suspend and disconnect' (bsc#1195917). - Revert 'drm/vc4: hvs: Reset muxes at probe time (git-fixes).' (bsc#1202341) This reverts commit 303122d0f2160411fa1068220bc59849d848550d. The reverted change clears hardware state on the RPi4, which leaves the screen blank. Without it, the display works correctly. - Revert 'drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time' (git-fixes). - Revert 'firmware: arm_scmi: Add clock management to the SCMI power domain' (git-fixes). - Revert 'ice: Hide bus-info in ethtool for PRs in switchdev mode' (git-fixes). - Revert 'ipv6: Honor all IPv6 PIO Valid Lifetime values' (bsc#1202989). - Revert 'net: phy: meson-gxl: improve link-up behavior' (git-fixes). - Revert 'net: usb: ax88179_178a needs FLAG_SEND_ZLP' (git-fixes). - Revert 'pNFS: nfs3_set_ds_client should set NFS_CS_NOPING' (git-fixes). - Revert 'powerpc/rtas: Implement reentrant rtas call' (bsc#1203664 ltc#199236). - Revert 'scripts/mod/modpost.c: permit '.cranges' secton for sh64 architecture.' (git-fixes). - Revert 'tty: n_gsm: avoid call of sleeping functions from atomic context' (git-fixes). - Revert 'tty: n_gsm: replace kicktimer with delayed_work' (git-fixes). - Revert 'usb: add quirks for Lenovo OneLink+ Dock' (git-fixes). - Revert 'usb: dwc3: disable USB core PHY management' (git-fixes). - Revert 'usb: gadget: udc-xilinx: replace memcpy with memcpy_toio' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - Revert 'workqueue: remove unused cancel_work()' (bsc#1204933). - Revert 'x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV' (bsc#1190497). - Revert selftest patches that have been reverted in stable-5.15.y - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now useless comments (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: serial: ch314: use usb_control_msg_recv() (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - XArray: Update the LRU list in xas_split() (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - apparmor: Fix failed mount permission check error message (git-fixes). - apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes). - apparmor: fix aa_label_asxprint return check (git-fixes). - apparmor: fix absroot causing audited secids to begin with = (git-fixes). - apparmor: fix overlapping attachment computation (git-fixes). - apparmor: fix quiet_denied for file rules (git-fixes). - apparmor: fix reference count leak in aa_pivotroot() (git-fixes). - apparmor: fix setting unconfined mode on a loaded profile (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Do not forget syscall when starting a new thread (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes). - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes). - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes). - arm64: dts: mt8192: Fix idle-states entry-method (git-fixes). - arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes). - arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes). - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (git-fixes). - arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (git-fixes). - arm64: dts: renesas: beacon: Fix regulator node names (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes). - arm64: fix rodata=full (git-fixes). - arm64: fix rodata=full again (git-fixes) - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: kasan: Revert 'arm64: mte: reset the page tag in page->flags' (git-fixes). - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - arm64: set UXN on swapper page tables (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes). - arm64: tegra: Fixup SYSRAM references (git-fixes). - arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes). - arm64: tegra: Update Tegra234 BPMP channel addresses (git-fixes). - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - arm_pmu: Validate single/group leader events (git-fixes). - asm-generic: remove a broken and needless ifdef conditional (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ath11k: Fix incorrect debug_mask mappings (git-fixes). - ath11k: fix netdev open race (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - ax25: Fix ax25 session cleanup problems (git-fixes). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - bitfield.h: Fix 'type of reg too small for mask' test (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - block: Fix fsync always failed if once failed (bsc#1202779). - block: Fix wrong offset in bio_truncate() (bsc#1202780). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in &lt;linux/genhd.h> (git-fixes). - block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781). - block: only mark bio as tracked if it really is tracked (bsc#1202782). - bnx2x: Invalidate fastpath HSI version for VFs (git-fixes). - bnx2x: Utilize firmware 7.13.21.0 (git-fixes). - bnx2x: fix built-in kernel driver load failure (git-fixes). - bnx2x: fix driver load from initrd (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs-fix-deadlock-between-quota-enable-and-other-qu.patch: (bsc#1205521). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (git-fixes). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes). - can: do not increase rx_bytes statistics for RTR frames (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: fix typo prescalar -> prescaler (git-fixes). - can: m_can: is_lec_err(): clean up LEC error handling (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: mcp251x: Fix race condition on receive interrupt (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (git-fixes). - can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202823). - ceph: do not truncate file in atomic_open (bsc#1202824). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - ceph: use correct index when encoding client supported features (bsc#1202822). - cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - cgroup: Fix threadgroup_rwsem &lt;-> cpus_read_lock() deadlock (bsc#1196869). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix reconnect on smb3 mount types (bsc#1201427). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: mediatek: reset: Fix written reset bit offset (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (git-fixes). - clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (git-fixes). - clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (git-fixes). - clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (git-fixes). - clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (git-fixes). - clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (git-fixes). - clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes). - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - During shutdown, check SEV data pointer before using (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (git-fixes). - crypto: hisilicon - Kunpeng916 crypto driver do not sleep when in softirq (git-fixes). - crypto: hisilicon/hpre - do not use GFP_KERNEL to alloc mem during softirq (git-fixes). - crypto: hisilicon/sec - do not sleep when in softirq (git-fixes). - crypto: hisilicon/sec - fix auth key size error (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - crypto: sun8i-ss - do not allocate memory when handling hash requests (git-fixes). - crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes). - crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes). - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - device property: Check fwnode->secondary when finding properties (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - devlink: Fix use-after-free after a failed reload (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes). - dma-debug: make things less spammy under memory pressure (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes). - dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes). - dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: sf-pdma: Add multithread support for a DMA channel (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler() (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - docs/kernel-parameters: Update descriptions for 'mitigations=' param with retbleed (git-fixes). - docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - docs: zh_CN: fix a broken reference (git-fixes). - dpaa2-eth: fix ethtool statistics (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/iio: Remove all strcpy() uses (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes). - drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Avoid MPC infinite loop (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (git-fixes). - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix pixel clock programming (git-fixes). - drm/amd/display: Fix surface optimization regression on Carrizo (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: For stereo keep 'FLIP_ANY_FRAME' (git-fixes). - drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Optimize bandwidth on following fast update (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: Reset DMCUB before HW init (git-fixes). - drm/amd/display: Revert 'drm/amd/display: turn DPMS off on connector unplug' (git-fixes). - drm/amd/display: avoid doing vm_init multiple time (git-fixes). - drm/amd/display: clear optc underflow before turn off odm clock (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) Backporting notes: * also fix default branch - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) Backporting notes: * replace IP_VERSION() with CHIP_ constants - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/amdgpu: Remove one duplicated ef removal (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/display: avoid warnings when registering dual panel backlight (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - drm/i915/gt: Skip TLB invalidations once wedged (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) Backporting notes: * update additional patch on top - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915: fix null pointer dereference (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: Allow commands to be sent during video mode (git-fixes). - drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes). - drm/mediatek: Modify dsi funcs to atomic operations (git-fixes). - drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: Fix for non-visible planes (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes). - drm/msm: Fix dirtyfb refcounting (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/acpi: Do not print error when we get -EINPROGRESS from pm_runtime (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: Do not pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/nouveau: recognise GA103 (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) Backporting notes: * context changes - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/shmem-helper: Add missing vunmap on error (git-fixes). - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes). - drm/udl: Add parameter to set number of URBs (bsc#1195917). - drm/udl: Add reset_resume (bsc#1195917) - drm/udl: Do not re-initialize stuff at retrying the URB list allocation (bsc#1195917). - drm/udl: Drop unneeded alignment (bsc#1195917). - drm/udl: Enable damage clipping (bsc#1195917). - drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list() (bsc#1195917). - drm/udl: Fix potential URB leaks (bsc#1195917). - drm/udl: Increase the default URB list size to 20 (bsc#1195917). - drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917). - drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917). - drm/udl: Replace semaphore with a simple wait queue (bsc#1195917). - drm/udl: Restore display mode on resume (bsc#1195917) - drm/udl: Suppress error print for -EPROTO at URB completion (bsc#1195917). - drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917). - drm/udl: Sync pending URBs at the end of suspend (bsc#1195917). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: change vc4_dma_range_matches from a global to static (git-fixes). - drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes). - drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Disable audio if dmas property is present but empty (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes). - dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes). - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes). - dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes). - dt-bindings: hwmon: (mr75203) fix 'intel,vm-map' property to be optional (git-fixes). - dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - erofs: fix deadlock when shrink erofs slab (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - eth: sun: cassini: remove dead code (git-fixes). - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (git-fies). - exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725). - exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725). - exfat: Drop superfluous new line for error messages (bsc#1201725). - exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix referencing wrong parent directory information after renaming (git-fixes). - exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes). - exfat: use updated exfat_chain directly during renaming (git-fixes). - export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fast commit may miss tracking unwritten range during ftruncate (bsc#1202759). - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1202771). - ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling in ext4_fc_record_modified_inode() (bsc#1202767). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix fallocate to use file_modified to update permissions consistently (bsc#1202769). Refresh ext4-fix-race-condition-between-ext4_write-and-ext4_.patch - ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE (bsc#1202757). - ext4: fix fs corruption when tring to remove a non-empty directory with IO error (bsc#1202768). - ext4: fix incorrect type issue during replay_del_range (bsc#1202867). - ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits' (bsc#1202764). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix super block checksum incorrect after mount (bsc#1202773). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: initialize err_blk before calling __ext4_get_inode_loc (bsc#1202763). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: make sure to reset inode lockdep class when quota enabling fails (bsc#1202761). - ext4: mark group as trimmed only if it was fully scanned (bsc#1202770). - ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766). - ext4: prevent used blocks from being allocated during fast commit replay (bsc#1202765). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - ext4: use ext4_ext_remove_space() for fast commit replay delete range (bsc#1202758). - fat: add ratelimit to fat*_ent_bread() (git-fixes). - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1202774). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - firmware: tegra: Fix error check return value of debugfs_create_file() (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fix race between exit_itimers() and /proc/pid/timers (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace/x86: Add back ftrace_expected assignment (git-fixes). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203798). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - fuse: fix readdir cache race (bsc#1205331). - fuse: ioctl: translate ENOSYS (bsc#1203139). - fuse: limit nsec (bsc#1203138). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - gcov: support GCC 12.1 and newer compilers (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - habanalabs/gaudi: fix shift out of bounds (git-fixes). - habanalabs/gaudi: mask constant value before cast (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (git-fixes). - hwmon: (drivetemp) Add module alias (git-fixes). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (sht15) Fix wrong assumptions in device remove callback (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - i2c: Fix a potential use after free (git-fixes). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - i2c: mxs: Silence a clang warning (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: npcm: Capitalize the one-line comment (git-fixes). - i2c: npcm: Correct slave role behavior (git-fixes). - i2c: npcm: Remove own slave addresses 2:10 (git-fixes). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ice: Allow operation with reduced device MSI-X (bsc#1201987). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - ice: Fix race during aux device (un)plugging (git-fixes). - ice: Fix switchdev rules book keeping (git-fixes). - ice: Match on all profiles in slow-path (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - ice: fix 'scheduling while atomic' on aux critical err interrupt (git-fixes). - ice: fix crash when writing timestamp on RX rings (git-fixes). - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - ieee80211: add EHT 1K aggregation definitions (bsc#1202131). - ieee80211: change HE nominal packet padding value defines (bsc#1202131). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: bma400: Fix the scale min and max macro values (git-fixes). - iio: accel: bma400: Reordering of header files (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3300: Fix alignment for DMA safety (git-fixes). - iio: ad7292: Prevent regulator double disable (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7292: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7923: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: max1241: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: common: ssp: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5766: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes). - iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - inet_diag: fix kernel-infoleak for UDP sockets (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - interconnect: imx: fix max_node_id (git-fixes). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: add a schedule point in io_add_buffers() (git-fixes). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - io_uring: terminate manual loop iterator loop correctly for non-vecs (git-fixes). - iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes). - iommu/amd: Enable swiotlb in all cases (git-fixes). - iommu/amd: Fix I/O page table memory leak (git-fixes). - iommu/amd: Recover from event log overflow (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes). - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/dart: Add missing module owner to ops structure (git-fixes). - iommu/dart: check return value after calling platform_get_resource() (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes). - iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes). - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (git-fixes). - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find (git-fixes). - iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - iommu/vt-d: Drop stop marker messages (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301). - iommu/vt-d: Refactor iommu information of each domain (bsc#1200301). - iommu/vt-d: Remove global g_iommus array (bsc#1200301). - iommu/vt-d: Remove intel_iommu::domains (bsc#1200301). - iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301). - iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - iommu: Fix potential use-after-free during probe (git-fixes). - iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes). - iov_iter: fix build issue due to possible type mis-match (git-fixes). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipmi: fix initialization when workqueue allocation fails (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes). - irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131). - iwlwifi: Add support for getting rf id with blank otp (bsc#1202131). - iwlwifi: Add support for more BZ HWs (bsc#1202131). - iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131). - iwlwifi: BZ Family SW reset support (bsc#1202131). - iwlwifi: Configure FW debug preset via module param (bsc#1202131). - iwlwifi: Fix FW name for gl (bsc#1202131). - iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131). - iwlwifi: Fix syntax errors in comments (bsc#1202131). - iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131). - iwlwifi: Read the correct addresses when getting the crf id (bsc#1202131). - iwlwifi: Start scratch debug register for Bz family (bsc#1202131). - iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131). - iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131). - iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131). - iwlwifi: add new Qu-Hr device (bsc#1202131). - iwlwifi: add new ax1650 killer device (bsc#1202131). - iwlwifi: add new device id 7F70 (bsc#1202131). - iwlwifi: add new pci SoF with JF (bsc#1202131). - iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131). - iwlwifi: add support for BNJ HW (bsc#1202131). - iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131). - iwlwifi: add support for Bz-Z HW (bsc#1202131). - iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131). - iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131). - iwlwifi: allow rate-limited error messages (bsc#1202131). - iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131). - iwlwifi: api: remove ttl field from TX command (bsc#1202131). - iwlwifi: api: remove unused RX status bits (bsc#1202131). - iwlwifi: avoid variable shadowing (bsc#1202131). - iwlwifi: avoid void pointer arithmetic (bsc#1202131). - iwlwifi: bump FW API to 67 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 68 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 69 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 70 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 71 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 72 for AX devices (bsc#1202131). - iwlwifi: cfg: add support for 1K BA queue (bsc#1202131). - iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131). - iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131). - iwlwifi: dbg: check trigger data before access (bsc#1202131). - iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131). - iwlwifi: dbg: in sync mode do not call schedule (bsc#1202131). - iwlwifi: dbg: treat dbgc allocation failure when tlv is missing (bsc#1202131). - iwlwifi: dbg: treat non active regions as unsupported regions (bsc#1202131). - iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write (bsc#1202131). - iwlwifi: de-const properly where needed (bsc#1202131). - iwlwifi: debugfs: remove useless double condition (bsc#1202131). - iwlwifi: do not dump_stack() when we get an unexpected interrupt (bsc#1202131). - iwlwifi: do not use __unused as variable name (bsc#1202131). - iwlwifi: drv: load tlv debug data earlier (bsc#1202131). - iwlwifi: dump CSR scratch from outer function (bsc#1202131). - iwlwifi: dump RCM error tables (bsc#1202131). - iwlwifi: dump both TCM error tables if present (bsc#1202131). - iwlwifi: dump host monitor data when NIC does not init (bsc#1202131). - iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi: eeprom: clean up macros (bsc#1202131). - iwlwifi: fix LED dependencies (bsc#1202131). - iwlwifi: fix debug TLV parsing (bsc#1202131). - iwlwifi: fix fw/img.c license statement (bsc#1202131). - iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131). - iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131). - iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131). - iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131). - iwlwifi: fw: add support for splitting region type bits (bsc#1202131). - iwlwifi: fw: api: add link to PHY context command struct v1 (bsc#1202131). - iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131). - iwlwifi: fw: fix some scan kernel-doc (bsc#1202131). - iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131). - iwlwifi: fw: make dump_start callback void (bsc#1202131). - iwlwifi: fw: remove dead error log code (bsc#1202131). - iwlwifi: implement reset flow for Bz devices (bsc#1202131). - iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131). - iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131). - iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131). - iwlwifi: make some functions friendly to sparse (bsc#1202131). - iwlwifi: move symbols into a separate namespace (bsc#1202131). - iwlwifi: mvm/api: define system control command (bsc#1202131). - iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131). - iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131). - iwlwifi: mvm: Add support for a new version of scan request command (bsc#1202131). - iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131). - iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131). - iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131). - iwlwifi: mvm: Do not fail if PPAG isn't supported (bsc#1202131). - iwlwifi: mvm: Fix wrong documentation for scan request command (bsc#1202131). - iwlwifi: mvm: Passively scan non PSC channels only when requested so (bsc#1202131). - iwlwifi: mvm: Read acpi dsm to get channel activation bitmap (bsc#1202131). - iwlwifi: mvm: Remove antenna c references (bsc#1202131). - iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions (bsc#1202131). - iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and RX_NO_DATA_NOTIF (bsc#1202131). - iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131). - iwlwifi: mvm: Support new version of ranging response notification (bsc#1202131). - iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131). - iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131). - iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131). - iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed (bsc#1202131). - iwlwifi: mvm: add a flag to reduce power command (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131). - iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131). - iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131). - iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131). - iwlwifi: mvm: add some missing command strings (bsc#1202131). - iwlwifi: mvm: add support for 160Mhz in ranging measurements (bsc#1202131). - iwlwifi: mvm: add support for CT-KILL notification version 2 (bsc#1202131). - iwlwifi: mvm: add support for IMR based on platform (bsc#1202131). - iwlwifi: mvm: add support for OCE scan (bsc#1202131). - iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131). - iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131). - iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting (bsc#1202131). - iwlwifi: mvm: always remove the session protection after association (bsc#1202131). - iwlwifi: mvm: always store the PPAG table as the latest version (bsc#1202131). - iwlwifi: mvm: always use 4K RB size by default (bsc#1202131). - iwlwifi: mvm: change old-SN drop threshold (bsc#1202131). - iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif() (bsc#1202131). - iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131). - iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131). - iwlwifi: mvm: correctly set channel flags (bsc#1202131). - iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131). - iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131). - iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131). - iwlwifi: mvm: d3: use internal data representation (bsc#1202131). - iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131). - iwlwifi: mvm: do not get address of mvm->fwrt just to dereference as a pointer (bsc#1202131). - iwlwifi: mvm: do not send BAID removal to the FW during hw_restart (bsc#1202131). - iwlwifi: mvm: do not trust hardware queue number (bsc#1202131). - iwlwifi: mvm: drop too short packets silently (bsc#1202131). - iwlwifi: mvm: extend session protection on association (bsc#1202131). - iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc() (bsc#1202131). - iwlwifi: mvm: fix a stray tab (bsc#1202131). - iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1202131). - iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131). - iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131). - iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs() (bsc#1202131). - iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131). - iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131). - iwlwifi: mvm: improve log when processing CSA (bsc#1202131). - iwlwifi: mvm: isolate offload assist (checksum) calculation (bsc#1202131). - iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131). - iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131). - iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131). - iwlwifi: mvm: optionally suppress assert log (bsc#1202131). - iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131). - iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW (bsc#1202131). - iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131). - iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131). - iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD (bsc#1202131). - iwlwifi: mvm: remove card state notification code (bsc#1202131). - iwlwifi: mvm: remove cipher scheme support (bsc#1202131). - iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211() (bsc#1202131). - iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131). - iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131). - iwlwifi: mvm: remove session protection on disassoc (bsc#1202131). - iwlwifi: mvm: remove session protection upon station removal (bsc#1202131). - iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131). - iwlwifi: mvm: rfi: update rfi table (bsc#1202131). - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (bsc#1202131). - iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131). - iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS (bsc#1202131). - iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131). - iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions (bsc#1202131). - iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131). - iwlwifi: mvm: support RLC configuration command (bsc#1202131). - iwlwifi: mvm: support new BAID allocation command (bsc#1202131). - iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131). - iwlwifi: mvm: support v3 of station HE context command (bsc#1202131). - iwlwifi: mvm: update BAID allocation command again (bsc#1202131). - iwlwifi: mvm: update RFI TLV (bsc#1202131). - iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131). - iwlwifi: mvm: update rate scale in moving back to assoc state (bsc#1202131). - iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131). - iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131). - iwlwifi: nvm: Correct HE capability (bsc#1202131). - iwlwifi: parse debug exclude data from firmware file (bsc#1202131). - iwlwifi: parse error tables from debug TLVs (bsc#1202131). - iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131). - iwlwifi: pcie: add jacket bit to device configuration parsing (bsc#1202131). - iwlwifi: pcie: add support for MS devices (bsc#1202131). - iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131). - iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131). - iwlwifi: pcie: fix constant-conversion warning (bsc#1202131). - iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131). - iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131). - iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow (bsc#1202131). - iwlwifi: pcie: refactor dev_info lookup (bsc#1202131). - iwlwifi: pcie: remove duplicate entry (bsc#1202131). - iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131). - iwlwifi: pcie: retake ownership after reset (bsc#1202131). - iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131). - iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131). - iwlwifi: pcie: try to grab NIC access early (bsc#1202131). - iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131). - iwlwifi: pnvm: print out the version properly (bsc#1202131). - iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131). - iwlwifi: propagate (const) type qualifier (bsc#1202131). - iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131). - iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131). - iwlwifi: remove command ID argument from queue allocation (bsc#1202131). - iwlwifi: remove contact information (bsc#1202131). - iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131). - iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131). - iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131). - iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131). - iwlwifi: remove unused macros (bsc#1202131). - iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF (bsc#1202131). - iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1202131). - iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131). - iwlwifi: scan: Modify return value of a function (bsc#1202131). - iwlwifi: support 4-bits in MAC step value (bsc#1202131). - iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131). - iwlwifi: support new queue allocation command (bsc#1202131). - iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131). - iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC configuration (bsc#1202131). - iwlwifi: use 4k queue size for Bz A-step (bsc#1202131). - iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131). - iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131). - iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131). - iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131). - iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131). - iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131). - iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131). - iwlwifi: yoyo: fw debug config from context info and preset (bsc#1202131). - iwlwifi: yoyo: send hcmd to fw after dump collection completes (bsc#1202131). - iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131). - iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131). - iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131). - iwlwifi: yoyo: support for ROM usniffer (bsc#1202131). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - kABI workaround for spi changes (bsc#1203699). - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after 'KVM: x86/pmu: Use different raw event masks for AMD and Intel' (git-fixes). - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: fix adding another field to scsi_device (bsc#1203039). - kABI: reintroduce a non-inline usleep_range (git-fixes). - kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410). - kabi/severities: Exclude ppc kvm - kabi/severities: add Qlogic qed symbols - kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471 - kabi/severities: add hisilicon hns3 symbols - kabi/severities: add microchip dsa drivers - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kabi/severities: ignore kABI changes in mwifiex drivers Those symbols are used only locally in mwifiex (sub-)modules. - kabi/severities: octeontx2 driver (jsc#SLE-24682) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kbuild: disable header exports for UML in a straightforward way (git-fixes). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kbuild: fix the modules order between drivers and libs (git-fixes). - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kcm: fix strp_init() order and cleanup (git-fies). - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals. - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kexec_file: drop weak attribute from functions (bsc#1196444). - kfifo: fix kfifo_to_user() return type (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes). - kselftest/vm: fix tests build with old libc (git-fixes). - kselftest: Fix vdso_test_abi return status (git-fixes). - kselftest: signal all child processes (git-fixes). - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes). - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes). - landlock: Add clang-format exceptions (git-fixes). - landlock: Change landlock_add_rule(2) argument check ordering (git-fixes). - landlock: Change landlock_restrict_self(2) check ordering (git-fixes). - landlock: Create find_rule() from unmask_layers() (git-fixes). - landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes). - landlock: Fix landlock_add_rule(2) documentation (git-fixes). - landlock: Fix same-layer rule unions (git-fixes). - landlock: Format with clang-format (git-fixes). - landlock: Reduce the maximum number of layers to 16 (git-fixes). - landlock: Use square brackets around 'landlock-ruleset' (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - lib/smp_processor_id: fix imbalanced instrumentation_end() call (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - lkdtm: Disable return thunks in rodata.c (bsc#1190497). - lockd: detect and reject lock arguments that overflow (git-fixes). - lockdep: Correct lock_classes index mapping (git-fixes). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes). - locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes). - loop: Check for overflow while configuring loop (git-fies). - loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac80211: fix a memory leak where sta_info is not freed (git-fixes). - mac80211: introduce channel switch disconnect function (bsc#1202131). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix NULL deref in macsec_add_rxsa (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - macsec: limit replay window size with XPN (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md-raid10: fix KASAN warning (git-fixes). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md/raid1: fix missing bitmap update w/o WriteMostly devices (bsc#1203036). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (git-fixes). - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cedrus: h265: Fix flag name (git-fixes). - media: cedrus: hevc: Add check for invalid timestamp (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: driver/nxp/imx-jpeg: fix a unexpected return value problem (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - media: hantro: postproc: Fix motion vector space size (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: hevc: Embedded indexes in RPS (git-fixes). - media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes). - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - media: imx-jpeg: Correct some definition according specification (git-fixes). - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - media: pvrusb2: fix memory leak in pvr_probe (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: rkvdec: Disable H.264 error detection (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - media: tw686x: Fix memory leak in tw686x_video_init (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: vsp1: Fix offset calculation for plane cropping. - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - minix: fix bug when opening a file with O_DIRECT (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - mlxsw: i2c: Fix initialization error flow (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes). kABI: Fix kABI after 'mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse' (git-fixes). - mm: Fix PASID use-after-free issue (bsc#1203908). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: block: Add single read for 4k sector cards (git-fixes). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: mxcmmc: Silence a clang warning (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: tmio: avoid glitches when resetting (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - msft-hv-2570-hv_netvsc-Add-support-for-XDP_REDIRECT.patch: (bsc#1199364). - mt76: mt7615: do not update pm stats in case of error (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes). - mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes). - mtd: dataflash: Add SPI ID table (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes). - mtd: rawnand: arasan: Update NAND bus clock instead of system clock (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (git-fixes). - mtd: rawnand: gpmi: validate controller clock rate (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - musb: fix USB_MUSB_TUSB6010 dependency (git-fixes). - mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - n_gsm: remove unused parameters from gsm_error() (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - net/mlx5: Drain fw_reset when removing device (git-fixes). - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: asix: fix 'can't send until first packet is send' issue (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bcmgenet: Revert 'Use stronger register read/writes to assure ordering' (git-fixes). - net: bcmgenet: Use stronger register read/writes to assure ordering (git-fixes). - net: bcmgenet: hide status block before TX timestamping (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: b53: Add SPI ID table (git-fixes). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (git-fixes). - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - net: dsa: felix: purge skb from TX timestamping queue if it cannot be sent (git-fies). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: hellcreek: Add STP forwarding rule (git-fixes). - net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes). - net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports (git-fixes). - net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes). - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - net: dsa: microchip: implement multi-bridge support (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family (git-fixes). - net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() (git-fixes). - net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes). - net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X (git-fixes). - net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family (git-fixes). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed (git-fixes). - net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver (git-fixes). - net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() (git-fixes). - net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes). - net: dsa: mv88e6xxx: error handling for serdes_power functions (git-fixes). - net: dsa: mv88e6xxx: fix 'do not use PHY_DETECT on internal PHY's' (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes). - net: dsa: qca8k: fix MTU calculation (git-fixes). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - net: dsa: seville: register the mdiobus under devres (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib (git-fies). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: ftgmac100: access hardware register after clock ready (git-fixes). - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - net: hns3: clean residual vf config after disable sriov (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipa: get rid of a duplicate initialization (git-fixes). - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - net: ipa: record proper RX transaction count (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: macb: Fix PTP one step sync support (git-fixes). - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: marvell: prestera: fix incorrect structure access (git-fixes). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: create a function that replaces an existing VCAP filter (git-fixes). - net: mscc: ocelot: do not dereference NULL pointers with shared tc filters (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - net: mscc: ocelot: fix incorrect balancing with down LAG ports (git-fixes). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - net: mscc: ocelot: set up traps for PTP packets (git-fixes). - net: openvswitch: do not send internal clone attribute to the userspace (git-fixes). - net: openvswitch: fix leak of nested actions (git-fixes). - net: openvswitch: fix misuse of the cached connection on tuple changes (git-fixes). - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: Do not WARN for PHY_READY state in mdio_bus_phy_resume() (git-fixes). - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - net: phy: at803x: move page selection fix to config_init (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode (git-fixes). - net: ptp: add a definition for the UDP port for IEEE 1588 general messages (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - net: stmmac: clean up impossible condition (git-fixes). - net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1194904). - net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904). - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix off-by-one error in sanity check (git-fixes). - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: only enable DMA interrupts when ready (git-fixes). - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: stmmac: remove unused get_addr() callback (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: Correct PHY handling of smsc95xx (git-fixes). - net: usb: Correct reset handling of smsc95xx (git-fixes). - net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: make USB_RTL8153_ECM non user configurable (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - net: wwan: iosm: remove pointless null check (git-fixes). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nfsd: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes). - nilfs2: fix lockdep warnings during disk space reclamation (git-fixes). - nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bnc#1189999 (Scheduler functional and performance backports)). - nouveau/svm: Fix to migrate all requested pages (git-fixes). - nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113). - nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265). - nvme-auth: retry command if DNR bit is not set (bsc#1201675). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme: consider also host_iface when checking ip options (bsc#1199670). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - nvme: implement In-Band authentication (jsc#SLE-20183). - nvme: kabi fixes for in-band authentication (bsc#1199086). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - nvmet-auth: expire authentication sessions (jsc#SLE-20183). - nvmet: Expose max queues to configfs (bsc#1201865). - nvmet: implement basic In-Band Authentication (jsc#SLE-20183). - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778). - ocfs2: fix a deadlock when commit trans (bsc#1202776). - octeontx2-af: Add KPU changes to parse NGIO as separate layer (jsc#SLE-24682). - octeontx2-af: Add PTP device id for CN10K and 95O silcons (jsc#SLE-24682). - octeontx2-af: Add SDP interface support (jsc#SLE-24682). - octeontx2-af: Add debug messages for failures (jsc#SLE-24682). - octeontx2-af: Add external ptp input clock (jsc#SLE-24682). - octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682). - octeontx2-af: Add mbox to retrieve bandwidth profile free count (jsc#SLE-24682). - octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682). - octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682). - octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682). - octeontx2-af: Allow to configure flow tag LSB byte as RSS adder (jsc#SLE-24682). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Change the order of queue work and interrupt disable (jsc#SLE-24682). - octeontx2-af: Do not enable Pause frames by default (jsc#SLE-24682). - octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682). - octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682). - octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682). - octeontx2-af: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-af: Fix interrupt name strings (jsc#SLE-24682). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: Fix spelling mistake 'Makesure' -> 'Make sure' (jsc#SLE-24682). - octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682). - octeontx2-af: Flow control resource management (jsc#SLE-24682). - octeontx2-af: Handle return value in block reset (jsc#SLE-24682). - octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682). - octeontx2-af: Increase link credit restore polling timeout (jsc#SLE-24682). - octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682). - octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682). - octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682). - octeontx2-af: Modify install flow error codes (jsc#SLE-24682). - octeontx2-af: Optimize KPU1 processing for variable-length headers (jsc#SLE-24682). - octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682). - octeontx2-af: Priority flow control configuration support (jsc#SLE-24682). - octeontx2-af: Remove channel verification while installing MCAM rules (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable blkaddr (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable pin (jsc#SLE-24682). - octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682). - octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682). - octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc (jsc#SLE-24682). - octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682). - octeontx2-af: Use ptp input clock info from firmware data (jsc#SLE-24682). - octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682). - octeontx2-af: add proper return codes for AF mailbox handlers (jsc#SLE-24682). - octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682). - octeontx2-af: cn10K: support for sched lmtst and other features (jsc#SLE-24682). - octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682). - octeontx2-af: cn10k: RPM hardware timestamp configuration (jsc#SLE-24682). - octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682). - octeontx2-af: cn10k: Use appropriate register for LMAC enable (jsc#SLE-24682). - octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682). - octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682). - octeontx2-af: configure npc for cn10k to allow packets from cpt (jsc#SLE-24682). - octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682). - octeontx2-af: debugfs: Minor changes (jsc#SLE-24682). - octeontx2-af: debugfs: do not corrupt user memory (jsc#SLE-24682). - octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682). - octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682). - octeontx2-af: fix array bound error (jsc#SLE-24682). - octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682). - octeontx2-af: initialize action variable (jsc#SLE-24682). - octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682). - octeontx2-af: remove redudant second error check on variable err (jsc#SLE-24682). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682). - octeontx2-af: verify CQ context updates (jsc#SLE-24682). - octeontx2-nic: fix mixed module build (jsc#SLE-24682). - octeontx2-nicvf: Add PTP hardware clock support to NIX VF (jsc#SLE-24682). - octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682). - octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682). - octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682). - octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682). - octeontx2-pf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682). - octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682). - octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682). - octeontx2-pf: Do not mask out supported link modes (jsc#SLE-24682). - octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682). - octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682). - octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (jsc#SLE-24682). - octeontx2-pf: Simplify the receive buffer size calculation (jsc#SLE-24682). - octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682). - octeontx2-pf: Unify flow management variables (jsc#SLE-24682). - octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682). - octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682). - octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682). - octeontx2-pf: cn10k: Ensure valid pointers are freed to aura (jsc#SLE-24682). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - octeontx2-pf: cn10k: add support for new ptp timestamp format (jsc#SLE-24682). - octeontx2-pf: devlink params support to set mcam entry count (jsc#SLE-24682). - octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (jsc#SLE-24682). - octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682). - octeontx2-vf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2: Move devlink registration to be last devlink command (jsc#SLE-24682). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes). - openvswitch: Fixed nd target mask field in the flow dump (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: always update flow key after nat (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - pNFS/flexfiles: Report RDMA connection errors to the server (git-fixes). - padata: Fix list iterator in padata_do_serial() (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parisc/sticon: fix reverse colors (bsc#1152489) - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - parport_pc: Avoid FIFO port location truncation (git-fixes). - perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: amd: Do not save/restore interrupt status and wake status bits (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes). - pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Check against matching data instead of ACPI companion (git-fixes). - pinctrl: intel: Save and restore pins in 'direct IRQ' mode (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: qcom: sm8250: Fix PDC map (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - platform/chrome: cros_ec: Always expose last resume result (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_proto: do not show MKBP version if unsupported (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (git-fixes). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - plip: avoid rcu debug splat (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch. - powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch. - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: fix a dentry lock race between release_task and lookup (git-fixes). - proc: fix dentry/inode overinstantiating under /proc/${pid}/net (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - profiling: fix shift too large makes kernel panic (git-fixes). - pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes). - pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data() (git-fixes). - pwm: lpc18xx: Fix period handling (git-fixes). - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: fix the RX FIFO settings when suspending (git-fixes). - r8152: fix the units of some registers for RTL8156A (git-fixes). - random: remove useless header comment (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: Clean up on enable failure (git-fixes). - regulator: core: Prevent integer underflow (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - regulator: pca9450: Remove restrictions for regulator-name (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - regulator: qcom_smd: Fix pm8916_pldo range (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (git-fixes). - remoteproc: qcom: pas: Check if coredump is enabled (git-fixes). - remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - restore m_can_lec_type (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rose: check NULL rose_loopback_neigh->loopback (git-fixes). - rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE This new form was added in commit b8c86872d1dc (riscv: fix detection of toolchain Zicbom support). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+. - rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious. - rpm/kernel-source.spec.in: simplify finding of broken symlinks 'find -xtype l' will report them, so use that to make the search a bit faster (without using shell). - rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes). - rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829). - s390/boot: add secure boot trailer (bsc#1205257 LTC#200451). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpumf: Handle events cycles and instructions identical (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add() (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - s390/stp: clock_delta should be signed (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - s390: fix nospec table alignments (git-fixes). - samples/landlock: Add clang-format exceptions (git-fixes). - samples/landlock: Fix path_list memory leak (git-fixes). - samples/landlock: Format with clang-format (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - sched-core-Do-not-requeue-task-on-CPU-excluded-from-cpus_mask.patch - sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler functional and performance backports)). - sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes) - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999 (Scheduler functional and performance backports)). - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git fixes (sched/fair)). - sched/fair: Remove redundant word ' *' (bnc#1189999 (Scheduler functional and performance backports)). - sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes) - sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes) - sched: Allow newidle balancing to bail out of load_balance (bnc#1189999 (Scheduler functional and performance backports)). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - sched: Fix the check of nr_running at queue wakelist (bnc#1189999 (Scheduler functional and performance backports)). - sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bnc#1189999 (Scheduler functional and performance backports)). Refresh - sched: Remove unused function group_first_cpu() (bnc#1189999 (Scheduler functional and performance backports)). - scripts/dtc: Call pkg-config POSIXly correct (git-fixes). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes). - scripts/gdb: change kernel config dumping method (git-fixes). - scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes). - scripts: sphinx-pre-install: add required ctex dependency (git-fixes). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - scsi: hisi_sas: Keep controller active between ISR of phyup and the event being processed (bsc#1202471). - scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization (bsc#1198410). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). Dropped: patches.suse/lpfc-decouple-port_template-and-vport_template.patch - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: megaraid: Clear READ queue map's nr_queues (git-fixes). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Fix spelling mistake 'definiton' -> 'definition' (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous 'to' in a comment (git-fixes). - scsi: ufs: core: Fix another task management completion race (git-fixes). - scsi: ufs: core: Fix task management completion timeout race (git-fixes). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - seccomp: Invalidate seccomp mode to catch death failures (git-fixes). - selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130). - selftest/vm: fix map_fixed_noreplace test failure (git-fixes). - selftest/vm: verify mmap addr in mremap_test (git-fixes). - selftest/vm: verify remap destination address in mremap_test (git-fixes). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests, x86: fix how check_cc.sh is being invoked (git-fixes). - selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes). - selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes). - selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes). - selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes). - selftests/ftrace: make kprobe profile testcase description unique (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests/landlock: Add clang-format exceptions (git-fixes). - selftests/landlock: Add tests for O_PATH (git-fixes). - selftests/landlock: Add tests for unknown access rights (git-fixes). - selftests/landlock: Extend access right tests to directories (git-fixes). - selftests/landlock: Extend tests for minimal valid attribute size (git-fixes). - selftests/landlock: Format with clang-format (git-fixes). - selftests/landlock: Fully test file rename with 'remove' access (git-fixes). - selftests/landlock: Make tests build with old libc (git-fixes). - selftests/landlock: Normalize array assignment (git-fixes). - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/memfd: clean up mapping in mfd_fail_write (git-fixes). - selftests/memfd: remove unused variable (git-fixes). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes). - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes). - selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes). - selftests/net: timestamping: Fix bind_phc check (git-fixes). - selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes). - selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests/resctrl: Fix null pointer dereference on open failed (git-fixes). - selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes). - selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (git-fixes). - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes). - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes). - selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes). - selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes). - selftests/rseq: Introduce rseq_get_abi() helper (git-fixes). - selftests/rseq: Introduce thread pointer getters (git-fixes). - selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes). - selftests/rseq: Remove useless assignment to cpu variable (git-fixes). - selftests/rseq: Remove volatile from __rseq_abi (git-fixes). - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes). - selftests/rseq: introduce own copy of rseq uapi header (git-fixes). - selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes). - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes). - selftests/seccomp: Do not call read() on TTY from background pgrp (git-fixes). - selftests/seccomp: Fix compile warning when CC=clang (git-fixes). - selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes). - selftests/sgx: Treat CC as one argument (git-fixes). - selftests/vm/transhuge-stress: fix ram size thinko (git-fixes). - selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes). - selftests/x86: Add validity check and allow field splitting (git-fixes). - selftests/zram01.sh: Fix compression ratio calculation (git-fixes). - selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes). - selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes). - selftests: Add duplicate config only for MD5 VRF tests (git-fixes). - selftests: Fix IPv6 address bind tests (git-fixes). - selftests: Fix raw socket bind tests with VRF (git-fixes). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - selftests: add ping test with ping_group_range tuned (git-fixes). - selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes). - selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes). - selftests: cgroup: Test open-time credential usage for migration checks (git-fixes). - selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes). - selftests: fixup build warnings in pidfd / clone3 tests (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - selftests: forwarding: fix error message in learning_test (git-fixes). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes). - selftests: futex: Use variable MAKE instead of make (git-fixes). - selftests: gpio: fix gpio compiling error (git-fixes). - selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes). - selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes). - selftests: kvm: set rax before vmcall (git-fixes). - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes). - selftests: mlxsw: resource_scale: Fix return value (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes). - selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes). - selftests: mptcp: add csum mib check for mptcp_connect (git-fixes). - selftests: mptcp: fix diag instability (git-fixes). - selftests: mptcp: fix ipv6 routing setup (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable diag tests (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: net: Correct case name (git-fixes). - selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes). - selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes). - selftests: net: tls: remove unused variable and code (git-fixes). - selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes). - selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selftests: netfilter: add a vrf+conntrack testcase (git-fixes). - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes). - selftests: netfilter: disable rp_filter on router (git-fixes). - selftests: netfilter: fix exit value for nft_concat_range (git-fixes). - selftests: nft_concat_range: add test for reload with no element add/del (git-fixes). - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes). - selftests: openat2: Add missing dependency in Makefile (git-fixes). - selftests: openat2: Print also errno in failure messages (git-fixes). - selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes). - selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes). - selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes). - selftests: rtc: Increase test timeout so that all tests run (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes). - selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes). - selftests: timers: clocksource-switch: fix passing errors from child (git-fixes). - selftests: timers: valid-adjtimex: build fix for newer toolchains (git-fixes). - selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes). - selftests: vm: fix clang build error multiple output files (git-fixes). - selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes). - selinux: Add boundary check in put_entry() (git-fixes). - selinux: access superblock_security_struct in LSM blob way (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: check return value of sel_make_avc_files (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes). - selinux: fix double free of cond_list on error paths (git-fixes). - selinux: fix memleak in security_read_state_kernel() (git-fixes). - selinux: fix misuse of mutex_is_locked() (git-fixes). - selinux: use 'grep -E' instead of 'egrep' (git-fixes). - selinux: use correct type for context length (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Add proper clock handling for OxSemi PCIe devices (git-fixes). - serial: 8250: Export ICR access helpers for internal use (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: Fold EndRun device support into OxSemi Tornado code (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: 8250_fsl: Do not report FE, PE and OE twice (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes). - serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: fsl_lpuart: Reset prior to registration (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: fsl: select FSL_GUTS driver for DPIO (git-fixes). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soc: imx: gpcv2: Assert reset before ungating clock (git-fixes). - soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes). - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (git-fixes). - soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - soundwire: qcom: Check device status before reading devid (git-fixes). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: fix device status array range (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: Fix simplification of devm_spi_register_controller (git-fixes). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi: dt-bindings: cadence: add missing 'required' (git-fixes). - spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi: spi-altera-dfl: Fix an error handling path (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - struct ehci_hcd: hide new element going into a hole (git-fixes). - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - sunrpc: fix expiry of auth creds (git-fixes). - supported.conf: Add cs_dsp firmware module (bsc#1203699) - supported.conf: Add drivers/virt/coco/sevguest/sevguest - supported.conf: added drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp and changed all octeontx2 modules as supported (jsc#SLE-24682) - supported.conf: mark drivers/nvme/common as supported (jsc#SLE-20183) - supported.conf: mark lib/objagg supported as dependency of mlxsw - supported.conf: mark mlxsw modules supported (jsc#SLE-23766) - supported.conf: mark spi-pxa2xx-platform as supported (bsc#1203699) It's required for the sound on recent Intel machines - tee: optee: do not check memref size on return from Secure World (git-fixes). - tee: tee_get_drvdata(): fix description of return value (git-fixes). - testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes). - testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes). - testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes). - tests: fix idmapped mount_setattr test (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1201308). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - timers: implement usleep_idle_range() (git-fixes). - tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes). - tools/nolibc: fix incorrect truncation of exit code (git-fixes). - tools/nolibc: i386: fix initial stack alignment (git-fixes). - tools/nolibc: x86-64: Fix startup code bug (git-fixes). - tools/testing/scatterlist: add missing defines (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tools: hv: Remove an extraneous 'the' (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (git-fixes). - trace/osnoise: Add migrate-disabled field to the osnoise header (git-fixes). - trace/timerlat: Add migrate-disabled field to the timerlat header (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (git-fixes). - tracing/osnoise: Fix duration type (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add '(fault)' name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Fix sleeping while atomic in kdb ftdump (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing: Have filter accept 'common_cpu' to be consistent (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Use a struct alignof to determine trace event field alignment (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: 8250: Add support for Brainboxes PX cards (git-fixes). - tty: n_gsm: Delete gsm_disconnect when config requester (git-fixes). - tty: n_gsm: Delete gsmtty open SABM frame when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit printk info when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit when config requester (git-fixes). - tty: n_gsm: Modify cr bit value when config requester (git-fixes). - tty: n_gsm: Modify gsmtty driver register method when config requester (git-fixes). - tty: n_gsm: Save dlci address open status when config requester (git-fixes). - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (git-fixes). - tty: n_gsm: avoid call of sleeping functions from atomic context (git-fixes). - tty: n_gsm: clean up dead code in gsm_queue() (git-fixes). - tty: n_gsm: clean up implicit CR bit encoding in address field (git-fixes). - tty: n_gsm: clean up indenting in gsm_queue() (git-fixes). - tty: n_gsm: fix DM command (git-fixes). - tty: n_gsm: fix broken virtual tty handling (git-fixes). - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes). - tty: n_gsm: fix deadlock and link starvation in outgoing data path (git-fixes). - tty: n_gsm: fix decoupled mux resource (git-fixes). - tty: n_gsm: fix encoding of command/response bit (git-fixes). - tty: n_gsm: fix flow control handling in tx path (git-fixes). - tty: n_gsm: fix frame reception handling (git-fixes). - tty: n_gsm: fix incorrect UA handling (git-fixes). - tty: n_gsm: fix insufficient txframe size (git-fixes). - tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes). - tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes). - tty: n_gsm: fix malformed counter for out of frame data (git-fixes). - tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes). - tty: n_gsm: fix missing explicit ldisc flush (git-fixes). - tty: n_gsm: fix missing mux reset on config change at responder (git-fixes). - tty: n_gsm: fix missing timer to handle stalled links (git-fixes). - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes). - tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes). - tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes). - tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes). - tty: n_gsm: fix non flow control frames during mux flow off (git-fixes). - tty: n_gsm: fix packet re-transmission without open control channel (git-fixes). - tty: n_gsm: fix race condition in gsmld_write() (git-fixes). - tty: n_gsm: fix reset fifo race condition (git-fixes). - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (git-fixes). - tty: n_gsm: fix restart handling via CLD command (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: n_gsm: fix software flow control handling (git-fixes). - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes). - tty: n_gsm: fix tty registration before control channel open (git-fixes). - tty: n_gsm: fix user open not possible at responder until initiator open (git-fixes). - tty: n_gsm: fix wrong DLCI release order (git-fixes). - tty: n_gsm: fix wrong T1 retry count handling (git-fixes). - tty: n_gsm: fix wrong command frame length field encoding (git-fixes). - tty: n_gsm: fix wrong command retry handling (git-fixes). - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (git-fixes). - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes). - tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes). - tty: n_gsm: replace kicktimer with delayed_work (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - tty: serial: fsl_lpuart: correct the count of break characters (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - tun: avoid double free in tun_free_netdev (git-fixes). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes). - tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes). - uaccess: fix type mismatch warnings from access_ok() (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - ucounts: Base set_cred_ucounts changes on the real user (git-fixes). - ucounts: Fix rlimit max values check (git-fixes). - ucounts: Fix systemd LimitNPROC with private users regression (git-fixes). - ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes). - ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes). - udf: Fix crash after seekdir (bsc#1194592). - udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - udmabuf: add back sanity check (git-fixes). - units: Add SI metric prefix definitions (git-fixes). - units: add the HZ macros (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb-storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - usb.h: struct usb_device: hide new member (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: Drop commas after SoC match table sentinels (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: cdns3 fix use-after-free at workaround 2 (git-fixes). - usb: cdns3: Do not use priv_dev uninitialized in cdns3_gadget_ep_enable() (git-fixes). - usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes). - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (git-fixes). - usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes). - usb: cdns3: fix random warning message when driver load (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (git-fixes). - usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes). - usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - usb: dwc3: disable USB core PHY management (git-fixes). - usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (git-fixes). - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Refactor pullup() (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: dwc3: gadget: fix high speed multiplier setting (git-fixes). - usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes). - usb: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - usb: dwc3: qcom: Add helper functions to enable,disable wake irqs (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings (git-fixes). - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes). - usb: gadget: f_uac2: fix superspeed transfer (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - usb: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: hub: avoid warm port reset during USB3 disconnect (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: storage: Add ASUS &lt;0x0b05:0x1932> to IGNORE_UAS (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: typec: tipd: Add an additional overflow check (git-fixes). - usb: typec: tipd: Do not read/write more bytes than required (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - usbnet: Run unregister_netdev() before unbind() again (git-fixes). - usbnet: smsc95xx: Avoid link settings race on interrupt reception (git-fixes). - usbnet: smsc95xx: Do not clear read-only PHY interrupt (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling (git-fixes). - userfaultfd/selftests: fix hugetlb area allocations (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - vboxguest: Do not use devm for irq (git-fixes). - vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes). - venus: pm_helpers: Fix warning in OPP during probe (git-fixes). - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - vfio: Clear the caps->buf to NULL after free (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - virt: vbox: convert to use dev_groups (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vrf: do not run conntrack on vrf with !dflt qdisc (git-fixes). - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - vsock/virtio: enable VQs early on probe (git-fixes). - vsock/virtio: initialize vdev->priv before using VQs (git-fixes). - vsock/virtio: read the negotiated features before using VQs (git-fixes). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes). - vt: Clear selection before changing the font (git-fixes). - watch-queue: remove spurious double semicolon (git-fixes). - watch_queue: Fix missing locking in add_watch_to_object() (git-fixes). - watch_queue: Fix missing rcu annotation (git-fixes). - watchdog-export-lockup_detector_reconfigure.patch. - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - wifi: mac80211: limit A-MSDU subframes for client too (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (git-fies). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - wifi: rtw88: check the return value of alloc_workqueue() (git-fixes). - wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (bsc#1190497). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Define the Linux-specific guest termination reasons (bsc#1190497). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - x86/sev: Save the negotiated GHCB version (bsc#1190497). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkback: fix persistent grants negotiation (git-fixes). - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - xen-blkfront: Handle NULL gendisk (git-fixes). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/gntdev: fix unmap notification order (git-fixes). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). - xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix soft lockup via spinning in filestream ag selection loop (git-fixes). - xfs: fix use-after-free in xattr node block inactivation (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: fold perag loop iteration logic into helper function (git-fixes). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: only bother with sync_filesystem during readonly remount (git-fixes). - xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: remove incorrect ASSERT in xfs_rename (git-fixes). - xfs: rename the next_agno perag iteration variable (git-fixes). - xfs: reorder iunlink remove operation in xfs_ifree (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). - xfs: revert 'xfs: actually bump warning counts when we send warnings' (git-fixes). - xfs: terminate perag iteration reliably on agcount (git-fixes). - xfs: use invalidate_lock to check the state of mmap_lock (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xfs: use setattr_copy to set vfs inode attributes (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Allocate separate command structures for each LPM command (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes). - xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes). - xhci: dbc: refactor xhci_dbc_init() (git-fixes). - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). - zonefs: Clear inode information flags on inode creation (git-fixes). - zonefs: Fix management of open zones (git-fixes). - zonefs: add MODULE_ALIAS_FS (git-fixes). Important SUSE bug 1023051 SUSE bug 1032323 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1156395 SUSE bug 1164051 SUSE bug 1177471 SUSE bug 1184350 SUSE bug 1185032 SUSE bug 1188238 SUSE bug 1189297 SUSE bug 1189999 SUSE bug 1190256 SUSE bug 1190497 SUSE bug 1190969 SUSE bug 1192968 SUSE bug 1193629 SUSE bug 1194023 SUSE bug 1194592 SUSE bug 1194869 SUSE bug 1194904 SUSE bug 1195480 SUSE bug 1195917 SUSE bug 1196018 SUSE bug 1196444 SUSE bug 1196616 SUSE bug 1196632 SUSE bug 1196867 SUSE bug 1196869 SUSE bug 1197158 SUSE bug 1197391 SUSE bug 1197659 SUSE bug 1197755 SUSE bug 1197756 SUSE bug 1197757 SUSE bug 1197763 SUSE bug 1198189 SUSE bug 1198410 SUSE bug 1198577 SUSE bug 1198702 SUSE bug 1198971 SUSE bug 1199086 SUSE bug 1199364 SUSE bug 1199515 SUSE bug 1199670 SUSE bug 1199904 SUSE bug 1200015 SUSE bug 1200058 SUSE bug 1200268 SUSE bug 1200288 SUSE bug 1200301 SUSE bug 1200313 SUSE bug 1200431 SUSE bug 1200465 SUSE bug 1200494 SUSE bug 1200544 SUSE bug 1200567 SUSE bug 1200622 SUSE bug 1200644 SUSE bug 1200651 SUSE bug 1200692 SUSE bug 1200788 SUSE bug 1200845 SUSE bug 1200868 SUSE bug 1200869 SUSE bug 1200870 SUSE bug 1200871 SUSE bug 1200872 SUSE bug 1200873 SUSE bug 1201019 SUSE bug 1201308 SUSE bug 1201309 SUSE bug 1201310 SUSE bug 1201361 SUSE bug 1201427 SUSE bug 1201442 SUSE bug 1201455 SUSE bug 1201489 SUSE bug 1201610 SUSE bug 1201675 SUSE bug 1201725 SUSE bug 1201726 SUSE bug 1201768 SUSE bug 1201865 SUSE bug 1201940 SUSE bug 1201941 SUSE bug 1201948 SUSE bug 1201954 SUSE bug 1201956 SUSE bug 1201958 SUSE bug 1202095 SUSE bug 1202096 SUSE bug 1202097 SUSE bug 1202113 SUSE bug 1202131 SUSE bug 1202154 SUSE bug 1202187 SUSE bug 1202262 SUSE bug 1202265 SUSE bug 1202312 SUSE bug 1202341 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202385 SUSE bug 1202393 SUSE bug 1202447 SUSE bug 1202471 SUSE bug 1202558 SUSE bug 1202623 SUSE bug 1202636 SUSE bug 1202672 SUSE bug 1202681 SUSE bug 1202685 SUSE bug 1202686 SUSE bug 1202700 SUSE bug 1202710 SUSE bug 1202711 SUSE bug 1202712 SUSE bug 1202713 SUSE bug 1202715 SUSE bug 1202716 SUSE bug 1202757 SUSE bug 1202758 SUSE bug 1202759 SUSE bug 1202761 SUSE bug 1202762 SUSE bug 1202763 SUSE bug 1202764 SUSE bug 1202765 SUSE bug 1202766 SUSE bug 1202767 SUSE bug 1202768 SUSE bug 1202769 SUSE bug 1202770 SUSE bug 1202771 SUSE bug 1202773 SUSE bug 1202774 SUSE bug 1202775 SUSE bug 1202776 SUSE bug 1202778 SUSE bug 1202779 SUSE bug 1202780 SUSE bug 1202781 SUSE bug 1202782 SUSE bug 1202783 SUSE bug 1202822 SUSE bug 1202823 SUSE bug 1202824 SUSE bug 1202860 SUSE bug 1202867 SUSE bug 1202872 SUSE bug 1202874 SUSE bug 1202898 SUSE bug 1202914 SUSE bug 1202960 SUSE bug 1202989 SUSE bug 1202992 SUSE bug 1202993 SUSE bug 1203002 SUSE bug 1203008 SUSE bug 1203036 SUSE bug 1203039 SUSE bug 1203041 SUSE bug 1203063 SUSE bug 1203066 SUSE bug 1203067 SUSE bug 1203098 SUSE bug 1203101 SUSE bug 1203107 SUSE bug 1203116 SUSE bug 1203117 SUSE bug 1203138 SUSE bug 1203139 SUSE bug 1203159 SUSE bug 1203183 SUSE bug 1203197 SUSE bug 1203208 SUSE bug 1203229 SUSE bug 1203263 SUSE bug 1203290 SUSE bug 1203338 SUSE bug 1203360 SUSE bug 1203361 SUSE bug 1203389 SUSE bug 1203391 SUSE bug 1203410 SUSE bug 1203435 SUSE bug 1203505 SUSE bug 1203511 SUSE bug 1203514 SUSE bug 1203552 SUSE bug 1203606 SUSE bug 1203664 SUSE bug 1203693 SUSE bug 1203699 SUSE bug 1203767 SUSE bug 1203769 SUSE bug 1203770 SUSE bug 1203794 SUSE bug 1203798 SUSE bug 1203802 SUSE bug 1203829 SUSE bug 1203893 SUSE bug 1203902 SUSE bug 1203906 SUSE bug 1203908 SUSE bug 1203922 SUSE bug 1203935 SUSE bug 1203939 SUSE bug 1203960 SUSE bug 1203969 SUSE bug 1203987 SUSE bug 1203992 SUSE bug 1203994 SUSE bug 1204017 SUSE bug 1204051 SUSE bug 1204059 SUSE bug 1204060 SUSE bug 1204092 SUSE bug 1204125 SUSE bug 1204132 SUSE bug 1204142 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204170 SUSE bug 1204171 SUSE bug 1204183 SUSE bug 1204228 SUSE bug 1204241 SUSE bug 1204289 SUSE bug 1204290 SUSE bug 1204291 SUSE bug 1204292 SUSE bug 1204353 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204402 SUSE bug 1204405 SUSE bug 1204413 SUSE bug 1204414 SUSE bug 1204415 SUSE bug 1204417 SUSE bug 1204424 SUSE bug 1204428 SUSE bug 1204431 SUSE bug 1204432 SUSE bug 1204439 SUSE bug 1204470 SUSE bug 1204479 SUSE bug 1204486 SUSE bug 1204498 SUSE bug 1204533 SUSE bug 1204569 SUSE bug 1204574 SUSE bug 1204575 SUSE bug 1204576 SUSE bug 1204619 SUSE bug 1204624 SUSE bug 1204631 SUSE bug 1204635 SUSE bug 1204636 SUSE bug 1204637 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204650 SUSE bug 1204653 SUSE bug 1204693 SUSE bug 1204705 SUSE bug 1204719 SUSE bug 1204728 SUSE bug 1204745 SUSE bug 1204753 SUSE bug 1204780 SUSE bug 1204810 SUSE bug 1204850 SUSE bug 1204868 SUSE bug 1204926 SUSE bug 1204933 SUSE bug 1204934 SUSE bug 1204947 SUSE bug 1204957 SUSE bug 1204963 SUSE bug 1204970 SUSE bug 1205007 SUSE bug 1205100 SUSE bug 1205111 SUSE bug 1205113 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205149 SUSE bug 1205153 SUSE bug 1205220 SUSE bug 1205257 SUSE bug 1205264 SUSE bug 1205282 SUSE bug 1205313 SUSE bug 1205331 SUSE bug 1205332 SUSE bug 1205427 SUSE bug 1205428 SUSE bug 1205473 SUSE bug 1205496 SUSE bug 1205507 SUSE bug 1205514 SUSE bug 1205521 SUSE bug 1205567 SUSE bug 1205616 SUSE bug 1205617 SUSE bug 1205653 SUSE bug 1205671 SUSE bug 1205679 SUSE bug 1205683 SUSE bug 1205700 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205711 SUSE bug 1205744 SUSE bug 1205764 SUSE bug 1205796 SUSE bug 1205882 SUSE bug 1205993 SUSE bug 1206035 SUSE bug 1206036 SUSE bug 1206037 SUSE bug 1206045 SUSE bug 1206046 SUSE bug 1206047 SUSE bug 1206048 SUSE bug 1206049 SUSE bug 1206050 SUSE bug 1206051 SUSE bug 1206056 SUSE bug 1206057 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206147 SUSE bug 1206149 SUSE bug 1206207 SUSE bug 1206273 SUSE bug 1206391 CVE-2016-3695 CVE-2020-16119 CVE-2020-36516 CVE-2021-33135 CVE-2021-4037 CVE-2022-1184 CVE-2022-1263 CVE-2022-1882 CVE-2022-20368 CVE-2022-20369 CVE-2022-2153 CVE-2022-2586 CVE-2022-2588 CVE-2022-2602 CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-28356 CVE-2022-28693 CVE-2022-2873 CVE-2022-28748 CVE-2022-2905 CVE-2022-2938 CVE-2022-2959 CVE-2022-2964 CVE-2022-2977 CVE-2022-2978 CVE-2022-3028 CVE-2022-3078 CVE-2022-3114 CVE-2022-3169 CVE-2022-3176 CVE-2022-3202 CVE-2022-32250 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-33981 CVE-2022-3424 CVE-2022-3435 CVE-2022-3521 CVE-2022-3524 CVE-2022-3526 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3566 CVE-2022-3567 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3619 CVE-2022-3621 CVE-2022-3625 CVE-2022-3628 CVE-2022-3629 CVE-2022-3633 CVE-2022-3635 CVE-2022-3640 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-36879 CVE-2022-36946 CVE-2022-3707 CVE-2022-3903 CVE-2022-39188 CVE-2022-39189 CVE-2022-39190 CVE-2022-40476 CVE-2022-40768 CVE-2022-4095 CVE-2022-41218 CVE-2022-4129 CVE-2022-4139 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45869 CVE-2022-45888 CVE-2022-45934 cpe:/o:opensuse:leap:15.4 Security update for freeradius-server (Important) openSUSE Leap 15.4 This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixes an information leakage in EAP-PWD (bsc#1206204). - CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM (bsc#1206205). - CVE-2022-41861: Fixes a crash on invalid abinary data (bsc#1206206). - rebuild against the new net-snmp (jsc#SLE-11203). Important SUSE bug 1206204 SUSE bug 1206205 SUSE bug 1206206 CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 cpe:/o:opensuse:leap:15.4 Security update for sqlite3 (Moderate) openSUSE Leap 15.4 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). Moderate SUSE bug 1206337 CVE-2022-46908 cpe:/o:opensuse:leap:15.4 Security update for systemd (Important) openSUSE Leap 15.4 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). Important SUSE bug 1200723 SUSE bug 1205000 CVE-2022-4415 cpe:/o:opensuse:leap:15.4 Security update for systemd (Important) openSUSE Leap 15.4 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). Important SUSE bug 1200723 SUSE bug 1203857 SUSE bug 1204423 SUSE bug 1205000 CVE-2022-4415 cpe:/o:opensuse:leap:15.4 Security update for vim (Important) openSUSE Leap 15.4 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). Important SUSE bug 1204779 SUSE bug 1205797 SUSE bug 1206028 SUSE bug 1206071 SUSE bug 1206072 SUSE bug 1206075 SUSE bug 1206077 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3: - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474). Important SUSE bug 1206474 CVE-2022-42856 cpe:/o:opensuse:leap:15.4 Security update for conmon (Moderate) openSUSE Leap 15.4 This update for conmon fixes the following issues: conmon was updated to version 2.1.5: * don't leak syslog_identifier * logging: do not read more that the buf size * logging: fix error handling * Makefile: Fix install for FreeBSD * signal: Track changes to get_signal_descriptor in the FreeBSD version * Packit: initial enablement Update to version 2.1.4: * Fix a bug where conmon crashed when it got a SIGCHLD update to 2.1.3: * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285) * journald: print tag and name if both are specified * drop some logs to debug level Update to version 2.1.0 * logging: buffer partial messages to journald * exit: close all fds >= 3 * fix: cgroup: Free memory_cgroup_file_path if open fails. Update to version 2.0.32 * Fix: Avoid mainfd_std{in,out} sharing the same file descriptor. * exit_command: Fix: unset subreaper attribute before running exit command Update to version 2.0.31 * logging: new mode -l passthrough * ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald * conmon: Fix: free userdata files before exec cleanup Moderate SUSE bug 1200285 CVE-2022-1708 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Moderate) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Update to version 102.6.1 * fixed: Remote content did not load in user-defined signatures * fixed: Addons that added new action buttons were not shown for addon upgrades, requiring removal and reinstall * fixed: Various stability improvements * CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions (bsc#1206653) Moderate SUSE bug 1206653 CVE-2022-46874 cpe:/o:opensuse:leap:15.4 Security update for polkit-default-privs (Low) openSUSE Leap 15.4 This update for polkit-default-privs fixes the following issues: Update to version 13.2+20221216.a0c29e6: - backport usbguard actions (bsc#1206414). Low SUSE bug 1206414 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3: - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474). - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. - CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. - CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. - CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. - CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. - CVE-2022-46700: Fixed an arbitrary code execution caused by memory corruption. Important SUSE bug 1206474 SUSE bug 1206750 CVE-2022-42852 CVE-2022-42856 CVE-2022-42863 CVE-2022-42867 CVE-2022-46691 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 cpe:/o:opensuse:leap:15.4 Security update for mariadb (Important) openSUSE Leap 15.4 This update for mariadb fixes the following issues: - Update to 10.5.15 (bsc#1196016): * 10.5.15: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 * 10.5.14: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2021-46658, bsc#1195334 CVE-2021-46657, bsc#1195325 Important SUSE bug 1195325 SUSE bug 1195334 SUSE bug 1195339 SUSE bug 1196016 CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 cpe:/o:opensuse:leap:15.4 Security update for postgresql-jdbc (Moderate) openSUSE Leap 15.4 This update for postgresql-jdbc fixes the following issues: - CVE-2022-41946: Fixed a local information disclosure issue due to improper handling of temporary files (bsc#1206921). Moderate SUSE bug 1206921 CVE-2022-41946 cpe:/o:opensuse:leap:15.4 Security update for git (Important) openSUSE Leap 15.4 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). Important SUSE bug 1207032 SUSE bug 1207033 CVE-2022-23521 CVE-2022-41903 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: - Updated to version 102.7.0 ESR (bsc#1207119): - CVE-2022-46871: Updated an out of date library (libusrsctp) which contained several vulnerabilities. - CVE-2023-23598: Fixed an arbitrary file read from GTK drag and drop on Linux. - CVE-2023-23601: Fixed a potential spoofing attack when dragging a URL from a cross-origin iframe into the same tab. - CVE-2023-23602: Fixed a mishandled security check, which caused the Content Security Policy header to be ignored for WebSockets in WebWorkers. - CVE-2022-46877: Fixed a fullscreen notification bypass which could be leveraged in spoofing attacks. - CVE-2023-23603: Fixed a Content Security Policy bypass via format directives. - CVE-2023-23605: Fixed several memory safety bugs. Important SUSE bug 1207119 CVE-2022-46871 CVE-2022-46877 CVE-2023-23598 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23605 cpe:/o:opensuse:leap:15.4 Security update for sudo (Important) openSUSE Leap 15.4 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). Important SUSE bug 1207082 CVE-2023-22809 cpe:/o:opensuse:leap:15.4 Security update for mozilla-nss (Important) openSUSE Leap 15.4 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. Important SUSE bug 1204272 SUSE bug 1207038 CVE-2022-23491 CVE-2022-3479 cpe:/o:opensuse:leap:15.4 Security update for rubygem-websocket-extensions (Moderate) openSUSE Leap 15.4 This update for rubygem-websocket-extensions fixes the following issues: - CVE-2020-7663: Fixed an excessive resource consumption when parsing crafted message headers sent by an attacker (bsc#1172445). Moderate SUSE bug 1172445 CVE-2020-7663 cpe:/o:opensuse:leap:15.4 Security update for rust1.66 (Important) openSUSE Leap 15.4 This update for rust1.66 fixes the following issues: - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSH(bsc#1206930). Important SUSE bug 1206930 CVE-2022-46176 cpe:/o:opensuse:leap:15.4 Security update for rust1.65 (Important) openSUSE Leap 15.4 This update for rust1.65 fixes the following issues: - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSH (bsc#1206930). Important SUSE bug 1206930 CVE-2022-46176 cpe:/o:opensuse:leap:15.4 Security update for python-certifi (Important) openSUSE Leap 15.4 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch Important SUSE bug 1206212 CVE-2022-23491 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3344: Fixed a flaw found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). (bsc#1204652) - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by a missing check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3104: Fixed a null pointer dereference caused by caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396) - CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3114: Fixed a null pointer dereference caused by a missing check of the return value of kcalloc. (bsc#1206391) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - acct: fix potential integer overflow in encode_comp_t() (git-fixes). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes). - ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes). - ALSA: asihpi: fix missing pci_disable_device() (git-fixes). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes). - ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes). - ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes). - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes). - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes). - ALSA: usb-audio: add the quirk for KT0206 device (git-fixes). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes). - apparmor: fix a memleak in multi_transaction_new() (git-fixes). - apparmor: Fix abi check to include v8 abi (git-fixes). - apparmor: fix lockdep warning when removing a namespace (git-fixes). - apparmor: Fix memleak in alloc_ns() (git-fixes). - apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes). - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes). - ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes). - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes). - ARM: dts: rockchip: fix ir-receiver node names (git-fixes). - ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes). - ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes). - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes). - ARM: dts: spear600: Fix clcd interrupt (git-fixes). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes). - ARM: dts: turris-omnia: Add ethernet aliases (git-fixes). - ARM: dts: turris-omnia: Add switch port 6 node (git-fixes). - ARM: mmp: fix timer_read delay (git-fixes). - ARM: ux500: do not directly dereference __iomem (git-fixes). - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes). - arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes). - arm64: dts: mt6779: Fix devicetree build warnings (git-fixes). - arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes). - arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes). - arm64: dts: mt8183: Fix Mali GPU clock (git-fixes). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes). - arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes). - arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes). - arm64: dts: rockchip: fix ir-receiver node names (git-fixes). - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes). - ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes). - ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes). - ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes). - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes). - ASoC: pxa: fix null-pointer dereference in filter() (git-fixes). - ASoC: qcom: Add checks for devm_kcalloc (git-fixes). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes). - ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes). - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes). - ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes). - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes). - ASoC: wm8994: Fix potential deadlock (git-fixes). - ata: ahci: Fix PCS quirk application for suspend (git-fixes). - binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes). - binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes). - Bluetooth: btusb: Add debug message for CSR controllers (git-fixes). - Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes). - Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes). - caif: fix memory leak in cfctrl_linkup_request() (git-fixes). - can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes). - can: do not increase rx_bytes statistics for RTR frames (git-fixes). - can: kvaser_usb_leaf: Fix bogus restart events (git-fixes). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes). - can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes). - can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes). - can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes). - can: m_can: fix typo prescalar -> prescaler (git-fixes). - can: m_can: is_lec_err(): clean up LEC error handling (git-fixes). - can: mcba_usb: Fix termination command argument (git-fixes). - can: sja1000: fix size of OCR_MODE_MASK define (git-fixes). - can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes). - chardev: fix error handling in cdev_device_add() (git-fixes). - cifs: Add 'extbuf' and 'extbuflen' args to smb2_compound_op() (bsc#1193629). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629). - cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629). - cifs: do not refresh cached referrals from unactive mounts (bsc#1193629). - cifs: fix confusing debug message (bsc#1193629). - cifs: Fix kmap_local_page() unmapping (git-fixes). - cifs: fix missing display of three mount options (bsc#1193629). - cifs: fix oops during encryption (bsc#1199294). - cifs: fix refresh of cached referrals (bsc#1193629). - cifs: fix source pathname comparison of dfs supers (bsc#1193629). - cifs: fix various whitespace errors in headers (bsc#1193629). - cifs: get rid of mount options string parsing (bsc#1193629). - cifs: minor cleanup of some headers (bsc#1193629). - cifs: optimize reconnect of nested links (bsc#1193629). - cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629). - cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629). - cifs: reduce roundtrips on create/qinfo requests (bsc#1193629). - cifs: refresh root referrals (bsc#1193629). - cifs: Remove duplicated include in cifsglob.h (bsc#1193629). - cifs: remove unused smb3_fs_context::mount_options (bsc#1193629). - cifs: set correct ipc status after initial tree connect (bsc#1193629). - cifs: set correct status of tcon ipc when reconnecting (bsc#1193629). - cifs: set correct tcon status after initial tree connect (bsc#1193629). - cifs: set resolved ip in sockaddr (bsc#1193629). - cifs: share dfs connections and supers (bsc#1193629). - cifs: skip alloc when request has no pages (bsc#1193629). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use fs_context for automounts (bsc#1193629). - cifs: use origin fullpath for automounts (bsc#1193629). - class: fix possible memory leak in __class_register() (git-fixes). - clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes). - clk: generalize devm_clk_get() a bit (git-fixes). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes). - clk: imx: replace osc_hdmi with dummy (git-fixes). - clk: nomadik: correct struct name kernel-doc warning (git-fixes). - clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes). - clk: qcom: clk-krait: fix wrong div2 functions (git-fixes). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes). - clk: renesas: r9a06g032: Repair grave increment error (git-fixes). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes). - clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes). - clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes). - clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes). - clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes). - cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485). - cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485). - cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485). - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes). - crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes). - crypto: cryptd - Use request context instead of stack for sub-request (git-fixes). - crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes). - crypto: n2 - add missing hash statesize (git-fixes). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes). - crypto: rockchip - add fallback for ahash (git-fixes). - crypto: rockchip - add fallback for cipher (git-fixes). - crypto: rockchip - better handle cipher key (git-fixes). - crypto: rockchip - do not do custom power management (git-fixes). - crypto: rockchip - do not store mode globally (git-fixes). - crypto: rockchip - remove non-aligned handling (git-fixes). - crypto: rockchip - rework by using crypto_engine (git-fixes). - crypto: sun8i-ss - use dma_addr instead u32 (git-fixes). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes). - device property: Fix documentation for fwnode_get_next_parent() (git-fixes). - dmaengine: idxd: Fix crc_val field for completion record (git-fixes). - docs/zh_CN: Fix '.. only::' directive's expression (git-fixes). - Documentation: bonding: update miimon default to 100 (git-fixes). - Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes). - Documentation: devres: add missing MEM helper (git-fixes). - Documentation: devres: add missing PHY helpers (git-fixes). - Documentation: devres: add missing PWM helper (git-fixes). - Documentation/features-refresh.sh: Only sed the beginning 'arch' of ARCH_DIR (git-fixes). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove call to memset before free device/resource/connection (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes). - drivers: dio: fix possible memory leak in dio_init() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes). - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes). - drm/amd/display: fix array index out of bound error in bios parser (git-fixes). - drm/amd/display: Manually adjust strobe for DCN303 (git-fixes). - drm/amd/display: prevent memory leak (git-fixes). - drm/amd/display: Use the largest vready_offset in pipe group (git-fixes). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes). - drm/amdgpu: fix pci device refcount leak (git-fixes). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes). - drm/amdgpu: make display pinning more flexible (v2) (git-fixes). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes). - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes). - drm/amdkfd: Fix memory leakage (git-fixes). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes). - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes). - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes). - drm/connector: send hotplug uevent on connector cleanup (git-fixes). - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes). - drm/etnaviv: add missing quirks for GC300 (git-fixes). - drm/etnaviv: do not truncate physical page address (git-fixes). - drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes). - drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes). - drm/i915: remove circ_buf.h includes (git-fixes). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes). - drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes). - drm/i915/gvt: fix gvt debugfs destroy (git-fixes). - drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes). - drm/i915/migrate: do not check the scratch page (git-fixes). - drm/i915/migrate: fix length calculation (git-fixes). - drm/i915/migrate: fix offset calculation (git-fixes). - drm/i915/ttm: never purge busy objects (git-fixes). - drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes). - drm/mediatek: Modify dpi power on/off sequence (git-fixes). - drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes). - drm/msm: Use drm_mode_copy() (git-fixes). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes). - drm/panfrost: Fix GEM handle creation ref-counting (git-fixes). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes). - drm/rockchip: Use drm_mode_copy() (git-fixes). - drm/shmem-helper: Avoid vm_open error paths (git-fixes). - drm/shmem-helper: Remove errant put in error path (git-fixes). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes). - drm/sti: Use drm_mode_copy() (git-fixes). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes). - drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes). - drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes). - drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes). - Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259) - dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes). - dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes). - dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes). - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes). - extcon: usbc-tusb320: Add support for TUSB320L (git-fixes). - extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes). - fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes). - fbdev: geode: do not build on UML (git-fixes). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes). - fbdev: pm2fb: fix missing pci_disable_device() (git-fixes). - fbdev: ssd1307fb: Drop optional dependency (git-fixes). - fbdev: uvesafb: do not build on UML (git-fixes). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes). - fbdev: vermilion: decrease reference count in error path (git-fixes). - fbdev: via: Fix error in via_core_init() (git-fixes). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - floppy: Fix memory leak in do_floppy_init() (git-fixes). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes). - gpiolib: cdev: fix NULL-pointer dereferences (git-fixes). - gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes). - gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes). - gpiolib: Get rid of redundant 'else' (git-fixes). - gpiolib: improve coding style for local variables (git-fixes). - gpiolib: make struct comments into real kernel docs (git-fixes). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes). - hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes). - HID: mcp2221: do not connect hidraw (git-fixes). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes). - HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes). - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes). - HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes). - HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes). - HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes). - hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes). - hwrng: amd - Fix PCI device refcount leak (git-fixes). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes). - i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes). - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes) - ibmveth: Always stop tx queues during close (bsc#1065729). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes). - iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes). - iio: fix memory leak in iio_device_register_eventset() (git-fixes). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes). - Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes). - Input: wistron_btns - disable on UML (git-fixes). - integrity: Fix memory leakage in keyring allocation error path (git-fixes). - ipmi: fix long wait in unload when IPMI disconnect (git-fixes). - ipmi: fix memleak when unload ipmi driver (git-fixes). - ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes). - kABI: reintroduce a non-inline usleep_range (git-fixes). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes). - lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes). - mailbox: mpfs: read the system controller's status (git-fixes). - mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes). - media: adv748x: afe: Select input port when initializing AFE (git-fixes). - media: camss: Clean up received buffers on failed start of streaming (git-fixes). - media: dvb-core: Fix double free in dvb_register_device() (git-fixes). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes). - media: dvb-frontends: fix leak of memory fw (git-fixes). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes). - media: i2c: ad5820: Fix error path (git-fixes). - media: imon: fix a race condition in send_packet() (git-fixes). - media: saa7164: fix missing pci_disable_device() (git-fixes). - media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes). - media: stv0288: use explicitly signed char (git-fixes). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes). - media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes). - media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes). - media: vimc: Fix wrong function called when vimc_init() fails (git-fixes). - media: vivid: fix compose size exceed boundary (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes). - mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes). - mfd: pm8008: Remove driver data structure pm8008_data (git-fixes). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes). - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes). - mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468). - mmc: alcor: fix return value check of mmc_add_host() (git-fixes). - mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes). - mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes). - mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes). - mmc: mmci: fix return value check of mmc_add_host() (git-fixes). - mmc: moxart: fix return value check of mmc_add_host() (git-fixes). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes). - mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: pxamci: fix return value check of mmc_add_host() (git-fixes). - mmc: renesas_sdhi: alway populate SCC pointer (git-fixes). - mmc: renesas_sdhi: better reset from HS400 mode (git-fixes). - mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes). - mmc: toshsd: fix return value check of mmc_add_host() (git-fixes). - mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes). - mmc: wbsd: fix return value check of mmc_add_host() (git-fixes). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - mt76: stop the radar detector after leaving dfs channel (git-fixes). - mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes). - mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: smsc95xx: fix external PHY reset (git-fixes). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536). - net/mlx5: Lag, filter non compatible devices (bsc#1206536). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfc: Fix potential resource leaks (git-fixes). - nfc: pn533: Clear nfc_target before being used (git-fixes). - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes). - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682). - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682). - octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682). - octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682). - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682). - octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682). - octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682). - octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682). - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682). - octeontx2-pf: Add egress PFC support (jsc#SLE-24682). - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682). - octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682). - octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682). - octeontx2-pf: Fix unused variable build error (jsc#SLE-24682). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682). - octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682). - octeontx2: Modify mbox request and response structures (jsc#SLE-24682). - padata: Fix list iterator in padata_do_serial() (git-fixes). - PCI: Check for alloc failure in pci_request_irq() (git-fixes). - PCI: dwc: Fix n_fts[] array overrun (git-fixes). - PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes). - PCI: vmd: Disable MSI remapping after suspend (git-fixes). - PCI/sysfs: Fix double free in error path (git-fixes). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes). - pinctrl: k210: call of_node_put() (git-fixes). - pinctrl: meditatek: Startup with the IRQs disabled (git-fixes). - pinctrl: pinconf-generic: add missing of_node_put() (git-fixes). - platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes). - platform/x86: huawei-wmi: fix return value calculation (git-fixes). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes). - PM: hibernate: Fix mistake in kerneldoc comment (git-fixes). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes). - PNP: fix name memory leak in pnp_alloc_dev() (git-fixes). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes). - powerpc: export the CPU node count (bsc#1207016 ltc#201108). - powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - proc: fixup uptime selftest (git-fixes). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes). - pstore: Properly assign mem_type property (git-fixes). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes). - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes). - pwm: lpc18xx-sct: Fix a comment to match code (git-fixes). - pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes). - pwm: tegra: Improve required rate calculation (git-fixes). - r6040: Fix kmemleak in probe and remove (git-fixes). - random: allow partial reads if later user copies fail (bsc#1204911). - random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911). - random: convert to using fops->read_iter() (bsc#1204911). - random: convert to using fops->write_iter() (bsc#1204911). - random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911). - random: zero buffer after reading entropy from userspace (bsc#1204911). - RDMA: Disable IB HW for UML (git-fixes) - RDMA/core: Fix order of nldev_exit call (git-fixes) - RDMA/core: Make sure 'ib_port' is valid when access sysfs node (git-fixes) - RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes) - RDMA/hfi: Decrease PCI device reference count in error path (git-fixes) - RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes) - RDMA/hns: Fix AH attr queried by query_qp (git-fixes) - RDMA/hns: Fix error code of CMD (git-fixes) - RDMA/hns: Fix ext_sge num error when post send (git-fixes) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes) - RDMA/hns: Fix page size cap from firmware (git-fixes) - RDMA/hns: Fix PBL page MTR find (git-fixes) - RDMA/hns: Fix XRC caps on HIP08 (git-fixes) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes) - RDMA/irdma: Initialize net_type before checking it (git-fixes) - RDMA/irdma: Report the correct link speed (git-fixes) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes) - RDMA/nldev: Fix failure to send large messages (git-fixes) - RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (git-fixes) - RDMA/restrack: Release MR restrack when delete (git-fixes) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes) - RDMA/siw: Fix immediate work request flush to completion queue (git-fixes) - RDMA/siw: Fix pointer cast warning (git-fixes) - RDMA/siw: Set defined status for work completion with undefined status (git-fixes) - RDMA/srp: Fix error return code in srp_parse_options() (git-fixes) - regulator: bd718x7: Drop unnecessary info print (git-fixes). - regulator: core: fix deadlock on regulator enable (git-fixes). - regulator: core: fix module refcount leak in set_supply() (git-fixes). - regulator: core: fix resource leak in regulator_register() (git-fixes). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes). - regulator: core: fix use_count leakage when handling boot-on (git-fixes). - regulator: core: use kfree_const() to free space conditionally (git-fixes). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes). - regulator: slg51000: Wait after asserting CS pin (git-fixes). - regulator: twl6030: fix get status of twl6032 regulators (git-fixes). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes). - remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes). - restore m_can_lec_type (git-fixes). - rtc: cmos: fix build on non-ACPI platforms (git-fixes). - rtc: cmos: Fix event handler registration ordering issue (git-fixes). - rtc: cmos: Fix wake alarm breakage (git-fixes). - rtc: ds1347: fix value written to century register (git-fixes). - rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes). - rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes). - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes). - rtc: snvs: Allow a time difference on clock register read (git-fixes). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes). - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829). - s390/boot: add secure boot trailer (bsc#1205257 LTC#200451). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/core: Fix comparison in sched_group_cookie_match() (git-fixes) - sched/core: Fix the bug that task won't enqueue into core (git-fixes) - sched/topology: Remove redundant variable and fix incorrect (git-fixes) - sched/uclamp: Fix relationship between uclamp and migration (git-fixes) - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes). - scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes). - scsi: core: Reallocate device's budget map on queue depth change (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes). - scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes). - scsi: hisi_sas: Use managed PCI functions (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add recv workqueue helpers (git-fixes). - scsi: iscsi: Fix harmless double shift bug (git-fixes). - scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes). - scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes). - scsi: iscsi: kabi: fix libiscsi new field (git-fixes). - scsi: iscsi: Merge suspend fields (git-fixes). - scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes). - scsi: iscsi: Run recv path from workqueue (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpi3mr: Fix memory leaks (git-fixes). - scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes). - scsi: mpi3mr: Fixes around reply request queues (git-fixes). - scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes). - scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes). - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes). - scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes). - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes). - scsi: pm8001: Fix tag leaks on error (git-fixes). - scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes). - scsi: pm80xx: Fix double completion for SATA devices (git-fixes). - scsi: pm80xx: Fix memory leak during rmmod (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add stag_work to all the vports (git-fixes). - scsi: qedf: Change context reset messages to ratelimited (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes). - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes). - scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes). - scsi: ufs: Fix a kernel crash during shutdown (git-fixes). - scsi: ufs: Treat link loss as fatal error (git-fixes). - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes). - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes). - selftests: set the BUILD variable to absolute path (git-fixes). - selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes). - selftests/efivarfs: Add checking of the test return value (git-fixes). - selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes). - selftests/powerpc: Fix resource leaks (git-fixes). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes). - serial: sunsab: Fix error handling in sunsab_init() (git-fixes). - serial: tegra: Read DMA status before terminating (git-fixes). - soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes). - soc: qcom: llcc: make irq truly optional (git-fixes). - soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes). - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes). - spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes). - spi: Update reference to struct spi_controller (git-fixes). - staging: media: tegra-video: fix chan->mipi value on error (git-fixes). - staging: media: tegra-video: fix device_node use after free (git-fixes). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes). - staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - test_firmware: fix memory leak in test_firmware_init() (git-fixes). - thermal: core: fix some possible name leaks in error paths (git-fixes). - thermal: int340x: Add missing attribute for data rate base (git-fixes). - thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes). - timers: implement usleep_idle_range() (git-fixes). - tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes). - tracing/osnoise: Fix duration type (git-fixes). - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes). - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes). - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes). - units: Add SI metric prefix definitions (git-fixes). - units: add the HZ macros (git-fixes). - usb: cdnsp: fix lack of ZLP for ep0 (git-fixes). - usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup (git-fixes). - usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes). - usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes). - usb: rndis_host: Secure rndis_query check against int overflow (git-fixes). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes). - usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - usb: serial: f81232: fix division by zero on line-speed change (git-fixes). - usb: serial: f81534: fix division by zero on line-speed change (git-fixes). - usb: serial: option: add Quectel EM05-G modem (git-fixes). - usb: storage: Add check for kcalloc (git-fixes). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes). - usb: typec: Factor out non-PD fwnode properties (git-fixes). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes). - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes). - vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes). - vhost: fix range used in translate_desc() (git-fixes). - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - vmxnet3: correctly report csum_level for encapsulated packet (git-fixes). - vringh: fix range used in iotlb_translate() (git-fixes). - vsock: Enable y2038 safe timeval for timeout (bsc#1206101). - vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes). - wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes). - wifi: ath9k: verify the expected usb_endpoints are present (git-fixes). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes). - wifi: iwlwifi: mvm: fix double free on tx path (git-fixes). - wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes). - wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes). - wifi: rtl8xxxu: Fix the channel width reporting (git-fixes). - wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes). - wifi: rtw89: fix physts IE page check (git-fixes). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes). - wifi: wilc1000: sdio: fix module autoloading (git-fixes). - xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes). Important SUSE bug 1065729 SUSE bug 1187428 SUSE bug 1188605 SUSE bug 1190969 SUSE bug 1191259 SUSE bug 1193629 SUSE bug 1199294 SUSE bug 1201068 SUSE bug 1203219 SUSE bug 1203740 SUSE bug 1203829 SUSE bug 1204614 SUSE bug 1204652 SUSE bug 1204760 SUSE bug 1204911 SUSE bug 1204989 SUSE bug 1205257 SUSE bug 1205263 SUSE bug 1205485 SUSE bug 1205496 SUSE bug 1205601 SUSE bug 1205695 SUSE bug 1206073 SUSE bug 1206098 SUSE bug 1206101 SUSE bug 1206188 SUSE bug 1206209 SUSE bug 1206344 SUSE bug 1206389 SUSE bug 1206390 SUSE bug 1206391 SUSE bug 1206393 SUSE bug 1206394 SUSE bug 1206395 SUSE bug 1206396 SUSE bug 1206397 SUSE bug 1206398 SUSE bug 1206399 SUSE bug 1206456 SUSE bug 1206468 SUSE bug 1206515 SUSE bug 1206536 SUSE bug 1206554 SUSE bug 1206602 SUSE bug 1206619 SUSE bug 1206664 SUSE bug 1206703 SUSE bug 1206794 SUSE bug 1206896 SUSE bug 1206912 SUSE bug 1207016 CVE-2022-3104 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3113 CVE-2022-3114 CVE-2022-3115 CVE-2022-3344 CVE-2022-3564 CVE-2022-4379 CVE-2022-4662 CVE-2022-47520 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3344: Fixed a flaw found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). (bsc#1204652) - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by a missing check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3104: Fixed a null pointer dereference caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396) - CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - acct: fix potential integer overflow in encode_comp_t() (git-fixes). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes). - ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes). - ALSA: asihpi: fix missing pci_disable_device() (git-fixes). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes). - ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes). - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes). - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes). - ALSA: usb-audio: add the quirk for KT0206 device (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes). - apparmor: fix a memleak in multi_transaction_new() (git-fixes). - apparmor: Fix abi check to include v8 abi (git-fixes). - apparmor: fix lockdep warning when removing a namespace (git-fixes). - apparmor: Fix memleak in alloc_ns() (git-fixes). - apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes). - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes). - ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes). - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes). - ARM: dts: rockchip: fix ir-receiver node names (git-fixes). - ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes). - ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes). - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes). - ARM: dts: spear600: Fix clcd interrupt (git-fixes). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes). - ARM: dts: turris-omnia: Add ethernet aliases (git-fixes). - ARM: dts: turris-omnia: Add switch port 6 node (git-fixes). - ARM: mmp: fix timer_read delay (git-fixes). - ARM: ux500: do not directly dereference __iomem (git-fixes). - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes). - arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes). - arm64: dts: mt6779: Fix devicetree build warnings (git-fixes). - arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes). - arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes). - arm64: dts: mt8183: Fix Mali GPU clock (git-fixes). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes). - arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes). - arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes). - arm64: dts: rockchip: fix ir-receiver node names (git-fixes). - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes). - ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes). - ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes). - ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes). - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes). - ASoC: pxa: fix null-pointer dereference in filter() (git-fixes). - ASoC: qcom: Add checks for devm_kcalloc (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes). - ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes). - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes). - ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes). - ASoC: wm8994: Fix potential deadlock (git-fixes). - ata: ahci: Fix PCS quirk application for suspend (git-fixes). - binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes). - binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes). - Bluetooth: btusb: Add debug message for CSR controllers (git-fixes). - Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes). - Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes). - caif: fix memory leak in cfctrl_linkup_request() (git-fixes). - can: kvaser_usb_leaf: Fix bogus restart events (git-fixes). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes). - can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes). - can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes). - can: mcba_usb: Fix termination command argument (git-fixes). - can: sja1000: fix size of OCR_MODE_MASK define (git-fixes). - can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes). - chardev: fix error handling in cdev_device_add() (git-fixes). - cifs: Add 'extbuf' and 'extbuflen' args to smb2_compound_op() (bsc#1193629). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629). - cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629). - cifs: do not refresh cached referrals from unactive mounts (bsc#1193629). - cifs: fix confusing debug message (bsc#1193629). - cifs: Fix kmap_local_page() unmapping (git-fixes). - cifs: fix missing display of three mount options (bsc#1193629). - cifs: fix oops during encryption (bsc#1199294). - cifs: fix refresh of cached referrals (bsc#1193629). - cifs: fix source pathname comparison of dfs supers (bsc#1193629). - cifs: fix various whitespace errors in headers (bsc#1193629). - cifs: get rid of mount options string parsing (bsc#1193629). - cifs: minor cleanup of some headers (bsc#1193629). - cifs: optimize reconnect of nested links (bsc#1193629). - cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629). - cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629). - cifs: reduce roundtrips on create/qinfo requests (bsc#1193629). - cifs: refresh root referrals (bsc#1193629). - cifs: Remove duplicated include in cifsglob.h (bsc#1193629). - cifs: remove unused smb3_fs_context::mount_options (bsc#1193629). - cifs: set correct ipc status after initial tree connect (bsc#1193629). - cifs: set correct status of tcon ipc when reconnecting (bsc#1193629). - cifs: set correct tcon status after initial tree connect (bsc#1193629). - cifs: set resolved ip in sockaddr (bsc#1193629). - cifs: share dfs connections and supers (bsc#1193629). - cifs: skip alloc when request has no pages (bsc#1193629). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use fs_context for automounts (bsc#1193629). - cifs: use origin fullpath for automounts (bsc#1193629). - class: fix possible memory leak in __class_register() (git-fixes). - clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes). - clk: generalize devm_clk_get() a bit (git-fixes). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes). - clk: imx: replace osc_hdmi with dummy (git-fixes). - clk: nomadik: correct struct name kernel-doc warning (git-fixes). - clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes). - clk: qcom: clk-krait: fix wrong div2 functions (git-fixes). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes). - clk: renesas: r9a06g032: Repair grave increment error (git-fixes). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes). - clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes). - clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes). - clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes). - clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes). - cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485). - cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485). - cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485). - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes). - crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes). - crypto: cryptd - Use request context instead of stack for sub-request (git-fixes). - crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes). - crypto: n2 - add missing hash statesize (git-fixes). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes). - crypto: rockchip - add fallback for ahash (git-fixes). - crypto: rockchip - add fallback for cipher (git-fixes). - crypto: rockchip - better handle cipher key (git-fixes). - crypto: rockchip - do not do custom power management (git-fixes). - crypto: rockchip - do not store mode globally (git-fixes). - crypto: rockchip - remove non-aligned handling (git-fixes). - crypto: rockchip - rework by using crypto_engine (git-fixes). - crypto: sun8i-ss - use dma_addr instead u32 (git-fixes). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes). - device property: Fix documentation for fwnode_get_next_parent() (git-fixes). - dmaengine: idxd: Fix crc_val field for completion record (git-fixes). - docs/zh_CN: Fix '.. only::' directive's expression (git-fixes). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove call to memset before free device/resource/connection (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes). - drivers: dio: fix possible memory leak in dio_init() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes). - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes). - drm/amd/display: fix array index out of bound error in bios parser (git-fixes). - drm/amd/display: Manually adjust strobe for DCN303 (git-fixes). - drm/amd/display: prevent memory leak (git-fixes). - drm/amd/display: Use the largest vready_offset in pipe group (git-fixes). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes). - drm/amdgpu: fix pci device refcount leak (git-fixes). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes). - drm/amdgpu: make display pinning more flexible (v2) (git-fixes). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes). - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes). - drm/amdkfd: Fix memory leakage (git-fixes). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes). - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes). - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes). - drm/connector: send hotplug uevent on connector cleanup (git-fixes). - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes). - drm/etnaviv: add missing quirks for GC300 (git-fixes). - drm/etnaviv: do not truncate physical page address (git-fixes). - drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes). - drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes). - drm/i915: remove circ_buf.h includes (git-fixes). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes). - drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes). - drm/i915/gvt: fix gvt debugfs destroy (git-fixes). - drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes). - drm/i915/migrate: do not check the scratch page (git-fixes). - drm/i915/migrate: fix length calculation (git-fixes). - drm/i915/migrate: fix offset calculation (git-fixes). - drm/i915/ttm: never purge busy objects (git-fixes). - drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes). - drm/mediatek: Modify dpi power on/off sequence (git-fixes). - drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - drm/msm: Use drm_mode_copy() (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes). - drm/panfrost: Fix GEM handle creation ref-counting (git-fixes). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes). - drm/rockchip: Use drm_mode_copy() (git-fixes). - drm/shmem-helper: Avoid vm_open error paths (git-fixes). - drm/shmem-helper: Remove errant put in error path (git-fixes). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes). - drm/sti: Use drm_mode_copy() (git-fixes). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes). - drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes). - drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes). - Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259) - dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes). - dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes). - dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes). - dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes). - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes). - extcon: usbc-tusb320: Add support for TUSB320L (git-fixes). - extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes). - fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes). - fbdev: geode: do not build on UML (git-fixes). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes). - fbdev: pm2fb: fix missing pci_disable_device() (git-fixes). - fbdev: ssd1307fb: Drop optional dependency (git-fixes). - fbdev: uvesafb: do not build on UML (git-fixes). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes). - fbdev: vermilion: decrease reference count in error path (git-fixes). - fbdev: via: Fix error in via_core_init() (git-fixes). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - floppy: Fix memory leak in do_floppy_init() (git-fixes). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes). - gpiolib: cdev: fix NULL-pointer dereferences (git-fixes). - gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes). - gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes). - gpiolib: Get rid of redundant 'else' (git-fixes). - gpiolib: improve coding style for local variables (git-fixes). - gpiolib: make struct comments into real kernel docs (git-fixes). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes). - hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes). - HID: mcp2221: do not connect hidraw (git-fixes). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes). - HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes). - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes). - HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes). - HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes). - hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes). - hwrng: amd - Fix PCI device refcount leak (git-fixes). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes). - i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes). - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes) - ibmveth: Always stop tx queues during close (bsc#1065729). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes). - iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes). - iio: fix memory leak in iio_device_register_eventset() (git-fixes). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes). - Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes). - Input: wistron_btns - disable on UML (git-fixes). - integrity: Fix memory leakage in keyring allocation error path (git-fixes). - ipmi: fix long wait in unload when IPMI disconnect (git-fixes). - ipmi: fix memleak when unload ipmi driver (git-fixes). - ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes). - lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes). - mailbox: mpfs: read the system controller's status (git-fixes). - mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes). - media: adv748x: afe: Select input port when initializing AFE (git-fixes). - media: camss: Clean up received buffers on failed start of streaming (git-fixes). - media: dvb-core: Fix double free in dvb_register_device() (git-fixes). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes). - media: dvb-frontends: fix leak of memory fw (git-fixes). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes). - media: i2c: ad5820: Fix error path (git-fixes). - media: imon: fix a race condition in send_packet() (git-fixes). - media: saa7164: fix missing pci_disable_device() (git-fixes). - media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes). - media: stv0288: use explicitly signed char (git-fixes). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes). - media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes). - media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes). - media: vimc: Fix wrong function called when vimc_init() fails (git-fixes). - media: vivid: fix compose size exceed boundary (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes). - mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes). - mfd: pm8008: Remove driver data structure pm8008_data (git-fixes). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes). - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes). - mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468). - mmc: alcor: fix return value check of mmc_add_host() (git-fixes). - mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes). - mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes). - mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes). - mmc: mmci: fix return value check of mmc_add_host() (git-fixes). - mmc: moxart: fix return value check of mmc_add_host() (git-fixes). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes). - mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: pxamci: fix return value check of mmc_add_host() (git-fixes). - mmc: renesas_sdhi: alway populate SCC pointer (git-fixes). - mmc: renesas_sdhi: better reset from HS400 mode (git-fixes). - mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes). - mmc: toshsd: fix return value check of mmc_add_host() (git-fixes). - mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes). - mmc: wbsd: fix return value check of mmc_add_host() (git-fixes). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mt76: stop the radar detector after leaving dfs channel (git-fixes). - mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes). - mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: smsc95xx: fix external PHY reset (git-fixes). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536). - net/mlx5: Lag, filter non compatible devices (bsc#1206536). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfc: Fix potential resource leaks (git-fixes). - nfc: pn533: Clear nfc_target before being used (git-fixes). - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes). - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682). - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682). - octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682). - octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682). - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682). - octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682). - octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682). - octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682). - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682). - octeontx2-pf: Add egress PFC support (jsc#SLE-24682). - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682). - octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682). - octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682). - octeontx2-pf: Fix unused variable build error (jsc#SLE-24682). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682). - octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682). - octeontx2: Modify mbox request and response structures (jsc#SLE-24682). - PCI: Check for alloc failure in pci_request_irq() (git-fixes). - PCI: dwc: Fix n_fts[] array overrun (git-fixes). - PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes). - PCI: vmd: Disable MSI remapping after suspend (git-fixes). - PCI/sysfs: Fix double free in error path (git-fixes). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes). - pinctrl: k210: call of_node_put() (git-fixes). - pinctrl: meditatek: Startup with the IRQs disabled (git-fixes). - pinctrl: pinconf-generic: add missing of_node_put() (git-fixes). - platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: huawei-wmi: fix return value calculation (git-fixes). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes). - platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes). - PM: hibernate: Fix mistake in kerneldoc comment (git-fixes). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes). - PNP: fix name memory leak in pnp_alloc_dev() (git-fixes). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes). - powerpc: export the CPU node count (bsc#1207016 ltc#201108). - powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - proc: fixup uptime selftest (git-fixes). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes). - pstore: Properly assign mem_type property (git-fixes). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes). - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes). - pwm: lpc18xx-sct: Fix a comment to match code (git-fixes). - pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes). - pwm: tegra: Improve required rate calculation (git-fixes). - r6040: Fix kmemleak in probe and remove (git-fixes). - random: allow partial reads if later user copies fail (bsc#1204911). - random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911). - random: convert to using fops->read_iter() (bsc#1204911). - random: convert to using fops->write_iter() (bsc#1204911). - random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911). - random: zero buffer after reading entropy from userspace (bsc#1204911). - RDMA: Disable IB HW for UML (git-fixes) - RDMA/core: Fix order of nldev_exit call (git-fixes) - RDMA/core: Make sure 'ib_port' is valid when access sysfs node (git-fixes) - RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes) - RDMA/hfi: Decrease PCI device reference count in error path (git-fixes) - RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes) - RDMA/hns: Fix AH attr queried by query_qp (git-fixes) - RDMA/hns: Fix error code of CMD (git-fixes) - RDMA/hns: Fix ext_sge num error when post send (git-fixes) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes) - RDMA/hns: Fix page size cap from firmware (git-fixes) - RDMA/hns: Fix PBL page MTR find (git-fixes) - RDMA/hns: Fix XRC caps on HIP08 (git-fixes) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes) - RDMA/irdma: Initialize net_type before checking it (git-fixes) - RDMA/irdma: Report the correct link speed (git-fixes) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes) - RDMA/nldev: Fix failure to send large messages (git-fixes) - RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (git-fixes) - RDMA/restrack: Release MR restrack when delete (git-fixes) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes) - RDMA/siw: Fix immediate work request flush to completion queue (git-fixes) - RDMA/siw: Fix pointer cast warning (git-fixes) - RDMA/siw: Set defined status for work completion with undefined status (git-fixes) - RDMA/srp: Fix error return code in srp_parse_options() (git-fixes) - regulator: bd718x7: Drop unnecessary info print (git-fixes). - regulator: core: fix deadlock on regulator enable (git-fixes). - regulator: core: fix module refcount leak in set_supply() (git-fixes). - regulator: core: fix resource leak in regulator_register() (git-fixes). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes). - regulator: core: fix use_count leakage when handling boot-on (git-fixes). - regulator: core: use kfree_const() to free space conditionally (git-fixes). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes). - regulator: slg51000: Wait after asserting CS pin (git-fixes). - regulator: twl6030: fix get status of twl6032 regulators (git-fixes). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes). - remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes). - rtc: cmos: fix build on non-ACPI platforms (git-fixes). - rtc: cmos: Fix event handler registration ordering issue (git-fixes). - rtc: cmos: Fix wake alarm breakage (git-fixes). - rtc: ds1347: fix value written to century register (git-fixes). - rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes). - rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes). - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes). - rtc: snvs: Allow a time difference on clock register read (git-fixes). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/core: Fix comparison in sched_group_cookie_match() (git-fixes) - sched/core: Fix the bug that task won't enqueue into core (git-fixes) - sched/topology: Remove redundant variable and fix incorrect (git-fixes) - sched/uclamp: Fix relationship between uclamp and migration (git-fixes) - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes). - scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes). - scsi: core: Reallocate device's budget map on queue depth change (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes). - scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes). - scsi: hisi_sas: Use managed PCI functions (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add recv workqueue helpers (git-fixes). - scsi: iscsi: Fix harmless double shift bug (git-fixes). - scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes). - scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes). - scsi: iscsi: kabi: fix libiscsi new field (git-fixes). - scsi: iscsi: Merge suspend fields (git-fixes). - scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes). - scsi: iscsi: Run recv path from workqueue (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpi3mr: Fix memory leaks (git-fixes). - scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes). - scsi: mpi3mr: Fixes around reply request queues (git-fixes). - scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes). - scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes). - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes). - scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes). - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes). - scsi: pm8001: Fix tag leaks on error (git-fixes). - scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes). - scsi: pm80xx: Fix double completion for SATA devices (git-fixes). - scsi: pm80xx: Fix memory leak during rmmod (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add stag_work to all the vports (git-fixes). - scsi: qedf: Change context reset messages to ratelimited (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes). - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes). - scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes). - scsi: ufs: Fix a kernel crash during shutdown (git-fixes). - scsi: ufs: Treat link loss as fatal error (git-fixes). - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes). - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes). - selftests: set the BUILD variable to absolute path (git-fixes). - selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes). - selftests/efivarfs: Add checking of the test return value (git-fixes). - selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes). - selftests/powerpc: Fix resource leaks (git-fixes). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes). - serial: sunsab: Fix error handling in sunsab_init() (git-fixes). - serial: tegra: Read DMA status before terminating (git-fixes). - soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes). - soc: qcom: llcc: make irq truly optional (git-fixes). - soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes). - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes). - spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes). - spi: Update reference to struct spi_controller (git-fixes). - staging: media: tegra-video: fix chan->mipi value on error (git-fixes). - staging: media: tegra-video: fix device_node use after free (git-fixes). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes). - staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - test_firmware: fix memory leak in test_firmware_init() (git-fixes). - thermal: core: fix some possible name leaks in error paths (git-fixes). - thermal: int340x: Add missing attribute for data rate base (git-fixes). - thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes). - tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes). - tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes). - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes). - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes). - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes). - usb: cdnsp: fix lack of ZLP for ep0 (git-fixes). - usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup (git-fixes). - usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes). - usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes). - usb: rndis_host: Secure rndis_query check against int overflow (git-fixes). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes). - usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - usb: serial: f81232: fix division by zero on line-speed change (git-fixes). - usb: serial: f81534: fix division by zero on line-speed change (git-fixes). - usb: serial: option: add Quectel EM05-G modem (git-fixes). - usb: storage: Add check for kcalloc (git-fixes). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes). - usb: typec: Factor out non-PD fwnode properties (git-fixes). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes). - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes). - vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes). - vhost: fix range used in translate_desc() (git-fixes). - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - vmxnet3: correctly report csum_level for encapsulated packet (git-fixes). - vringh: fix range used in iotlb_translate() (git-fixes). - vsock: Enable y2038 safe timeval for timeout (bsc#1206101). - vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes). - wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes). - wifi: ath9k: verify the expected usb_endpoints are present (git-fixes). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes). - wifi: iwlwifi: mvm: fix double free on tx path (git-fixes). - wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes). - wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes). - wifi: rtl8xxxu: Fix the channel width reporting (git-fixes). - wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes). - wifi: rtw89: fix physts IE page check (git-fixes). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes). - wifi: wilc1000: sdio: fix module autoloading (git-fixes). - xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes). Important SUSE bug 1065729 SUSE bug 1187428 SUSE bug 1188605 SUSE bug 1191259 SUSE bug 1193629 SUSE bug 1199294 SUSE bug 1201068 SUSE bug 1203219 SUSE bug 1203740 SUSE bug 1204614 SUSE bug 1204652 SUSE bug 1204760 SUSE bug 1204911 SUSE bug 1204989 SUSE bug 1205263 SUSE bug 1205485 SUSE bug 1205601 SUSE bug 1205695 SUSE bug 1206073 SUSE bug 1206098 SUSE bug 1206101 SUSE bug 1206188 SUSE bug 1206209 SUSE bug 1206344 SUSE bug 1206389 SUSE bug 1206390 SUSE bug 1206393 SUSE bug 1206394 SUSE bug 1206395 SUSE bug 1206396 SUSE bug 1206397 SUSE bug 1206398 SUSE bug 1206399 SUSE bug 1206456 SUSE bug 1206468 SUSE bug 1206515 SUSE bug 1206536 SUSE bug 1206554 SUSE bug 1206602 SUSE bug 1206619 SUSE bug 1206664 SUSE bug 1206703 SUSE bug 1206794 SUSE bug 1206896 SUSE bug 1206912 SUSE bug 1207016 CVE-2022-3104 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3113 CVE-2022-3115 CVE-2022-3344 CVE-2022-3564 CVE-2022-4379 CVE-2022-4662 CVE-2022-47520 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3344: Fixed a bug where nested shutdown interception could lead to host crash (bsc#1204652) - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3104: Fixed a null pointer dereference caused by caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396) - CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3114: Fixed a null pointer dereference caused by a missing check of the return value of kcalloc. (bsc#1206391) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - acct: fix potential integer overflow in encode_comp_t() (git-fixes). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes). - ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes). - ALSA: asihpi: fix missing pci_disable_device() (git-fixes). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes). - ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes). - ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes). - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes). - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes). - ALSA: usb-audio: add the quirk for KT0206 device (git-fixes). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes). - apparmor: fix a memleak in multi_transaction_new() (git-fixes). - apparmor: Fix abi check to include v8 abi (git-fixes). - apparmor: fix lockdep warning when removing a namespace (git-fixes). - apparmor: Fix memleak in alloc_ns() (git-fixes). - apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes). - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes). - ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes). - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes). - ARM: dts: rockchip: fix ir-receiver node names (git-fixes). - ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes). - ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes). - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes). - ARM: dts: spear600: Fix clcd interrupt (git-fixes). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes). - ARM: dts: turris-omnia: Add ethernet aliases (git-fixes). - ARM: dts: turris-omnia: Add switch port 6 node (git-fixes). - ARM: mmp: fix timer_read delay (git-fixes). - ARM: ux500: do not directly dereference __iomem (git-fixes). - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes). - arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes). - arm64: dts: mt6779: Fix devicetree build warnings (git-fixes). - arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes). - arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes). - arm64: dts: mt8183: Fix Mali GPU clock (git-fixes). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes). - arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes). - arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes). - arm64: dts: rockchip: fix ir-receiver node names (git-fixes). - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes). - ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes). - ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes). - ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes). - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes). - ASoC: pxa: fix null-pointer dereference in filter() (git-fixes). - ASoC: qcom: Add checks for devm_kcalloc (git-fixes). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes). - ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes). - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes). - ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes). - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes). - ASoC: wm8994: Fix potential deadlock (git-fixes). - ata: ahci: Fix PCS quirk application for suspend (git-fixes). - binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes). - binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes). - Bluetooth: btusb: Add debug message for CSR controllers (git-fixes). - Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes). - Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes). - caif: fix memory leak in cfctrl_linkup_request() (git-fixes). - can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes). - can: do not increase rx_bytes statistics for RTR frames (git-fixes). - can: kvaser_usb_leaf: Fix bogus restart events (git-fixes). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes). - can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes). - can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes). - can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes). - can: m_can: fix typo prescalar -> prescaler (git-fixes). - can: m_can: is_lec_err(): clean up LEC error handling (git-fixes). - can: mcba_usb: Fix termination command argument (git-fixes). - can: sja1000: fix size of OCR_MODE_MASK define (git-fixes). - can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes). - chardev: fix error handling in cdev_device_add() (git-fixes). - cifs: Add 'extbuf' and 'extbuflen' args to smb2_compound_op() (bsc#1193629). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629). - cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629). - cifs: do not refresh cached referrals from unactive mounts (bsc#1193629). - cifs: fix confusing debug message (bsc#1193629). - cifs: Fix kmap_local_page() unmapping (git-fixes). - cifs: fix missing display of three mount options (bsc#1193629). - cifs: fix oops during encryption (bsc#1199294). - cifs: fix refresh of cached referrals (bsc#1193629). - cifs: fix source pathname comparison of dfs supers (bsc#1193629). - cifs: fix various whitespace errors in headers (bsc#1193629). - cifs: get rid of mount options string parsing (bsc#1193629). - cifs: minor cleanup of some headers (bsc#1193629). - cifs: optimize reconnect of nested links (bsc#1193629). - cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629). - cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629). - cifs: reduce roundtrips on create/qinfo requests (bsc#1193629). - cifs: refresh root referrals (bsc#1193629). - cifs: Remove duplicated include in cifsglob.h (bsc#1193629). - cifs: remove unused smb3_fs_context::mount_options (bsc#1193629). - cifs: set correct ipc status after initial tree connect (bsc#1193629). - cifs: set correct status of tcon ipc when reconnecting (bsc#1193629). - cifs: set correct tcon status after initial tree connect (bsc#1193629). - cifs: set resolved ip in sockaddr (bsc#1193629). - cifs: share dfs connections and supers (bsc#1193629). - cifs: skip alloc when request has no pages (bsc#1193629). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use fs_context for automounts (bsc#1193629). - cifs: use origin fullpath for automounts (bsc#1193629). - class: fix possible memory leak in __class_register() (git-fixes). - clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes). - clk: generalize devm_clk_get() a bit (git-fixes). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes). - clk: imx: replace osc_hdmi with dummy (git-fixes). - clk: nomadik: correct struct name kernel-doc warning (git-fixes). - clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes). - clk: qcom: clk-krait: fix wrong div2 functions (git-fixes). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes). - clk: renesas: r9a06g032: Repair grave increment error (git-fixes). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes). - clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes). - clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes). - clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes). - clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes). - cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485). - cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485). - cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485). - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes). - crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes). - crypto: cryptd - Use request context instead of stack for sub-request (git-fixes). - crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes). - crypto: n2 - add missing hash statesize (git-fixes). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes). - crypto: rockchip - add fallback for ahash (git-fixes). - crypto: rockchip - add fallback for cipher (git-fixes). - crypto: rockchip - better handle cipher key (git-fixes). - crypto: rockchip - do not do custom power management (git-fixes). - crypto: rockchip - do not store mode globally (git-fixes). - crypto: rockchip - remove non-aligned handling (git-fixes). - crypto: rockchip - rework by using crypto_engine (git-fixes). - crypto: sun8i-ss - use dma_addr instead u32 (git-fixes). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes). - device property: Fix documentation for fwnode_get_next_parent() (git-fixes). - dmaengine: idxd: Fix crc_val field for completion record (git-fixes). - docs/zh_CN: Fix '.. only::' directive's expression (git-fixes). - Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes). - Documentation: devres: add missing MEM helper (git-fixes). - Documentation: devres: add missing PHY helpers (git-fixes). - Documentation: devres: add missing PWM helper (git-fixes). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove call to memset before free device/resource/connection (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes). - drivers: dio: fix possible memory leak in dio_init() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes). - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes). - drm/amd/display: fix array index out of bound error in bios parser (git-fixes). - drm/amd/display: Manually adjust strobe for DCN303 (git-fixes). - drm/amd/display: prevent memory leak (git-fixes). - drm/amd/display: Use the largest vready_offset in pipe group (git-fixes). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes). - drm/amdgpu: fix pci device refcount leak (git-fixes). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes). - drm/amdgpu: make display pinning more flexible (v2) (git-fixes). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes). - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes). - drm/amdkfd: Fix memory leakage (git-fixes). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes). - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes). - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes). - drm/connector: send hotplug uevent on connector cleanup (git-fixes). - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes). - drm/etnaviv: add missing quirks for GC300 (git-fixes). - drm/etnaviv: do not truncate physical page address (git-fixes). - drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes). - drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes). - drm/i915: remove circ_buf.h includes (git-fixes). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes). - drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes). - drm/i915/gvt: fix gvt debugfs destroy (git-fixes). - drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes). - drm/i915/migrate: do not check the scratch page (git-fixes). - drm/i915/migrate: fix length calculation (git-fixes). - drm/i915/migrate: fix offset calculation (git-fixes). - drm/i915/ttm: never purge busy objects (git-fixes). - drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes). - drm/mediatek: Modify dpi power on/off sequence (git-fixes). - drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes). - drm/msm: Use drm_mode_copy() (git-fixes). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes). - drm/panfrost: Fix GEM handle creation ref-counting (git-fixes). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes). - drm/rockchip: Use drm_mode_copy() (git-fixes). - drm/shmem-helper: Avoid vm_open error paths (git-fixes). - drm/shmem-helper: Remove errant put in error path (git-fixes). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes). - drm/sti: Use drm_mode_copy() (git-fixes). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes). - drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes). - drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes). - drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes). - Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259) - dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes). - dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes). - dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes). - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes). - extcon: usbc-tusb320: Add support for TUSB320L (git-fixes). - extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes). - fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes). - fbdev: geode: do not build on UML (git-fixes). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes). - fbdev: pm2fb: fix missing pci_disable_device() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - fbdev: ssd1307fb: Drop optional dependency (git-fixes). - fbdev: uvesafb: do not build on UML (git-fixes). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes). - fbdev: vermilion: decrease reference count in error path (git-fixes). - fbdev: via: Fix error in via_core_init() (git-fixes). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - floppy: Fix memory leak in do_floppy_init() (git-fixes). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes). - gpiolib: cdev: fix NULL-pointer dereferences (git-fixes). - gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes). - gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes). - gpiolib: Get rid of redundant 'else' (git-fixes). - gpiolib: improve coding style for local variables (git-fixes). - gpiolib: make struct comments into real kernel docs (git-fixes). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes). - hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes). - HID: mcp2221: do not connect hidraw (git-fixes). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes). - HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes). - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes). - HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes). - HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes). - HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes). - hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes). - hwrng: amd - Fix PCI device refcount leak (git-fixes). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes). - i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes). - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes) - ibmveth: Always stop tx queues during close (bsc#1065729). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes). - iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes). - iio: fix memory leak in iio_device_register_eventset() (git-fixes). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes). - Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes). - Input: wistron_btns - disable on UML (git-fixes). - integrity: Fix memory leakage in keyring allocation error path (git-fixes). - ipmi: fix long wait in unload when IPMI disconnect (git-fixes). - ipmi: fix memleak when unload ipmi driver (git-fixes). - ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes). - kABI: reintroduce a non-inline usleep_range (git-fixes). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes). - lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes). - mailbox: mpfs: read the system controller's status (git-fixes). - mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes). - media: adv748x: afe: Select input port when initializing AFE (git-fixes). - media: camss: Clean up received buffers on failed start of streaming (git-fixes). - media: dvb-core: Fix double free in dvb_register_device() (git-fixes). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes). - media: dvb-frontends: fix leak of memory fw (git-fixes). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes). - media: i2c: ad5820: Fix error path (git-fixes). - media: imon: fix a race condition in send_packet() (git-fixes). - media: saa7164: fix missing pci_disable_device() (git-fixes). - media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes). - media: stv0288: use explicitly signed char (git-fixes). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes). - media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes). - media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes). - media: vimc: Fix wrong function called when vimc_init() fails (git-fixes). - media: vivid: fix compose size exceed boundary (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes). - mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes). - mfd: pm8008: Remove driver data structure pm8008_data (git-fixes). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes). - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes). - mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468). - mmc: alcor: fix return value check of mmc_add_host() (git-fixes). - mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes). - mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes). - mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes). - mmc: mmci: fix return value check of mmc_add_host() (git-fixes). - mmc: moxart: fix return value check of mmc_add_host() (git-fixes). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes). - mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: pxamci: fix return value check of mmc_add_host() (git-fixes). - mmc: renesas_sdhi: alway populate SCC pointer (git-fixes). - mmc: renesas_sdhi: better reset from HS400 mode (git-fixes). - mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes). - mmc: toshsd: fix return value check of mmc_add_host() (git-fixes). - mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes). - mmc: wbsd: fix return value check of mmc_add_host() (git-fixes). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - mt76: stop the radar detector after leaving dfs channel (git-fixes). - mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes). - mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: smsc95xx: fix external PHY reset (git-fixes). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536). - net/mlx5: Lag, filter non compatible devices (bsc#1206536). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfc: Fix potential resource leaks (git-fixes). - nfc: pn533: Clear nfc_target before being used (git-fixes). - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes). - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682). - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682). - octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682). - octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682). - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682). - octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682). - octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682). - octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682). - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682). - octeontx2-pf: Add egress PFC support (jsc#SLE-24682). - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682). - octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682). - octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682). - octeontx2-pf: Fix unused variable build error (jsc#SLE-24682). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682). - octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682). - octeontx2: Modify mbox request and response structures (jsc#SLE-24682). - padata: Fix list iterator in padata_do_serial() (git-fixes). - PCI: Check for alloc failure in pci_request_irq() (git-fixes). - PCI: dwc: Fix n_fts[] array overrun (git-fixes). - PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes). - PCI: vmd: Disable MSI remapping after suspend (git-fixes). - PCI/sysfs: Fix double free in error path (git-fixes). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes). - pinctrl: k210: call of_node_put() (git-fixes). - pinctrl: meditatek: Startup with the IRQs disabled (git-fixes). - pinctrl: pinconf-generic: add missing of_node_put() (git-fixes). - platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes). - platform/x86: huawei-wmi: fix return value calculation (git-fixes). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes). - PM: hibernate: Fix mistake in kerneldoc comment (git-fixes). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes). - PNP: fix name memory leak in pnp_alloc_dev() (git-fixes). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes). - powerpc: export the CPU node count (bsc#1207016 ltc#201108). - powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - proc: fixup uptime selftest (git-fixes). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes). - pstore: Properly assign mem_type property (git-fixes). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes). - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes). - pwm: lpc18xx-sct: Fix a comment to match code (git-fixes). - pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes). - pwm: tegra: Improve required rate calculation (git-fixes). - r6040: Fix kmemleak in probe and remove (git-fixes). - random: allow partial reads if later user copies fail (bsc#1204911). - random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911). - random: convert to using fops->read_iter() (bsc#1204911). - random: convert to using fops->write_iter() (bsc#1204911). - random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911). - random: zero buffer after reading entropy from userspace (bsc#1204911). - RDMA: Disable IB HW for UML (git-fixes) - RDMA/core: Fix order of nldev_exit call (git-fixes) - RDMA/core: Make sure 'ib_port' is valid when access sysfs node (git-fixes) - RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes) - RDMA/hfi: Decrease PCI device reference count in error path (git-fixes) - RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes) - RDMA/hns: Fix AH attr queried by query_qp (git-fixes) - RDMA/hns: Fix error code of CMD (git-fixes) - RDMA/hns: Fix ext_sge num error when post send (git-fixes) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes) - RDMA/hns: Fix page size cap from firmware (git-fixes) - RDMA/hns: Fix PBL page MTR find (git-fixes) - RDMA/hns: Fix XRC caps on HIP08 (git-fixes) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes) - RDMA/irdma: Initialize net_type before checking it (git-fixes) - RDMA/irdma: Report the correct link speed (git-fixes) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes) - RDMA/nldev: Fix failure to send large messages (git-fixes) - RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (git-fixes) - RDMA/restrack: Release MR restrack when delete (git-fixes) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes) - RDMA/siw: Fix immediate work request flush to completion queue (git-fixes) - RDMA/siw: Fix pointer cast warning (git-fixes) - RDMA/siw: Set defined status for work completion with undefined status (git-fixes) - RDMA/srp: Fix error return code in srp_parse_options() (git-fixes) - regulator: bd718x7: Drop unnecessary info print (git-fixes). - regulator: core: fix deadlock on regulator enable (git-fixes). - regulator: core: fix module refcount leak in set_supply() (git-fixes). - regulator: core: fix resource leak in regulator_register() (git-fixes). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes). - regulator: core: fix use_count leakage when handling boot-on (git-fixes). - regulator: core: use kfree_const() to free space conditionally (git-fixes). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes). - regulator: slg51000: Wait after asserting CS pin (git-fixes). - regulator: twl6030: fix get status of twl6032 regulators (git-fixes). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes). - remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes). - rtc: cmos: fix build on non-ACPI platforms (git-fixes). - rtc: cmos: Fix event handler registration ordering issue (git-fixes). - rtc: cmos: Fix wake alarm breakage (git-fixes). - rtc: ds1347: fix value written to century register (git-fixes). - rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes). - rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes). - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes). - rtc: snvs: Allow a time difference on clock register read (git-fixes). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes). - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829). - s390/boot: add secure boot trailer (bsc#1205257 LTC#200451). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/core: Fix comparison in sched_group_cookie_match() (git-fixes) - sched/core: Fix the bug that task won't enqueue into core (git-fixes) - sched/topology: Remove redundant variable and fix incorrect (git-fixes) - sched/uclamp: Fix relationship between uclamp and migration (git-fixes) - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes). - scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes). - scsi: core: Reallocate device's budget map on queue depth change (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes). - scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes). - scsi: hisi_sas: Use managed PCI functions (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add recv workqueue helpers (git-fixes). - scsi: iscsi: Fix harmless double shift bug (git-fixes). - scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes). - scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes). - scsi: iscsi: kabi: fix libiscsi new field (git-fixes). - scsi: iscsi: Merge suspend fields (git-fixes). - scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes). - scsi: iscsi: Run recv path from workqueue (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpi3mr: Fix memory leaks (git-fixes). - scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes). - scsi: mpi3mr: Fixes around reply request queues (git-fixes). - scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes). - scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes). - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes). - scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes). - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes). - scsi: pm8001: Fix tag leaks on error (git-fixes). - scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes). - scsi: pm80xx: Fix double completion for SATA devices (git-fixes). - scsi: pm80xx: Fix memory leak during rmmod (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add stag_work to all the vports (git-fixes). - scsi: qedf: Change context reset messages to ratelimited (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes). - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes). - scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes). - scsi: ufs: Fix a kernel crash during shutdown (git-fixes). - scsi: ufs: Treat link loss as fatal error (git-fixes). - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes). - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes). - selftests: set the BUILD variable to absolute path (git-fixes). - selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes). - selftests/efivarfs: Add checking of the test return value (git-fixes). - selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes). - selftests/powerpc: Fix resource leaks (git-fixes). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes). - serial: sunsab: Fix error handling in sunsab_init() (git-fixes). - serial: tegra: Read DMA status before terminating (git-fixes). - soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes). - soc: qcom: llcc: make irq truly optional (git-fixes). - soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes). - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes). - spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes). - spi: Update reference to struct spi_controller (git-fixes). - staging: media: tegra-video: fix chan->mipi value on error (git-fixes). - staging: media: tegra-video: fix device_node use after free (git-fixes). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes). - staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - test_firmware: fix memory leak in test_firmware_init() (git-fixes). - thermal: core: fix some possible name leaks in error paths (git-fixes). - thermal: int340x: Add missing attribute for data rate base (git-fixes). - thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes). - timers: implement usleep_idle_range() (git-fixes). - tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes). - tracing/osnoise: Fix duration type (git-fixes). - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes). - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes). - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes). - units: Add SI metric prefix definitions (git-fixes). - units: add the HZ macros (git-fixes). - usb: cdnsp: fix lack of ZLP for ep0 (git-fixes). - usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup (git-fixes). - usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes). - usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes). - usb: rndis_host: Secure rndis_query check against int overflow (git-fixes). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes). - usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - usb: serial: f81232: fix division by zero on line-speed change (git-fixes). - usb: serial: f81534: fix division by zero on line-speed change (git-fixes). - usb: serial: option: add Quectel EM05-G modem (git-fixes). - usb: storage: Add check for kcalloc (git-fixes). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes). - usb: typec: Factor out non-PD fwnode properties (git-fixes). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes). - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes). - vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes). - vhost: fix range used in translate_desc() (git-fixes). - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - vmxnet3: correctly report csum_level for encapsulated packet (git-fixes). - vringh: fix range used in iotlb_translate() (git-fixes). - vsock: Enable y2038 safe timeval for timeout (bsc#1206101). - vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes). - wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes). - wifi: ath9k: verify the expected usb_endpoints are present (git-fixes). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes). - wifi: iwlwifi: mvm: fix double free on tx path (git-fixes). - wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes). - wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes). - wifi: rtl8xxxu: Fix the channel width reporting (git-fixes). - wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes). - wifi: rtw89: fix physts IE page check (git-fixes). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes). - wifi: wilc1000: sdio: fix module autoloading (git-fixes). - xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes). Important SUSE bug 1065729 SUSE bug 1187428 SUSE bug 1188605 SUSE bug 1190969 SUSE bug 1191259 SUSE bug 1193629 SUSE bug 1199294 SUSE bug 1201068 SUSE bug 1203219 SUSE bug 1203740 SUSE bug 1203829 SUSE bug 1204614 SUSE bug 1204652 SUSE bug 1204760 SUSE bug 1204911 SUSE bug 1204989 SUSE bug 1205257 SUSE bug 1205263 SUSE bug 1205485 SUSE bug 1205496 SUSE bug 1205601 SUSE bug 1205695 SUSE bug 1206073 SUSE bug 1206098 SUSE bug 1206101 SUSE bug 1206188 SUSE bug 1206209 SUSE bug 1206273 SUSE bug 1206344 SUSE bug 1206389 SUSE bug 1206390 SUSE bug 1206391 SUSE bug 1206393 SUSE bug 1206394 SUSE bug 1206395 SUSE bug 1206396 SUSE bug 1206397 SUSE bug 1206398 SUSE bug 1206399 SUSE bug 1206456 SUSE bug 1206468 SUSE bug 1206515 SUSE bug 1206536 SUSE bug 1206554 SUSE bug 1206602 SUSE bug 1206619 SUSE bug 1206664 SUSE bug 1206703 SUSE bug 1206794 SUSE bug 1206896 SUSE bug 1206912 SUSE bug 1207016 CVE-2022-3104 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3113 CVE-2022-3114 CVE-2022-3115 CVE-2022-3344 CVE-2022-3564 CVE-2022-4379 CVE-2022-4662 CVE-2022-47520 cpe:/o:opensuse:leap:15.4 Security update for xrdp (Important) openSUSE Leap 15.4 This update for xrdp fixes the following issues: - CVE-2022-23477: Fixed a buffer overflow for oversized audio format from client (bsc#1206301). Important SUSE bug 1206301 CVE-2022-23477 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA. (bsc#1207134) - CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem which allowed an unprivileged user to trigger a denial of service via a crafted traffic control configuration. (bsc#1207237) - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036) - CVE-2023-23455: Fixed a bug that could allow attackers to cause a denial of service because of type confusion in atm_tc_enqueue. (bsc#1207125) - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049). - CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - afs: Fix some tracing details (git-fixes). - arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes) - arm64: dts: allwinner: H5: Add PMU node (git-fixes) - arm64: dts: allwinner: H6: Add PMU mode (git-fixes) - arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes) - arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes) - arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes) - arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes) - arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes) - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes). - arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes) - arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes) - block: Do not reread partition table on exclusively open device (bsc#1190969). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198). - ceph: do not update snapshot context when there is no new snapshot (bsc#1207218). - cuse: prevent clone (bsc#1206177). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid race conditions when remounting with options that change dax (bsc#1206860). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: Detect already used quota file early (bsc#1206873). - ext4: fix a data race at inode->i_disksize (bsc#1206855). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: Fixup pages without buffers (bsc#1205495). - ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - ext4: use matching invalidatepage in ext4_writepage (bsc#1206858). - fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes). - fuse: do not check refcount after stealing page (bsc#1206174). - fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176). - fuse: fix use after free in fuse_read_interrupt() (bsc#1206178). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179). - fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784). - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - ibmveth: Always stop tx queues during close (bsc#1065729). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634). - lockd: lockd server-side shouldn't set fl_ops (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/filemap.c: clear page error before actual read (bsc#1206635). - mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663). - module: avoid *goto*s in module_sig_check() (git-fixes). - module: lockdep: Suppress suspicious RCU usage warning (git-fixes). - module: merge repetitive strings in module_sig_check() (git-fixes). - module: Remove accidental change of module_enable_x() (git-fixes). - module: set MODULE_STATE_GOING state when a module fails to load (git-fixes). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). - net: usb: cdc_ncm: do not spew notifications (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: Fix memory leaks (git-fixes). - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). - NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - NFS: nfs_find_open_context() may only select open files (git-fixes). - NFS: nfs_xdr_status should record the procedure name (git-fixes). - NFS: nfs4clinet: check the return value of kstrdup() (git-fixes). - NFS: we do not support removing system.nfs4_acl (git-fixes). - NFS: Zero-stateid SETATTR should first return delegation (git-fixes). - NFS4: Fix kmemleak when allocate slot failed (git-fixes). - NFS4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes). - NFSD: Clone should commit src file metadata too (git-fixes). - NFSD: do not call nfsd_file_put from client states seqfile display (git-fixes). - NFSD: fix error handling in NFSv4.0 callbacks (git-fixes). - NFSD: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - NFSD: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes). - NFSD: Keep existing listeners on portlist error (git-fixes). - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - NFSD: safer handling of corrupted c_type (git-fixes). - NFSv4 expose nfs_parse_server_name function (git-fixes). - NFSv4 only print the label when its queried (git-fixes). - NFSv4 remove zero number of fs_locations entries error check (git-fixes). - NFSv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes). - NFSv4: Fix races between open and dentry revalidation (git-fixes). - NFSv4: Protect the state recovery thread against direct reclaim (git-fixes). - NFSv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). - NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes). - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - NFSv4.2: error out when relink swapfile (git-fixes). - NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - NFSv4/pNFS: Fix a use-after-free bug in open (git-fixes). - NFSv4/pNFS: Try to return invalid layout in pnfs_layout_process() (git-fixes). - powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395). - powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). - powerpc: improve handling of unrecoverable system reset (bsc#1065729). - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). - powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395). - powerpc/boot: Fixup device-tree on little endian (bsc#1065729). - powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729). - powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395). - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). - powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). - powerpc/xive: Add a check for memory allocation failure (git-fixes). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - rpc: fix gss_svc_init cleanup on failure (git-fixes). - rpc: fix NULL dereference on kmalloc failure (git-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - SUNRPC: check that domain table is empty at module unload (git-fixes). - SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - SUNRPC: Do not start a timer on an already queued rpc task (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: Fix potential leaks in sunrpc_cache_unhash() (git-fixes). - SUNRPC: Fix socket waits for write buffer space (git-fixes). - SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes). - SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes). - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). - SUNRPC: stop printk reading past end of string (git-fixes). - svcrdma: Fix another Receive buffer leak (git-fixes). - svcrdma: Fix backchannel return code (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing: Verify if trace array exists before destroying it (git-fixes). - tracing/dynevent: Delete all matched events (git-fixes). - udf_get_extendedattr() had no boundary checks (bsc#1206648). - udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641). - udf: Fix iocharset=utf8 mount option (bsc#1206647). - udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646). - udf: fix silent AED tagLocation corruption (bsc#1206645). - udf: fix the problem that the disc content is not displayed (bsc#1206644). - udf: Limit sparing table size (bsc#1206643). - usb: host: xhci-hub: fix extra endianness conversion (git-fixes). - usbnet: move new members to end (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). Important SUSE bug 1065729 SUSE bug 1151927 SUSE bug 1156395 SUSE bug 1157049 SUSE bug 1190969 SUSE bug 1203183 SUSE bug 1203693 SUSE bug 1203740 SUSE bug 1204171 SUSE bug 1204250 SUSE bug 1204614 SUSE bug 1204693 SUSE bug 1204760 SUSE bug 1204989 SUSE bug 1205149 SUSE bug 1205256 SUSE bug 1205495 SUSE bug 1205496 SUSE bug 1205601 SUSE bug 1205695 SUSE bug 1206073 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206174 SUSE bug 1206175 SUSE bug 1206176 SUSE bug 1206177 SUSE bug 1206178 SUSE bug 1206179 SUSE bug 1206344 SUSE bug 1206389 SUSE bug 1206393 SUSE bug 1206394 SUSE bug 1206395 SUSE bug 1206397 SUSE bug 1206398 SUSE bug 1206399 SUSE bug 1206515 SUSE bug 1206602 SUSE bug 1206634 SUSE bug 1206635 SUSE bug 1206636 SUSE bug 1206637 SUSE bug 1206640 SUSE bug 1206641 SUSE bug 1206642 SUSE bug 1206643 SUSE bug 1206644 SUSE bug 1206645 SUSE bug 1206646 SUSE bug 1206647 SUSE bug 1206648 SUSE bug 1206649 SUSE bug 1206663 SUSE bug 1206664 SUSE bug 1206784 SUSE bug 1206841 SUSE bug 1206854 SUSE bug 1206855 SUSE bug 1206857 SUSE bug 1206858 SUSE bug 1206859 SUSE bug 1206860 SUSE bug 1206873 SUSE bug 1206875 SUSE bug 1206876 SUSE bug 1206877 SUSE bug 1206878 SUSE bug 1206880 SUSE bug 1206881 SUSE bug 1206882 SUSE bug 1206883 SUSE bug 1206884 SUSE bug 1206885 SUSE bug 1206886 SUSE bug 1206887 SUSE bug 1206888 SUSE bug 1206889 SUSE bug 1206890 SUSE bug 1206891 SUSE bug 1206893 SUSE bug 1206896 SUSE bug 1206904 SUSE bug 1207036 SUSE bug 1207125 SUSE bug 1207134 SUSE bug 1207186 SUSE bug 1207198 SUSE bug 1207218 SUSE bug 1207237 CVE-2019-19083 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3115 CVE-2022-3435 CVE-2022-3564 CVE-2022-3643 CVE-2022-42328 CVE-2022-42329 CVE-2022-4662 CVE-2022-47520 CVE-2022-47929 CVE-2023-0266 CVE-2023-23454 CVE-2023-23455 cpe:/o:opensuse:leap:15.4 Security update for haproxy (Important) openSUSE Leap 15.4 This update for haproxy fixes the following issues: - CVE-2023-0056: Fixed a server crash that could be triggered via a malformed HTTP/2 frame (bsc#1207181). Important SUSE bug 1207181 CVE-2023-0056 cpe:/o:opensuse:leap:15.4 Security update for hdf5 (Moderate) openSUSE Leap 15.4 This update for hdf5 fixes the following issues: - CVE-2021-37501: Fixed overflow in calculation of data buffer due to bogus input file (bsc#1207973). Moderate SUSE bug 1207973 CVE-2021-37501 cpe:/o:opensuse:leap:15.4 Security update for qt6-base (Moderate) openSUSE Leap 15.4 qt6-base was updated to fix the following issue: - CVE-2023-24607: Fix a possible DOS in the Qt ODBC driver plugin. Moderate SUSE bug 1209616 CVE-2023-24607 cpe:/o:opensuse:leap:15.4 Security update for libgit2 (Moderate) openSUSE Leap 15.4 This update for libgit2 fixes the following issues: - CVE-2023-22742: Fixed SSH keys verification failure (bsc#1207364). Moderate SUSE bug 1207364 CVE-2023-22742 cpe:/o:opensuse:leap:15.4 Security update for helm (Moderate) openSUSE Leap 15.4 This update for helm fixes the following issues: Update to version 3.11.1 (bsc#1208084): - CVE-2023-25165: Fixed a information disclosure problem via getHostByName injection inside a chart to get values to a malicious DNS server. Moderate SUSE bug 1208084 CVE-2023-25165 cpe:/o:opensuse:leap:15.4 Security update for ceph (Important) openSUSE Leap 15.4 This update for ceph fixes the following issues: Security issues fixed: - CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837). - CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430). - CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025). Bug fixes: - osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183). - ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262). - cephadm: update monitoring container images (bsc#1200501). - mgr/dashboard: prevent alert redirect (bsc#1200978). - mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797). - monitoring/ceph-mixin: add RGW host to label info (bsc#1201976). - mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077). - python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375). - mgr/dashboard: fix rgw connect when using ssl (bsc#1205436). - ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292). - cephfs-shell: move source to separate subdirectory (bsc#1201604). Fix in previous release: - mgr/cephadm: try to get FQDN for configuration files (bsc#1196046). - When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748). - OSD marked down causes wrong backfill_toofull (bsc#1188911). - cephadm: Fix iscsi client caps (allow mgr <service status> calls) (bsc#1192838). - mgr/cephadm: fix and improve osd draining (bsc#1200317). - add iscsi and nfs to upgrade process (bsc#1206158). - mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840). Important SUSE bug 1187748 SUSE bug 1188911 SUSE bug 1192838 SUSE bug 1192840 SUSE bug 1196046 SUSE bug 1199183 SUSE bug 1200262 SUSE bug 1200317 SUSE bug 1200501 SUSE bug 1200978 SUSE bug 1201604 SUSE bug 1201797 SUSE bug 1201837 SUSE bug 1201976 SUSE bug 1202077 SUSE bug 1202292 SUSE bug 1203375 SUSE bug 1204430 SUSE bug 1205025 SUSE bug 1205436 SUSE bug 1206158 CVE-2022-0670 CVE-2022-3650 CVE-2022-3854 cpe:/o:opensuse:leap:15.4 Security update for curl (Moderate) openSUSE Leap 15.4 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). Moderate SUSE bug 1209209 SUSE bug 1209210 SUSE bug 1209211 SUSE bug 1209212 SUSE bug 1209214 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 cpe:/o:opensuse:leap:15.4 Security update for php7 (Moderate) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2022-4900: Fixed potential buffer overflow via PHP_CLI_SERVER_WORKERS environment variable. (bsc#1209537) Moderate SUSE bug 1208199 SUSE bug 1209537 CVE-2022-4900 cpe:/o:opensuse:leap:15.4 Security update for python-setuptools (Moderate) openSUSE Leap 15.4 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). Moderate SUSE bug 1206667 CVE-2022-40897 cpe:/o:opensuse:leap:15.4 Security update for samba (Important) openSUSE Leap 15.4 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - Updated to version 4.15.13: - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). - CVE-2022-37967: Fixed a potential privilege escalation issue via constrained delegation due to weak a cryptographic algorithm being selected (bsc#1205386). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - Updated to version 4.15.12: - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). - Updated to version 4.15.11: - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - Updated to version 4.15.10: - Fixed a potential crash due to a concurrency issue (bsc#1200102). - Updated to version 4.15.9: - CVE-2022-32742: Fixed an information leak that could be triggered via SMB1 (bsc#1201496). - CVE-2022-32746: Fixed a memory corruption issue in database audit logging (bsc#1201490). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32745: Fixed a remote server crash that could be triggered with certain LDAP requests (bsc#1201492). - CVE-2022-32744: Fixed an issue where AD users could have forged password change requests on behalf of other users (bsc#1201493). Other fixes: - Fixed a problem when using bind as samba-ad-dc backend related to the named service (bsc#1201689). Important SUSE bug 1200102 SUSE bug 1201490 SUSE bug 1201492 SUSE bug 1201493 SUSE bug 1201495 SUSE bug 1201496 SUSE bug 1201689 SUSE bug 1204254 SUSE bug 1205126 SUSE bug 1205385 SUSE bug 1205386 SUSE bug 1206504 SUSE bug 1206546 CVE-2021-20251 CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-3437 CVE-2022-37966 CVE-2022-37967 CVE-2022-38023 CVE-2022-42898 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. - CVE-2022-3523: Fixed use after free related to device private page handling (bsc#1204363). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bsc#1207050). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed misinterpretatino of the irtio_gpu_object_shmem_init() return value (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function (bsc#1208816). - CVE-2023-23001: Fixed misinterpretion of the regulator_get return value (bsc# 1208829). - CVE-2023-23004: Fixed misinterpretatino of the get_sg_table return value in arm/malidp_planes.c (bsc#1208843). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). The following non-security bugs were fixed: - NFSv4.1 provide mount option to toggle trunking discovery (git-fixes). - acpi / x86: Add support for LPS0 callback handler (git-fixes). - acpi: Do not build ACPICA with '-Os' (git-fixes). - acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). - acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). - acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). - acpi: battery: Fix missing NUL-termination with large strings (git-fixes). - acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes). - acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes). - acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). - acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). - acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). - acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). - acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). - acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). - acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). - acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). - acpica: Drop port I/O validation for some regions (git-fixes). - acpica: nsrepair: handle cases without a return value correctly (git-fixes). - alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). - alsa: hda/ca0132: minor fix for allocation size (git-fixes). - alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). - alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). - alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - alsa: hda: Do not unset preset when cleaning up codec (git-fixes). - alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes). - alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). - alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). - alsa: pci: lx6464es: fix a debug loop (git-fixes). - applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). - arm64: Treat ESR_ELx as a 64-bit register (git-fixes) - arm64: atomics: remove LL/SC trampolines (git-fixes) - arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes) - arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes). - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes). - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes). - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes). - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes). - arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes). - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes). - arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes) - arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). - arm64: dts: juno: Add missing MHU secure-irq (git-fixes) - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). - arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). - arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). - arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes). - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). - arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes). - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). - arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes). - arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes). - arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes). - arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). - arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes). - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes). - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes). - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). - arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). - arm64: make is_ttbrX_addr() noinstr-safe (git-fixes) - arm64: mm: kfence: only handle translation faults (git-fixes) - arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). - arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). - arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). - arm: dts: am5748: keep usb4_tm disabled (git-fixes) - arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes). - arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). - arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes). - arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) - arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). - arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) - arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). - arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes). - arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). - arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) - arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) - arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). - arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). - arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) - arm: omap: remove debug-leds driver (git-fixes) - arm: remove some dead code (git-fixes) - arm: renumber bits related to _TIF_WORK_MASK (git-fixes) - arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). - arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) - arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). - asoc: Intel: boards: fix spelling in comments (git-fixes). - asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). - asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes). - asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes). - asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). - asoc: adau7118: do not disable regulators on device unbind (git-fixes). - asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes). - asoc: codecs: lpass: fix incorrect mclk rate (git-fixes). - asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes). - asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes). - asoc: cs42l56: fix DT probe (git-fixes). - asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). - asoc: fsl_sai: Update to modern clocking terminology (git-fixes). - asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes). - asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). - asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). - asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). - asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). - asoc: rsnd: fixup #endif position (git-fixes). - asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). - asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes). - asoc: soc-compress: Reposition and add pcm_mutex (git-fixes). - asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes). - asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). - asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes). - asoc: zl38060 add gpiolib dependency (git-fixes). - asoc: zl38060: Remove spurious gpiolib select (git-fixes). - ath9k: hif_usb: simplify if-if to if-else (git-fixes). - ath9k: htc: clean up statistics macros (git-fixes). - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes). - avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). - backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). - blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). - blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). - block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). - block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes). - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). - block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes). - block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). - block: fix and cleanup bio_check_ro (git-fixes). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). - block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). - bluetooth: L2CAP: Fix potential user-after-free (git-fixes). - bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). - bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). - bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes). - bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes). - bpf, x64: Factor out emission of REX byte in more cases (git-fixes). - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes). - bpf: Fix extable address check (git-fixes). - bpf: Fix extable fixup offset (git-fixes). - bpf: Skip task with pid=1 in send_signal_common() (git-fixes). - can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes). - ceph: flush cap releases when the session is flushed (bsc#1208428). - ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504). - cifs: Check the lease context if we actually got a lease (bsc#1193629). - cifs: Convert struct fealist away from 1-element array (bsc#1193629). - cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). - cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). - cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). - cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). - cifs: Fix warning and UAF when destroy the MR list (git-fixes). - cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). - cifs: Replace remaining 1-element arrays (bsc#1193629). - cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). - cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not take exclusive lock for updating target hints (bsc#1193629). - cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). - cifs: fix mount on old smb servers (boo#1206935). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: get rid of dns resolve worker (bsc#1193629). - cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes). - cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). - cifs: match even the scope id for ipv6 addresses (bsc#1193629). - cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). - cifs: prevent data race in smb2_reconnect() (bsc#1193629). - cifs: print last update time for interface list (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). - cifs: remove unused function (bsc#1193629). - cifs: return a single-use cfid if we did not get a lease (bsc#1193629). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). - cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). - cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). - cifs: use tcon allocation functions even for dummy tcon (git-fixes). - cifs: use the least loaded channel for sending requests (bsc#1193629). - clk: HI655X: select REGMAP instead of depending on it (git-fixes). - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). - clk: imx: avoid memory leak (git-fixes). - clk: mxl: Add option to override gate clks (git-fixes). - clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). - clk: mxl: Remove redundant spinlocks (git-fixes). - clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes). - clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes). - clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). - clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). - clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes). - comedi: use menuconfig for main Comedi menu (git-fixes). - crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes). - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). - crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). - crypto: essiv - Handle EBUSY correctly (git-fixes). - crypto: qat - fix out-of-bounds read (git-fixes). - crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). - crypto: seqiv - Handle EBUSY correctly (git-fixes). - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - crypto: xts - Handle EBUSY correctly (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit Resulted in an Oops / hang at boot (bsc#1209436) - dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). - dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). - dmaengine: dw-edma: Drop chancnt initialization (git-fixes). - dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes). - dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). - dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes). - dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes). - do not sign the vanilla kernel (bsc#1209008). - docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes). - docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes). - docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). - docs: gdbmacros: print newest record (git-fixes). - documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes). - documentation: simplify and clarify DCO contribution example language (git-fixes). - driver core: fix potential null-ptr-deref in device_add() (git-fixes). - driver core: fix resource leak in device_add() (git-fixes). - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). - drivers: base: transport_class: fix possible memory leak (git-fixes). - drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). - drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes). - drm/amd/display: Fix potential null-deref in dm_resume (git-fixes). - drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). - drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). - drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes). - drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes). - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes). - drm/bridge: lt8912b: Add hot plug detection (git-fixes). - drm/bridge: lt9611: fix HPD reenablement (git-fixes). - drm/bridge: lt9611: fix clock calculation (git-fixes). - drm/bridge: lt9611: fix polarity programming (git-fixes). - drm/bridge: lt9611: fix programming of video modes (git-fixes). - drm/bridge: lt9611: fix sleep mode setup (git-fixes). - drm/bridge: lt9611: pass a pointer to the of node (git-fixes). - drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes). - drm/connector: print max_requested_bpc in state debugfs (git-fixes). - drm/edid: fix AVI infoframe aspect ratio handling (git-fixes). - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). - drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes). - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Fix VBT DSI DVO port handling (git-fixes). - drm/i915: Initialize the obj flags for shmem objects (git-fixes). - drm/mediatek: Clean dangling pointer on bind error path (git-fixes). - drm/mediatek: Drop unbalanced obj unref (git-fixes). - drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes). - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). - drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes). - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). - drm/msm/a5xx: fix context faults during ring switch (git-fixes). - drm/msm/a5xx: fix highest bank bit for a530 (git-fixes). - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes). - drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes). - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). - drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes). - drm/msm/dpu: Add check for cstate (git-fixes). - drm/msm/dpu: Add check for pstates (git-fixes). - drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). - drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). - drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes). - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). - drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/gem: Add check for kmalloc (git-fixes). - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/mdp5: Add check for kzalloc (git-fixes). - drm/msm: Fix potential invalid ptr free (git-fixes). - drm/msm: clean event_thread->worker in case of an error (git-fixes). - drm/msm: use strscpy instead of strncpy (git-fixes). - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes). - drm/nouveau/kms/nv50-: remove unused functions (git-fixes). - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes). - drm/omap: dsi: Fix excessive stack usage (git-fixes). - drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). - drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes). - drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes). - drm/radeon: free iio for atombios when driver shutdown (git-fixes). - drm/shmem-helper: Remove another errant put in error path (git-fixes). - drm/sun4i: fix missing component unbind on bind errors (git-fixes). - drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes). - drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes). - drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). - drm/vc4: hdmi: Correct interlaced timings again (git-fixes). - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). - drm/vc4: hvs: Set AXI panic modes (git-fixes). - drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). - drm/vkms: Fix memory leak in vkms_init() (git-fixes). - drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). - drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes). - drm: amd: display: Fix memory leakage (git-fixes). - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes). - drm: tidss: Fix pixel format definition (git-fixes). - dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). - dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). - dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). - dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes). - dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes). - dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). - dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). - eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). - efi: Accept version 2 of memory attributes table (git-fixes). - exit: Add and use make_task_dead (bsc#1207328). - exit: Allow oops_limit to be disabled (bsc#1207328). - exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). - exit: Move force_uaccess back into do_exit (bsc#1207328). - exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). - exit: Put an upper limit on how often we can oops (bsc#1207328). - exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). - ext4,f2fs: fix readahead of verity data (bsc#1207648). - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: add helper to check quota inums (bsc#1207618). - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - ext4: add missing validation of fast-commit record lengths (bsc#1207626). - ext4: allocate extended attribute value in vmalloc area (bsc#1207635). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: disable fast-commit of encrypted dir operations (bsc#1207623). - ext4: do not allow journal inode to have encrypt flag (bsc#1207621). - ext4: do not increase iversion counter for ea_inodes (bsc#1207605). - ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). - ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). - ext4: drop ineligible txn start stop APIs (bsc#1207588). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). - ext4: factor out ext4_fc_get_tl() (bsc#1207615). - ext4: fast commit may miss file actions (bsc#1207591). - ext4: fast commit may not fallback for ineligible commit (bsc#1207590). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: goto right label 'failed_mount3a' (bsc#1207610). - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: place buffer head allocation before handle start (bsc#1207607). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: simplify updating of fast commit stats (bsc#1207589). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - fbdev: omapfb: cleanup inconsistent indentation (git-fixes). - fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes). - firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). - firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes). - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). - firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes). - fix page corruption caused by racy check in __free_pages (bsc#1208149). - fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258). - fotg210-udc: Add missing completion handler (git-fixes). - fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). - fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). - gpio: vf610: connect GPIO label to dev name (git-fixes). - gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). - gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). - hid: Add Mapping for System Microphone Mute (git-fixes). - hid: asus: use spinlock to protect concurrent accesses (git-fixes). - hid: asus: use spinlock to safely schedule workers (git-fixes). - hid: bigben: use spinlock to protect concurrent accesses (git-fixes). - hid: bigben: use spinlock to safely schedule workers (git-fixes). - hid: bigben_probe(): validate report count (git-fixes). - hid: bigben_worker() remove unneeded check on report_field (git-fixes). - hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). - hid: elecom: add support for TrackBall 056E:011C (git-fixes). - hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes). - hid: multitouch: Add quirks for flipped axes (git-fixes). - hid: retain initial quirks set up when creating HID devices (git-fixes). - hv: fix comment typo in vmbus_channel/low_latency (git-fixes). - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). - hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes). - hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes). - hwmon: (coretemp) Simplify platform device handling (git-fixes). - hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). - hwmon: (ina3221) return prober error code (git-fixes). - hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848). - hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). - hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes). - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes). - hwmon: tmp512: drop of_match_ptr for ID table (git-fixes). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). - i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). - i2c: mxs: suppress probe-deferral error message (git-fixes). - i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). - ib/hfi1: Assign npages earlier (git-fixes) - ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes) - ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes) - ib/hfi1: Restore allocated resources on failed copyout (git-fixes) - ib/hfi1: Update RMT size calculation (git-fixes) - ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes) - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes). - iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). - infiniband: READ is 'data destination', not source... (git-fixes) - input: ads7846 - always set last command to PWRDOWN (git-fixes). - input: ads7846 - do not check penirq immediately for 7845 (git-fixes). - input: ads7846 - do not report pressure for ads7845 (git-fixes). - input: iqs269a - configure device with a single block write (git-fixes). - input: iqs269a - drop unused device node references (git-fixes). - input: iqs269a - increase interrupt handler return delay (git-fixes). - input: iqs626a - drop unused device node references (git-fixes). - interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes). - interconnect: fix mem leak when freeing nodes (git-fixes). - interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes). - iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) - iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes) - jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). - jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). - jbd2: fix potential buffer head reference count leak (bsc#1207644). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). - kabi FIX FOR: nfsv4.1 query for fs_location attr on a new file system (Never, kabi). - kabi FIX FOR: nsf: Further optimisations for 'ls -l' (git-fixes). - kabi FIX FOR: nsfd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - kabi fix for: nfsv3: handle out-of-order write replies (bsc#1205544). - kabi fix for: nfsv4: keep state manager thread active if swap is enabled (Never, kabi). - kabi workaround for hid quirks (git-fixes). - kabi: pci: Reduce warnings on possible RW1C corruption (kabi). - kabi: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi). - kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes). - leds: led-class: Add missing put_device() to led_put() (git-fixes). - leds: led-core: Fix refcount leak in of_led_get() (git-fixes). - lib/mpi: Fix buffer overrun when SG is too long (git-fixes). - lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes). - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). - locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). - locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). - locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). - locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). - locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). - locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). - locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). - locking: Add missing __sched attributes (bsc#1207270). - makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). - md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). - md: fix a crash in mempool_free (git-fixes). - media: coda: Add check for dcoda_iram_alloc (git-fixes). - media: coda: Add check for kmalloc (git-fixes). - media: i2c: imx219: Fix binning for RAW8 capture (git-fixes). - media: i2c: imx219: Split common registers from mode tables (git-fixes). - media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). - media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). - media: m5mols: fix off-by-one loop termination error (git-fixes). - media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). - media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). - media: ov5640: Fix analogue gain control (git-fixes). - media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). - media: platform: ti: Add missing check for devm_regulator_get (git-fixes). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). - media: rc: gpio-ir-recv: add remove function (git-fixes). - media: saa7134: Use video_unregister_device for radio_dev (git-fixes). - media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). - media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes). - media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes). - media: uvcvideo: Check controls flags before accessing them (git-fixes). - media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes). - media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes). - media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes). - media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). - media: uvcvideo: Handle cameras with invalid descriptors (git-fixes). - media: uvcvideo: Handle errors from calls to usb_string (git-fixes). - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes). - media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes). - media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes). - media: uvcvideo: Use control names from framework (git-fixes). - media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes). - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes). - media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). - mei: bus-fixup:upon error print return values of send and receive (git-fixes). - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes). - mfd: cs5535: Do not build on UML (git-fixes). - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes). - misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). - misc: enclosure: Fix doc for enclosure_find() (git-fixes). - mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262). - mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). - mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). - mmc: sdhci_am654: lower power-on failed message severity (git-fixes). - mmc: sdio: fix possible resource leaks in some error paths (git-fixes). - move upstreamed i915 and media fixes into sorted section - mt76: mt7915: fix polling firmware-own status (git-fixes). - mtd: dataflash: remove duplicate SPI ID table (git-fixes). - mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). - mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). - mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). - mtd: spi-nor: core: fix implicit declaration warning (git-fixes). - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). - net/rose: Fix to not accept on connected socket (git-fixes). - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes). - net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). - net/x25: Fix to not accept on connected socket (git-fixes). - net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - nfc: change order inside nfc_se_io error path (git-fixes). - nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes). - nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). - nfc: pn533: initialize struct pn533_out_arg properly (git-fixes). - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - nfs4trace: fix state manager flag printing (git-fixes). - nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). - nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). - nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes). - nfs: Further optimisations for 'ls -l' (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). - nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). - nfsd: Fix a memory leak in an error handling path (git-fixes). - nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). - nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes). - nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - nfsd: fix race to check ls_layouts (git-fixes). - nfsd: shut down the NFSv4 state objects before the filecache (git-fixes). - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - nfsd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - nfsv3: handle out-of-order write replies (bsc#1205544). - nfsv4 expose nfs_parse_server_name function (git-fixes). - nfsv4 handle port presence in fs_location server string (git-fixes). - nfsv4 only print the label when its queried (git-fixes). - nfsv4 remove zero number of fs_locations entries error check (git-fixes). - nfsv4 store server support for fs_location attribute (git-fixes). - nfsv4.1 query for fs_location attr on a new file system (git-fixes). - nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). - nfsv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). - nfsv4/pnsf: Always return layout stats on layout return for flexfiles (git-fixes). - nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). - nsf: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes). - nsf: Fix an Oops in nfs_d_automount() (git-fixes). - nsf: fix disabling of swap (git-fixes). - nsf: nfsiod should not block forever in mempool_alloc() (git-fixes). - nsf: nfsiod should not block forever in mempool_alloc() (git-fixes). - nsfd: Finish converting the NFSv2 GETACL result encoder (git-fixes). - nsfd: Finish converting the NFSv3 GETACL result encoder (git-fixes). - nsfd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - nsfd: Protect against filesystem freezing (git-fixes). - nsfd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - nsfd: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - nsfd: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - nsfd: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - nsfd: fix use-after-free on source server when doing inter-server copy (git-fixes). - nsfd: pass range end to vfs_fsync_range() instead of count (git-fixes). - nsfv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - nsfv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - nsfv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - nsfv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - nsfv4.2: Fix initialisation of struct nfs4_label (git-fixes). - nsfv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - nsfv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes). - nsfv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - nsfv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - nsfv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - nsfv4: Fix a potential state reclaim deadlock (git-fixes). - nsfv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - nsfv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - nsfv4: keep state manager thread active if swap is enabled (git-fixes). - nvdimm: disable namespace on error (bsc#1166486). - nvme-auth: check chap ctrl_key once constructed (bsc#1202633). - nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). - nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). - nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). - nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). - nvme-auth: do not override ctrl keys before validation (bsc#1202633). - nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). - nvme-auth: do not use NVMe status codes (bsc#1202633). - nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). - nvme-auth: fix smatch warning complaints (bsc#1202633). - nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). - nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). - nvme-auth: mark nvme_auth_wq static (bsc#1202633). - nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). - nvme-auth: remove redundant auth_work flush (bsc#1202633). - nvme-auth: remove redundant buffer deallocations (bsc#1202633). - nvme-auth: remove redundant deallocations (bsc#1202633). - nvme-auth: remove redundant if statement (bsc#1202633). - nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). - nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). - nvme-auth: rename authentication work elements (bsc#1202633). - nvme-auth: use workqueue dedicated to authentication (bsc#1202633). - nvme-fabrics: show well known discovery name (bsc#1200054). - objtool: Add a missing comma to avoid string concatenation (bsc#1207328). - ocfs2: Fix data corruption after failed write (bsc#1208542). - ocfs2: clear dinode links count in case of error (bsc#1207650). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). - ocfs2: fix crash when mount with quota enabled (bsc#1207640). - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). - ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). - ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). - ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). - panic: Introduce warn_limit (bsc#1207328). - panic: unset panic_on_warn inside panic() (bsc#1207328). - pci/ioc: Enlarge virtfn sysfs name buffer (git-fixes). - pci/pm: Always disable PTM for all devices during suspend (git-fixes). - pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes). - pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes). - pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). - pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes). - pci: Add ACS quirk for Wangxun NICs (git-fixes). - pci: Add SolidRun vendor ID (git-fixes). - pci: Align extra resources for hotplug bridges properly (git-fixes). - pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes). - pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes). - pci: Fix dropping valid root bus resources with .end = zero (git-fixes). - pci: Reduce warnings on possible RW1C corruption (git-fixes). - pci: Take other bus devices into account when distributing resources (git-fixes). - pci: Unify delay handling for reset and resume (git-fixes). - pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes). - pci: aardvark: Fix link training (git-fixes). - pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes). - pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes). - pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes). - pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes). - pci: qcom: Fix host-init error handling (git-fixes). - pci: qcom: Fix pipe clock imbalance (git-fixes). - pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). - pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes). - perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes). - perf/core: Call LSM hook after copying perf_event_attr (git fixes). - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes). - perf/core: Inherit event_caps (git fixes). - perf/x86/amd: fix potential integer overflow on shift of a int (git fixes). - perf/x86/intel/ds: Fix precise store latency handling (git fixes). - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes). - perf/x86/intel/pt: Fix sampling using single range output (git fixes). - perf/x86/intel/pt: Relax address filter validation (git fixes). - perf/x86/intel/uncore: Add Emerald Rapids (git fixes). - perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes). - perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes). - perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes). - perf/x86/intel: Add Emerald Rapids (git fixes). - perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes). - perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes). - perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes). - perf/x86/intel: Fix event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for ADL (git fixes). - perf/x86/intel: Fix pebs event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for SPR (git fixes). - perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes). - perf/x86/msr: Add Emerald Rapids (git fixes). - perf/x86/rapl: Add support for Intel AlderLake-N (git fixes). - perf/x86/rapl: Treat Tigerlake like Icelake (git fixes). - perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes). - perf/x86/rapl: fix AMD event handling (git fixes). - perf/x86/uncore: Add Raptor Lake uncore support (git fixes). - perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes). - perf/x86/uncore: Add new Raptor Lake S support (git fixes). - perf/x86/uncore: Clean up uncore_pci_ids (git fixes). - perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf: Always wake the parent event (git fixes). - perf: Fix possible memleak in pmu_dev_alloc() (git fixes). - phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes). - phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). - pinctrl: aspeed: Fix confusing types in return value (git-fixes). - pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes). - pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes). - pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). - pinctrl: mediatek: fix coding style (git-fixes). - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes). - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes). - pinctrl: single: fix potential NULL dereference (git-fixes). - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). - platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). - platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes). - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - printf: fix errname.c list (git-fixes). - prlimit: do_prlimit needs to have a speculation check (bsc#1209256). - pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes). - qede: avoid uninitialized entries in coal_entry array (bsc#1205846). - qede: fix interrupt coalescing configuration (bsc#1205846). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). - rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159). - rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes) - rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes) - rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes) - rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes) - rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes) - rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes) - rdma/siw: Fix user page pinning accounting (git-fixes) - rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) - refresh patches.suse/NFSv3-handle-out-of-order-write-replies Careless typo - might cause bsc#1209457 - regulator: Flag uncontrollable regulators as always_on (git-fixes). - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes). - regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes). - regulator: max77802: Bounds check regulator id against opmode (git-fixes). - regulator: s5m8767: Bounds check id indexing into arrays (git-fixes). - remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). - replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. - require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans. - revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes). - revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes). - revert 'hid: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes). - revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - rpm/kernel-obs-build.spec.in: Remove SLE11 cruft - rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). - rtc: pm8xxx: fix set-alarm race (git-fixes). - rtc: sun6i: Always export the internal oscillator (git-fixes). - s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). - s390/kexec: fix ipl report address for kdump (bsc#1207529). - scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607). - scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). - scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). - scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). - scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). - scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). - scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). - scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). - scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). - scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). - scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). - scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). - scsi: qla2xxx: Fix erroneous link down (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). - scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). - scsi: qla2xxx: Fix printk() format string (bsc#1208570). - scsi: qla2xxx: Fix stalled login (bsc#1208570). - scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). - scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). - scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (bsc#1208570). - scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). - scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). - scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). - scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). - scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). - scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). - scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). - scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). - scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes). - sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes). - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes). - selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). - selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). - selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). - selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). - selftests/powerpc: Move perror closer to its use (bsc#1206232). - selftests: forwarding: lib: quote the sysctl values (git-fixes). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). - serial: 8250_em: Fix UART port type (git-fixes). - serial: 8250_fsl: fix handle_irq locking (git-fixes). - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). - serial: qcom-geni: fix console shutdown hang (git-fixes). - serial: sc16is7xx: setup GPIO controller later in probe (git-fixes). - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). - signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes). - signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). - signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes). - signal: Implement force_fatal_sig (git-fixes). - smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). - soundwire: cadence: Do not overflow the command FIFOs (git-fixes). - spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). - spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). - spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes). - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes). - spi: tegra210-quad: Fix validate combined sequence (git-fixes). - staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes). - staging: mt7621-dts: change palmbus address to lower case (git-fixes). - struct dwc3: mask new member (git-fixes). - struct uvc_device move flush_status new member to end (git-fixes). - sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes). - sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - sunrpc: Fix a server shutdown leak (git-fixes). - sunrpc: Fix missing release socket in rpc_sockname() (git-fixes). - sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes). - sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes). - sunrpc: Fix socket waits for write buffer space (git-fixes). - sunrpc: Return true/false (not 1/0) from bool functions (git-fixes). - sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes). - supported.conf: Remove duplicate entry. - sysctl: add a new register_sysctl_init() interface (bsc#1207328). - thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). - thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes). - thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). - thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). - thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes). - thermal: intel: Fix unsigned comparison with less than zero (git-fixes). - thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes). - thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes). - thermal: intel: quark_dts: fix error pointer dereference (git-fixes). - tools/iio/iio_utils:fix memory leak (git-fixes). - tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes). - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - trace_events_hist: add check for return value of 'create_hist_field' (git-fixes). - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes). - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes). - tracing: Check field value in hist_field_name() (git-fixes). - tracing: Do not let histogram values have some modifiers (git-fixes). - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). - tracing: Make splice_read available again (git-fixes). - tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes). - tracing: Make tracepoint lockdep check actually test something (git-fixes). - tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes). - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes). - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes). - tty: serial: imx: Handle RS485 DE signal active high (git-fixes). - tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes). - tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes). - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). - update internal module version number for cifs.ko (bsc#1193629). - update patches.suse/0001-exit-Put-an-upper-limit-on-how-often-we-can-oops (bsc#1207328, bsc#1208290). - update patches.suse/hid-bigben_probe-validate-report-count (bsc#1208605). Added bugzilla reference to fix already applied - usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - usb: dwc3: core: Host wake up support from system suspend (git-fixes). - usb: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). - usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). - usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes). - usb: dwc3: qcom: clean up icc init (git-fixes). - usb: dwc3: qcom: clean up suspend callbacks (git-fixes). - usb: dwc3: qcom: fix gadget-only builds (git-fixes). - usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). - usb: dwc3: qcom: fix wakeup implementation (git-fixes). - usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). - usb: dwc3: qcom: suppress unused-variable warning (git-fixes). - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - usb: ene_usb6250: Allocate enough memory for full object (git-fixes). - usb: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes). - usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes). - usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes). - usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes). - usb: max-3421: Fix setting of I/O pins (git-fixes). - usb: musb: Add and use inline function musb_otg_state_string (git-fixes). - usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). - usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). - usb: musb: remove schedule work called after flush (git-fixes). - usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes). - usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). - usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes). - usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes). - usb: uvc: Enumerate valid values for color matching (git-fixes). - vc_screen: do not clobber return value in vcs_read (git-fixes). - vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). - vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). - vfio/type1: prevent underflow of locked_vm via exec() (git-fixes). - vfio/type1: restore locked_vm (git-fixes). - vfio/type1: track locked_vm per dma (git-fixes). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). - vfs: filename_create(): fix incorrect intent (bsc#1197534). - virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). - virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). - virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). - virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). - virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). - vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617). - watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration. - watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). - wifi: ath11k: allow system suspend to survive ath11k (git-fixes). - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes). - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes). - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). - wifi: ath9k: use proper statements in conditionals (git-fixes). - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes). - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes). - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes). - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). - wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). - wifi: cfg80211: Fix use after free for wext (git-fixes). - wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes). - wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). - wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes). - wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes). - wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). - wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). - wifi: mt7601u: fix an integer underflow (git-fixes). - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes). - wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes). - wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). - wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). - wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes). - wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes). - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). - wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). - wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - writeback: avoid use-after-free after removing device (bsc#1207638). - x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes). - x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). - x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848). - x86/asm: Fix an assembler warning with current binutils (git-fixes). - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). - x86/cpu: Add CPU model numbers for Meteor Lake (git fixes). - x86/cpu: Add Raptor Lake to Intel family (git fixes). - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes). - x86/cpu: Add new Raptor Lake CPU model number (git fixes). - x86/cpu: Add several Intel server CPU model numbers (git fixes). - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes). - x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes). - x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). - x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes). - x86/perf/zhaoxin: Add stepping check for ZXC (git fixes). - x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes). - x86/perf: Default set FREEZE_ON_SMI for all (git fixes). - x86/sgx: Fix free page accounting (git-fixes). - x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). - x86: acpi: cstate: Optimize C3 entry on AMD CPUs (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xen-netfront: Fix NULL sring after live migration (git-fixes). - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). - xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) - xen/netback: do some code cleanup (git-fixes). - xen/netback: fix build warning (git-fixes). - xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes). - xen/platform-pci: add missing free_irq() in error path (git-fixes). - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes). - xen: fix 'direction' argument of iov_iter_kvec() (git-fixes). - xfs: estimate post-merge refcounts correctly (bsc#1208183). - xfs: hoist refcount record merge predicates (bsc#1208183). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). Important SUSE bug 1166486 SUSE bug 1177529 SUSE bug 1193629 SUSE bug 1197534 SUSE bug 1197617 SUSE bug 1198438 SUSE bug 1200054 SUSE bug 1202353 SUSE bug 1202633 SUSE bug 1203200 SUSE bug 1203331 SUSE bug 1203332 SUSE bug 1204363 SUSE bug 1204993 SUSE bug 1205544 SUSE bug 1205846 SUSE bug 1206103 SUSE bug 1206224 SUSE bug 1206232 SUSE bug 1206459 SUSE bug 1206492 SUSE bug 1206493 SUSE bug 1206640 SUSE bug 1206824 SUSE bug 1206877 SUSE bug 1206878 SUSE bug 1206880 SUSE bug 1206881 SUSE bug 1206882 SUSE bug 1206883 SUSE bug 1206884 SUSE bug 1206886 SUSE bug 1206894 SUSE bug 1206935 SUSE bug 1207036 SUSE bug 1207050 SUSE bug 1207051 SUSE bug 1207125 SUSE bug 1207270 SUSE bug 1207328 SUSE bug 1207529 SUSE bug 1207560 SUSE bug 1207588 SUSE bug 1207590 SUSE bug 1207591 SUSE bug 1207592 SUSE bug 1207593 SUSE bug 1207594 SUSE bug 1207603 SUSE bug 1207605 SUSE bug 1207606 SUSE bug 1207608 SUSE bug 1207609 SUSE bug 1207613 SUSE bug 1207615 SUSE bug 1207617 SUSE bug 1207618 SUSE bug 1207619 SUSE bug 1207620 SUSE bug 1207621 SUSE bug 1207623 SUSE bug 1207624 SUSE bug 1207625 SUSE bug 1207626 SUSE bug 1207630 SUSE bug 1207631 SUSE bug 1207632 SUSE bug 1207634 SUSE bug 1207635 SUSE bug 1207636 SUSE bug 1207638 SUSE bug 1207639 SUSE bug 1207640 SUSE bug 1207641 SUSE bug 1207642 SUSE bug 1207643 SUSE bug 1207644 SUSE bug 1207645 SUSE bug 1207646 SUSE bug 1207647 SUSE bug 1207648 SUSE bug 1207649 SUSE bug 1207650 SUSE bug 1207651 SUSE bug 1207652 SUSE bug 1207653 SUSE bug 1207768 SUSE bug 1207770 SUSE bug 1207771 SUSE bug 1207773 SUSE bug 1207795 SUSE bug 1207845 SUSE bug 1207875 SUSE bug 1208149 SUSE bug 1208153 SUSE bug 1208179 SUSE bug 1208183 SUSE bug 1208212 SUSE bug 1208290 SUSE bug 1208420 SUSE bug 1208428 SUSE bug 1208429 SUSE bug 1208449 SUSE bug 1208534 SUSE bug 1208541 SUSE bug 1208542 SUSE bug 1208570 SUSE bug 1208598 SUSE bug 1208599 SUSE bug 1208601 SUSE bug 1208605 SUSE bug 1208607 SUSE bug 1208628 SUSE bug 1208700 SUSE bug 1208741 SUSE bug 1208759 SUSE bug 1208776 SUSE bug 1208777 SUSE bug 1208784 SUSE bug 1208787 SUSE bug 1208816 SUSE bug 1208829 SUSE bug 1208837 SUSE bug 1208843 SUSE bug 1208848 SUSE bug 1209008 SUSE bug 1209159 SUSE bug 1209188 SUSE bug 1209256 SUSE bug 1209258 SUSE bug 1209262 SUSE bug 1209291 SUSE bug 1209436 SUSE bug 1209457 SUSE bug 1209504 SUSE bug 1209572 CVE-2022-3523 CVE-2022-36280 CVE-2022-38096 CVE-2023-0045 CVE-2023-0122 CVE-2023-0461 CVE-2023-0590 CVE-2023-0597 CVE-2023-1075 CVE-2023-1076 CVE-2023-1078 CVE-2023-1095 CVE-2023-1118 CVE-2023-22995 CVE-2023-22998 CVE-2023-23000 CVE-2023-23001 CVE-2023-23004 CVE-2023-23454 CVE-2023-23455 CVE-2023-23559 CVE-2023-25012 CVE-2023-26545 CVE-2023-28328 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. - CVE-2022-3523: Fixed use after free related to device private page handling (bsc#1204363). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed misinterpretation of the irtio_gpu_object_shmem_init() return value (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23004: Fixed misinterpretation of the get_sg_table return value in arm/malidp_planes.c (bsc#1208843). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-25012: Fixed a use-After-Free in bigben_set_led() in hid (bsc#1207560). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). The following non-security bugs were fixed: - [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes). - acpi: Do not build ACPICA with '-Os' (git-fixes). - acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). - acpi: battery: Fix missing NUL-termination with large strings (git-fixes). - acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes). - acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes). - acpica: Drop port I/O validation for some regions (git-fixes). - acpica: nsrepair: handle cases without a return value correctly (git-fixes). - alsa: hda/ca0132: minor fix for allocation size (git-fixes). - alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). - alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes). - alsa: hda: Do not unset preset when cleaning up codec (git-fixes). - alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes). - alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). - alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). - applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). - arm64: Treat ESR_ELx as a 64-bit register (git-fixes) - arm64: atomics: remove LL/SC trampolines (git-fixes) - arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes) - arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes). - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes). - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes). - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes). - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes). - arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes). - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes). - arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes) - arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). - arm64: dts: juno: Add missing MHU secure-irq (git-fixes) - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes). - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). - arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes). - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). - arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). - arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes). - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). - arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes). - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). - arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes). - arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes). - arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes). - arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). - arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes). - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes). - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes). - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). - arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). - arm64: make is_ttbrX_addr() noinstr-safe (git-fixes) - arm64: mm: kfence: only handle translation faults (git-fixes) - arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). - arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). - arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). - arm: dts: am5748: keep usb4_tm disabled (git-fixes) - arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes). - arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). - arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes). - arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) - arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). - arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) - arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). - arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes). - arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). - arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) - arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) - arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). - arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). - arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) - arm: omap: remove debug-leds driver (git-fixes) - arm: remove some dead code (git-fixes) - arm: renumber bits related to _TIF_WORK_MASK (git-fixes) - arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). - arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) - arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). - ascpi / x86: Add support for LPS0 callback handler (git-fixes). - asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes). - asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). - asoc: adau7118: do not disable regulators on device unbind (git-fixes). - asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes). - asoc: codecs: lpass: fix incorrect mclk rate (git-fixes). - asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes). - asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes). - asoc: cs42l56: fix DT probe (git-fixes). - asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). - asoc: fsl_sai: Update to modern clocking terminology (git-fixes). - asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes). - asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). - asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). - asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). - asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). - asoc: rsnd: fixup #endif position (git-fixes). - asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). - asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes). - asoc: soc-compress: Reposition and add pcm_mutex (git-fixes). - asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes). - asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). - asoc: zl38060 add gpiolib dependency (git-fixes). - asoc: zl38060: Remove spurious gpiolib select (git-fixes). - ath9k: hif_usb: simplify if-if to if-else (git-fixes). - ath9k: htc: clean up statistics macros (git-fixes). - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes). - avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). - backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). - bluetooth: L2CAP: Fix potential user-after-free (git-fixes). - bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). - bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). - bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes). - bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes). - bpf, x64: Factor out emission of REX byte in more cases (git-fixes). - bpf: Fix extable address check (git-fixes). - bpf: Fix extable fixup offset (git-fixes). - ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504). - cifs: Check the lease context if we actually got a lease (bsc#1193629). - cifs: Convert struct fealist away from 1-element array (bsc#1193629). - cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). - cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). - cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). - cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). - cifs: Fix warning and UAF when destroy the MR list (git-fixes). - cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). - cifs: Replace remaining 1-element arrays (bsc#1193629). - cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). - cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). - cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). - cifs: fix mount on old smb servers (boo#1206935). - cifs: get rid of dns resolve worker (bsc#1193629). - cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). - cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes). - cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). - cifs: match even the scope id for ipv6 addresses (bsc#1193629). - cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). - cifs: prevent data race in smb2_reconnect() (bsc#1193629). - cifs: print last update time for interface list (bsc#1193629). - cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). - cifs: return a single-use cfid if we did not get a lease (bsc#1193629). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). - cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). - cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). - cifs: use tcon allocation functions even for dummy tcon (git-fixes). - cifs: use the least loaded channel for sending requests (bsc#1193629). - clk: HI655X: select REGMAP instead of depending on it (git-fixes). - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). - clk: imx: avoid memory leak (git-fixes). - clk: mxl: Add option to override gate clks (git-fixes). - clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). - clk: mxl: Remove redundant spinlocks (git-fixes). - clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes). - clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes). - clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). - clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). - clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes). - comedi: use menuconfig for main Comedi menu (git-fixes). - crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes). - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). - crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). - crypto: essiv - Handle EBUSY correctly (git-fixes). - crypto: qat - fix out-of-bounds read (git-fixes). - crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). - crypto: seqiv - Handle EBUSY correctly (git-fixes). - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - crypto: xts - Handle EBUSY correctly (git-fixes). - delete suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit Resulted in an Oops / hang at boot (bsc#1209436) - dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). - dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). - dmaengine: dw-edma: Drop chancnt initialization (git-fixes). - dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes). - dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). - dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes). - dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes). - do not sign the vanilla kernel (bsc#1209008). - docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes). - docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes). - docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). - docs: gdbmacros: print newest record (git-fixes). - documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes). - documentation: simplify and clarify DCO contribution example language (git-fixes). - driver core: fix potential null-ptr-deref in device_add() (git-fixes). - driver core: fix resource leak in device_add() (git-fixes). - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes). - drivers: base: transport_class: fix possible memory leak (git-fixes). - drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). - drm/amd/display: Fix potential null-deref in dm_resume (git-fixes). - drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). - drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes). - drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes). - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes). - drm/bridge: lt8912b: Add hot plug detection (git-fixes). - drm/bridge: lt9611: fix HPD reenablement (git-fixes). - drm/bridge: lt9611: fix clock calculation (git-fixes). - drm/bridge: lt9611: fix polarity programming (git-fixes). - drm/bridge: lt9611: fix programming of video modes (git-fixes). - drm/bridge: lt9611: fix sleep mode setup (git-fixes). - drm/bridge: lt9611: pass a pointer to the of node (git-fixes). - drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes). - drm/connector: print max_requested_bpc in state debugfs (git-fixes). - drm/edid: fix AVI infoframe aspect ratio handling (git-fixes). - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). - drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes). - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/mediatek: Clean dangling pointer on bind error path (git-fixes). - drm/mediatek: Drop unbalanced obj unref (git-fixes). - drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes). - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). - drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes). - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). - drm/msm/a5xx: fix context faults during ring switch (git-fixes). - drm/msm/a5xx: fix highest bank bit for a530 (git-fixes). - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes). - drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes). - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). - drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes). - drm/msm/dpu: Add check for cstate (git-fixes). - drm/msm/dpu: Add check for pstates (git-fixes). - drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). - drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). - drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes). - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). - drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/gem: Add check for kmalloc (git-fixes). - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/mdp5: Add check for kzalloc (git-fixes). - drm/msm: Fix potential invalid ptr free (git-fixes). - drm/msm: clean event_thread->worker in case of an error (git-fixes). - drm/msm: use strscpy instead of strncpy (git-fixes). - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes). - drm/nouveau/kms/nv50-: remove unused functions (git-fixes). - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes). - drm/omap: dsi: Fix excessive stack usage (git-fixes). - drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). - drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes). - drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes). - drm/radeon: free iio for atombios when driver shutdown (git-fixes). - drm/shmem-helper: Remove another errant put in error path (git-fixes). - drm/sun4i: fix missing component unbind on bind errors (git-fixes). - drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes). - drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes). - drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). - drm/vc4: hdmi: Correct interlaced timings again (git-fixes). - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). - drm/vc4: hvs: Set AXI panic modes (git-fixes). - drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). - drm/vkms: Fix memory leak in vkms_init() (git-fixes). - drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). - drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes). - drm: amd: display: Fix memory leakage (git-fixes). - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes). - drm: tidss: Fix pixel format definition (git-fixes). - dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). - dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). - dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). - dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes). - dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes). - dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). - dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). - eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). - fbdev: omapfb: cleanup inconsistent indentation (git-fixes). - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes). - firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). - firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes). - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). - firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes). - fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258). - fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). - gpio: vf610: connect GPIO label to dev name (git-fixes). - gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). - gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). - hid: Add Mapping for System Microphone Mute (git-fixes). - hid: asus: use spinlock to protect concurrent accesses (git-fixes). - hid: asus: use spinlock to safely schedule workers (git-fixes). - hid: bigben: use spinlock to protect concurrent accesses (git-fixes). - hid: bigben: use spinlock to safely schedule workers (git-fixes). - hid: bigben_probe(): validate report count (git-fixes). - hid: bigben_worker() remove unneeded check on report_field (git-fixes). - hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). - hid: elecom: add support for TrackBall 056E:011C (git-fixes). - hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes). - hid: multitouch: Add quirks for flipped axes (git-fixes). - hid: retain initial quirks set up when creating HID devices (git-fixes). - hv: fix comment typo in vmbus_channel/low_latency (git-fixes). - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). - hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes). - hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes). - hwmon: (coretemp) Simplify platform device handling (git-fixes). - hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). - hwmon: (ina3221) return prober error code (git-fixes). - hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848). - hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). - hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes). - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes). - hwmon: tmp512: drop of_match_ptr for ID table (git-fixes). - i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). - ib/hfi1: Assign npages earlier (git-fixes) - ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes) - ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes) - ib/hfi1: Update RMT size calculation (git-fixes) - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes). - iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). - input: ads7846 - always set last command to PWRDOWN (git-fixes). - input: ads7846 - do not check penirq immediately for 7845 (git-fixes). - input: ads7846 - do not report pressure for ads7845 (git-fixes). - input: iqs269a - configure device with a single block write (git-fixes). - input: iqs269a - drop unused device node references (git-fixes). - input: iqs269a - increase interrupt handler return delay (git-fixes). - input: iqs626a - drop unused device node references (git-fixes). - interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes). - interconnect: fix mem leak when freeing nodes (git-fixes). - interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes). - iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) - iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes) - kABI workaround for hid quirks (git-fixes). - kABI: pci: Reduce warnings on possible RW1C corruption (kabi). - kABI: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi). - kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes). - kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - kabi fix for: nfsv3: handle out-of-order write replies (bsc#1205544). - kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes). - kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too. - leds: led-class: Add missing put_device() to led_put() (git-fixes). - leds: led-core: Fix refcount leak in of_led_get() (git-fixes). - lib/mpi: Fix buffer overrun when SG is too long (git-fixes). - lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes). - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). - locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). - locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). - locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). - locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). - locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). - locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). - locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). - locking: Add missing __sched attributes (bsc#1207270). - makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - media: coda: Add check for dcoda_iram_alloc (git-fixes). - media: coda: Add check for kmalloc (git-fixes). - media: i2c: imx219: Fix binning for RAW8 capture (git-fixes). - media: i2c: imx219: Split common registers from mode tables (git-fixes). - media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). - media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). - media: m5mols: fix off-by-one loop termination error (git-fixes). - media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). - media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). - media: ov5640: Fix analogue gain control (git-fixes). - media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). - media: platform: ti: Add missing check for devm_regulator_get (git-fixes). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). - media: rc: gpio-ir-recv: add remove function (git-fixes). - media: saa7134: Use video_unregister_device for radio_dev (git-fixes). - media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). - media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes). - media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes). - media: uvcvideo: Check controls flags before accessing them (git-fixes). - media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes). - media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes). - media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes). - media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). - media: uvcvideo: Handle cameras with invalid descriptors (git-fixes). - media: uvcvideo: Handle errors from calls to usb_string (git-fixes). - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes). - media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes). - media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes). - media: uvcvideo: Use control names from framework (git-fixes). - media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes). - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes). - media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). - mei: bus-fixup:upon error print return values of send and receive (git-fixes). - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes). - mfd: cs5535: Do not build on UML (git-fixes). - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes). - misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). - misc: enclosure: Fix doc for enclosure_find() (git-fixes). - mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262). - mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). - mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). - mmc: sdhci_am654: lower power-on failed message severity (git-fixes). - mmc: sdio: fix possible resource leaks in some error paths (git-fixes). - move upstreamed i915 and media fixes into sorted section - mt76: mt7915: fix polling firmware-own status (git-fixes). - mtd: dataflash: remove duplicate SPI ID table (git-fixes). - mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). - mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). - mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). - mtd: spi-nor: core: fix implicit declaration warning (git-fixes). - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). - net/rose: Fix to not accept on connected socket (git-fixes). - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes). - nfc: change order inside nfc_se_io error path (git-fixes). - nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes). - nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). - nfc: pn533: initialize struct pn533_out_arg properly (git-fixes). - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes). - nfs4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). - nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes). - nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). - nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes). - nfs: Further optimisations for 'ls -l' (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). - nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). - nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes). - nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes). - nfsd: Fix a memory leak in an error handling path (git-fixes). - nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). - nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes). - nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes). - nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes). - nfsv3: handle out-of-order write replies (bsc#1205544). - nfsv4 expose nfs_parse_server_name function (git-fixes). - nfsv4 handle port presence in fs_location server string (git-fixes). - nfsv4 only print the label when its queried (git-fixes). - nfsv4 remove zero number of fs_locations entries error check (git-fixes). - nfsv4 store server support for fs_location attribute (git-fixes). - nfsv4.1 query for fs_location attr on a new file system (git-fixes). - nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). - nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). - nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes). - nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - nfsv4: Fix a potential state reclaim deadlock (git-fixes). - nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). - nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - nvme-auth: check chap ctrl_key once constructed (bsc#1202633). - nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). - nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). - nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). - nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). - nvme-auth: do not override ctrl keys before validation (bsc#1202633). - nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). - nvme-auth: do not use NVMe status codes (bsc#1202633). - nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). - nvme-auth: fix smatch warning complaints (bsc#1202633). - nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). - nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). - nvme-auth: mark nvme_auth_wq static (bsc#1202633). - nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). - nvme-auth: remove redundant auth_work flush (bsc#1202633). - nvme-auth: remove redundant buffer deallocations (bsc#1202633). - nvme-auth: remove redundant deallocations (bsc#1202633). - nvme-auth: remove redundant if statement (bsc#1202633). - nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). - nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). - nvme-auth: rename authentication work elements (bsc#1202633). - nvme-auth: use workqueue dedicated to authentication (bsc#1202633). - nvme-fabrics: show well known discovery name (bsc#1200054). - ocfs2: Fix data corruption after failed write (bsc#1208542). - pci/ioc: Enlarge virtfn sysfs name buffer (git-fixes). - pci/pm: Always disable PTM for all devices during suspend (git-fixes). - pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes). - pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes). - pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). - pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes). - pci: Add ACS quirk for Wangxun NICs (git-fixes). - pci: Add SolidRun vendor ID (git-fixes). - pci: Align extra resources for hotplug bridges properly (git-fixes). - pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes). - pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes). - pci: Fix dropping valid root bus resources with .end = zero (git-fixes). - pci: Reduce warnings on possible RW1C corruption (git-fixes). - pci: Take other bus devices into account when distributing resources (git-fixes). - pci: Unify delay handling for reset and resume (git-fixes). - pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes). - pci: aardvark: Fix link training (git-fixes). - pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes). - pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes). - pci: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes). - pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes). - pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes). - pci: qcom: Fix host-init error handling (git-fixes). - pci: qcom: Fix pipe clock imbalance (git-fixes). - pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). - pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes). - perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes). - perf/core: Call LSM hook after copying perf_event_attr (git fixes). - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes). - perf/core: Inherit event_caps (git fixes). - perf/x86/amd: fix potential integer overflow on shift of a int (git fixes). - perf/x86/intel/ds: Fix precise store latency handling (git fixes). - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes). - perf/x86/intel/pt: Fix sampling using single range output (git fixes). - perf/x86/intel/pt: Relax address filter validation (git fixes). - perf/x86/intel/uncore: Add Emerald Rapids (git fixes). - perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes). - perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes). - perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes). - perf/x86/intel: Add Emerald Rapids (git fixes). - perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes). - perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes). - perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes). - perf/x86/intel: Fix event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for ADL (git fixes). - perf/x86/intel: Fix pebs event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for SPR (git fixes). - perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes). - perf/x86/msr: Add Emerald Rapids (git fixes). - perf/x86/rapl: Add support for Intel AlderLake-N (git fixes). - perf/x86/rapl: Treat Tigerlake like Icelake (git fixes). - perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes). - perf/x86/rapl: fix AMD event handling (git fixes). - perf/x86/uncore: Add Raptor Lake uncore support (git fixes). - perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes). - perf/x86/uncore: Add new Raptor Lake S support (git fixes). - perf/x86/uncore: Clean up uncore_pci_ids (git fixes). - perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf: Always wake the parent event (git fixes). - perf: Fix possible memleak in pmu_dev_alloc() (git fixes). - phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes). - phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). - pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes). - pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). - pinctrl: mediatek: fix coding style (git-fixes). - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes). - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes). - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). - platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). - platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes). - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes). - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). - printf: fix errname.c list (git-fixes). - prlimit: do_prlimit needs to have a speculation check (bsc#1209256). - pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes). - qede: avoid uninitialized entries in coal_entry array (bsc#1205846). - qede: fix interrupt coalescing configuration (bsc#1205846). - rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159). - rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes) - rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes) - rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes) - rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes) - rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes) - rdma/siw: Fix user page pinning accounting (git-fixes) - refresh suse/NFSv3-handle-out-of-order-write-replies. Careless typo - might cause bsc#1209457 - refresh suse/ice-clear-stale-Tx-queue-settings-before-configuring. Fix bug introduced by broken backport (bsc#1208628). - regulator: Flag uncontrollable regulators as always_on (git-fixes). - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes). - regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes). - regulator: max77802: Bounds check regulator id against opmode (git-fixes). - regulator: s5m8767: Bounds check id indexing into arrays (git-fixes). - remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). - replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. - require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans. - revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes). - revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes). - revert 'hid: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes). - revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes). - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - rpm/kernel-obs-build.spec.in: Remove SLE11 cruft - rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). - rtc: pm8xxx: fix set-alarm race (git-fixes). - rtc: sun6i: Always export the internal oscillator (git-fixes). - s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). - s390/kexec: fix ipl report address for kdump (bsc#1207529). - scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607). - scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). - scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). - scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). - scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). - scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). - scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). - scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). - scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). - scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). - scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). - scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). - scsi: qla2xxx: Fix erroneous link down (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). - scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). - scsi: qla2xxx: Fix printk() format string (bsc#1208570). - scsi: qla2xxx: Fix stalled login (bsc#1208570). - scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). - scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). - scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (bsc#1208570). - scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). - scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). - scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). - scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). - scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). - scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). - scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). - scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). - scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes). - sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes). - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes). - selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). - selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). - selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). - selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). - selftests/powerpc: Move perror closer to its use (bsc#1206232). - serial: 8250_em: Fix UART port type (git-fixes). - serial: 8250_fsl: fix handle_irq locking (git-fixes). - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). - serial: qcom-geni: fix console shutdown hang (git-fixes). - serial: sc16is7xx: setup GPIO controller later in probe (git-fixes). - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). - signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes). - signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes). - signal: Implement force_fatal_sig (git-fixes). - smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). - soundwire: cadence: Do not overflow the command FIFOs (git-fixes). - spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). - spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes). - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes). - spi: tegra210-quad: Fix validate combined sequence (git-fixes). - staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes). - staging: mt7621-dts: change palmbus address to lower case (git-fixes). - struct uvc_device move flush_status new member to end (git-fixes). - sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes). - sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes). - sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes). - sunrpc: Fix socket waits for write buffer space (git-fixes). - sunrpc: Return true/false (not 1/0) from bool functions (git-fixes). - supported.conf: Remove duplicate entry. - thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). - thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes). - thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). - thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). - thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes). - thermal: intel: Fix unsigned comparison with less than zero (git-fixes). - thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes). - thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes). - thermal: intel: quark_dts: fix error pointer dereference (git-fixes). - tools/iio/iio_utils:fix memory leak (git-fixes). - tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes). - tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes). - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes). - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes). - tty: serial: imx: Handle RS485 DE signal active high (git-fixes). - tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes). - tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes). - update internal module version number for cifs.ko (bsc#1193629). - update suse/hid-bigben_probe-validate-report-count (bsc#1208605). Added bugzilla reference to fix already applied - usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes). - usb: dwc3: core: Host wake up support from system suspend (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). - usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). - usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes). - usb: dwc3: qcom: clean up icc init (git-fixes). - usb: dwc3: qcom: clean up suspend callbacks (git-fixes). - usb: dwc3: qcom: fix gadget-only builds (git-fixes). - usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). - usb: dwc3: qcom: fix wakeup implementation (git-fixes). - usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). - usb: dwc3: qcom: suppress unused-variable warning (git-fixes). - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - usb: ene_usb6250: Allocate enough memory for full object (git-fixes). - usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes). - usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes). - usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes). - usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes). - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes). - usb: max-3421: Fix setting of I/O pins (git-fixes). - usb: musb: Add and use inline function musb_otg_state_string (git-fixes). - usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). - usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). - usb: musb: remove schedule work called after flush (git-fixes). - usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes). - usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes). - usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes). - usb: uvc: Enumerate valid values for color matching (git-fixes). - vc_screen: do not clobber return value in vcs_read (git-fixes). - vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). - vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). - vfio/type1: prevent underflow of locked_vm via exec() (git-fixes). - vfio/type1: restore locked_vm (git-fixes). - vfio/type1: track locked_vm per dma (git-fixes). - vfs: filename_create(): fix incorrect intent (bsc#1197534). - virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). - virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). - virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). - virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). - virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). - vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617). - watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). - wifi: ath11k: allow system suspend to survive ath11k (git-fixes). - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes). - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes). - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). - wifi: ath9k: use proper statements in conditionals (git-fixes). - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes). - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes). - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes). - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). - wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). - wifi: cfg80211: Fix use after free for wext (git-fixes). - wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes). - wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). - wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes). - wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes). - wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). - wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). - wifi: mt7601u: fix an integer underflow (git-fixes). - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes). - wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes). - wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). - wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). - wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes). - wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes). - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). - wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). - wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes). - x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848). - x86/cpu: Add CPU model numbers for Meteor Lake (git fixes). - x86/cpu: Add Raptor Lake to Intel family (git fixes). - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes). - x86/cpu: Add new Raptor Lake CPU model number (git fixes). - x86/cpu: Add several Intel server CPU model numbers (git fixes). - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes). - x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). - x86/perf/zhaoxin: Add stepping check for ZXC (git fixes). - x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes). - x86/perf: Default set FREEZE_ON_SMI for all (git fixes). - x86/sgx: Fix free page accounting (git-fixes). - x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xen-netfront: Fix NULL sring after live migration (git-fixes). - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). - xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) - xen/netback: do some code cleanup (git-fixes). - xen/netback: fix build warning (git-fixes). - xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes). - xen/platform-pci: add missing free_irq() in error path (git-fixes). - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes). Important SUSE bug 1177529 SUSE bug 1193629 SUSE bug 1197534 SUSE bug 1197617 SUSE bug 1198438 SUSE bug 1200054 SUSE bug 1202353 SUSE bug 1202633 SUSE bug 1203200 SUSE bug 1203331 SUSE bug 1204363 SUSE bug 1204993 SUSE bug 1205544 SUSE bug 1205846 SUSE bug 1206103 SUSE bug 1206232 SUSE bug 1206492 SUSE bug 1206493 SUSE bug 1206824 SUSE bug 1206935 SUSE bug 1207051 SUSE bug 1207270 SUSE bug 1207529 SUSE bug 1207560 SUSE bug 1207845 SUSE bug 1207846 SUSE bug 1208179 SUSE bug 1208212 SUSE bug 1208420 SUSE bug 1208449 SUSE bug 1208534 SUSE bug 1208541 SUSE bug 1208542 SUSE bug 1208570 SUSE bug 1208598 SUSE bug 1208599 SUSE bug 1208601 SUSE bug 1208605 SUSE bug 1208607 SUSE bug 1208628 SUSE bug 1208700 SUSE bug 1208741 SUSE bug 1208759 SUSE bug 1208776 SUSE bug 1208777 SUSE bug 1208784 SUSE bug 1208787 SUSE bug 1208816 SUSE bug 1208837 SUSE bug 1208843 SUSE bug 1208848 SUSE bug 1209008 SUSE bug 1209159 SUSE bug 1209188 SUSE bug 1209256 SUSE bug 1209258 SUSE bug 1209262 SUSE bug 1209291 SUSE bug 1209436 SUSE bug 1209457 SUSE bug 1209504 CVE-2022-3523 CVE-2022-38096 CVE-2023-0461 CVE-2023-0597 CVE-2023-1075 CVE-2023-1076 CVE-2023-1078 CVE-2023-1095 CVE-2023-1118 CVE-2023-22995 CVE-2023-22998 CVE-2023-23000 CVE-2023-23004 CVE-2023-23559 CVE-2023-25012 CVE-2023-26545 CVE-2023-28328 cpe:/o:opensuse:leap:15.4 Security update for python-py (Moderate) openSUSE Leap 15.4 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). Moderate SUSE bug 1204364 CVE-2022-42969 cpe:/o:opensuse:leap:15.4 Security update for containerd (Important) openSUSE Leap 15.4 This update for containerd fixes the following issues: - CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - Re-build containerd to use updated golang-packaging (jsc#1342). - Update to containerd v1.6.16 for Docker v23.0.0-ce. * https://github.com/containerd/containerd/releases/tag/v1.6.16 Important SUSE bug 1206235 CVE-2022-23471 cpe:/o:opensuse:leap:15.4 Security update for samba (Important) openSUSE Leap 15.4 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). Important SUSE bug 1205385 SUSE bug 1206504 SUSE bug 1206546 CVE-2021-20251 CVE-2022-37966 CVE-2022-38023 cpe:/o:opensuse:leap:15.4 Security update for rubygem-loofah (Important) openSUSE Leap 15.4 This update for rubygem-loofah fixes the following issues: - CVE-2022-23514: Fixed inefficient regular expression leading to denial of service (bsc#1206415). - CVE-2022-23515: Fixed improper neutralization of data URIs leading to Cross Site Scripting (bsc#1206417). - CVE-2022-23516: Fixed uncontrolled Recursion leading to denial of service (bsc#1206416). Important SUSE bug 1206415 SUSE bug 1206416 SUSE bug 1206417 CVE-2022-23514 CVE-2022-23515 CVE-2022-23516 cpe:/o:opensuse:leap:15.4 Security update for apache2 (Important) openSUSE Leap 15.4 This update for apache2 fixes the following issues: - CVE-2023-27522: Fixed HTTP response splitting in mod_proxy_uwsgi (bsc#1209049). - CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy (bsc#1209047). The following non-security bugs were fixed: - Fixed mod_proxy handling of very long urls (bsc#1207327) - Fixed passing health check does not recover worker from its error state (bsc#1208708). Important SUSE bug 1207327 SUSE bug 1208708 SUSE bug 1209047 SUSE bug 1209049 CVE-2023-25690 CVE-2023-27522 cpe:/o:opensuse:leap:15.4 Security update for oracleasm (Moderate) openSUSE Leap 15.4 This update of oracleasm fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:opensuse:leap:15.4 Security update for python-Werkzeug (Important) openSUSE Leap 15.4 This update for python-Werkzeug fixes the following issues: - CVE-2023-25577: Fixed high resource usage when parsing multipart form data with many fields (bsc#1208283) Important SUSE bug 1208283 CVE-2023-25577 cpe:/o:opensuse:leap:15.4 Security update for sudo (Moderate) openSUSE Leap 15.4 This update for sudo fixes the following issue: Security issues: - CVE-2023-28486: Fixed sudo does not escape control characters in log messages. (bsc#1209362) - CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. (bsc#1209361) - CVE-2023-27320: Fixed a potential security issue with a double free with per-command chroot sudoers rules (bsc#1208595). Bug fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483) - If NOPASSWD is specified, don't ask for password if command is not found (bsc#1206772). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). Moderate SUSE bug 1203201 SUSE bug 1206483 SUSE bug 1206772 SUSE bug 1208595 SUSE bug 1209361 SUSE bug 1209362 CVE-2023-27320 CVE-2023-28486 CVE-2023-28487 cpe:/o:opensuse:leap:15.4 Security update for bluez (Moderate) openSUSE Leap 15.4 This update for bluez fixes the following issues: - CVE-2022-3563: Fixed a potential crash in the mgmt-tester tool (bsc#1204426). Moderate SUSE bug 1204426 CVE-2022-3563 cpe:/o:opensuse:leap:15.4 Security update for xstream (Important) openSUSE Leap 15.4 This update for xstream fixes the following issues: - CVE-2022-40151: Fixed stackoverflow in XML serialization (bsc#1203520). - CVE-2022-41966: Fixed denial of service via uncontrolled recursion during deserialization (bsc#1206729). - Upgrade to 1.4.20. Important SUSE bug 1203520 SUSE bug 1206729 CVE-2022-40151 CVE-2022-41966 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543). Important SUSE bug 1209543 CVE-2023-1393 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543). Important SUSE bug 1209543 CVE-2023-1393 cpe:/o:opensuse:leap:15.4 Security update for samba (Important) openSUSE Leap 15.4 This update for samba fixes the following issues: - CVE-2023-0922: Fixed Samba AD DC admin tool samba-tool sending passwords in cleartext (bso#15315) (bsc#1209481). Important SUSE bug 1209481 CVE-2023-0922 cpe:/o:opensuse:leap:15.4 Security update for samba (Important) openSUSE Leap 15.4 This update for samba fixes the following issues: - CVE-2023-0922: Fixed Samba AD DC admin tool samba-tool sending passwords in cleartext (bso#15315) (bsc#1209481). Important SUSE bug 1209481 CVE-2023-0922 cpe:/o:opensuse:leap:15.4 Security update for rubygem-rack (Moderate) openSUSE Leap 15.4 This update for rubygem-rack fixes the following issues: - CVE-2023-27539: Fixed denial of service in header parsing (bsc#1209503). Moderate SUSE bug 1209503 CVE-2023-27539 cpe:/o:opensuse:leap:15.4 Security update for libmicrohttpd (Moderate) openSUSE Leap 15.4 This update for libmicrohttpd fixes the following issues: - CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHD_PostProcessor (bsc#1208745). Moderate SUSE bug 1208745 CVE-2023-27371 cpe:/o:opensuse:leap:15.4 Security update for zstd (Moderate) openSUSE Leap 15.4 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). Moderate SUSE bug 1209533 CVE-2022-4899 cpe:/o:opensuse:leap:15.4 Security update for ldb, samba (Important) openSUSE Leap 15.4 This update for ldb, samba fixes the following issues: ldb: - CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). samba: - CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481). - CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). The following non-security bug were fixed: - Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416). - Ship missing samba-winbind-libs-32bit package (bsc#1207996) - Ship missing samba-libs to SLE Micro 5.3 (bsc#1207723) Important SUSE bug 1201490 SUSE bug 1207416 SUSE bug 1207723 SUSE bug 1207996 SUSE bug 1209481 SUSE bug 1209483 SUSE bug 1209485 CVE-2022-32746 CVE-2023-0225 CVE-2023-0614 CVE-2023-0922 cpe:/o:opensuse:leap:15.4 Security update for xen (Important) openSUSE Leap 15.4 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209). Non-security fixes: - Updated to version 4.16.3 (bsc#1027519). Important SUSE bug 1027519 SUSE bug 1205209 CVE-2022-23824 cpe:/o:opensuse:leap:15.4 Security update for testng (Important) openSUSE Leap 15.4 This update for testng fixes the following issues: - CVE-2022-4065: Fixed a path traversal in zip files (bsc#1205628). Important SUSE bug 1205628 CVE-2022-4065 cpe:/o:opensuse:leap:15.4 Security update for python-Werkzeug (Important) openSUSE Leap 15.4 This update for python-Werkzeug fixes the following issues: - CVE-2023-25577: Fixed high resource usage when parsing multipart form data with many fields (bsc#1208283). Important SUSE bug 1208283 CVE-2023-25577 cpe:/o:opensuse:leap:15.4 Security update for shim (Important) openSUSE Leap 15.4 This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): - Make SBAT variable payload introspectable - Reference MokListRT instead of MokList - Add a link to the test plan in the readme. - [V3] Enable TDX measurement to RTMR register - Discard load-options that start with a NUL - Fixed load_cert_file bugs - Add -malign-double to IA32 compiler flags - pe: Fix image section entry-point validation - make-archive: Build reproducible tarball - mok: remove MokListTrusted from PCR 7 Other fixes: - Support enhance shim measurement to TD RTMR. (jsc#PED-1273) - shim-install: ensure grub.cfg created is not overwritten after installing grub related files - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) - Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): - MokManager: removed Locate graphic output protocol fail error message - shim: implement SBAT verification for the shim_lock protocol - post-process-pe: Fix a missing return code check - Update github actions matrix to be more useful - post-process-pe: Fix format string warnings on 32-bit platforms - Allow MokListTrusted to be enabled by default - Re-add ARM AArch64 support - Use ASCII as fallback if Unicode Box Drawing characters fail - make: don't treat cert.S specially - shim: use SHIM_DEVEL_VERBOSE when built in devel mode - Break out of the inner sbat loop if we find the entry. - Support loading additional certificates - Add support for NX (W^X) mitigations. - Fix preserve_sbat_uefi_variable() logic - SBAT Policy latest should be a one-shot - pe: Fix a buffer overflow when SizeOfRawData > VirtualSize - pe: Perform image verification earlier when loading grub - Update advertised sbat generation number for shim - Update SBAT generation requirements for 05/24/22 - Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): - Broken ia32 relocs and an unimportant submodule change. - mok: allocate MOK config table as BootServicesData - Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) - Relax the check for import_mok_state() (bsc#1185261) - SBAT.md: trivial changes - shim: another attempt to fix load options handling - Add tests for our load options parsing. - arm/aa64: fix the size of .rela* sections - mok: fix potential buffer overrun in import_mok_state - mok: relax the maximum variable size check - Don't unhook ExitBootServices when EBS protection is disabled - fallback: find_boot_option() needs to return the index for the boot entry in optnum - httpboot: Ignore case when checking HTTP headers - Fallback allocation errors - shim: avoid BOOTx64.EFI in message on other architectures - str: remove duplicate parameter check - fallback: add compile option FALLBACK_NONINTERACTIVE - Test mok mirror - Modify sbat.md to help with readability. - csv: detect end of csv file correctly - Specify that the .sbat section is ASCII not UTF-8 - tests: add 'include-fixed' GCC directory to include directories - pe: simplify generate_hash() - Don't make shim abort when TPM log event fails (RHBZ #2002265) - Fallback to default loader if parsed one does not exist - fallback: Fix for BootOrder crash when index returned - Better console checks - docs: update SBAT UEFI variable name - Don't parse load options if invoked from removable media path - fallback: fix fallback not passing arguments of the first boot option - shim: Don't stop forever at 'Secure Boot not enabled' notification - Allocate mokvar table in runtime memory. - Remove post-process-pe on 'make clean' - pe: missing perror argument - CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. - avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - relax the maximum variable size check for u-boot (bsc#1185621) - handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz Important SUSE bug 1185232 SUSE bug 1185261 SUSE bug 1185441 SUSE bug 1185621 SUSE bug 1187071 SUSE bug 1187260 SUSE bug 1193282 SUSE bug 1198458 SUSE bug 1201066 SUSE bug 1202120 SUSE bug 1205588 CVE-2022-28737 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_0_0 (Moderate) openSUSE Leap 15.4 This update for openssl-1_0_0 fixes the following issues: Security fixes: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). Other fixes: - Fix DH key generation in FIPS mode, add support for constant BN for DH parameters (bsc#1202062) Moderate SUSE bug 1202062 SUSE bug 1209624 CVE-2023-0464 cpe:/o:opensuse:leap:15.4 Security update for libXpm (Important) openSUSE Leap 15.4 This update for libXpm fixes the following issues: - CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed (bsc#1207029). - CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small crafted XPM image (bsc#1207030). - CVE-2022-4883: Fixed an issue that made decompression commands susceptible to PATH environment variable manipulation attacks (bsc#1207031). Important SUSE bug 1207029 SUSE bug 1207030 SUSE bug 1207031 CVE-2022-44617 CVE-2022-46285 CVE-2022-4883 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. - CVE-2022-3523: Fixed a use after free related to device private page handling (bsc#1204363). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). The following non-security bugs were fixed: - [infiniband] READ is 'data destination', not source... (git-fixes) - [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes). - acpi/x86: Add support for LPS0 callback handler (git-fixes). - acpi: Do not build ACPICA with '-Os' (git-fixes). - acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). - acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). - acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). - acpi: battery: Fix missing NUL-termination with large strings (git-fixes). - acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes). - acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes). - acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). - acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). - acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). - acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). - acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). - acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). - acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). - acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). - acpica: Drop port I/O validation for some regions (git-fixes). - acpica: nsrepair: handle cases without a return value correctly (git-fixes). - add cherry-picked id for nouveau patch - alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). - alsa: hda/ca0132: minor fix for allocation size (git-fixes). - alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). - alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). - alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - alsa: hda: Do not unset preset when cleaning up codec (git-fixes). - alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes). - alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). - alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). - alsa: pci: lx6464es: fix a debug loop (git-fixes). - applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). - arm64: Treat ESR_ELx as a 64-bit register (git-fixes) - arm64: atomics: remove LL/SC trampolines (git-fixes) - arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes) - arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes). - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes). - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes). - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes). - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes). - arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes). - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes). - arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes) - arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). - arm64: dts: juno: Add missing MHU secure-irq (git-fixes) - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). - arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). - arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). - arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes). - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). - arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes). - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). - arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes). - arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes). - arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes). - arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). - arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes). - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes). - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes). - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). - arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). - arm64: make is_ttbrX_addr() noinstr-safe (git-fixes) - arm64: mm: kfence: only handle translation faults (git-fixes) - arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). - arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). - arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). - arm: dts: am5748: keep usb4_tm disabled (git-fixes) - arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes). - arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). - arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes). - arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) - arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). - arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) - arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). - arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes). - arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). - arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) - arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) - arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). - arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). - arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) - arm: omap: remove debug-leds driver (git-fixes) - arm: remove some dead code (git-fixes) - arm: renumber bits related to _TIF_WORK_MASK (git-fixes) - arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). - arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) - arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). - asoc: Intel: boards: fix spelling in comments (git-fixes). - asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). - asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes). - asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes). - asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). - asoc: adau7118: do not disable regulators on device unbind (git-fixes). - asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes). - asoc: codecs: lpass: fix incorrect mclk rate (git-fixes). - asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes). - asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes). - asoc: cs42l56: fix DT probe (git-fixes). - asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). - asoc: fsl_sai: Update to modern clocking terminology (git-fixes). - asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes). - asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). - asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). - asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). - asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). - asoc: rsnd: fixup #endif position (git-fixes). - asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). - asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes). - asoc: soc-compress: Reposition and add pcm_mutex (git-fixes). - asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes). - asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). - asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes). - asoc: zl38060 add gpiolib dependency (git-fixes). - asoc: zl38060: Remove spurious gpiolib select (git-fixes). - ath9k: hif_usb: simplify if-if to if-else (git-fixes). - ath9k: htc: clean up statistics macros (git-fixes). - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes). - avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). - backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). - blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). - blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). - block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). - block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes). - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). - block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes). - block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). - block: fix and cleanup bio_check_ro (git-fixes). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). - block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). - bluetooth: L2CAP: Fix potential user-after-free (git-fixes). - bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). - bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). - bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes). - bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes). - bpf, x64: Factor out emission of REX byte in more cases (git-fixes). - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes). - bpf: Fix extable address check (git-fixes). - bpf: Fix extable fixup offset (git-fixes). - bpf: Skip task with pid=1 in send_signal_common() (git-fixes). - can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes). - ceph: flush cap releases when the session is flushed (bsc#1208428). - ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504). - cifs: Check the lease context if we actually got a lease (bsc#1193629). - cifs: Convert struct fealist away from 1-element array (bsc#1193629). - cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). - cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). - cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). - cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). - cifs: Fix warning and UAF when destroy the MR list (git-fixes). - cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). - cifs: Replace remaining 1-element arrays (bsc#1193629). - cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). - cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). - cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). - cifs: fix mount on old smb servers (boo#1206935). - cifs: get rid of dns resolve worker (bsc#1193629). - cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). - cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes). - cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). - cifs: match even the scope id for ipv6 addresses (bsc#1193629). - cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). - cifs: prevent data race in smb2_reconnect() (bsc#1193629). - cifs: print last update time for interface list (bsc#1193629). - cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). - cifs: return a single-use cfid if we did not get a lease (bsc#1193629). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). - cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). - cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). - cifs: use tcon allocation functions even for dummy tcon (git-fixes). - cifs: use the least loaded channel for sending requests (bsc#1193629). - clk: HI655X: select REGMAP instead of depending on it (git-fixes). - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). - clk: imx: avoid memory leak (git-fixes). - clk: mxl: Add option to override gate clks (git-fixes). - clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). - clk: mxl: Remove redundant spinlocks (git-fixes). - clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes). - clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes). - clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). - clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). - clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes). - comedi: use menuconfig for main Comedi menu (git-fixes). - crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes). - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). - crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). - crypto: essiv - Handle EBUSY correctly (git-fixes). - crypto: qat - fix out-of-bounds read (git-fixes). - crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). - crypto: seqiv - Handle EBUSY correctly (git-fixes). - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - crypto: xts - Handle EBUSY correctly (git-fixes). - delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit.patch Resulted in an Oops / hang at boot (bsc#1209436) - dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). - dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). - dmaengine: dw-edma: Drop chancnt initialization (git-fixes). - dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes). - dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). - dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes). - dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes). - do not sign the vanilla kernel (bsc#1209008). - docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes). - docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes). - docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). - docs: gdbmacros: print newest record (git-fixes). - documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes). - documentation: simplify and clarify DCO contribution example language (git-fixes). - driver core: fix potential null-ptr-deref in device_add() (git-fixes). - driver core: fix resource leak in device_add() (git-fixes). - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). - drivers: base: transport_class: fix possible memory leak (git-fixes). - drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). - drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes). - drm/amd/display: Fix potential null-deref in dm_resume (git-fixes). - drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). - drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). - drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes). - drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes). - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes). - drm/bridge: lt8912b: Add hot plug detection (git-fixes). - drm/bridge: lt9611: fix HPD reenablement (git-fixes). - drm/bridge: lt9611: fix clock calculation (git-fixes). - drm/bridge: lt9611: fix polarity programming (git-fixes). - drm/bridge: lt9611: fix programming of video modes (git-fixes). - drm/bridge: lt9611: fix sleep mode setup (git-fixes). - drm/bridge: lt9611: pass a pointer to the of node (git-fixes). - drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes). - drm/connector: print max_requested_bpc in state debugfs (git-fixes). - drm/edid: fix AVI infoframe aspect ratio handling (git-fixes). - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). - drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes). - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Fix VBT DSI DVO port handling (git-fixes). - drm/i915: Initialize the obj flags for shmem objects (git-fixes). - drm/mediatek: Clean dangling pointer on bind error path (git-fixes). - drm/mediatek: Drop unbalanced obj unref (git-fixes). - drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes). - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). - drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes). - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). - drm/msm/a5xx: fix context faults during ring switch (git-fixes). - drm/msm/a5xx: fix highest bank bit for a530 (git-fixes). - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes). - drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes). - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). - drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes). - drm/msm/dpu: Add check for cstate (git-fixes). - drm/msm/dpu: Add check for pstates (git-fixes). - drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). - drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). - drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes). - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). - drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/gem: Add check for kmalloc (git-fixes). - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/mdp5: Add check for kzalloc (git-fixes). - drm/msm: Fix potential invalid ptr free (git-fixes). - drm/msm: clean event_thread->worker in case of an error (git-fixes). - drm/msm: use strscpy instead of strncpy (git-fixes). - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes). - drm/nouveau/kms/nv50-: remove unused functions (git-fixes). - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes). - drm/omap: dsi: Fix excessive stack usage (git-fixes). - drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). - drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes). - drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes). - drm/radeon: free iio for atombios when driver shutdown (git-fixes). - drm/shmem-helper: Remove another errant put in error path (git-fixes). - drm/sun4i: fix missing component unbind on bind errors (git-fixes). - drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes). - drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes). - drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). - drm/vc4: hdmi: Correct interlaced timings again (git-fixes). - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). - drm/vc4: hvs: Set AXI panic modes (git-fixes). - drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). - drm/vkms: Fix memory leak in vkms_init() (git-fixes). - drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). - drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes). - drm: amd: display: Fix memory leakage (git-fixes). - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes). - drm: tidss: Fix pixel format definition (git-fixes). - dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). - dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). - dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). - dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes). - dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes). - dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). - dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). - eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). - efi: Accept version 2 of memory attributes table (git-fixes). - exit: Add and use make_task_dead (bsc#1207328). - exit: Allow oops_limit to be disabled (bsc#1207328). - exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). - exit: Move force_uaccess back into do_exit (bsc#1207328). - exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). - exit: Put an upper limit on how often we can oops (bsc#1207328). - exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). - ext4,f2fs: fix readahead of verity data (bsc#1207648). - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: add helper to check quota inums (bsc#1207618). - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - ext4: add missing validation of fast-commit record lengths (bsc#1207626). - ext4: allocate extended attribute value in vmalloc area (bsc#1207635). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: disable fast-commit of encrypted dir operations (bsc#1207623). - ext4: do not allow journal inode to have encrypt flag (bsc#1207621). - ext4: do not increase iversion counter for ea_inodes (bsc#1207605). - ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). - ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). - ext4: drop ineligible txn start stop APIs (bsc#1207588). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). - ext4: factor out ext4_fc_get_tl() (bsc#1207615). - ext4: fast commit may miss file actions (bsc#1207591). - ext4: fast commit may not fallback for ineligible commit (bsc#1207590). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: goto right label 'failed_mount3a' (bsc#1207610). - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: place buffer head allocation before handle start (bsc#1207607). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: simplify updating of fast commit stats (bsc#1207589). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - fbdev: omapfb: cleanup inconsistent indentation (git-fixes). - fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes). - firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). - firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes). - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). - firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes). - fix page corruption caused by racy check in __free_pages (bsc#1208149). - fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258). - fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). - fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). - fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). - gpio: vf610: connect GPIO label to dev name (git-fixes). - gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). - gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). - hid: Add Mapping for System Microphone Mute (git-fixes). - hid: asus: use spinlock to protect concurrent accesses (git-fixes). - hid: asus: use spinlock to safely schedule workers (git-fixes). - hid: bigben: use spinlock to protect concurrent accesses (git-fixes). - hid: bigben: use spinlock to safely schedule workers (git-fixes). - hid: bigben_probe(): validate report count (git-fixes). - hid: bigben_worker() remove unneeded check on report_field (git-fixes). - hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). - hid: elecom: add support for TrackBall 056E:011C (git-fixes). - hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes). - hid: multitouch: Add quirks for flipped axes (git-fixes). - hid: retain initial quirks set up when creating HID devices (git-fixes). - hv: fix comment typo in vmbus_channel/low_latency (git-fixes). - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). - hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes). - hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes). - hwmon: (coretemp) Simplify platform device handling (git-fixes). - hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). - hwmon: (ina3221) return prober error code (git-fixes). - hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848). - hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). - hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes). - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes). - hwmon: tmp512: drop of_match_ptr for ID table (git-fixes). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). - i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). - i2c: mxs: suppress probe-deferral error message (git-fixes). - i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). - ib/hfi1: Assign npages earlier (git-fixes) - ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes) - ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes) - ib/hfi1: Restore allocated resources on failed copyout (git-fixes) - ib/hfi1: Update RMT size calculation (git-fixes) - ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes) - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes). - iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). - input: ads7846 - always set last command to PWRDOWN (git-fixes). - input: ads7846 - do not check penirq immediately for 7845 (git-fixes). - input: ads7846 - do not report pressure for ads7845 (git-fixes). - input: iqs269a - configure device with a single block write (git-fixes). - input: iqs269a - drop unused device node references (git-fixes). - input: iqs269a - increase interrupt handler return delay (git-fixes). - input: iqs626a - drop unused device node references (git-fixes). - interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes). - interconnect: fix mem leak when freeing nodes (git-fixes). - interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes). - iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) - iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes) - jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). - jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). - jbd2: fix potential buffer head reference count leak (bsc#1207644). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). - kABI workaround for hid quirks (git-fixes). - kABI: pci: Reduce warnings on possible RW1C corruption (kabi). - kABI: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi). - kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544). - kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes). - kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi). - kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes). - leds: led-class: Add missing put_device() to led_put() (git-fixes). - leds: led-core: Fix refcount leak in of_led_get() (git-fixes). - lib/mpi: Fix buffer overrun when SG is too long (git-fixes). - lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes). - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). - locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). - locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). - locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). - locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). - locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). - locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). - locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). - locking: Add missing __sched attributes (bsc#1207270). - makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). - md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). - md: fix a crash in mempool_free (git-fixes). - media: coda: Add check for dcoda_iram_alloc (git-fixes). - media: coda: Add check for kmalloc (git-fixes). - media: i2c: imx219: Fix binning for RAW8 capture (git-fixes). - media: i2c: imx219: Split common registers from mode tables (git-fixes). - media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). - media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). - media: m5mols: fix off-by-one loop termination error (git-fixes). - media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). - media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). - media: ov5640: Fix analogue gain control (git-fixes). - media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). - media: platform: ti: Add missing check for devm_regulator_get (git-fixes). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). - media: rc: gpio-ir-recv: add remove function (git-fixes). - media: saa7134: Use video_unregister_device for radio_dev (git-fixes). - media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). - media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes). - media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes). - media: uvcvideo: Check controls flags before accessing them (git-fixes). - media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes). - media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes). - media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes). - media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). - media: uvcvideo: Handle cameras with invalid descriptors (git-fixes). - media: uvcvideo: Handle errors from calls to usb_string (git-fixes). - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes). - media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes). - media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes). - media: uvcvideo: Use control names from framework (git-fixes). - media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes). - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes). - media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). - mei: bus-fixup:upon error print return values of send and receive (git-fixes). - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes). - mfd: cs5535: Do not build on UML (git-fixes). - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes). - misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). - misc: enclosure: Fix doc for enclosure_find() (git-fixes). - mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262). - mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). - mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). - mmc: sdhci_am654: lower power-on failed message severity (git-fixes). - mmc: sdio: fix possible resource leaks in some error paths (git-fixes). - move upstreamed i915 and media fixes into sorted section - mt76: mt7915: fix polling firmware-own status (git-fixes). - mtd: dataflash: remove duplicate SPI ID table (git-fixes). - mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). - mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). - mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). - mtd: spi-nor: core: fix implicit declaration warning (git-fixes). - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). - net/rose: Fix to not accept on connected socket (git-fixes). - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes). - net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). - net/x25: Fix to not accept on connected socket (git-fixes). - net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes). - nfc: change order inside nfc_se_io error path (git-fixes). - nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes). - nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). - nfc: pn533: initialize struct pn533_out_arg properly (git-fixes). - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes). - nfcv3: handle out-of-order write replies (bsc#1205544). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). - nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes). - nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). - nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes). - nfs: Further optimisations for 'ls -l' (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). - nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). - nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes). - nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes). - nfsd: Fix a memory leak in an error handling path (git-fixes). - nfsd: Fix handling of oversized nfsv4 COMPOUND requests (git-fixes). - nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). - nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes). - nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes). - nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes). - nfsv4 expose nfs_parse_server_name function (git-fixes). - nfsv4 handle port presence in fs_location server string (git-fixes). - nfsv4 only print the label when its queried (git-fixes). - nfsv4 remove zero number of fs_locations entries error check (git-fixes). - nfsv4 store server support for fs_location attribute (git-fixes). - nfsv4.1 query for fs_location attr on a new file system (git-fixes). - nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). - nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes). - nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). - nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes). - nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - nfsv4: Fix a potential state reclaim deadlock (git-fixes). - nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). - nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - nvdimm: disable namespace on error (bsc#1166486). - nvme-auth: check chap ctrl_key once constructed (bsc#1202633). - nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). - nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). - nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). - nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). - nvme-auth: do not override ctrl keys before validation (bsc#1202633). - nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). - nvme-auth: do not use NVMe status codes (bsc#1202633). - nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). - nvme-auth: fix smatch warning complaints (bsc#1202633). - nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). - nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). - nvme-auth: mark nvme_auth_wq static (bsc#1202633). - nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). - nvme-auth: remove redundant auth_work flush (bsc#1202633). - nvme-auth: remove redundant buffer deallocations (bsc#1202633). - nvme-auth: remove redundant deallocations (bsc#1202633). - nvme-auth: remove redundant if statement (bsc#1202633). - nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). - nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). - nvme-auth: rename authentication work elements (bsc#1202633). - nvme-auth: use workqueue dedicated to authentication (bsc#1202633). - nvme-fabrics: show well known discovery name (bsc#1200054). - objtool: Add a missing comma to avoid string concatenation (bsc#1207328). - ocfs2: Fix data corruption after failed write (bsc#1208542). - ocfs2: clear dinode links count in case of error (bsc#1207650). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). - ocfs2: fix crash when mount with quota enabled (bsc#1207640). - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). - ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). - ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). - ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). - panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). - panic: Introduce warn_limit (bsc#1207328). - panic: unset panic_on_warn inside panic() (bsc#1207328). - pci/iov: Enlarge virtfn sysfs name buffer (git-fixes). - pci/pm: Always disable PTM for all devices during suspend (git-fixes). - pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes). - pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes). - pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). - pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes). - pci: Add ACS quirk for Wangxun NICs (git-fixes). - pci: Add SolidRun vendor ID (git-fixes). - pci: Align extra resources for hotplug bridges properly (git-fixes). - pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes). - pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes). - pci: Fix dropping valid root bus resources with .end = zero (git-fixes). - pci: Reduce warnings on possible RW1C corruption (git-fixes). - pci: Take other bus devices into account when distributing resources (git-fixes). - pci: Unify delay handling for reset and resume (git-fixes). - pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes). - pci: aardvark: Fix link training (git-fixes). - pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes). - pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes). - pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes). - pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes). - pci: qcom: Fix host-init error handling (git-fixes). - pci: qcom: Fix pipe clock imbalance (git-fixes). - pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). - pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes). - perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes). - perf/core: Call LSM hook after copying perf_event_attr (git fixes). - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes). - perf/core: Inherit event_caps (git fixes). - perf/x86/amd: fix potential integer overflow on shift of a int (git fixes). - perf/x86/intel/ds: Fix precise store latency handling (git fixes). - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes). - perf/x86/intel/pt: Fix sampling using single range output (git fixes). - perf/x86/intel/pt: Relax address filter validation (git fixes). - perf/x86/intel/uncore: Add Emerald Rapids (git fixes). - perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes). - perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes). - perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes). - perf/x86/intel: Add Emerald Rapids (git fixes). - perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes). - perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes). - perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes). - perf/x86/intel: Fix event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for ADL (git fixes). - perf/x86/intel: Fix pebs event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for SPR (git fixes). - perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes). - perf/x86/msr: Add Emerald Rapids (git fixes). - perf/x86/rapl: Add support for Intel AlderLake-N (git fixes). - perf/x86/rapl: Treat Tigerlake like Icelake (git fixes). - perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes). - perf/x86/rapl: fix AMD event handling (git fixes). - perf/x86/uncore: Add Raptor Lake uncore support (git fixes). - perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes). - perf/x86/uncore: Add new Raptor Lake S support (git fixes). - perf/x86/uncore: Clean up uncore_pci_ids (git fixes). - perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf: Always wake the parent event (git fixes). - perf: Fix possible memleak in pmu_dev_alloc() (git fixes). - phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes). - phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). - pinctrl: aspeed: Fix confusing types in return value (git-fixes). - pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes). - pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes). - pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). - pinctrl: mediatek: fix coding style (git-fixes). - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes). - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes). - pinctrl: single: fix potential NULL dereference (git-fixes). - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). - platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). - platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes). - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). - printf: fix errname.c list (git-fixes). - prlimit: do_prlimit needs to have a speculation check (bsc#1209256). - pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes). - qede: avoid uninitialized entries in coal_entry array (bsc#1205846). - qede: fix interrupt coalescing configuration (bsc#1205846). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). - rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159). - rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes) - rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes) - rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes) - rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes) - rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes) - rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes) - rdma/siw: Fix user page pinning accounting (git-fixes) - rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) - refresh patches.suse/NFSv3-handle-out-of-order-write-replies (bsc#1209457). - regulator: Flag uncontrollable regulators as always_on (git-fixes). - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes). - regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes). - regulator: max77802: Bounds check regulator id against opmode (git-fixes). - regulator: s5m8767: Bounds check id indexing into arrays (git-fixes). - remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). - replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. - require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans. - revert 'HID: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes). - revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes). - revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes). - revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes). - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - rpm/group-source-files.pl: Fix output difference when / is in location While previous attempt to fix group-source-files.pl in 6d651362c38 'rpm/group-source-files.pl: Deal with {pre,post}fixed / in location' breaks the infinite loop, it does not properly address the issue. Having prefixed and/or postfixed forward slash still result in different output. This commit changes the script to use the Perl core module File::Spec for proper path manipulation to give consistent output. - rpm/kernel-obs-build.spec.in: Remove SLE11 cruft - rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). - rtc: pm8xxx: fix set-alarm race (git-fixes). - rtc: sun6i: Always export the internal oscillator (git-fixes). - runrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes). - s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). - s390/kexec: fix ipl report address for kdump (bsc#1207529). - scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). - scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). - scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). - scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). - scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). - scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). - scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). - scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). - scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). - scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). - scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). - scsi: qla2xxx: Fix erroneous link down (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). - scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). - scsi: qla2xxx: Fix printk() format string (bsc#1208570). - scsi: qla2xxx: Fix stalled login (bsc#1208570). - scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). - scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). - scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (bsc#1208570). - scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). - scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). - scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). - scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). - scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). - scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). - scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). - scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). - scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes). - sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes). - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes). - selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). - selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). - selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). - selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). - selftests/powerpc: Move perror closer to its use (bsc#1206232). - selftests: forwarding: lib: quote the sysctl values (git-fixes). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). - serial: 8250_em: Fix UART port type (git-fixes). - serial: 8250_fsl: fix handle_irq locking (git-fixes). - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). - serial: qcom-geni: fix console shutdown hang (git-fixes). - serial: sc16is7xx: setup GPIO controller later in probe (git-fixes). - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). - signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes). - signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). - signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes). - signal: Implement force_fatal_sig (git-fixes). - smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). - soundwire: cadence: Do not overflow the command FIFOs (git-fixes). - spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). - spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). - spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes). - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes). - spi: tegra210-quad: Fix validate combined sequence (git-fixes). - staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes). - staging: mt7621-dts: change palmbus address to lower case (git-fixes). - struct uvc_device move flush_status new member to end (git-fixes). - sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes). - sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes). - sunrpc: Fix socket waits for write buffer space (git-fixes). - sunrpc: Return true/false (not 1/0) from bool functions (git-fixes). - supported.conf: Remove duplicate entry. - sysctl: add a new register_sysctl_init() interface (bsc#1207328). - thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). - thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes). - thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). - thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). - thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes). - thermal: intel: Fix unsigned comparison with less than zero (git-fixes). - thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes). - thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes). - thermal: intel: quark_dts: fix error pointer dereference (git-fixes). - tools/iio/iio_utils:fix memory leak (git-fixes). - tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes). - trace_events_hist: add check for return value of 'create_hist_field' (git-fixes). - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). - tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes). - tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes). - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes). - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes). - tty: serial: imx: Handle RS485 DE signal active high (git-fixes). - tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes). - tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes). - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). - update internal module version number for cifs.ko (bsc#1193629). - update suse/hid-bigben_probe-validate-report-count (bsc#1208605). - usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - usb: dwc3: core: Host wake up support from system suspend (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). - usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). - usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes). - usb: dwc3: qcom: clean up icc init (git-fixes). - usb: dwc3: qcom: clean up suspend callbacks (git-fixes). - usb: dwc3: qcom: fix gadget-only builds (git-fixes). - usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). - usb: dwc3: qcom: fix wakeup implementation (git-fixes). - usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). - usb: dwc3: qcom: suppress unused-variable warning (git-fixes). - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - usb: ene_usb6250: Allocate enough memory for full object (git-fixes). - usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes). - usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes). - usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes). - usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes). - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes). - usb: max-3421: Fix setting of I/O pins (git-fixes). - usb: musb: Add and use inline function musb_otg_state_string (git-fixes). - usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). - usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). - usb: musb: remove schedule work called after flush (git-fixes). - usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes). - usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). - usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes). - usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes). - usb: uvc: Enumerate valid values for color matching (git-fixes). - vc_screen: do not clobber return value in vcs_read (git-fixes). - vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). - vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). - vfio/type1: prevent underflow of locked_vm via exec() (git-fixes). - vfio/type1: restore locked_vm (git-fixes). - vfio/type1: track locked_vm per dma (git-fixes). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). - vfs: filename_create(): fix incorrect intent (bsc#1197534). - virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). - virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). - virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). - virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). - virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). - vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617). - watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration. - watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). - wifi: ath11k: allow system suspend to survive ath11k (git-fixes). - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes). - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes). - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). - wifi: ath9k: use proper statements in conditionals (git-fixes). - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes). - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes). - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes). - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). - wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). - wifi: cfg80211: Fix use after free for wext (git-fixes). - wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes). - wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). - wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes). - wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes). - wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). - wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). - wifi: mt7601u: fix an integer underflow (git-fixes). - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes). - wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes). - wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). - wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). - wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes). - wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes). - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). - wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). - wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - writeback: avoid use-after-free after removing device (bsc#1207638). - x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes). - x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). - x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848). - x86/asm: Fix an assembler warning with current binutils (git-fixes). - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). - x86/cpu: Add CPU model numbers for Meteor Lake (git fixes). - x86/cpu: Add Raptor Lake to Intel family (git fixes). - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes). - x86/cpu: Add new Raptor Lake CPU model number (git fixes). - x86/cpu: Add several Intel server CPU model numbers (git fixes). - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes). - x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes). - x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). - x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes). - x86/perf/zhaoxin: Add stepping check for ZXC (git fixes). - x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes). - x86/perf: Default set FREEZE_ON_SMI for all (git fixes). - x86/sgx: Fix free page accounting (git-fixes). - x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). - x86: acpi: cstate: Optimize C3 entry on AMD CPUs (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xen-netfront: Fix NULL sring after live migration (git-fixes). - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). - xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) - xen/netback: do some code cleanup (git-fixes). - xen/netback: fix build warning (git-fixes). - xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes). - xen/platform-pci: add missing free_irq() in error path (git-fixes). - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes). - xfs: estimate post-merge refcounts correctly (bsc#1208183). - xfs: hoist refcount record merge predicates (bsc#1208183). Important SUSE bug 1166486 SUSE bug 1177529 SUSE bug 1193629 SUSE bug 1197534 SUSE bug 1197617 SUSE bug 1198438 SUSE bug 1202353 SUSE bug 1202633 SUSE bug 1203200 SUSE bug 1203331 SUSE bug 1203332 SUSE bug 1204363 SUSE bug 1204993 SUSE bug 1205544 SUSE bug 1205846 SUSE bug 1206103 SUSE bug 1206224 SUSE bug 1206232 SUSE bug 1206459 SUSE bug 1206492 SUSE bug 1206493 SUSE bug 1206640 SUSE bug 1206824 SUSE bug 1206876 SUSE bug 1206877 SUSE bug 1206878 SUSE bug 1206880 SUSE bug 1206881 SUSE bug 1206882 SUSE bug 1206883 SUSE bug 1206884 SUSE bug 1206885 SUSE bug 1206886 SUSE bug 1206889 SUSE bug 1206894 SUSE bug 1206935 SUSE bug 1207051 SUSE bug 1207270 SUSE bug 1207328 SUSE bug 1207529 SUSE bug 1207560 SUSE bug 1207588 SUSE bug 1207589 SUSE bug 1207590 SUSE bug 1207591 SUSE bug 1207592 SUSE bug 1207593 SUSE bug 1207594 SUSE bug 1207603 SUSE bug 1207605 SUSE bug 1207606 SUSE bug 1207607 SUSE bug 1207608 SUSE bug 1207609 SUSE bug 1207610 SUSE bug 1207613 SUSE bug 1207615 SUSE bug 1207617 SUSE bug 1207618 SUSE bug 1207619 SUSE bug 1207620 SUSE bug 1207621 SUSE bug 1207623 SUSE bug 1207624 SUSE bug 1207625 SUSE bug 1207626 SUSE bug 1207628 SUSE bug 1207630 SUSE bug 1207631 SUSE bug 1207632 SUSE bug 1207634 SUSE bug 1207635 SUSE bug 1207636 SUSE bug 1207638 SUSE bug 1207639 SUSE bug 1207641 SUSE bug 1207642 SUSE bug 1207643 SUSE bug 1207644 SUSE bug 1207645 SUSE bug 1207646 SUSE bug 1207647 SUSE bug 1207648 SUSE bug 1207651 SUSE bug 1207653 SUSE bug 1207770 SUSE bug 1207773 SUSE bug 1207845 SUSE bug 1207875 SUSE bug 1208149 SUSE bug 1208153 SUSE bug 1208179 SUSE bug 1208183 SUSE bug 1208212 SUSE bug 1208290 SUSE bug 1208420 SUSE bug 1208428 SUSE bug 1208429 SUSE bug 1208449 SUSE bug 1208534 SUSE bug 1208541 SUSE bug 1208570 SUSE bug 1208598 SUSE bug 1208599 SUSE bug 1208601 SUSE bug 1208603 SUSE bug 1208605 SUSE bug 1208607 SUSE bug 1208628 SUSE bug 1208700 SUSE bug 1208741 SUSE bug 1208759 SUSE bug 1208776 SUSE bug 1208777 SUSE bug 1208784 SUSE bug 1208787 SUSE bug 1208816 SUSE bug 1208837 SUSE bug 1208843 SUSE bug 1208848 SUSE bug 1209008 SUSE bug 1209159 SUSE bug 1209188 SUSE bug 1209256 SUSE bug 1209258 SUSE bug 1209262 SUSE bug 1209291 SUSE bug 1209436 SUSE bug 1209457 SUSE bug 1209504 CVE-2022-3523 CVE-2022-36280 CVE-2022-38096 CVE-2023-0045 CVE-2023-0461 CVE-2023-0597 CVE-2023-1075 CVE-2023-1076 CVE-2023-1078 CVE-2023-1095 CVE-2023-1118 CVE-2023-22995 CVE-2023-22998 CVE-2023-23000 CVE-2023-23004 CVE-2023-23559 CVE-2023-25012 CVE-2023-26545 CVE-2023-28328 cpe:/o:opensuse:leap:15.4 Security update for flatpak (Important) openSUSE Leap 15.4 This update for flatpak fixes the following issues: - CVE-2023-28101: Fixed misleading terminal output with metadata with ANSI control codes (bsc#1209410). - CVE-2023-28100: Fixed unsandboxed TIOCLINUX commands (bsc#1209411). Update to version 1.12.8: - Update the SELinux module to explicitly permit the system helper have read access to /etc/passwd and systemd-userdbd, read and lock access to /var/lib/flatpak, and watch files inside $libexecdir - If an app update is blocked by parental controls policies, clean up the temporary deploy directory - Fix Autotools build with versions of gpgme that no longer provide gpgme-config(1) - Remove some unreachable code - Add missing handling for some D-Bus errors Update to version 1.12.7: - We now allow networked access to X11 and PulseAudio services if that is configured, and the application has network access. - Absolute paths in WAYLAND_DISPLAY now work - Allow apps that were built with Flatpak 1.13.x to export AppStream metadata in share/metainfo - Most commands now work if /var/lib/flatpak exists but Important SUSE bug 1209410 SUSE bug 1209411 CVE-2023-28100 CVE-2023-28101 cpe:/o:opensuse:leap:15.4 Security update for xwayland (Important) openSUSE Leap 15.4 This update for xwayland fixes the following issues: - CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543). Important SUSE bug 1209543 CVE-2023-1393 cpe:/o:opensuse:leap:15.4 Security update for grub2 (Moderate) openSUSE Leap 15.4 This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:opensuse:leap:15.4 Security update for glibc (Moderate) openSUSE Leap 15.4 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) Moderate SUSE bug 1207571 SUSE bug 1207957 SUSE bug 1207975 SUSE bug 1208358 CVE-2023-0687 cpe:/o:opensuse:leap:15.4 Security update for ffmpeg-4 (Moderate) openSUSE Leap 15.4 This update for ffmpeg-4 fixes the following issues: - CVE-2022-3341: Fixed a potential crash when processing a crafted NUT stream (bsc#1206778). Moderate SUSE bug 1206778 CVE-2022-3341 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Moderate) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. (bsc#1209141) Moderate SUSE bug 1209141 CVE-2023-1289 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: MFSA 2023-12 (bsc#1209953): - CVE-2023-28427: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (bmo#1822595) MFSA 2023-11 (bsc#1209173): - CVE-2023-25751: Incorrect code generation during JIT compilation (bmo#1814899). - CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (bmo#1809122). - CVE-2023-28162: Invalid downcast in Worklets (bmo#1811327). - CVE-2023-25752: Potential out-of-bounds when accessing throttled streams (bmo#1811627). - CVE-2023-28163: Windows Save As dialog resolved environment variables (bmo#1817768) - CVE-2023-28176: Memory safety bugs fixed in Thunderbird 102.9 (bmo#1808352, bmo#1811637, bmo#1815904, bmo#1817442, bmo#1818674). Mozilla Thunderbird 102.9: - fixed: Notification about a sender's changed OpenPGP key was not immediately visible (bmo#1814003) - fixed: TLS Certificate Override dialog did not appear when retrieving messages via IMAP using 'Get Messages' context menu (bmo#1816596) - fixed: Spellcheck dictionaries were missing from localized Thunderbird builds that should have included them (bmo#1818257) - fixed: Tooltips for 'Show/Hide' calendar toggle did not display (bmo#1809557) - fixed: Various security fixes Mozilla Thunderbird 102.9.1: - fixed: Thunderbird was unable to open file URLs from command line (URLs beginning with 'file://') (bmo#1816343) - fixed: Source strings for localized builds not uploaded to FTP as expected (bmo#1817086) - fixed: Visual and theme improvements (bmo#1821358, bmo#1822286) - fixed: Security fixes Important SUSE bug 1209173 SUSE bug 1209953 CVE-2023-25751 CVE-2023-25752 CVE-2023-28162 CVE-2023-28163 CVE-2023-28164 CVE-2023-28176 CVE-2023-28427 cpe:/o:opensuse:leap:15.4 Security update for pgadmin4 (Moderate) openSUSE Leap 15.4 This update for pgadmin4 fixes the following issues: - CVE-2023-22298: Fixed an open redirect vulnerability (bsc#1207238). Moderate SUSE bug 1207238 CVE-2023-22298 cpe:/o:opensuse:leap:15.4 Security update for glib2 (Low) openSUSE Leap 15.4 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). Low SUSE bug 1183533 CVE-2021-28153 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_1 (Moderate) openSUSE Leap 15.4 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). Moderate SUSE bug 1209624 CVE-2023-0464 cpe:/o:opensuse:leap:15.4 Security update for openssl-3 (Moderate) openSUSE Leap 15.4 This update for openssl-3 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). Moderate SUSE bug 1209624 CVE-2023-0464 cpe:/o:opensuse:leap:15.4 Security update for terraform-provider-helm (Moderate) openSUSE Leap 15.4 This update for terraform-provider-helm fixes the following issues: Updated terraform-provider-helm to version 2.9.0: - CVE-2023-25165: Fixed getHostByName Function Information Disclosure in helm embedded in the package (bsc#1208086). Moderate SUSE bug 1208086 CVE-2023-25165 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Moderate) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. (bsc#1209141) Moderate SUSE bug 1209141 CVE-2023-1289 cpe:/o:opensuse:leap:15.4 Security update for drbd (Moderate) openSUSE Leap 15.4 This update of drbd fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:opensuse:leap:15.4 Security update for dpdk (Moderate) openSUSE Leap 15.4 This update of dpdk fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:opensuse:leap:15.4 Security update for oracleasm (Moderate) openSUSE Leap 15.4 This update of oracleasm fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:opensuse:leap:15.4 Security update for wireshark (Moderate) openSUSE Leap 15.4 This update for wireshark fixes the following issues: - CVE-2023-1161: Fixed crash in ISO 15765 and ISO 10681 dissector (bsc#1208914). Update to 3.6.12: * https://www.wireshark.org/docs/relnotes/wireshark-3.6.12.html Moderate SUSE bug 1208914 CVE-2023-1161 cpe:/o:opensuse:leap:15.4 Security update for libheif (Moderate) openSUSE Leap 15.4 This update for libheif fixes the following issues: - CVE-2023-0996: Fixed a buffer overflow in heif_js_decode_image (bsc#1208640). Moderate CVE-2023-0996 cpe:/o:opensuse:leap:15.4 Security update for skopeo (Moderate) openSUSE Leap 15.4 This update for skopeo fixes the following issue: - rebuild against the current go1.19 version to make sure bugs and security issues are fixed. Moderate cpe:/o:opensuse:leap:15.4 Security update for tomcat (Important) openSUSE Leap 15.4 This update for tomcat fixes the following issues: - CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622). - CVE-2023-24998: Fixed FileUpload deny-of-service with excessive parts (bsc#1208513). Important SUSE bug 1208513 SUSE bug 1209622 CVE-2023-24998 CVE-2023-28708 cpe:/o:opensuse:leap:15.4 Security update for liblouis (Important) openSUSE Leap 15.4 This update for liblouis fixes the following issues: - CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function (bsc#1209429). - CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function (bsc#1209432). Important SUSE bug 1209429 SUSE bug 1209432 CVE-2023-26767 CVE-2023-26769 cpe:/o:opensuse:leap:15.4 Security update for liblouis (Important) openSUSE Leap 15.4 This update for liblouis fixes the following issues: - CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function (bsc#1209429). - CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function (bsc#1209432). Important SUSE bug 1209429 SUSE bug 1209432 CVE-2023-26767 CVE-2023-26769 cpe:/o:opensuse:leap:15.4 Security update for liblouis (Important) openSUSE Leap 15.4 This update for liblouis fixes the following issues: - CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function (bsc#1209429). - CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function (bsc#1209432). Important SUSE bug 1209429 SUSE bug 1209432 CVE-2023-26767 CVE-2023-26769 cpe:/o:opensuse:leap:15.4 Security update for libgit2 (Moderate) openSUSE Leap 15.4 This update for libgit2 fixes the following issues: - CVE-2023-22742: Verify ssh remote host keys (bsc#1207364) Moderate SUSE bug 1207364 CVE-2023-22742 cpe:/o:opensuse:leap:15.4 Security update for go1.20 (Important) openSUSE Leap 15.4 This update for go1.20 fixes the following issues: Update to version 1.20.3: * CVE-2023-24534: security: net/http, net/textproto: denial of service from excessive memory allocation (bsc#1210127) * CVE-2023-24536: security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (bsc#1210128) * CVE-2023-24537: security: go/parser: infinite loop in parsing (bsc#1210129) * CVE-2023-24538: security: html/template: backticks not treated as string delimiters (bsc#1210130) * x/text: building as a plugin failure on darwin/arm64 * cmd/go: timeout on darwin-amd64-race builder * internal/testpty: fails on some Linux machines due to incorrect error handling * cmd/link: Incorrect symbol linked in darwin/arm64 * cmd/link: linker fails on linux/amd64 when gcc's lto options are used * cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation * time: time zone lookup using extend string makes wrong start time for non-DST zones * runtime: crash on linux-ppc64le * cmd/compile: crypto/elliptic build error under -linkshared mode * cmd/compile: unsafe.SliceData incoherent resuilt with nil argument Important SUSE bug 1206346 SUSE bug 1210127 SUSE bug 1210128 SUSE bug 1210129 SUSE bug 1210130 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 cpe:/o:opensuse:leap:15.4 Security update for go1.19 (Important) openSUSE Leap 15.4 This update for go1.19 fixes the following issues: Update to 1.19.8 * CVE-2023-24534: security: net/http, net/textproto: denial of service from excessive memory allocation (bsc#1210127) * CVE-2023-24536: security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (bsc#1210128) * CVE-2023-24537: security: go/parser: infinite loop in parsing (bsc#1210129) * CVE-2023-24538: security: html/template: backticks not treated as string delimiters (bsc#1210130) * cmd/go: timeout on darwin-amd64-race builder * runtime/pprof: TestLabelSystemstack due to sample with no location * internal/testpty: fails on some Linux machines due to incorrect error handling * cmd/link: linker fails on linux/amd64 when gcc's lto options are used * cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation * time: time zone lookup using extend string makes wrong start time for non-DST zones * runtime: crash on linux-ppc64le Important SUSE bug 1200441 SUSE bug 1210127 SUSE bug 1210128 SUSE bug 1210129 SUSE bug 1210130 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 cpe:/o:opensuse:leap:15.4 Security update for openvswitch (Moderate) openSUSE Leap 15.4 This update for openvswitch fixes the following issues: - CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524). - CVE-2022-32166: Fixed a out of bounds read in minimask_equal() (bsc#1203865). Moderate SUSE bug 1188524 SUSE bug 1203865 CVE-2021-36980 CVE-2022-32166 cpe:/o:opensuse:leap:15.4 Security update for conmon (Moderate) openSUSE Leap 15.4 This update for conmon fixes the following issues: - rebuild against supported go 1.19 (bsc#1209307) - no functional changes. Moderate SUSE bug 1209307 cpe:/o:opensuse:leap:15.4 Security update for ghostscript (Important) openSUSE Leap 15.4 This update for ghostscript fixes the following issues: - CVE-2023-28879: Fixed buffer Overflow in s_xBCPE_process (bsc#1210062). Important SUSE bug 1210062 CVE-2023-28879 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0394: Fixed NULL pointer dereference that could lead to a system crash in rawv6_push_pending_frames in net/ipv6/raw.c (bsc#1207168). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Fix error path in pci-hyperv to unlock the mutex state_lock - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - KVM: x86: fix sending PV IPI (git-fixes). - Makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - Revert 'Makefile: link with -z noexecstack --no-warn-rwx-segments' (bsc#1209798) - Revert 'PCI: hv: Fix a timing issue which causes kdump to fail occasionally' (bsc#1207185). - Revert 'Revert 'Makefile: link with -z noexecstack --no-warn-rwx-segments' (bsc#1209798)' - Revert 'Revert 'x86: link vdso and boot with -z noexecstack' (bsc#1209798) - Revert 'x86: link vdso and boot with -z noexecstack' (bsc#1209798) - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - regulator: Handle deferred clk (git-fixes). - remove 'PCI: hv: Use async probing to reduce boot time' (bsc#1207185). - rpm/config.sh: Disable DT build. This setting has been ignored for non-default variants so far. - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). Important SUSE bug 1065729 SUSE bug 1109158 SUSE bug 1189998 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1198400 SUSE bug 1203200 SUSE bug 1206552 SUSE bug 1207168 SUSE bug 1207185 SUSE bug 1207574 SUSE bug 1208602 SUSE bug 1208815 SUSE bug 1208902 SUSE bug 1209052 SUSE bug 1209118 SUSE bug 1209256 SUSE bug 1209290 SUSE bug 1209292 SUSE bug 1209366 SUSE bug 1209532 SUSE bug 1209547 SUSE bug 1209556 SUSE bug 1209600 SUSE bug 1209634 SUSE bug 1209635 SUSE bug 1209636 SUSE bug 1209681 SUSE bug 1209684 SUSE bug 1209779 SUSE bug 1209788 SUSE bug 1209798 SUSE bug 1209799 SUSE bug 1209804 SUSE bug 1209805 SUSE bug 1210050 CVE-2017-5753 CVE-2022-4744 CVE-2023-0394 CVE-2023-1281 CVE-2023-1513 CVE-2023-1582 CVE-2023-1637 CVE-2023-1652 CVE-2023-28327 CVE-2023-28464 CVE-2023-28466 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - PCI: hv: Add a per-bus mutex state_lock (bsc#1209785). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785). - Revert 'PCI: hv: Fix a timing issue which causes kdump to fail occasionally' (bsc#1209785). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). - net: ena: optimize data access in fast-path code (bsc#1208137). Important SUSE bug 1207168 SUSE bug 1207560 SUSE bug 1208137 SUSE bug 1208179 SUSE bug 1208598 SUSE bug 1208599 SUSE bug 1208601 SUSE bug 1208777 SUSE bug 1208787 SUSE bug 1208843 SUSE bug 1209008 SUSE bug 1209052 SUSE bug 1209256 SUSE bug 1209288 SUSE bug 1209289 SUSE bug 1209290 SUSE bug 1209291 SUSE bug 1209366 SUSE bug 1209532 SUSE bug 1209547 SUSE bug 1209549 SUSE bug 1209634 SUSE bug 1209635 SUSE bug 1209636 SUSE bug 1209672 SUSE bug 1209683 SUSE bug 1209778 SUSE bug 1209785 CVE-2017-5753 CVE-2021-3923 CVE-2022-4744 CVE-2023-0394 CVE-2023-0461 CVE-2023-1075 CVE-2023-1076 CVE-2023-1078 CVE-2023-1095 CVE-2023-1281 CVE-2023-1382 CVE-2023-1390 CVE-2023-1513 CVE-2023-1582 CVE-2023-23004 CVE-2023-25012 CVE-2023-28327 CVE-2023-28328 CVE-2023-28464 CVE-2023-28466 CVE-2023-28772 cpe:/o:opensuse:leap:15.4 Security update for podman (Important) openSUSE Leap 15.4 This update for podman fixes the following issues: Update to version 4.4.4: * libpod: always use direct mapping * macos pkginstaller: do not fail when podman-mac-helper fails * podman-mac-helper: install: do not error if already installed - podman.spec: Bump required version for libcontainers-common (bsc#1209495) Update to version 4.4.3: * compat: /auth: parse server address correctly * vendor github.com/containers/common@v0.51.1 * pkginstaller: bump Qemu to version 7.2.0 * podman machine: Adjust Chrony makestep config * [v4.4] fix --health-on-failure=restart in transient unit * podman logs passthrough driver support --cgroups=split * journald logs: simplify entry parsing * podman logs: read journald with passthrough * journald: remove initializeJournal() * netavark: only use aardvark ip as nameserver * compat API: network create return 409 for duplicate * fix 'podman logs --since --follow' flake * system service --log-level=trace: support hijack * podman-mac-helper: exit 1 on error * bump golang.org/x/net to v0.8.0 * Fix package restore * Quadlet - use the default runtime Update to version 4.4.2: * Revert 'CI: Temporarily disable all AWS EC2-based tasks' * kube play: only enforce passthrough in Quadlet * Emergency fix for man pages: check for broken includes * CI: Temporarily disable all AWS EC2-based tasks * quadlet system tests: add useful defaults, logging * volume,container: chroot to source before exporting content * install sigproxy before start/attach * Update to c/image 5.24.1 * events + container inspect test: RHEL fixes - podman.spec: add `crun` requirement for quadlet - podman.spec: set PREFIX at build stage (bsc#1208510) - CVE-2023-0778: Fixed symlink exchange attack in podman export volume (bsc#1208364) Update to version 4.4.1: * kube play: do not teardown unconditionally on error * Resolve symlink path for qemu directory if possible * events: document journald identifiers * Quadlet: exit 0 when there are no files to process * Cleanup podman-systemd.unit file * Install podman-systemd.unit man page, make quadlet discoverable * Add missing return after errors * oci: bind mount /sys with --userns=(auto|pod:) * docs: specify order preference for FROM * Cirrus: Fix & remove GraphQL API tests * test: adapt test to work on cgroupv1 * make hack/markdown-preprocess parallel-safe * Fix default handling of pids-limit * system tests: fix volume exec/noexec test Update to version 4.4.0: * Emergency fix for RHEL8 gating tests * Do not mount /dev/tty into rootless containers * Fixes port collision issue on use of --publish-all * Fix usage of absolute windows paths with --image-path * fix #17244: use /etc/timezone where `timedatectl` is missing on Linux * podman-events: document verbose create events * Making gvproxy.exe optional for building Windows installer * Add gvproxy to Windows packages * Match VT device paths to be blocked from mounting exactly * Clean up more language for inclusiveness * Set runAsNonRoot=true in gen kube * quadlet: Add device support for .volume files * fix: running check error when podman is default in wsl * fix: don't output 'ago' when container is currently up and running * journald: podman logs only show logs for current user * journald: podman events only show events for current user * Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml) * DB: make loading container states optional * ps: do not sync container * Allow --device-cgroup-rule to be passed in by docker API * Create release notes for v4.4.0 * Cirrus: Update operating branch * fix APIv2 python attach test flake * ps: query health check in batch mode * make example volume import, not import volume * Correct output when inspecting containers created with --ipc * Vendor containers/(storage, image, common, buildah) * Get correct username in pod when using --userns=keep-id * ps: get network data in batch mode * build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 * add hack/perf for comparing two container engines * systems: retrofit dns options test to honor other search domains * ps: do not create copy of container config * libpod: set search domain independently of nameservers * libpod,netavark: correctly populate /etc/resolv.conf with custom dns server * podman: relay custom DNS servers to network stack * (fix) mount_program is in storage.options.overlay * Change example target to default in doc * network create: do not allow `default` as name * kube-play: add support for HostPID in podSpec * build(deps): bump github.com/docker/docker * Let's see if #14653 is fixed or not * Add support for podman build --group-add * vendor in latests containers/(storage, common, build, image) * unskip network update test * do not install swagger by default * pasta: skip 'Local forwarder, IPv4' test * add testbindings Makefile target * update CI images to include pasta * [CI:DOCS] Add CNI deprecation notices to documentation * Cirrus: preserve podman-server logs * waitPidStop: reduce sleep time to 10ms * StopContainer: return if cleanup process changed state * StopSignal: add a comment * StopContainer: small refactor * waitPidStop: simplify code * e2e tests: reenable long-skipped build test * Add openssh-clients to podmanimage * Reworks Windows smoke test to tunnel through interactive session. * fix bud-multiple-platform-with-base-as-default-arg flake * Remove ReservedAnnotations from kube generate specification * e2e: update test/README.md * e2e: use isRootless() instead of rootless.IsRootless() * Cleanup documentation on --userns=auto * Vendor in latest c/common * sig-proxy system test: bump timeout * build(deps): bump github.com/containernetworking/plugins * rootless: rename auth-scripts to preexec-hooks * Docs: version-check updates * commit: use libimage code to parse changes * [CI:DOCS] Remove experimental mac tutorial * man: Document the interaction between --systemd and --privileged * Make rootless privileged containers share the same tty devices as rootfull ones * container kill: handle stopped/exited container * Vendor in latest containers/(image,ocicrypt) * add a comment to container removal * Vendor in latest containers/storage * Cirrus: Run machine tests on PR merge * fix flake in kube system test * kube play: complete container spec * E2E Tests: Use inspect instead of actual data to avoid UDP flake * Use containers/storage/pkg/regexp in place of regexp * Vendor in latest containers/storage * Cirrus: Support using updated/latest NV/AV in PRs * Limit replica count to 1 when deploying from kubernetes YAML * Set StoppedByUser earlier in the process of stopping * podman-play system test: refactor * network: add support for podman network update and --network-dns-server * service container: less verbose error logs * Quadlet Kube - add support for PublishPort key * e2e: fix systemd_activate_test * Compile regex on demand not in init * [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns. * E2E Test: Play Kube set deadline to connection to avoid hangs * Only prevent VTs to be mounted inside privileged systemd containers * e2e: fix play_kube_test * Updated error message for supported VolumeSource types * Introduce pkg retry logic in win installer task * logformatter: include base SHA, with history link * Network tests: ping redhat.com, not podman.io * cobra: move engine shutdown to Execute * Updated options for QEMU on Windows hosts * Update Mac installer to use gvproxy v0.5.0 * podman: podman rm -f doesn't leave processes * oci: check for valid PID before kill(pid, 0) * linux: add /sys/fs/cgroup if /sys is a bind mount * Quadlet: Add support for ConfigMap key in Kube section * remove service container _after_ pods * Kube Play - allow setting and overriding published host ports * oci: terminate all container processes on cleanup * Update win-sshproxy to 0.5.0 gvisor tag * Vendor in latest containers/common * Fix a potential defer logic error around locking * logformatter: nicer formatting for bats failures * logformatter: refactor verbose line-print * e2e tests: stop using UBI images * k8s-file: podman logs --until --follow exit after time * journald: podman logs --until --follow exit after time * journald: seek to time when --since is used * podman logs: journald fix --since and --follow * Preprocess files in UTF-8 mode * Vendor in latest containers/(common, image, storage) * Switch to C based msi hooks for win installer * hack/bats: improve usage message * hack/bats: add --remote option * hack/bats: fix root/rootless logic * Describe copy volume options * Support sig-proxy for podman-remote attach and start * libpod: fix race condition rm'ing stopping containers * e2e: fix run_volume_test * Add support for Windows ARM64 * Add shared --compress to man pages * Add container error message to ContainerState * Man page checker: require canonical name in SEE ALSO * system df: improve json output code * kube play: fix the error logic with --quiet * System tests: quadlet network test * Fix: List container with volume filter * adding -dryrun flag * Quadlet Container: Add support for EnvironmentFile and EnvironmentHost * Kube Play: use passthrough as the default log-driver if service-container is set * System tests: add missing cleanup * System tests: fix unquoted question marks * Build and use a newer systemd image * Quadlet Network - Fix the name of the required network service * System Test Quadlet - Volume dependency test did not test the dependency * fix `podman system connection - tcp` flake * vendor: bump c/storage to a747b27 * Fix instructions about setting storage driver on command-line * Test README - point users to hack/bats * System test: quadlet kube basic test * Fixed `podman update --pids-limit` * podman-remote,bindings: trim context path correctly when its emptydir * Quadlet Doc: Add section for .kube files * e2e: fix containers_conf_test * Allow '/' to prefix container names to match Docker * Remove references to qcow2 * Fix typos in man page regarding transient storage mode. * make: Use PYTHON var for .install.pre-commit * Add containers.conf read-only flag support * Explain that relabeling/chowning of volumes can take along time * events: support 'die' filter * infra/abi: refactor ContainerRm * When in transient store mode, use rundir for bundlepath * quadlet: Support Type=oneshot container files * hacks/bats: keep QUADLET env var in test env * New system tests for conflicting options * Vendor in latest containers/(buildah, image, common) * Output Size and Reclaimable in human form for json output * podman service: close duplicated /dev/null fd * ginkgo tests: apply ginkgolinter fixes * Add support for hostPath and configMap subpath usage * export: use io.Writer instead of file * rootless: always create userns with euid != 0 * rootless: inhibit copy mapping for euid != 0 * pkg/domain/infra/abi: introduce `type containerWrapper` * vendor: bump to buildah ca578b290144 and use new cache API * quadlet: Handle booleans that have defaults better * quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault * Add podman-clean-transient.service service * Stop recording annotations set to false * Unify --noheading and -n to be consistent on all commands * pkg/domain/infra/abi: add `getContainers` * Update vendor of containters/(common, image) * specfile: Drop user-add depedency from quadlet subpackage. * quadlet: Default BINDIR to /usr/bin if tag not specified * Quadlet: add network support * Add comment for jsonMarshal command * Always allow pushing from containers-storage * libpod: move NetNS into state db instead of extra bucket * Add initial system tests for quadlets * quadlet: Add --user option * libpod: remove CNI word were no longer applicable * libpod: fix header length in http attach with logs * podman-kube@ template: use `podman kube` * build(deps): bump github.com/docker/docker * wait: add --ignore option * qudlet: Respect $PODMAN env var for podman binary * e2e: Add assert-key-is-regex check to quadlet e2e testsuite * e2e: Add some assert to quadlet test to make sure testcases are sane * remove unmapped ports from inspect port bindings * update podman-network-create for clarity * Vendor in latest containers/common with default capabilities * pkg/rootless: Change error text ... * rootless: add cli validator * rootless: define LIBEXECPODMAN * doc: fix documentation for idmapped mounts * bump golangci-lint to v1.50.1 * build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 * [CI:DOCS] podman-mount: s/umount/unmount/ * create/pull --help: list pull policies * Network Create: Add --ignore flag to support idempotent script * Make qemu security model none * libpod: use OCI idmappings for mounts * stop reporting errors removing containers that don't exist * test: added test from wait endpoint with to long label * quadlet: Default VolatileTmp to off * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11 * docs/options/ipc: fix list syntax * Docs: Add dedicated DOWNLOAD doc w/ links to bins * Make a consistently-named windows installer * checkpoint restore: fix --ignore-static-ip/mac * add support for subpath in play kube for named volumes * build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0 * golangci-lint: remove three deprecated linters * parse-localbenchmarks: separate standard deviation * build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 * podman play kube support container startup probe * Add podman buildx version support * Cirrus: Collect benchmarks on machine instances * Cirrus: Remove escape codes from log files * [CI:DOCS] Clarify secret target behavior * Fix typo on network docs * podman-remote build add --volume support * remote: allow --http-proxy for remote clients * Cleanup kube play workloads if error happens * health check: ignore dependencies of transient systemd units/timers * fix: event read from syslog * Fixes secret (un)marshaling for kube play. * Remove 'you' from man pages * build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools * [CI:DOCS] test/README.md: run tests with podman-remote * e2e: keeps the http_proxy value * Makefile: Add podman-mac-helper to darwin client zip * test/e2e: enable 'podman run with ipam none driver' for nv * [skip-ci] GHA/Cirrus-cron: Fix execution order * kube sdnotify: run proxies for the lifespan of the service * Update containers common package * podman manpage: Use man-page links instead of file names * e2e: fix e2e tests in proxy environment * Fix test * disable healthchecks automatically on non systemd systems * Quadlet Kube: Add support for userns flag * [CI:DOCS] Add warning about --opts,o with mount's -o * Add podman system prune --external * Add some tests for transient store * runtime: In transient_store mode, move bolt_state.db to rundir * runtime: Handle the transient store options * libpod: Move the creation of TmpDir to an earlier time * network create: support '-o parent=XXX' for ipvlan * compat API: allow MacAddress on container config * Quadlet Kube: Add support for relative path for YAML file * notify k8s system test: move sending message into exec * runtime: do not chown idmapped volumes * quadlet: Drop ExecStartPre=rm %t/%N.cid * Quadlet Kube: Set SyslogIdentifier if was not set * Add a FreeBSD cross build to the cirrus alt build task * Add completion for --init-ctr * Fix handling of readonly containers when defined in kube.yaml * Build cross-compilation fixes * libpod: Track healthcheck API changes in healthcheck_unsupported.go * quadlet: Use same default capability set as podman run * quadlet: Drop --pull=never * quadlet: Change default of ReadOnly to no * quadlet: Change RunInit default to no * quadlet: Change NoNewPrivileges default to false * test: podman run with checkpoint image * Enable 'podman run' for checkpoint images * test: Add tests for checkpoint images * CI setup: simplify environment passthrough code * Init containers should not be restarted * Update c/storage after https://github.com/containers/storage/pull/1436 * Set the latest release explicitly * add friendly comment * fix an overriding logic and load config problem * Update the issue templates * Update vendor of containers/(image, buildah) * [CI:DOCS] Skip windows-smoke when not useful * [CI:DOCS] Remove broken gate-container docs * OWNERS: add Jason T. Greene * hack/podmansnoop: print arguments * Improve atomicity of VM state persistence on Windows * [CI:BUILD] copr: enable podman-restart.service on rpm installation * macos: pkg: Use -arm64 suffix instead of -aarch64 * linux: Add -linux suffix to podman-remote-static binaries * linux: Build amd64 and arm64 podman-remote-static binaries * container create: add inspect data to event * Allow manual override of install location * Run codespell on code * Add missing parameters for checkpoint/restore endpoint * Add support for startup healthchecks * Add information on metrics to the `network create` docs * Introduce podman machine os commands * Document that ignoreRootFS depends on export/import * Document ignoreVolumes in checkpoint/restore endpoint * Remove leaveRunning from swagger restore endpoint * libpod: Add checks to avoid nil pointer dereference if network setup fails * Address golangci-lint issues * Documenting Hyper-V QEMU acceleration settings * Kube Play: fix the handling of the optional field of SecretVolumeSource * Update Vendor of containers/(common, image, buildah) * Fix swapped NetInput/-Output stats * libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory * chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template * test/tools: rebuild when files are changed * ginkgo tests: apply ginkgolinter fixes * ginkgo: restructure install work flow * Fix manpage emphasis * specgen: support CDI devices from containers.conf * vendor: update containers/common * pkg/trust: Take the default policy path from c/common/pkg/config * Add validate-in-container target * Adding encryption decryption feature * container restart: clean up healthcheck state * Add support for podman-remote manifest annotate * Quadlet: Add support for .kube files * Update vendor of containers/(buildah, common, storage, image) * specgen: honor user namespace value * [CI:DOCS] Migrate OSX Cross to M1 * quadlet: Rework uid/gid remapping * GHA: Fix cirrus re-run workflow for other repos. * ssh system test: skip until it becomes a test * shell completion: fix hard coded network drivers * libpod: Report network setup errors properly on FreeBSD * E2E Tests: change the registry for the search test to avoid authentication * pkginstaller: install podman-mac-helper by default * Fix language. Mostly spelling a -> an * podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment. * [CI:DOCS] Fix spelling and typos * Modify man page of '--pids-limit' option to correct a default value. * Update docs/source/markdown/podman-remote.1.md * Update pkg/bindings/connection.go * Add more documentation on UID/GID Mappings with --userns=keep-id * support podman-remote to connect tcpURL with proxy * Removing the RawInput from the API output * fix port issues for CONTAINER_HOST * CI: Package versions: run in the 'main' step * build(deps): bump github.com/rootless-containers/rootlesskit * pkg/domain: Make checkExecPreserveFDs platform-specific * e2e tests: fix restart race * Fix podman --noout to suppress all output * remove pod if creation has failed * pkg/rootless: Implement rootless.IsFdInherited on FreeBSD * Fix more podman-logs flakes * healthcheck system tests: try to fix flake * libpod: treat ESRCH from /proc/PID/cgroup as ENOENT * GHA: Configure workflows for reuse * compat,build: handle docker's preconfigured cacheTo,cacheFrom * docs: deprecate pasta network name * utils: Enable cgroup utils for FreeBSD * pkg/specgen: Disable kube play tests on FreeBSD * libpod/lock: Fix build and tests for SHM locks on FreeBSD * podman cp: fix copying with '.' suffix * pkginstaller: bump Qemu to version 7.1.0 * specgen,wasm: switch to crun-wasm wherever applicable * vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1 * libpod: Make unit test for statToPercent Linux only * Update vendor of containers/storage * fix connection usage with containers.conf * Add --quiet and --no-info flags to podman machine start * Add hidden podman manifest inspect -v option * Add podman volume create -d short option for driver * Vendor in latest containers/(common,image,storage) * Add podman system events alias to podman events * Fix search_test to return correct version of alpine * GHA: Fix undefined secret env. var. * Release notes for 4.3.1 * GHA: Fix make_email-body script reference * Add release keys to README * GHA: Fix typo setting output parameter * GHA: Fix typo. * New tool, docs/version-check * Formalize our compare-against-docker mechanism * Add restart-sec for container service files * test/tools: bump module to go 1.17 * contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor * build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools * libpod: Add FreeBSD support in packageVersion * Allow podman manigest push --purge|-p as alias for --rm * [CI:DOCS] Add performance tutorial * [CI:DOCS] Fix build targets in build_osx.md. * fix --format {{json .}} output to match docker * remote: fix manifest add --annotation * Skip test if `--events-backend` is necessary with podman-remote * kube play: update the handling of PersistentVolumeClaim * system tests: fix a system test in proxy environment * Use single unqualified search registry on Windows * test/system: Add, use tcp_port_probe() to check for listeners rather than binds * test/system: Add tests for pasta(1) connectivity * test/system: Move network-related helpers to helpers.network.bash * test/system: Use procfs to find bound ports, with optional address and protocol * test/system: Use port_is_free() from wait_for_port() * libpod: Add pasta networking mode * More log-flake work * Fix test flakes caused by improper podman-logs * fix incorrect systemd booted check * Cirrus: Add tests for GHA scripts * GHA: Update scripts to pass shellcheck * Cirrus: Shellcheck github-action scripts * Cirrus: shellcheck support for github-action scripts * GHA: Fix cirrus-cron scripts * Makefile: don't install to tmpfiles.d on FreeBSD * Make sure we can build and read each line of docker py's api client * Docker compat build api - make sure only one line appears per flush * Run codespell on code * Update vendor of containers/(image, storage, common) * Allow namespace path network option for pods. * Cirrus: Never skip running Windows Cross task * GHA: Auto. re-run failed cirrus-cron builds once * GHA: Migrate inline script to file * GHA: Simplify script reference * test/e2e: do not use apk in builds * remove container/pod id file along with container/pod * Cirrus: Synchronize windows image * Add --insecure,--tls-verify,--verbose flags to podman manifest inspect * runtime: add check for valid pod systemd cgroup * CI: set and verify DESIRED_NETWORK (netavark, cni) * [CI:DOCS] troubleshooting: document keep-id options * Man pages: refactor common options: --security-opt * Cirrus: Guarantee CNI testing w/o nv/av present * Cirrus: temp. disable all Ubuntu testing * Cirrus: Update to F37beta * buildah bud tests: better handling of remote * quadlet: Warn in generator if using short names * Add Windows Smoke Testing * Add podman kube apply command * docs: offer advice on installing test dependencies * Fix documentation on read-only-tmpfs * version bump to 4.4.0-dev * deps: bump go-criu to v6 * Makefile: Add cross build targets for freebsd * pkg/machine: Make this build on FreeBSD/arm64 * pkg/rctl: Remove unused cgo dependency * man pages: assorted underscore fixes * Upgrade GitHub actions packages from v2 to v3 * vendor github.com/godbus/dbus/v5@4b691ce * [CI:DOCS] fix --tmpdir typos * Do not report that /usr/share/containers/storage.conf has been edited. * Eval symlinks on XDG_RUNTIME_DIR * hack/podmansnoop * rootless: support keep-id with one mapping * rootless: add argument to GetConfiguredMappings * Update vendor containers/(common,storage,buildah,image) * Fix deadlock between 'podman ps' and 'container inspect' commands * Add information about where the libpod/boltdb database lives * Consolidate the dependencies for the IsTerminal() API * Ensure that StartAndAttach locks while sending signals * ginkgo testing: fix podman usernamespace join * Test runners: nuke podman from $PATH before tests * volumes: Fix idmap not working for volumes * FIXME: Temporary workaround for ubi8 CI breakage * System tests: teardown: clean up volumes * update api versions on docs.podman.io * system tests: runlabel: use podman-under-test * system tests: podman network create: use random port * sig-proxy test: bump timeout * play kube: Allow the user to import the contents of a tar file into a volume * Clarify the docs on DropCapability * quadlet tests: Disable kmsg logging while testing * quadlet: Support multiple Network= * quadlet: Add support for Network=... * Fix manpage for podman run --network option * quadlet: Add support for AddDevice= * quadlet: Add support for setting seccomp profile * quadlet: Allow multiple elements on each Add/DropCaps line * quadlet: Embed the correct binary name in the generated comment * quadlet: Drop the SocketActivated key * quadlet: Switch log-driver to passthrough * quadlet: Change ReadOnly to default to enabled * quadlet tests: Run the tests even for (exected) failed tests * quadlet tests: Fix handling of stderr checks * Remove unused script file * notifyproxy: fix container watcher * container/pod id file: truncate instead of throwing an error * quadlet: Use the new podman create volume --ignore * Add podman volume create --ignore * logcollector: include aardvark-dns * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 * build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 * docs: generate systemd: point to kube template * docs: kube play: mention restart policy * Fixes: 15858 (podman system reset --force destroy machine) * fix search flake * use cached containers.conf * adding regex support to the ancestor ps filter function * Fix `system df` issues with `-f` and `-v` * markdown-preprocess: cross-reference where opts are used * Default qemu flags for Windows amd64 * build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 * Update main to reflect v4.3.0 release * build(deps): bump github.com/docker/docker * move quadlet packages into pkg/systemd * system df: fix image-size calculations * Add man page for quadlet * Fix small typo * testimage: add iproute2 & socat, for pasta networking * Set up minikube for k8s testing * Makefile: don't install systemd generator binaries on FreeBSD * [CI:BUILD] copr: podman rpm should depend on containers-common-extra * Podman image: Set default_sysctls to empty for rootless containers * Don't use github.com/docker/distribution * libpod: Add support for 'podman top' on FreeBSD * libpod: Factor out jail name construction from stats_freebsd.go * pkg/util: Add pid information descriptors for FreeBSD * Initial quadlet version integrated in golang * bump golangci-lint to v1.49.0 * Update vendor containers/(common,image,storage) * Allow volume mount dups, iff source and dest dirs * rootless: fix return value handling * Change to correct break statements * vendor containers/psgo@v1.8.0 * Clarify that MacOSX docs are client specific * libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit * Add swagger install + allow version updates in CI * Cirrus: Fix windows clone race * build(deps): bump github.com/docker/docker * kill: wait for the container * generate systemd: set --stop-timeout for stopping containers * hack/tree_status.sh: print diff at the end * Fix markdown header typo * markdown-preprocess: add generic include mechanism * markdown-preprocess: almost complete OO rewrite * Update tests for changed error messages * Update c/image after https://github.com/containers/image/pull/1299 * Man pages: refactor common options (misc) * Man pages: Refactor common options: --detach-keys * vendor containers/storage@main * Man pages: refactor common options: --attach * build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 * KillContainer: improve error message * docs: add missing options * Man pages: refactor common options: --annotation (manifest) * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 * system tests: health-on-failure: fix broken logic * build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 * build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 * ContainerEngine.SetupRootless(): Avoid calling container.Config() * Container filters: Avoid use of ctr.Config() * Avoid unnecessary calls to Container.Spec() * Add and use Container.LinuxResource() helper * play kube: notifyproxy: listen before starting the pod * play kube: add support for configmap binaryData * Add and use libpod/Container.Terminal() helper * Revert 'Add checkpoint image tests' * Revert 'cmd/podman: add support for checkpoint images' * healthcheck: fix --on-failure=stop * Man pages: Add mention of behavior due to XDG_CONFIG_HOME * build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 * Avoid unnecessary timeout of 250msec when waiting on container shutdown * health checks: make on-failure action retry aware * libpod: Remove 100msec delay during shutdown * libpod: Add support for 'podman pod' on FreeBSD * libpod: Factor out cgroup validation from (*Runtime).NewPod * libpod: Move runtime_pod_linux.go to runtime_pod_common.go * specgen/generate: Avoid a nil dereference in MakePod * libpod: Factor out cgroups handling from (*Pod).refresh * Adds a link to OSX docs in CONTRIBUTING.md * Man pages: refactor common options: --os-version * Create full path to a directory when DirectoryOrCreate is used with play kube * Return error in podman system service if URI scheme is not unix/tcp * Man pages: refactor common options: --time * man pages: document some --format options: images * Clean up when stopping pods * Update vendor of containers/buildah v1.28.0 * Proof of concept: nightly dependency treadmill - Make the priority for picking the storage driver configurable (bsc#1197093) Important SUSE bug 1197093 SUSE bug 1208364 SUSE bug 1208510 SUSE bug 1209495 CVE-2023-0778 cpe:/o:opensuse:leap:15.4 Security update for amazon-ssm-agent (Moderate) openSUSE Leap 15.4 This update for amazon-ssm-agent fixes the following issue: - rebuilt using go1.19.7 to fix bugs and security issues. Moderate cpe:/o:opensuse:leap:15.4 Security update for containerd (Moderate) openSUSE Leap 15.4 This update for containerd fixes the following issues: Update to containerd v1.6.19: Security fixes: - CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423). - CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426). Moderate SUSE bug 1208423 SUSE bug 1208426 CVE-2023-25153 CVE-2023-25173 cpe:/o:opensuse:leap:15.4 Security update for liblouis (Important) openSUSE Leap 15.4 This update for liblouis fixes the following issues: - CVE-2023-26768: Fixed buffer overflow in lou_logFile() (bsc#1209431). Important SUSE bug 1209431 SUSE bug 1209855 CVE-2023-26768 cpe:/o:opensuse:leap:15.4 Security update for liblouis (Important) openSUSE Leap 15.4 This update for liblouis fixes the following issues: - CVE-2023-26768: Fixed buffer overflow in lou_logFile() (bsc#1209431). Important SUSE bug 1209431 SUSE bug 1209855 CVE-2023-26768 cpe:/o:opensuse:leap:15.4 Security update for cmark (Moderate) openSUSE Leap 15.4 This update for cmark fixes the following issues: - CVE-2023-22486: Fixed quadratic complexity in handle_close_bracket may lead to a denial of service (bsc#1207674). Moderate SUSE bug 1207674 CVE-2023-22486 cpe:/o:opensuse:leap:15.4 Security update for python-crcmod, python-cryptography, python-cryptography-vectors (Moderate) openSUSE Leap 15.4 This update for python-crcmod, python-cryptography, python-cryptography-vectors contains the following fixes: Changes in python-crcmod: - Include in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Include in SLE-15 (bsc#1181995, jsc#ECO-3329, jsc#PM-2475) - Cleanup spec file - Use fdupes - Do not bundle html doc - singlespec auto-conversion - Include in SLE 12 (FATE #316168) - Initial release Changes in python-cryptography: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Refresh patches for new version * Using the Fernet class to symmetrically encrypt multi gigabyte values. (bsc#1182066, CVE-2020-36242) could result in an integer overflow and buffer overflow. - update to 2.9.2 * 2.9.2 - 2020-04-22 - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15. * 2.9.1 - 2020-04-21 - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g. * 2.9 - 2020-04-02 - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. - Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f. - Added support for parsing single_extensions in an OCSP response. - NameAttribute values can now be empty strings. Changes in python-cryptography-vectors: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - update to 2.9.2: * updated vectors for the cryptography 2.9.2 testing Moderate SUSE bug 1177083 SUSE bug 1181995 CVE-2020-36242 cpe:/o:opensuse:leap:15.4 Security update for aws-nitro-enclaves-cli (Moderate) openSUSE Leap 15.4 This update for aws-nitro-enclaves-cli fixes the following issues: Update aws-nitro-enclaves-cli to version 1.2.2~git0.4ccc639: * CVE-2022-31394: Fixed DoS vulnerability in hyper crate (bsc#1208555). Update aws-nitro-enclaves-cli to version 1.2.0~git2.841ef94: * CVE-2022-24713: Fixed ReDoS vulnerability in regex crate (bsc#1196972). Moderate SUSE bug 1196972 SUSE bug 1208555 CVE-2022-24713 CVE-2022-31394 cpe:/o:opensuse:leap:15.4 Security update for php7 (Moderate) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2022-4900: Fixed potential buffer overflow via PHP_CLI_SERVER_WORKERS environment variable. (bsc#1209537) Moderate SUSE bug 1205162 SUSE bug 1208199 SUSE bug 1209537 CVE-2022-4900 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). - CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - PCI: hv: Add a per-bus mutex state_lock (bsc#1208811). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1208811). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1208811). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1208811). - Revert 'PCI: hv: Fix a timing issue which causes kdump to fail occasionally' (bsc#1208811). - cifs: fix double free in dfs mounts (bsc#1209845). - cifs: fix nodfs mount option (bsc#1209845). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845). - cifs: missing null pointer check in cifs_mount (bsc#1209845). - cifs: serialize all mount attempts (bsc#1209845). - cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). Important SUSE bug 1076830 SUSE bug 1192273 SUSE bug 1194535 SUSE bug 1207036 SUSE bug 1207125 SUSE bug 1207168 SUSE bug 1207795 SUSE bug 1208179 SUSE bug 1208599 SUSE bug 1208777 SUSE bug 1208811 SUSE bug 1208850 SUSE bug 1209008 SUSE bug 1209052 SUSE bug 1209256 SUSE bug 1209289 SUSE bug 1209291 SUSE bug 1209532 SUSE bug 1209547 SUSE bug 1209549 SUSE bug 1209634 SUSE bug 1209778 SUSE bug 1209845 SUSE bug 1209887 CVE-2017-5753 CVE-2021-3923 CVE-2021-4203 CVE-2022-20567 CVE-2023-0394 CVE-2023-0590 CVE-2023-1076 CVE-2023-1095 CVE-2023-1281 CVE-2023-1390 CVE-2023-1513 CVE-2023-23454 CVE-2023-23455 CVE-2023-28328 CVE-2023-28464 CVE-2023-28772 cpe:/o:opensuse:leap:15.4 Security update for apache2-mod_auth_openidc (Important) openSUSE Leap 15.4 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied (bsc#1210073). Important SUSE bug 1210073 CVE-2023-28625 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-ibm (Moderate) openSUSE Leap 15.4 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 (bsc#1208480): * Security fixes: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249). - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). * New Features/Enhancements: - Add RSA-PSS signature to IBMJCECCA. * Defect Fixes: - IJ45437 Service, Build, Packaging and Deliver: Getting FIPSRUNTIMEEXCEPTION when calling java code: MESSAGEDIGEST.GETINSTANCE('SHA256', 'IBMJCEFIPS'); in MAC - IJ45272 Class Libraries: Fix security vulnerability CVE-2023-21843 - IJ45280 Class Libraries: Update timezone information to the latest TZDATA2022F - IJ44896 Class Libraries: Update timezone information to the latest TZDATA2022G - IJ45436 Java Virtual Machine: Stack walking code gets into endless loop, hanging the application - IJ44079 Java Virtual Machine: When -DFILE.ENCODING is specified multiple times on the same command line the first option takes precedence instead of the last - IJ44532 JIT Compiler: Java JIT: Crash in DECREFERENCECOUNT() due to a NULL pointer - IJ44596 JIT Compiler: Java JIT: Invalid hard-coding of static final field object properties - IJ44107 JIT Compiler: JIT publishes new object reference to other threads without executing a memory flush - IX90193 ORB: Fix security vulnerability CVE-2023-21830 - IJ44267 Security: 8273553: SSLENGINEIMPL.CLOSEINBOUND also has similar error of JDK-8253368 - IJ45148 Security: code changes for tech preview - IJ44621 Security: Computing Diffie-Hellman secret repeatedly, using IBMJCEPLUS, causes a small memory leak - IJ44172 Security: Disable SHA-1 signed jars for EA - IJ44040 Security: Generating Diffie-Hellman key pairs repeatedly, using IBMJCEPLUS, Causes a small memory leak - IJ45200 Security: IBMJCEPLUS provider, during CHACHA20-POLY1305 crypto operations, incorrectly throws an ILLEGALSTATEEXCEPTION - IJ45182 Security: IBMJCEPLUS provider fails in RSAPSS and ECDSA during signature operations resulting in Java cores - IJ45201 Security: IBMJCEPLUS provider failures (two) with AESGCM algorithm - IJ45202 Security: KEYTOOL NPE if signing certificate does not contain a SUBJECTKEYIDENTIFIER extension - IJ44075 Security: PKCS11KEYSTORE.JAVA - DOESPUBLICKEYMATCHPRIVATEKEY() method uses SHA1XXXX signature algorithms to match private and public keys - IJ45203 Security: RSAPSS multiple names for KEYTYPE - IJ43920 Security: The PKCS12 keystore update and the PBES2 support - IJ40002 XML: Fix security vulnerability CVE-2022-21426 Moderate SUSE bug 1207246 SUSE bug 1207248 SUSE bug 1207249 SUSE bug 1208480 CVE-2022-21426 CVE-2023-21830 CVE-2023-21835 CVE-2023-21843 cpe:/o:opensuse:leap:15.4 Security update for harfbuzz (Important) openSUSE Leap 15.4 This update for harfbuzz fixes the following issues: - CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922). Important SUSE bug 1207922 CVE-2023-25193 cpe:/o:opensuse:leap:15.4 Security update for tomcat (Important) openSUSE Leap 15.4 This update for tomcat fixes the following issues: - CVE-2022-45143: Fixed JsonErrorReportValve injection (bsc#1206840). Important SUSE bug 1206840 CVE-2022-45143 cpe:/o:opensuse:leap:15.4 Security update for liblouis (Important) openSUSE Leap 15.4 This update for liblouis fixes the following issues: - CVE-2023-26768: Fixed buffer overflow in lou_logFile() (bsc#1209431). Important SUSE bug 1209431 SUSE bug 1209855 CVE-2023-26768 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 102.10.0 ESR (bsc#1210212) - CVE-2023-29531: Out-of-bound memory access in WebGL on macOS - CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass - CVE-2023-29533: Fullscreen notification obscured - MFSA-TMP-2023-0001: Double-free in libwebp - CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction - CVE-2023-29536: Invalid free from JavaScript code - CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download - CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux - CVE-2023-29542: Bypass of file download extension restrictions - CVE-2023-29545: Windows Save As dialog resolved environment variables - CVE-2023-1945: Memory Corruption in Safe Browsing Code - CVE-2023-29548: Incorrect optimization result on ARM64 - CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 Important SUSE bug 1210212 CVE-2023-1945 CVE-2023-29531 CVE-2023-29532 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29542 CVE-2023-29545 CVE-2023-29548 CVE-2023-29550 cpe:/o:opensuse:leap:15.4 Security update for golang-github-prometheus-prometheus (Important) openSUSE Leap 15.4 This update for golang-github-prometheus-prometheus fixes the following issues: - CVE-2022-46146: Fixed authentication bypass via cache poisoning in Prometheus Exporter Toolkit (bsc#1208049). Important SUSE bug 1208049 CVE-2022-46146 cpe:/o:opensuse:leap:15.4 Security update for wayland (Important) openSUSE Leap 15.4 This update for wayland fixes the following issues: - CVE-2021-3782: Fixed a reference-count overflow in libwayland-server SHM handling. (bsc#1190486) Important SUSE bug 1190486 CVE-2021-3782 cpe:/o:opensuse:leap:15.4 Security update for gradle (Important) openSUSE Leap 15.4 This update for gradle fixes the following issues: - CVE-2021-29428: Fixed a local privilege escalation through system temporary directory. (bsc#1184807) Important SUSE bug 1184807 CVE-2021-29428 cpe:/o:opensuse:leap:15.4 Security update for podman (Important) openSUSE Leap 15.4 This update for podman fixes the following issues: podman was updated to version 4.3.1: 4.3.1: * Bugfixes - Fixed a deadlock between the `podman ps` and `podman container inspect` commands * Misc - Updated the containers/image library to v5.23.1 4.3.0: * Features - A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers. - A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted - A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command). - The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend. - Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers). - Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers). - The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` - The `podman kube play` command now supports the `emptyDir` volume type - The `podman kube play` command now supports the `HostUsers` field in the pod spec. - The `podman play kube` command now supports `binaryData` in ConfigMaps. - The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options. - The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user - The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out. - Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images. - The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge 'PATH=$PATH:/my/app' ...`) - The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container). - The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) - The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file - The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options. - The `podman restart` command now supports the `--cidfile` and `--filter` options. - The `podman rm` command now supports the `--filter` option to select which containers will be removed. - The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images. - The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility. - The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility. - The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility - The `podman manifest create` command now accepts a new option, `--amend`/`-a`. - The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility. - The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`. - The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets. - The `podman secret ls` command now accepts the `--quiet`/`-q` option. - The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format. - The `podman stats` command now accepts the `--no-trunc` option. - The `podman save` command now accepts the `--signature-policy` option - The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods - A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility. - The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ### Changes - Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match - The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function. - A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success. - When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored. - The installer for the Windows Podman client has been improved. - The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) - Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container - Events for containers that are part of a pod now include the ID of the pod in the event. - SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication. - The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this. - The `podman inspect` command on containers now includes the digest of the image used to create the container. - Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled. Update to version 4.2.0: * Features - Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines. - A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod - A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins - A new command has been added, podman machine info, which displays information about the host and the versions of various machine components. - Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd. - The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context. - The podman play kube command now supports volumes with the BlockDevice and CharDevice types - The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto - The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation. - Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube - The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work. - The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) - The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609). - The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod. - The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release! - The podman create and podman run commands now include the -c short option for the --cpu-shares option. - The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773). - The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing. - The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context. - The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231). - The podman machine init command on Windows now fetches an image with packages pre-installed (#14698). - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697). - The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230). - Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427). - The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up). - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458). - The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583). - When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v. - The remote Podman client's podman push command now supports the --remove-signatures option (#14558). - The remote Podman client now supports the podman image scp command. - The podman image scp command now supports tagging the transferred image with a new name. - The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595). - The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions. - The podman events command now includes the -f short option for the --filter option. - The podman pull command now includes the -a short option for the --all-tags option. - The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP). - The Podman global option --url now has two aliases: -H and --host. - The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API. - Added the ability to create sigstore signatures in podman push and podman manifest push. - Added an option to read image signing passphrase from a file. * Changes - Paused containers can now be killed with the podman kill command. - The podman system prune command now removes unused networks. - The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman. - If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577). - The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148). - All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless. - The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers. - Init containers created with podman play kube now default to the once type (#14877). - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048). - The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion. - The libpod/common package has been removed as it's not used anywhere. - The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233). * Misc - Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server. - The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time. - Podman Machine support for QEMU installations at non-default paths has been improved. - The podman machine ssh command no longer prints spurious warnings every time it is run. - When accessing the WSL prompt on Windows, the rootless user will be preferred. - The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty. - The podman system prune command now no longer prints the Deleted Images header if no images were pruned. - The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573). - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338) - Updated the containers/image library to v5.22.0 - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751) - Updated the containers/common library to v0.49.1 - Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884). - Fixed an incorrect release note about regexp. - A new MacOS installer (via pkginstaller) is now supported. Update to version 4.1.1: * The output of the podman load command now mirrors that of docker load. * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0. * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so. * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable. * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers. * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries. * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources. * The podman play kube command will now set default resource limits when the provided YAML does not include them. * The podman play kube command now supports a new option, --annotation, to add annotations to created containers. * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile. * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer. * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them. * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images. * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network. * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information. * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers. * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter. * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format. * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security. * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for. * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create. * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961). * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file. * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}. * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined. * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization. * Fix CVE-2022-27191 / bsc#1197284 - Require catatonit >= 0.1.7 for pause functionality needed by pods Update to version 4.0.3: * Security - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set. * Changes - The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448). - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510). - Updated the containers/common library to v0.47.5 - This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. Update to version 3.1.0: (bsc#1181961, CVE-2021-20206) - A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. Important SUSE bug 1181640 SUSE bug 1181961 SUSE bug 1193166 SUSE bug 1193273 SUSE bug 1197672 SUSE bug 1199790 SUSE bug 1202809 CVE-2021-20199 CVE-2021-20206 CVE-2021-4024 CVE-2021-41190 CVE-2022-27649 CVE-2022-2989 cpe:/o:opensuse:leap:15.4 Security update for nodejs10 (Important) openSUSE Leap 15.4 This update for nodejs10 fixes the following issues: - CVE-2022-25881: Fixed regular expression denial of service vulnerability (bsc#1208744). Important SUSE bug 1208744 CVE-2022-25881 cpe:/o:opensuse:leap:15.4 Security update for nodejs14 (Important) openSUSE Leap 15.4 This update for nodejs14 fixes the following issues: - CVE-2022-25881: Fixed regular expression denial of service vulnerability (bsc#1208744). Important SUSE bug 1208744 CVE-2022-25881 cpe:/o:opensuse:leap:15.4 Security update for nodejs12 (Important) openSUSE Leap 15.4 This update for nodejs12 fixes the following issues: - CVE-2022-25881: Fixed regular expression denial of service vulnerability (bsc#1208744). Important SUSE bug 1208744 CVE-2022-25881 cpe:/o:opensuse:leap:15.4 Security update for pgadmin4 (Important) openSUSE Leap 15.4 This update for pgadmin4 fixes the following issues: - CVE-2023-0241: Fixed a directory traversal vulnerability (bsc#1207464). Important SUSE bug 1207464 CVE-2023-0241 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - kABI workaround for xhci (git-fixes). - mm: mmap: remove newline at the end of the trace (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - usb: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - usb: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - usb: ucsi: Fix ucsi->connector race (git-fixes). - usb: xhci: tegra: fix sleep in atomic call (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). Important SUSE bug 1209687 SUSE bug 1210203 CVE-2023-1611 CVE-2023-1838 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - fotg210-udc: Add missing completion handler (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - kABI workaround for xhci (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: fix disabling of swap (git-fixes). - NFS4trace: fix state manager flag printing (git-fixes). - NFSD: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - NFSD: fix race to check ls_layouts (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFSD: shut down the NFSv4 state objects before the filecache (git-fixes). - NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSD: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - NFSv4: provide mount option to toggle trunking discovery (git-fixes). - NFSv4: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4: Fail client initialisation if state manager thread can't run (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - regulator: Handle deferred clk (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - struct dwc3: mask new member (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - SUNRPC: Fix a server shutdown leak (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Check field value in hist_field_name() (git-fixes). - tracing: Do not let histogram values have some modifiers (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tracing: Make splice_read available again (git-fixes). - tracing: Make tracepoint lockdep check actually test something (git-fixes). - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fix memory leak with using debugfs_lookup() (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: ucsi: Fix ucsi->connector race (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: xhci: tegra: fix sleep in atomic call (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - x86: Annotate call_on_stack() (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). Important SUSE bug 1065729 SUSE bug 1109158 SUSE bug 1189998 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1203200 SUSE bug 1206552 SUSE bug 1207168 SUSE bug 1207185 SUSE bug 1207574 SUSE bug 1208602 SUSE bug 1208815 SUSE bug 1208829 SUSE bug 1208902 SUSE bug 1209052 SUSE bug 1209118 SUSE bug 1209256 SUSE bug 1209290 SUSE bug 1209292 SUSE bug 1209366 SUSE bug 1209532 SUSE bug 1209547 SUSE bug 1209556 SUSE bug 1209572 SUSE bug 1209600 SUSE bug 1209634 SUSE bug 1209635 SUSE bug 1209636 SUSE bug 1209681 SUSE bug 1209684 SUSE bug 1209687 SUSE bug 1209779 SUSE bug 1209788 SUSE bug 1209798 SUSE bug 1209799 SUSE bug 1209804 SUSE bug 1209805 SUSE bug 1210050 SUSE bug 1210203 CVE-2017-5753 CVE-2022-4744 CVE-2023-0394 CVE-2023-1281 CVE-2023-1513 CVE-2023-1582 CVE-2023-1611 CVE-2023-1637 CVE-2023-1652 CVE-2023-1838 CVE-2023-23001 CVE-2023-28327 CVE-2023-28464 CVE-2023-28466 cpe:/o:opensuse:leap:15.4 Security update for openssl-3 (Moderate) openSUSE Leap 15.4 This update for openssl-3 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). - Update further expiring certificates that affect tests (bsc#1210060) Moderate SUSE bug 1209873 SUSE bug 1209878 SUSE bug 1210060 CVE-2023-0465 CVE-2023-0466 cpe:/o:opensuse:leap:15.4 Security update for rmt-server (Important) openSUSE Leap 15.4 This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support (bsc#1205089) - Update the `last_seen_at` column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode (bsc#1204769) - CVE-2022-31254: Fixed a local privilege escalation related to the packaging of rmt-server (bsc#1204285). Important SUSE bug 1204285 SUSE bug 1204769 SUSE bug 1205089 CVE-2022-31254 cpe:/o:opensuse:leap:15.4 Security update for helm (Moderate) openSUSE Leap 15.4 This update for helm fixes the following issues: Update to version 3.11.2: * chore(deps): bump github.com/rubenv/sql-migrate from 1.2.0 to 1.3.1 * the linter varcheck and deadcode are deprecated (since v1.49.0) * fix template --output-dir issue * build against a supported go version: go1.19 (bsc#1209670) Moderate SUSE bug 1209670 cpe:/o:opensuse:leap:15.4 Security update for grafana (Important) openSUSE Leap 15.4 This version update from 8.5.20 to 8.5.22 for grafana fixes the following issues: - Security issues fixed: * CVE-2023-1410: Fix XSS in Graphite functions tooltip (bsc#1209645) * CVE-2023-0507: Apply attribute sanitation to GeomapPanel (bsc#1208821) * CVE-2023-0594: Avoid storing XSS in TraceView panel (bsc#1208819) - The following non-security bug was fixed: * Login: Fix panic when UpsertUser is called without ReqContext Important SUSE bug 1208819 SUSE bug 1208821 SUSE bug 1209645 CVE-2023-0507 CVE-2023-0594 CVE-2023-1410 cpe:/o:opensuse:leap:15.4 Security update for libgit2 (Moderate) openSUSE Leap 15.4 This update for libgit2 fixes the following issues: - CVE-2023-22742: Fixed SSH keys verification failure (bsc#1207364). Moderate SUSE bug 1207364 CVE-2023-22742 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_1 (Moderate) openSUSE Leap 15.4 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). Moderate SUSE bug 1209873 SUSE bug 1209878 CVE-2023-0465 CVE-2023-0466 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_0_0 (Moderate) openSUSE Leap 15.4 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). Moderate SUSE bug 1209873 SUSE bug 1209878 CVE-2023-0465 CVE-2023-0466 cpe:/o:opensuse:leap:15.4 Security update for nodejs16 (Important) openSUSE Leap 15.4 This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics (bsc#1208744). Other changes: - update undici to 5.20.0 - update c-ares to 1.19.0 - update npm to 8.19.4 Important SUSE bug 1208744 CVE-2022-25881 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Moderate) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2023-1906: Fixed a heap-based buffer overflow in ImportMultiSpectralQuantum. (bsc#1210308) Moderate SUSE bug 1210308 CVE-2023-1906 cpe:/o:opensuse:leap:15.4 Security update for wireshark (Important) openSUSE Leap 15.4 This update for wireshark fixes the following issues: - CVE-2023-1992: Fixed RPCoRDMA dissector crash (bsc#1210405). - CVE-2023-1993: Fixed LISP dissector large loop (bsc#1210404). - CVE-2023-1994: Fixed GQUIC dissector crash (bsc#1210403). Update to 3.6.13: - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.13.html Important SUSE bug 1210403 SUSE bug 1210404 SUSE bug 1210405 CVE-2023-1992 CVE-2023-1993 CVE-2023-1994 cpe:/o:opensuse:leap:15.4 Security update for dmidecode (Moderate) openSUSE Leap 15.4 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). Moderate SUSE bug 1210418 CVE-2023-30630 cpe:/o:opensuse:leap:15.4 Security update for jettison (Moderate) openSUSE Leap 15.4 This update for jettison fixes the following issues: Upgrade to version 1.5.4: - CVE-2023-1436: Fixed infinite recursion triggered when constructing a JSONArray from a Collection (bsc#1209605). Moderate SUSE bug 1209605 CVE-2023-1436 cpe:/o:opensuse:leap:15.4 Security update for indent (Important) openSUSE Leap 15.4 This update for indent fixes the following issues: - Fixed multiple memory safety issues (bsc#1209718). Important SUSE bug 1209718 cpe:/o:opensuse:leap:15.4 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate) openSUSE Leap 15.4 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: - build the containerized-data-importer with a supported golang compiler (bsc#1208916) Moderate SUSE bug 1208916 cpe:/o:opensuse:leap:15.4 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important) openSUSE Leap 15.4 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: - CVE-2023-26484: Limit operator secrets permission. (bsc#1209359) kubevirt is also rebuilt with a supported GO compiler (bsc#1208916) Important SUSE bug 1208916 SUSE bug 1209359 CVE-2023-26484 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779, bsc#1198400). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Fix error path in pci-hyperv to unlock the mutex state_lock - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - KVM: x86: fix sending PV IPI (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: fix disabling of swap (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - NFSd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - NFSd: fix race to check ls_layouts (git-fixes). - NFSd: shut down the NFSv4 state objects before the filecache (git-fixes). - NFSd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSv4.1 provide mount option to toggle trunking discovery (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - NFSv4: fix state manager flag printing (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - SUNRPC: Fix a server shutdown leak (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fix memory leak with using debugfs_lookup() (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: ucsi: Fix ucsi->connector race (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: xhci: tegra: fix sleep in atomic call (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - fotg210-udc: Add missing completion handler (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - kABI workaround for xhci (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - struct dwc3: mask new member (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). Important SUSE bug 1065729 SUSE bug 1109158 SUSE bug 1189998 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1198400 SUSE bug 1203200 SUSE bug 1206552 SUSE bug 1207168 SUSE bug 1207185 SUSE bug 1207574 SUSE bug 1208602 SUSE bug 1208815 SUSE bug 1208829 SUSE bug 1208902 SUSE bug 1209052 SUSE bug 1209118 SUSE bug 1209256 SUSE bug 1209290 SUSE bug 1209292 SUSE bug 1209366 SUSE bug 1209532 SUSE bug 1209547 SUSE bug 1209556 SUSE bug 1209572 SUSE bug 1209600 SUSE bug 1209634 SUSE bug 1209635 SUSE bug 1209636 SUSE bug 1209681 SUSE bug 1209684 SUSE bug 1209687 SUSE bug 1209779 SUSE bug 1209788 SUSE bug 1209798 SUSE bug 1209799 SUSE bug 1209804 SUSE bug 1209805 SUSE bug 1210050 SUSE bug 1210203 CVE-2017-5753 CVE-2022-4744 CVE-2023-0394 CVE-2023-1281 CVE-2023-1513 CVE-2023-1582 CVE-2023-1611 CVE-2023-1637 CVE-2023-1652 CVE-2023-1838 CVE-2023-23001 CVE-2023-28327 CVE-2023-28464 CVE-2023-28466 cpe:/o:opensuse:leap:15.4 Security update for avahi (Moderate) openSUSE Leap 15.4 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). Moderate SUSE bug 1210328 CVE-2023-1981 cpe:/o:opensuse:leap:15.4 Security update for avahi (Moderate) openSUSE Leap 15.4 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). Moderate SUSE bug 1210328 CVE-2023-1981 cpe:/o:opensuse:leap:15.4 Security update for fwupd (Moderate) openSUSE Leap 15.4 This update of fwupd fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:opensuse:leap:15.4 Security update for sbd (Moderate) openSUSE Leap 15.4 This update for sbd fixes the following issues: Update to version 1.5.1+20221128.8ec8e01: - sbd-inquisitor: fail startup if pacemaker integration is disabled while SBD_SYNC_RESOURCE_STARTUP is conflicting (bsc#1204319) - sbd-inquisitor: do not warn about startup syncing if pacemaker integration is even intentionally disabled (bsc#1204319) - sbd-inquisitor: log a warning if SBD_PACEMAKER is overridden by -P or -PP option (bsc#1204319) - sbd-inquisitor: ensure a log info only tells the fact about how SBD_PACEMAKER is set (bsc#1204319) - Added hardened to systemd service(s) (bsc#1181400). Moderate SUSE bug 1180966 SUSE bug 1181400 SUSE bug 1185182 SUSE bug 1204319 cpe:/o:opensuse:leap:15.4 Security update for runc (Important) openSUSE Leap 15.4 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). - CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: - Fix the inability to use `/dev/null` when inside a container. - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels. - nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. Important SUSE bug 1168481 SUSE bug 1208962 SUSE bug 1209884 SUSE bug 1209888 CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 cpe:/o:opensuse:leap:15.4 Security update for systemd (Moderate) openSUSE Leap 15.4 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). Moderate SUSE bug 1204944 SUSE bug 1205000 SUSE bug 1207264 CVE-2022-4415 cpe:/o:opensuse:leap:15.4 Security update for python39-setuptools (Moderate) openSUSE Leap 15.4 This update for python39-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). Moderate SUSE bug 1206667 CVE-2022-40897 cpe:/o:opensuse:leap:15.4 Security update for git (Moderate) openSUSE Leap 15.4 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). Moderate SUSE bug 1210686 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 cpe:/o:opensuse:leap:15.4 Security update for openssl-ibmca (Moderate) openSUSE Leap 15.4 This update for openssl-ibmca fixes the following issues: Upgraded openssl-ibmca to version 2.4.0 (bsc#1210058) - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 - Provider: Support RSA blinding - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding - Provider: Support 'implicit rejection' option for RSA PKCS#1 v1.5 padding - Provider: Adjustments in OpenSSL config generator and example configs - Engine: EC: Cache ICA key in EC_KEY object (performance improvement) - FIPS 140-3: Correct engine handling so only the ciphers selected in the config file are activated (bsc#1210359) Moderate SUSE bug 1210058 SUSE bug 1210359 cpe:/o:opensuse:leap:15.4 Security update for libxml2 (Important) openSUSE Leap 15.4 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . Important SUSE bug 1065270 SUSE bug 1199132 SUSE bug 1204585 SUSE bug 1210411 SUSE bug 1210412 CVE-2021-3541 CVE-2022-29824 CVE-2023-28484 CVE-2023-29469 cpe:/o:opensuse:leap:15.4 Security update for nginx (Important) openSUSE Leap 15.4 This update for nginx fixes the following issues: - CVE-2022-41741: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204526) - CVE-2022-41742: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204527) Important SUSE bug 1204526 SUSE bug 1204527 CVE-2022-41741 CVE-2022-41742 cpe:/o:opensuse:leap:15.4 Security update for fwupd (Moderate) openSUSE Leap 15.4 This update of fwupd fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:opensuse:leap:15.4 Security update for libtpms (Important) openSUSE Leap 15.4 This update for libtpms fixes the following issues: - CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption (bsc#1206022). - CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption (bsc#1206023). Important SUSE bug 1206022 SUSE bug 1206023 CVE-2023-1017 CVE-2023-1018 cpe:/o:opensuse:leap:15.4 Security update for libxml2 (Moderate) openSUSE Leap 15.4 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). Moderate SUSE bug 1209918 SUSE bug 1210411 SUSE bug 1210412 CVE-2023-28484 CVE-2023-29469 cpe:/o:opensuse:leap:15.4 Security update for rubygem-actionview-5_1 (Important) openSUSE Leap 15.4 This update for rubygem-actionview-5_1 fixes the following issues: - CVE-2022-27777: Fixed possible cross-site scripting vulnerability in Action View tag helpers (bsc#1199060). - CVE-2020-15169: Fixed cross-site scripting in translation helpers (bsc#1176421). - CVE-2020-8167: Fixed CSRF vulnerability in rails-ujs (bsc#1172184). Important SUSE bug 1172184 SUSE bug 1176421 SUSE bug 1199060 CVE-2020-15169 CVE-2020-8167 CVE-2022-27777 cpe:/o:opensuse:leap:15.4 Security update for ffmpeg (Moderate) openSUSE Leap 15.4 This update for ffmpeg fixes the following issues: - CVE-2022-3341: Fixed a potential crash when processing a crafted NUT stream (bsc#1206778). - CVE-2019-13390: Fixed a potential crash when processing a crafted AVI stream (bsc#1140754). Moderate SUSE bug 1140754 SUSE bug 1206778 CVE-2019-13390 CVE-2022-3341 cpe:/o:opensuse:leap:15.4 Security update for glib2 (Moderate) openSUSE Leap 15.4 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). Moderate SUSE bug 1209713 SUSE bug 1209714 SUSE bug 1210135 CVE-2023-24593 CVE-2023-25180 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 102.10.1 (MFSA 2023-15) (bsc#1210212): Security fixes: * CVE-2023-29531: Out-of-bound memory access in WebGL on macOS (bmo#1794292) * CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass (bmo#1806394) * CVE-2023-29533: Fullscreen notification obscured (bmo#1798219, bmo#1814597) * CVE-2023-1999: Double-free in libwebp (bmo#1819244) * CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction (bmo#1820543) * CVE-2023-29536: Invalid free from JavaScript code (bmo#1821959) * CVE-2023-0547: Revocation status of S/Mime recipient certificates was not checked (bmo#1811298) * CVE-2023-29479: Hang when processing certain OpenPGP messages (bmo#1824978) * CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download (bmo#1784348) * CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux (bmo#1810191) * CVE-2023-29542: Bypass of file download extension restrictions (bmo#1810793, bmo#1815062) * CVE-2023-29545: Windows Save As dialog resolved environment variables (bmo#1823077) * CVE-2023-1945: Memory Corruption in Safe Browsing Code (bmo#1777588) * CVE-2023-29548: Incorrect optimization result on ARM64 (bmo#1822754) * CVE-2023-29550: Memory safety bugs fixed in Thunderbird 102.10 (bmo#1720594, bmo#1751945, bmo#1812498, bmo#1814217, bmo#1818357, bmo#1818762, bmo#1819493, bmo#1820389, bmo#1820602, bmo#1821448, bmo#1822413, bmo#1824828) Other fixes: * fixed: Messages with missing or corrupt 'From:' header did not display message header buttons (bmo#1793918) * fixed: Composer repeatedly prompted for S/MIME smartcard signing/encryption password (bmo#1828366) * fixed: Address Book integration did not work with macOS 11.4 Bug Sur (bmo#1720257) * fixed: Mexico City DST fix in Thunderbird 102.10.0 (bug 1826146) was incomplete (bmo#1827503) * changed: New messages will automatically select S/MIME if configured and OpenPGP is not (bmo#1793278) * fixed: Calendar events with timezone America/Mexico_City incorrectly applied Daylight Savings Time (bmo#1826146) * fixed: Security fixes Important SUSE bug 1210212 CVE-2023-0547 CVE-2023-1945 CVE-2023-1999 CVE-2023-29479 CVE-2023-29531 CVE-2023-29532 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29542 CVE-2023-29545 CVE-2023-29548 CVE-2023-29550 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 (bsc#1210731): - CVE-2022-0108: Fixed information leak. - CVE-2022-32885: Fixed arbitrary code execution. - CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. - CVE-2023-27932: Fixed Same Origin Policy bypass. - CVE-2023-27954: Fixed sensitive user information tracking. - CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295). Already fixed in version 2.38.5: - CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363. Important SUSE bug 1210295 SUSE bug 1210731 CVE-2022-0108 CVE-2022-32885 CVE-2022-32886 CVE-2022-32912 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205 cpe:/o:opensuse:leap:15.4 Security update for shadow (Moderate) openSUSE Leap 15.4 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). Moderate SUSE bug 1210507 CVE-2023-29383 cpe:/o:opensuse:leap:15.4 Security update for glib2 (Moderate) openSUSE Leap 15.4 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). Moderate SUSE bug 1209713 SUSE bug 1209714 SUSE bug 1210135 CVE-2023-24593 CVE-2023-25180 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 (bsc#1210731): - CVE-2022-0108: Fixed information leak. - CVE-2022-32885: Fixed arbitrary code execution. - CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. - CVE-2023-27932: Fixed Same Origin Policy bypass. - CVE-2023-27954: Fixed sensitive user information tracking. - CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295). Already fixed in version 2.38.5: - CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363. Important SUSE bug 1210295 SUSE bug 1210731 CVE-2022-0108 CVE-2022-32885 CVE-2022-32886 CVE-2022-32912 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205 cpe:/o:opensuse:leap:15.4 Security update for shim (Important) openSUSE Leap 15.4 This update for shim fixes the following issues: - CVE-2022-28737 was missing as reference previously. - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. Logic was added that is using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. Important SUSE bug 1210382 CVE-2022-28737 cpe:/o:opensuse:leap:15.4 This update has recommended fixes for ffmpeg-4 (Important) openSUSE Leap 15.4 This updates fixes the following issues for ffmpeg-4: Security fixes: - CVE-2022-48434: Fixed use after free in libavcodec/pthread_frame.c (bsc#1209934). Other fixes: - Add necessary subpackages to the Packagehub. (bsc#1206067) Important SUSE bug 1206067 SUSE bug 1209934 CVE-2022-48434 cpe:/o:opensuse:leap:15.4 Security update for netty, netty-tcnative (Important) openSUSE Leap 15.4 This update for netty, netty-tcnative fixes the following issues: netty: - Security fixes included in this version update from 4.1.75 to 4.1.90: * CVE-2022-24823: Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files for Java 6 and lower in io.netty:netty-codec-http (bsc#1199338) * CVE-2022-41881: HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360) * CVE-2022-41915: HTTP Response splitting from assigning header value iterator (bsc#1206379) - Other non-security bug fixes included in this version update from 4.1.75 to 4.1.90: * Build with Java 11 on ix86 architecture in order to avoid build failures * Fix `HttpHeaders.names` for non-String headers * Fix `FlowControlHandler` behaviour to pass read events when auto-reading is turned off * Fix brotli compression * Fix a bug in FlowControlHandler that broke auto-read * Fix a potential memory leak bug has been in the pooled allocator * Fix a scalability issue caused by instanceof and check-cast checks that lead to false-sharing on the `Klass::secondary_super_cache` field in the JVM * Fix a bug in our `PEMParser` when PEM files have multiple objects, and `BouncyCastle` is on the classpath * Fix several `NullPointerException` bugs * Fix a regression `SslContext` private key loading * Fix a bug in `SslContext` private key reading fall-back path * Fix a buffer leak regression in `HttpClientCodec` * Fix a bug where some `HttpMessage` implementations, that also implement `HttpContent`, were not handled correctly * Fix epoll bug when receiving zero-sized datagrams * Fix a bug in `SslHandler` so `handlerRemoved` works properly even if `handlerAdded` throws an exception * Fix an issue that allowed the multicast methods on `EpollDatagramChannel` to be called outside of an event-loop thread * Fix a bug where an OPT record was added to DNS queries that already had such a record * Fix a bug that caused an error when files uploaded with HTTP POST contained a backslash in their name * Fix an issue in the `BlockHound` integration that could occasionally cause NetUtil to be reported as performing blocking operation. A similar `BlockHound` issue was fixed for the `JdkSslContext` * Fix a bug that prevented preface or settings frames from being flushed, when an HTTP2 connection was established with prior-knowledge * Fix a bug where Netty fails to load a shaded native library * Fix and relax overly strict HTTP/2 header validation check that was rejecting requests from Chrome and Firefox * Fix OpenSSL and BoringSSL implementations to respect the `jdk.tls.client.protocols` and `jdk.tls.server.protocols` system properties, making them react to these in the same way the JDK SSL provider does * Fix inconsitencies in how `epoll`, `kqueue`, and `NIO` handle RDHUP * For a more detailed list of changes please consult the official release notes: + Changes from 4.1.90: https://netty.io/news/2023/03/14/4-1-90-Final.html + Changes from 4.1.89: https://netty.io/news/2023/02/13/4-1-89-Final.html + Changes from 4.1.88: https://netty.io/news/2023/02/12/4-1-88-Final.html + Changes from 4.1.87: https://netty.io/news/2023/01/12/4-1-87-Final.html + Changes from 4.1.86: https://netty.io/news/2022/12/12/4-1-86-Final.html + Changes from 4.1.85: https://netty.io/news/2022/11/09/4-1-85-Final.html + Changes from 4.1.84: https://netty.io/news/2022/10/11/4-1-84-Final.html + Changes from 4.1.82: https://netty.io/news/2022/09/13/4-1-82-Final.html + Changes from 4.1.81: https://netty.io/news/2022/09/08/4-1-81-Final.html + Changes from 4.1.80: https://netty.io/news/2022/08/26/4-1-80-Final.html + Changes from 4.1.79: https://netty.io/news/2022/07/11/4-1-79-Final.html + Changes from 4.1.78: https://netty.io/news/2022/06/14/4-1-78-Final.html + Changes from 4.1.77: https://netty.io/news/2022/05/06/2-1-77-Final.html + Changes from 4.1.76: https://netty.io/news/2022/04/12/4-1-76-Final.html netty-tcnative: - New artifact named `netty-tcnative-classes`, provided by this update is required by netty 4.1.90 which contains important security updates - No formal changelog present. This artifact is closely bound to the netty releases Important SUSE bug 1199338 SUSE bug 1206360 SUSE bug 1206379 CVE-2022-24823 CVE-2022-41881 CVE-2022-41915 cpe:/o:opensuse:leap:15.4 Security update for maven and recommended update for antlr3, minlog, sbt, xmvn (Important) openSUSE Leap 15.4 This update for antlr3, maven, minlog, sbt, xmvn fixes the following issues: maven: - Version update from 3.8.5 to 3.8.6 (jsc#SLE-23217): * Security fixes: + CVE-2021-42550: Update Version of (optional) Logback (bsc#1193795) * Bug fixes: + Fix resolver session containing non-MavenWorkspaceReader + Fix for multiple maven instances working on same source tree that can lock each other + Don't ignore bin/ otherwise bin/ in apache-maven module cannot be added back + Fix IllegalStateException in SessionScope during guice injection in multithreaded build + Revert MNG-7347 (SessionScoped beans should be singletons for a given session) + Fix compilation failure with relocated transitive dependency + Fix deadlock during forked lifecycle executions + Fix issue with resolving dependencies between submodules * New features and improvements: + Create a multiline message helper for boxed log messages + Display a warning when an aggregator mojo is locking other mojo executions + Align Assembly Descriptor NS versions * Dependency upgrades: + Upgrade SLF4J to 1.7.36 + Upgrade JUnit to 4.13.2 + Upgrade Plexus Utils to 3.3.1 - Move mvn.1 from bin to man directory antlr3: - Bug fixes in this version update from 3.5.2 to 3.5.3 (jsc#SLE-23217): * Change source compatibility to 1.8 and enable github workflows * Change Wiki URLs to theantlrguy.atlassian.net in README.txt * Add Bazel support - Remove enforcer plugin as it is not needed in a controlled environment minlog: - Bug fixes in this version update from 1.3.0 to 1.3.1 (jsc#SLE-23217): * Use currentTimeMillis * Use 3-Clause BSD * Use Java 7 JDK. sbt: - Fix build issues with maven 3.8.6 (jsc#SLE-23217) xmvn: - Remove RPM package build dependency on easymock (jsc#SLE-23217) Important SUSE bug 1193795 CVE-2021-42550 cpe:/o:opensuse:leap:15.4 Security update for vim (Moderate) openSUSE Leap 15.4 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Moderate SUSE bug 1208828 SUSE bug 1209042 SUSE bug 1209187 CVE-2023-1127 CVE-2023-1264 CVE-2023-1355 cpe:/o:opensuse:leap:15.4 Security update for go1.20 (Important) openSUSE Leap 15.4 This update for go1.20 fixes the following issues: Update to 1.20.4 (bnc#1206346): - CVE-2023-24539: Fixed an improper sanitization of CSS values (boo#1211029). - CVE-2023-24540: Fixed an improper handling of JavaScript whitespace (boo#1211030). - CVE-2023-29400: Fixed an improper handling of empty HTML attributes (boo#1211031). - runtime: automatically bump RLIMIT_NOFILE on Unix. - crypto/subtle: xor fails when run with race+purego. - cmd/compile: encoding/binary.PutUint16 sometimes doesn't write. - cmd/compile: internal compiler error: cannot call SetType(go.shape.int) on v (type int). - cmd/compile: miscompilation in star-tex.org/x/cmd/star-tex. - net/http: FileServer no longer serves content for POST. - crypto/tls: TLSv1.3 connection fails with invalid PSK binder. - cmd/compile: incorrect inline function variable. - cmd/compile: Unified IR exports table is binary unstable in presence of generics. - go/internal/gcimporter: lookupGorootExport should use the go command from build.Default.GOROOT. Non-security fixes: - Reverted go1.x Suggests go1.x-race (boo#1210963). - Re-enabled binary stripping and debuginfo (boo#1210938). Important SUSE bug 1206346 SUSE bug 1210127 SUSE bug 1210128 SUSE bug 1210129 SUSE bug 1210130 SUSE bug 1210938 SUSE bug 1210963 SUSE bug 1211029 SUSE bug 1211030 SUSE bug 1211031 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 cpe:/o:opensuse:leap:15.4 Security update for ffmpeg (Important) openSUSE Leap 15.4 This update for ffmpeg fixes the following issues: - CVE-2022-48434: Fixed use after free in libavcodec/pthread_frame.c (bsc#1209934). Important SUSE bug 1209934 CVE-2022-48434 cpe:/o:opensuse:leap:15.4 Security update for vim (Moderate) openSUSE Leap 15.4 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). Moderate SUSE bug 1206866 SUSE bug 1206867 SUSE bug 1206868 SUSE bug 1207162 SUSE bug 1207396 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 cpe:/o:opensuse:leap:15.4 Security update for java-17-openjdk (Important) openSUSE Leap 15.4 This update for java-17-openjdk fixes the following issues: Update to upstrem tag jdk-17.0.7+7 (April 2023 CPU) Security fixes: - CVE-2023-21930: Fixed AES support (bsc#1210628). - CVE-2023-21937: Fixed String platform support (bsc#1210631). - CVE-2023-21938: Fixed runtime support (bsc#1210632). - CVE-2023-21939: Fixed Swing platform support (bsc#1210634). - CVE-2023-21954: Fixed object reclamation process (bsc#1210635). - CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636). - CVE-2023-21968: Fixed path handling (bsc#1210637). Other fixes: - Fixed socket setTrafficClass not working for IPv4 connections when IPv6 is enabled (bsc#1209333). Important SUSE bug 1209333 SUSE bug 1210628 SUSE bug 1210631 SUSE bug 1210632 SUSE bug 1210634 SUSE bug 1210635 SUSE bug 1210636 SUSE bug 1210637 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 cpe:/o:opensuse:leap:15.4 Security update for ncurses (Moderate) openSUSE Leap 15.4 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). Moderate SUSE bug 1210434 CVE-2023-29491 cpe:/o:opensuse:leap:15.4 Security update for nginx (Important) openSUSE Leap 15.4 This update for nginx fixes the following issues: - CVE-2022-41741: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204526) - CVE-2022-41742: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204527) Important SUSE bug 1204526 SUSE bug 1204527 CVE-2022-41741 CVE-2022-41742 cpe:/o:opensuse:leap:15.4 Security update for redis (Important) openSUSE Leap 15.4 This update for redis fixes the following issues: - CVE-2022-36021: Fixed possible integer overflow via specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands (bsc#1208790). - CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field (bsc#1210548). - CVE-2023-25155: Fixed integer overflow in RAND commands that can lead to assertion (bsc#1208793). Important SUSE bug 1208790 SUSE bug 1208793 SUSE bug 1210548 CVE-2022-36021 CVE-2023-25155 CVE-2023-28856 cpe:/o:opensuse:leap:15.4 Security update for go1.19 (Important) openSUSE Leap 15.4 This update for go1.19 fixes the following issues: Update to 1.19.9 (bnc#1200441): - CVE-2023-24539: fixed an improper sanitization of CSS values (bnc#1211029). - CVE-2023-24540: fixed an improper handling of JavaScript whitespace (bnc#1211030). - CVE-2023-29400: fixed an improper handling of empty HTML attributes (bnc#1211031). - runtime: automatically bump RLIMIT_NOFILE on Unix - cmd/compile: inlining function that references function literals generates bad code. - cmd/compile: encoding/binary.PutUint16 sometimes doesn't write. - crypto/tls: TLSv1.3 connection fails with invalid PSK binder. - cmd/compile: incorrect inline function variable. Non-security fixes: - Various packaging fixes (boo#1210963, boo#1210938, boo#1211073) - Reduced install size (jsc#PED-1962). Important SUSE bug 1200441 SUSE bug 1210127 SUSE bug 1210128 SUSE bug 1210129 SUSE bug 1210130 SUSE bug 1210938 SUSE bug 1210963 SUSE bug 1211029 SUSE bug 1211030 SUSE bug 1211031 SUSE bug 1211073 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 cpe:/o:opensuse:leap:15.4 Security update for python-ujson (Moderate) openSUSE Leap 15.4 This update for python-ujson fixes the following issues: - CVE-2021-45958: Fixed a stack-based buffer overflow in Buffer_AppendIndentUnchecked (bsc#1194261). Moderate SUSE bug 1194261 CVE-2021-45958 cpe:/o:opensuse:leap:15.4 Security update for libfastjson (Important) openSUSE Leap 15.4 This update for libfastjson fixes the following issues: - CVE-2020-12762: Fixed an integer overflow and out-of-bounds write via a large JSON file (bsc#1171479). Important SUSE bug 1171479 CVE-2020-12762 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: - ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). - ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - ARM: dts: gta04: fix excess dma channel usage (git-fixes). - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - ASN.1: Fix check for strdup() success (git-fixes). - ASoC: cs35l41: Only disable internal boost (git-fixes). - ASoC: es8316: Handle optional IRQ assignment (git-fixes). - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). - Bluetooth: Fix race condition in hidp_session_thread (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - IB/mlx5: Add support for 400G_8X lane speed (git-fixes) - Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - KEYS: Add missing function documentation (git-fixes). - KEYS: Create static version of public_key_verify_signature (git-fixes). - NFS: Cleanup unused rpc_clnt variable (git-fixes). - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes). - PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). - PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - PCI: imx6: Install the fault handler only on compatible match (git-fixes). - PCI: loongson: Add more devices that need MRRS quirk (git-fixes). - PCI: loongson: Prevent LS7A MRRS increases (git-fixes). - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) - RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) - RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) - Remove obsolete KMP obsoletes (bsc#1210469). - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes). - Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes). - USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - USB: serial: option: add Quectel RM500U-CN modem (git-fixes). - USB: serial: option: add Telit FE990 compositions (git-fixes). - USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods - cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cifs: fix negotiate context parsing (bsc#1210301). - clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add send_retries increment (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kabi/severities: ignore KABI for NVMe target (bsc#1174777). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - locking/rwbase: Mitigate indefinite writer starvation. - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: max9286: Free control handler (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: fix perf_event_context->time (git fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc: declare unmodified attribute_group usages const (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - sched/fair: Fix imbalance overflow (bsc#1155798). - sched/fair: Limit sched slice duration (bsc#1189999). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999). - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039). - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Support splicing to file (bsc#1210770). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). kernel-default-base changed: - Do not ship on s390x (bsc#1210729) - Add exfat (bsc#1208822) - Add _diag modules for included socket types (bsc#1204042) Important SUSE bug 1142685 SUSE bug 1155798 SUSE bug 1174777 SUSE bug 1189999 SUSE bug 1194869 SUSE bug 1203039 SUSE bug 1203325 SUSE bug 1204042 SUSE bug 1206649 SUSE bug 1206891 SUSE bug 1206992 SUSE bug 1207088 SUSE bug 1208076 SUSE bug 1208822 SUSE bug 1208845 SUSE bug 1209615 SUSE bug 1209693 SUSE bug 1209739 SUSE bug 1209871 SUSE bug 1209927 SUSE bug 1209999 SUSE bug 1210034 SUSE bug 1210158 SUSE bug 1210202 SUSE bug 1210206 SUSE bug 1210301 SUSE bug 1210329 SUSE bug 1210336 SUSE bug 1210337 SUSE bug 1210439 SUSE bug 1210453 SUSE bug 1210454 SUSE bug 1210469 SUSE bug 1210499 SUSE bug 1210506 SUSE bug 1210629 SUSE bug 1210630 SUSE bug 1210725 SUSE bug 1210729 SUSE bug 1210762 SUSE bug 1210763 SUSE bug 1210764 SUSE bug 1210765 SUSE bug 1210766 SUSE bug 1210767 SUSE bug 1210768 SUSE bug 1210769 SUSE bug 1210770 SUSE bug 1210771 SUSE bug 1210793 SUSE bug 1210816 SUSE bug 1210817 SUSE bug 1210827 SUSE bug 1210943 SUSE bug 1210953 SUSE bug 1210986 SUSE bug 1211025 CVE-2022-2196 CVE-2023-0386 CVE-2023-1670 CVE-2023-1855 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2008 CVE-2023-2019 CVE-2023-2176 CVE-2023-2235 CVE-2023-23006 CVE-2023-30772 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: - ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). - ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - ARM: dts: gta04: fix excess dma channel usage (git-fixes). - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - ASN.1: Fix check for strdup() success (git-fixes). - ASoC: cs35l41: Only disable internal boost (git-fixes). - ASoC: es8316: Handle optional IRQ assignment (git-fixes). - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). - Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly - Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods - Bluetooth: Fix race condition in hidp_session_thread (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - IB/mlx5: Add support for 400G_8X lane speed (git-fixes) - Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - KEYS: Add missing function documentation (git-fixes). - KEYS: Create static version of public_key_verify_signature (git-fixes). - NFS: Cleanup unused rpc_clnt variable (git-fixes). - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes). - PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). - PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - PCI: imx6: Install the fault handler only on compatible match (git-fixes). - PCI: loongson: Add more devices that need MRRS quirk (git-fixes). - PCI: loongson: Prevent LS7A MRRS increases (git-fixes). - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) - RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) - RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) - Remove obsolete KMP obsoletes (bsc#1210469). - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes). - Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes). - USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - USB: serial: option: add Quectel RM500U-CN modem (git-fixes). - USB: serial: option: add Telit FE990 compositions (git-fixes). - USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cifs: fix negotiate context parsing (bsc#1210301). - clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add send_retries increment (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kabi/severities: ignore KABI for NVMe target (bsc#1174777). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - locking/rwbase: Mitigate indefinite writer starvation. - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: max9286: Free control handler (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: fix perf_event_context->time (git fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc: declare unmodified attribute_group usages const (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999). - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Support splicing to file (bsc#1210770). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). Important SUSE bug 1142685 SUSE bug 1155798 SUSE bug 1174777 SUSE bug 1189999 SUSE bug 1194869 SUSE bug 1203039 SUSE bug 1203325 SUSE bug 1206649 SUSE bug 1206891 SUSE bug 1206992 SUSE bug 1207088 SUSE bug 1208076 SUSE bug 1208845 SUSE bug 1209615 SUSE bug 1209693 SUSE bug 1209739 SUSE bug 1209871 SUSE bug 1209927 SUSE bug 1209999 SUSE bug 1210034 SUSE bug 1210158 SUSE bug 1210202 SUSE bug 1210206 SUSE bug 1210301 SUSE bug 1210329 SUSE bug 1210336 SUSE bug 1210337 SUSE bug 1210439 SUSE bug 1210469 SUSE bug 1210629 SUSE bug 1210725 SUSE bug 1210762 SUSE bug 1210763 SUSE bug 1210764 SUSE bug 1210765 SUSE bug 1210766 SUSE bug 1210767 SUSE bug 1210768 SUSE bug 1210769 SUSE bug 1210770 SUSE bug 1210771 SUSE bug 1210793 SUSE bug 1210816 SUSE bug 1210817 SUSE bug 1210827 SUSE bug 1210943 SUSE bug 1210953 SUSE bug 1211025 CVE-2022-2196 CVE-2023-0386 CVE-2023-1670 CVE-2023-1855 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2008 CVE-2023-2019 CVE-2023-2176 CVE-2023-2235 CVE-2023-23006 CVE-2023-30772 cpe:/o:opensuse:leap:15.4 Security update for ntp (Moderate) openSUSE Leap 15.4 This update for ntp fixes the following issues: Fixed multiple out of bound writes: CVE-2023-26551 (bsc#1210386), CVE-2023-26552 (bsc#1210388), CVE-2023-26553 (bsc#1210387), CVE-2023-26554 (bsc#1210389). Moderate SUSE bug 1210386 SUSE bug 1210387 SUSE bug 1210388 SUSE bug 1210389 CVE-2023-26551 CVE-2023-26552 CVE-2023-26553 CVE-2023-26554 cpe:/o:opensuse:leap:15.4 Security update for protobuf-c (Important) openSUSE Leap 15.4 This update for protobuf-c fixes the following issues: - CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) Important SUSE bug 1210323 CVE-2022-48468 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - cifs: fix negotiate context parsing (bsc#1210301). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). Important SUSE bug 1202353 SUSE bug 1205128 SUSE bug 1206992 SUSE bug 1207088 SUSE bug 1209687 SUSE bug 1209739 SUSE bug 1209777 SUSE bug 1209871 SUSE bug 1210202 SUSE bug 1210203 SUSE bug 1210301 SUSE bug 1210329 SUSE bug 1210336 SUSE bug 1210337 SUSE bug 1210414 SUSE bug 1210453 SUSE bug 1210469 SUSE bug 1210498 SUSE bug 1210506 SUSE bug 1210629 SUSE bug 1210647 CVE-2020-36691 CVE-2022-2196 CVE-2022-43945 CVE-2023-1611 CVE-2023-1670 CVE-2023-1838 CVE-2023-1855 CVE-2023-1872 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2008 CVE-2023-2124 CVE-2023-2162 CVE-2023-2176 CVE-2023-30772 cpe:/o:opensuse:leap:15.4 Security update for apache2-mod_auth_openidc (Moderate) openSUSE Leap 15.4 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2022-23527: Fixed open redirect in oidc_validate_redirect_url() using tab character (bsc#1206441). - CVE-2021-39191: Fixed open redirect issue in target_link_uri parameter (bsc#1190223). Moderate SUSE bug 1190223 SUSE bug 1199868 SUSE bug 1206441 CVE-2021-39191 CVE-2022-23527 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). The following non-security bugs were fixed: - cifs: fix negotiate context parsing (bsc#1210301). - cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887). Important SUSE bug 1202353 SUSE bug 1205128 SUSE bug 1209613 SUSE bug 1209687 SUSE bug 1209777 SUSE bug 1209871 SUSE bug 1209887 SUSE bug 1210202 SUSE bug 1210301 SUSE bug 1210329 SUSE bug 1210336 SUSE bug 1210337 SUSE bug 1210469 SUSE bug 1210498 SUSE bug 1210506 SUSE bug 1210647 CVE-2020-36691 CVE-2022-43945 CVE-2023-1611 CVE-2023-1670 CVE-2023-1855 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2124 CVE-2023-2162 CVE-2023-30772 cpe:/o:opensuse:leap:15.4 Security update for distribution (Important) openSUSE Leap 15.4 This update for distribution fixes the following issues: - CVE-2023-2253: Fixed possible DoS via a crafted malicious /v2/_catalog API endpoint request (bsc#1207705). Important SUSE bug 1207705 CVE-2023-2253 cpe:/o:opensuse:leap:15.4 Security update for conmon (Important) openSUSE Leap 15.4 This update of conmon fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:opensuse:leap:15.4 Security update for ghostscript (Moderate) openSUSE Leap 15.4 This update for ghostscript fixes the following issues: - CVE-2021-45944: Fixed use-after-free in sampled_data_sample (bsc#1194303) - CVE-2021-45949: Fixed heap-based buffer overflow in sampled_data_finish (bsc#1194304) Moderate SUSE bug 1194303 SUSE bug 1194304 CVE-2021-45944 CVE-2021-45949 cpe:/o:opensuse:leap:15.4 Security update for golang-github-prometheus-prometheus (Important) openSUSE Leap 15.4 This update of golang-github-prometheus-prometheus fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Extended Support Release 102.11.0 ESR (bsc#1211175): - CVE-2023-32205: Browser prompts could have been obscured by popups - CVE-2023-32206: Crash in RLBox Expat driver - CVE-2023-32207: Potential permissions request bypass via clickjacking - CVE-2023-32211: Content process crash due to invalid wasm code - CVE-2023-32212: Potential spoof due to obscured address bar - CVE-2023-32213: Potential memory corruption in FileReader::DoReadData() - CVE-2023-32214: Potential DoS via exposed protocol handlers - CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 Important SUSE bug 1211175 CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32214 CVE-2023-32215 cpe:/o:opensuse:leap:15.4 Security update for buildah (Important) openSUSE Leap 15.4 This update of buildah fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:opensuse:leap:15.4 Security update for helm (Important) openSUSE Leap 15.4 This update of helm fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:opensuse:leap:15.4 Security update for skopeo (Important) openSUSE Leap 15.4 This update of skopeo fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:opensuse:leap:15.4 Security update for SUSE Manager Client Tools (Important) openSUSE Leap 15.4 This update fixes the following issues: prometheus-blackbox_exporter: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208062) - Other non-security bugs fixed and changes: * Add `min_version` parameter of `tls_config` to allow enabling TLS 1.0 and 1.1 (bsc#1209113) * On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599) prometheus-postgres_exporter: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060) - Other non-security bugs fixed and changes: * Adapt the systemd service security configuration to be able to start it on for Red Hat Linux Enterprise systems and clones * Create the prometheus user for Red Hat Linux Enterprise systems and clones * Fix broken log-level for values other than debug (bsc#1208965) golang-github-prometheus-prometheus: - Security issues fixed in this version update to 2.37.6: * CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576) * CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023) - Other non-security bugs fixed and changes in this version update to 2.37.6: * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak. * [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup. * [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired. * [BUGFIX] Properly close file descriptor when logging unfinished queries. * [BUGFIX] TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar records. * [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued. * [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file. * [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures. * [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads. * [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled. * [BUGFIX] TSDB: Fix panic if series is not found when deleting series. * [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors. * [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default configuration values. * [BUGFIX] Fix serving of static assets like fonts and favicon. * [BUGFIX] promtool: Add --lint-fatal option. * [BUGFIX] Changing TotalQueryableSamples from int to int64. * [BUGFIX] tsdb/agent: Ignore duplicate exemplars. * [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate. * [BUGFIX] Stop rule manager before TSDB is stopped. * [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io. * [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly. * [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page. * [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false. * [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments. * [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue. * [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset. * [BUGFIX] UI: Fix bug that sets the range input to the resolution. * [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled. * [BUGFIX] Parser: Specify type in metadata parser errors. * [BUGFIX] Scrape: Fix label limit changes not applying. * [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch. * [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk. * [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set. * [BUGFIX] Azure SD: Fix panic when public IP Address isn't set. * [BUGFIX] Remote-write: Fix deadlock when stopping a shard. * [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s. * [BUGFIX] Promtool: Make exit codes more consistent. * [BUGFIX] Promtool: Fix flakiness of rule testing. * [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write irrecoverably fails. * [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator. * [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks. * [BUGFIX] TSDB: Fix logging of exemplar storage size. * [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes. * [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets. * [BUGFIX] UI: Fix autocompletion when expression is empty. * [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write. * [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts. * [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting in a new exit code (3) for linter errors. * [CHANGE] UI: Classic UI removed. * [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing. * [CHANGE] PromQL: Promote negative offset and @ modifer to stable features. * [CHANGE] Web: Promote remote-write-receiver to stable. * [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery. * [FEATURE] Add lowercase and uppercase relabel action. * [FEATURE] SD: Add IONOS Cloud integration. * [FEATURE] SD: Add Vultr integration. * [FEATURE] SD: Add Linode SD failure count metric. * [FEATURE] Add prometheus_ready metric. * [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit. Enable with the flag `--enable-feature=auto-gomaxprocs`. * [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query. Additionally, per-step statistics are available with --enable-feature=promql-per-step-stats and using stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`. * [FEATURE] Config: Add stripPort template function. * [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended. * [FEATURE] SD: Enable target discovery in own K8s namespace. * [FEATURE] SD: Add provider ID label in K8s SD. * [FEATURE] Web: Add limit field to the rules API. * [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role. * [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels. * [ENHANCEMENT] TSDB: Memory optimizations. * [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL. * [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header. * [ENHANCEMENT] Add stripDomain to template function. * [ENHANCEMENT] UI: Enable active search through dropped targets. * [ENHANCEMENT] promtool: support matchers when querying label * [ENHANCEMENT] Add agent mode identifier. * [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup. * [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures. * [ENHANCEMENT] Azure SD: Add an optional resource_group configuration. * [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1 EndpointSlice (previously only discovery.k8s.io/v1beta1 EndpointSlice was supported). * [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods. * [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens. * [ENHANCEMENT] Configuration: Add the ability to disable HTTP2. * [ENHANCEMENT] Config: Support overriding minimum TLS version. * [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag `--storage.tsdb.head-chunks-write-queue-size`. * [ENHANCEMENT] HTTP SD: Add a failure counter. * [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests. * [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni. * [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape. * [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1. * [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read. * [ENHANCEMENT] UI: Optimize the alerts page and add a search bar. * [ENHANCEMENT] UI: Improve graph colors that were hard to see. * [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels. * [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces. * [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver. * [ENHANCEMENT] Remote-write: Shard up more when backlogged. * [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance. * [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap. * [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write. * [ENHANCEMENT] TSDB: Improve label matching performance. * [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar. * [ENHANCEMENT] UI: Optimize the target page and add a search bar. Important SUSE bug 1203599 SUSE bug 1204023 SUSE bug 1208049 SUSE bug 1208060 SUSE bug 1208062 SUSE bug 1208965 SUSE bug 1209113 CVE-2022-41715 CVE-2022-46146 cpe:/o:opensuse:leap:15.4 Security update for Prometheus Golang clients (Moderate) openSUSE Leap 15.4 This update for golang-github-prometheus-alertmanager and golang-github-prometheus-node_exporter fixes the following issues: golang-github-prometheus-alertmanager: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051) golang-github-prometheus-node_exporter: - Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578): * CVE-2022-27191: Update go/x/crypto (bsc#1197284) * CVE-2022-27664: Update go/x/net (bsc#1203185) * CVE-2022-46146: Update exporter-toolkit (bsc#1208064) - Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578): * NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the concurrency of the exporter to 1 CPU thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with high numbers of CPUs/CPU threads. * [BUGFIX] Fix hwmon label sanitizer * [BUGFIX] Use native endianness when encoding InetDiagMsg * [BUGFIX] Fix btrfs device stats always being zero * [BUGFIX] Fix diskstats exclude flags * [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning * [BUGFIX] Fix concurrency issue in ethtool collector * [BUGFIX] Fix concurrency issue in netdev collector * [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes * [BUGFIX] Fix iostat on macos broken by deprecation warning * [BUGFIX] Fix NodeFileDescriptorLimit alerts * [BUGFIX] Sanitize rapl zone names * [BUGFIX] Add file descriptor close safely in test * [BUGFIX] Fix race condition in os_release.go * [BUGFIX] Skip ZFS IO metrics if their paths are missing * [BUGFIX] Handle nil CPU thermal power status on M1 * [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE * [BUGFIX] Sanitize UTF-8 in dmi collector * [CHANGE] Merge metrics descriptions in textfile collector * [FEATURE] Add multiple listeners and systemd socket listener activation * [FEATURE] [node-mixin] Add darwin dashboard to mixin * [FEATURE] Add 'isolated' metric on cpu collector on linux * [FEATURE] Add cgroup summary collector * [FEATURE] Add selinux collector * [FEATURE] Add slab info collector * [FEATURE] Add sysctl collector * [FEATURE] Also track the CPU Spin time for OpenBSD systems * [FEATURE] Add support for MacOS version * [ENHANCEMENT] Add RTNL version of netclass collector * [ENHANCEMENT] [node-mixin] Add missing selectors * [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default * [ENHANCEMENT] [node-mixin] Change disk graph to disk table * [ENHANCEMENT] [node-mixin] Change io time units to %util * [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd * [ENHANCEMENT] Add additional vm_stat memory metrics for darwin * [ENHANCEMENT] Add device filter flags to arp collector * [ENHANCEMENT] Add diskstats include and exclude device flags * [ENHANCEMENT] Add node_softirqs_total metric * [ENHANCEMENT] Add rapl zone name label option * [ENHANCEMENT] Add slabinfo collector * [ENHANCEMENT] Allow user to select port on NTP server to query * [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev * [ENHANCEMENT] Enable builds against older macOS SDK * [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name * [ENHANCEMENT] systemd: Expose systemd minor version * [ENHANCEMENT] Use netlink for tcpstat collector * [ENHANCEMENT] Use netlink to get netdev stats * [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles * [ENHANCEMENT] Add btrfs device error stats - Change build requirement to go1.18 or higher (previously this was fixed to version 1.14) Moderate SUSE bug 1197284 SUSE bug 1203185 SUSE bug 1208051 SUSE bug 1208064 CVE-2022-27191 CVE-2022-27664 CVE-2022-46146 cpe:/o:opensuse:leap:15.4 Security update for libraw (Low) openSUSE Leap 15.4 This update for libraw fixes the following issues: - CVE-2023-1729: Fixed a heap buffer overflow when converting an image (bsc#1210720). Low SUSE bug 1210720 CVE-2023-1729 cpe:/o:opensuse:leap:15.4 Security update for libraw (Low) openSUSE Leap 15.4 This update for libraw fixes the following issues: - CVE-2023-1729: Fixed a heap buffer overflow when converting an image (bsc#1210720). Low SUSE bug 1210720 CVE-2023-1729 cpe:/o:opensuse:leap:15.4 Security update for postgresql12 (Important) openSUSE Leap 15.4 This update for postgresql12 fixes the following issues: Updated to version 12.15: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). - CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). - Internal fixes (bsc#1210303). Important SUSE bug 1210303 SUSE bug 1211228 SUSE bug 1211229 CVE-2023-2454 CVE-2023-2455 cpe:/o:opensuse:leap:15.4 Security update for tmux (Moderate) openSUSE Leap 15.4 This update for tmux fixes the following issues: - CVE-2022-47016: Fixed a null pointer dereference in window.c. (bsc#1207393) Moderate SUSE bug 1207393 CVE-2022-47016 cpe:/o:opensuse:leap:15.4 Security update for gradle (Moderate) openSUSE Leap 15.4 This update for gradle fixes the following issues: - CVE-2021-32751: Fixed arbitrary code execution in `application` plugin and the `gradlew` script (bsc#1188569). Moderate SUSE bug 1188569 CVE-2021-32751 cpe:/o:opensuse:leap:15.4 Security update for postgresql14 (Important) openSUSE Leap 15.4 This update for postgresql14 fixes the following issues: Updated to version 14.8: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). - CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). - Internal fixes (bsc#1210303). Important SUSE bug 1210303 SUSE bug 1211228 SUSE bug 1211229 CVE-2023-2454 CVE-2023-2455 cpe:/o:opensuse:leap:15.4 Security update for postgresql15 (Important) openSUSE Leap 15.4 This update for postgresql15 fixes the following issues: Updated to version 15.3: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). - CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). - Internal fixes (bsc#1210303). Important SUSE bug 1210303 SUSE bug 1211228 SUSE bug 1211229 CVE-2023-2454 CVE-2023-2455 cpe:/o:opensuse:leap:15.4 Security update for xterm (Important) openSUSE Leap 15.4 This update for xterm fixes the following issues: - CVE-2022-45063: Fixed an arbitrary code execution issue under configurations using vi and zsh (bsc#1205305). Important SUSE bug 1205305 CVE-2022-45063 cpe:/o:opensuse:leap:15.4 Security update for rekor (Important) openSUSE Leap 15.4 This update for rekor fixes the following issues: Updated to version 1.1.1 (jsc#SLE-23476): Functional Enhancements - Refactor Trillian client with exported methods (#1454) - Switch to official redis-go client (#1459) - Remove replace in go.mod (#1444) - Add Rekor OID info. (#1390) Quality Enhancements - remove legacy encrypted cosign key (#1446) - swap cjson dependency (#1441) - Update release readme (#1456) Security fixes: - CVE-2023-30551: Fixed a potential denial of service when processing JAR META-INF files or .SIGN/.PKINFO files in APK files (bsc#1211210). - updated to rekor 1.1.0 (jsc#SLE-23476): Functional Enhancements - improve validation on intoto v0.0.2 type (#1351) - add feature to limit HTTP request body length to process (#1334) - add information about the file size limit (#1313) - Add script to backfill Redis from Rekor (#1163) - Feature: add search support for sha512 (#1142) Quality Enhancements - various fuzzing fixes Bug Fixes - remove goroutine usage from SearchLogQuery (#1407) - drop log messages regarding attestation storage to debug (#1408) - fix validation for proposed vs committed log entries for intoto v0.0.1 (#1309) - fix: fix regex for multi-digit counts (#1321) - return NotFound if treesize is 0 rather than calling trillian (#1311) - enumerate slice to get sugared logs (#1312) - put a reasonable size limit on ssh key reader (#1288) - CLIENT: Fix Custom Host and Path Issue (#1306) - do not persist local state if log is empty; fail consistency proofs from 0 size (#1290) - correctly handle invalid or missing pki format (#1281) - Add Verifier to get public key/cert and identities for entry type (#1210) - fix goroutine leak in client; add insecure TLS option (#1238) - Fix - Remove the force-recreate flag (#1179) - trim whitespace around public keys before parsing (#1175) - stop inserting envelope hash for intoto:0.0.2 types into index (#1171) - Revert 'remove double encoding of payload and signature fields for intoto (#1150)' (#1158) - remove double encoding of payload and signature fields for intoto (#1150) - fix SearchLogQuery behavior to conform to openapi spec (#1145) - Remove pem-certificate-chain from client (#1138) - fix flag type for operator in search (#1136) - use sigstore/community dep review (#1132) Important SUSE bug 1211210 CVE-2023-30551 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Update to version 102.11: - fixed: During Account Setup, the 'Checking password...' message was not removed after a failure (bmo#1826022) - fixed: Miscellaneous UI fixes (bmo#1827070) - fixed: Security fixes MFSA 2023-18 (bsc#1211175) - CVE-2023-32205: Browser prompts could have been obscured by popups - CVE-2023-32206: Crash in RLBox Expat driver - CVE-2023-32207: Potential permissions request bypass via clickjacking - CVE-2023-32211: Content process crash due to invalid wasm code - CVE-2023-32212: Potential spoof due to obscured address bar - CVE-2023-32213: Potential memory corruption in FileReader::DoReadData() - CVE-2023-32214: Potential DoS via exposed protocol handlers - CVE-2023-32215: Memory safety bugs fixed in Thunderbird 102.11 Important SUSE bug 1211175 CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32214 CVE-2023-32215 cpe:/o:opensuse:leap:15.4 Security update for prometheus-sap_host_exporter (Important) openSUSE Leap 15.4 This update of prometheus-sap_host_exporter fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). Important SUSE bug 1200441 SUSE bug 1209658 cpe:/o:opensuse:leap:15.4 Security update for postgresql13 (Important) openSUSE Leap 15.4 This update for postgresql13 fixes the following issues: Updated to version 13.11: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). - CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). - Internal fixes (bsc#1210303). Important SUSE bug 1210303 SUSE bug 1211228 SUSE bug 1211229 CVE-2023-2454 CVE-2023-2455 cpe:/o:opensuse:leap:15.4 Security update for samba (Important) openSUSE Leap 15.4 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). Important SUSE bug 1205385 SUSE bug 1206504 SUSE bug 1206546 CVE-2021-20251 CVE-2022-37966 CVE-2022-38023 cpe:/o:opensuse:leap:15.4 Security update for java-11-openjdk (Important) openSUSE Leap 15.4 This update for java-11-openjdk fixes the following issues: Upgrade to upsteam tag jdk-11.0.19+7 (April 2023 CPU): - CVE-2023-21930: Fixed AES support (bsc#1210628). - CVE-2023-21937: Fixed String platform support (bsc#1210631). - CVE-2023-21938: Fixed runtime support (bsc#1210632). - CVE-2023-21939: Fixed Swing platform support (bsc#1210634). - CVE-2023-21954: Fixed object reclamation process (bsc#1210635). - CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636). - CVE-2023-21968: Fixed path handling (bsc#1210637). Important SUSE bug 1210628 SUSE bug 1210631 SUSE bug 1210632 SUSE bug 1210634 SUSE bug 1210635 SUSE bug 1210636 SUSE bug 1210637 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 cpe:/o:opensuse:leap:15.4 Security update for libheif (Moderate) openSUSE Leap 15.4 This update for libheif fixes the following issues: - CVE-2023-29659: Fixed segfault caused by divide-by-zero (bsc#1211174). Moderate SUSE bug 1211174 CVE-2023-29659 cpe:/o:opensuse:leap:15.4 Security update for curl (Important) openSUSE Leap 15.4 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). Important SUSE bug 1211230 SUSE bug 1211231 SUSE bug 1211232 SUSE bug 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: - ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). - ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - ARM: dts: gta04: fix excess dma channel usage (git-fixes). - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - ASN.1: Fix check for strdup() success (git-fixes). - ASoC: cs35l41: Only disable internal boost (git-fixes). - ASoC: es8316: Handle optional IRQ assignment (git-fixes). - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). - Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly - Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods - Bluetooth: Fix race condition in hidp_session_thread (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - IB/mlx5: Add support for 400G_8X lane speed (git-fixes) - Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - KEYS: Add missing function documentation (git-fixes). - KEYS: Create static version of public_key_verify_signature (git-fixes). - NFS: Cleanup unused rpc_clnt variable (git-fixes). - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes). - PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). - PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - PCI: imx6: Install the fault handler only on compatible match (git-fixes). - PCI: loongson: Add more devices that need MRRS quirk (git-fixes). - PCI: loongson: Prevent LS7A MRRS increases (git-fixes). - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) - RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) - RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) - Remove obsolete KMP obsoletes (bsc#1210469). - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes). - Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes). - USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - USB: serial: option: add Quectel RM500U-CN modem (git-fixes). - USB: serial: option: add Telit FE990 compositions (git-fixes). - USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - arm64: enable jump-label jump-label was disabled on arm64 by a backport error. - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cifs: fix negotiate context parsing (bsc#1210301). - clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - config: arm64: enable ERRATUM_843419 Config option was incorrectly replaced by the rt-refresh-configs script - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add send_retries increment (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users. - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - locking/rwbase: Mitigate indefinite writer starvation. - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: max9286: Free control handler (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: fix perf_event_context->time (git fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc: declare unmodified attribute_group usages const (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)). - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream) - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - supported.conf: declaring usb_f_ncm supported as requested in (jsc#PED-3750) Support for the legacy functionality g_ncm is still under discussion (see jsc-PED#3200) For maintainance see (jsc#PED-3759) - supported.conf: support u_ether and libcomposite (jsc-PED#3750) This is necessary for g_ncm (for maintainance see jsc-PED#3759) - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Support splicing to file (bsc#1210770). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). Important SUSE bug 1142685 SUSE bug 1155798 SUSE bug 1174777 SUSE bug 1189999 SUSE bug 1194869 SUSE bug 1203039 SUSE bug 1203325 SUSE bug 1206649 SUSE bug 1206891 SUSE bug 1206992 SUSE bug 1207088 SUSE bug 1208076 SUSE bug 1208845 SUSE bug 1209615 SUSE bug 1209693 SUSE bug 1209739 SUSE bug 1209871 SUSE bug 1209927 SUSE bug 1209999 SUSE bug 1210034 SUSE bug 1210158 SUSE bug 1210202 SUSE bug 1210206 SUSE bug 1210301 SUSE bug 1210329 SUSE bug 1210336 SUSE bug 1210337 SUSE bug 1210439 SUSE bug 1210453 SUSE bug 1210454 SUSE bug 1210469 SUSE bug 1210506 SUSE bug 1210629 SUSE bug 1210725 SUSE bug 1210762 SUSE bug 1210763 SUSE bug 1210764 SUSE bug 1210765 SUSE bug 1210766 SUSE bug 1210767 SUSE bug 1210768 SUSE bug 1210769 SUSE bug 1210770 SUSE bug 1210771 SUSE bug 1210793 SUSE bug 1210816 SUSE bug 1210817 SUSE bug 1210827 SUSE bug 1210943 SUSE bug 1210953 SUSE bug 1210986 SUSE bug 1211025 CVE-2022-2196 CVE-2023-0386 CVE-2023-1670 CVE-2023-1855 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2008 CVE-2023-2019 CVE-2023-2176 CVE-2023-2235 CVE-2023-23006 CVE-2023-30772 cpe:/o:opensuse:leap:15.4 Security update for cups-filters (Important) openSUSE Leap 15.4 This update for cups-filters fixes the following issues: - CVE-2023-24805: Fixed a remote code execution in the beh backend (bsc#1211340). Important SUSE bug 1211340 CVE-2023-24805 cpe:/o:opensuse:leap:15.4 Security update for ovmf (Important) openSUSE Leap 15.4 This update for ovmf fixes the following issues: - CVE-2021-38578: Fixed potential underflow in SmmEntryPointwhen computing BufferSize (bsc#1196741). - CVE-2019-14560: Fixed potential secure boot bypass caused by improper check of GetEfiGlobalVariable2() return value (bsc#1174246). - revert a patch to fix xen boot problems (bsc#1205613) Important SUSE bug 1174246 SUSE bug 1196741 SUSE bug 1205613 CVE-2019-14560 CVE-2021-38578 cpe:/o:opensuse:leap:15.4 Security update for mysql-connector-java (Moderate) openSUSE Leap 15.4 This update for mysql-connector-java fixes the following issues: - CVE-2023-21971: Fixed a crash in MySQL Connectors that could be triggered by an authenticated remote user (bsc#1211247). - Ship protobuf 3.9.2 compatible generated files to support older distro versions. - Update to 8.0.32: - MysqlDataSource fails to URL encode database name when constructing JDBC URL. - serverSideStatementCache ignores resultSetType. - UpdatableResultSet does not properly handle unsigned primary key. - Connector/J 8 query with explain can not return ResultRow. - Add support to row alias on INSERT... ON DUPLICATE KEY UPDATE on batch mode. - connectionCollation ignored if characterEncoding is set. - Connector/J rejects UNION with CTE. - Malformed packet generation for `COM_STMT_EXECUTE`. - Connector/J client hangs after prepare & execute process with old version server. - Contribution: Fix name of relocation POM file. - Contribution: [PATCH] Remove superfluous use of boxing. - Contribution: Recognize 'ON DUPLICATE KEY UPDATE' in 'INSERT SET' Statement. - RPM and DEB builds broken after introducing javadoc for maven bundles. - Sonatype compliant POM and maven bundles. - Upgrade 3rd party libraries and tools. - Upgrade Protocol Buffers dependency to protobuf-java-3.21.9. - As Oracle renamed the package to 'mysql-connector-j', we are 'providing' both names for now, but the package has to be renamed to accommodate the change because the old name will be deprecated at some point in the future without further notice. - Update to 8.0.31: Functionality Added or Changed * Important Change: To comply with proper naming guidelines, the Maven groupId and artifactId for Connector/J have been changed to the following starting with this release: groupId: com.mysql artifactId: mysql-connector-j * The old groupId and artifactId can still be used for linking the Connector/J library, but they will point to a Maven relocation POM, redirecting users to the new coordinates. Please switch to the new coordinates as soon as possible, as the old coordinates could be discontinued anytime without notice. See Installing Connector/J Using Maven. * Also, to go with these changes, the .jar library for Connector/J has been renamed to mysql-connector-j-x.y.z for all channels of distribution by Oracle, not just the Maven repository. * Before release 8.0.29, Connector/J always interpolated byte arrays as hexadecimal literals when obtaining a prepared statement's string representation by the toString() method. Since 8.0.29, all byte array values were displayed as ** BYTE ARRAY DATA ** when converted to strings. The same is also true for null values. * To allow different ways to display byte array data and null values, a new connection property, maxByteArrayAsHex, has been introduced: byte arrays shorter than the value of maxByteArrayAsHex are now shown as hexadecimal literals like before release 8.0.29. Any byte arrays longer than this value are interpolated generically as ** BYTE ARRAY DATA **. Bugs Fixed * X DevAPI: When parsing a string into a JSON string, some escape character sequences were not parsed properly, causing the Server to throw a com.mysql.cj.exceptions.WrongArgumentException when receiving the JSON value. This fix ensures that escape sequences are handled properly. * X DevAPI: When using the modify() method on JSON documents, any backslashes inside a literal to be used for the modification were lost. This fix corrects the mistakes in the expression parser that caused the issue. * Executing a PreparedStatment after applying setFetchSize(0) on it caused an ArrayIndexOutOfBoundsException. * Due to some old limitations, when used with Java applets, Connector/J found out the default character set on a system by various workarounds like reading the system property file.encoding, using an OutpuStreamWriter, etc. With this fix, Connector/J now uses Charset.defaultCharset(), the standard method for the purpose. - Update to 8.0.30: Functionality Added or Changed * X DevAPI: For document-modifying methods that are chained after modify() and take a document path expression as one of its arguments (that is, set(), unset(), arrayInsert(), arrayAppend()), Connector/J now throws an error when the document path is empty or is a null string. Bugs Fixed * Historically, MySQL Server has used utf8 as an alias for utf8mb3. Since release 8.0.29, utf8mb3 has become a recognized (though deprecated) character set on its own for MySQL Server and to make things consistent, in release 8.0.30, any collations prefixed with utf8_ are now prefixed with utf8mb3_ instead. To go with that change, Connector/J has updated its character set and collation mapping accordingly in this release, and users are encouraged to update to Connector/J 8.0.30 to avoid potential issues when working with MySQL Server 8.0.30 or later. * A few links in the CONTRIBUTING.md file in the distribution packages were broken. They have now been fixed or removed. * The description for the connection property rewriteBatchedStatements has been corrected, removing the limitation that server-sided prepared statements could not take advantage of the rewrite option. * A spelling error has been fixed in the source file for the PropertyDefinitions class. Thanks to Weijie Wu for contributing the fix. * DatabaseMetaData.getTypeInfo always returned false for AUTO_INCREMENT for all data types. With this fix, Connector/J returns the correct value for each data type. Also, the missing types DOUBLE UNSIGNED and DOUBLE PRECISION UNSIGNED have been added to the ResultSet. * Contrary to the the MySQL requirement for comments, Connector/J did not require a whitespace (or a control character such as a newline) after '--' to mark the beginning of a comment within a SQL statement. This fix aligns Connector/J with the MySQL requirement. Moderate SUSE bug 1211247 CVE-2023-21971 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 15.4 This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u372 (icedtea-3.27.0): - CVE-2023-21930: Fixed an issue in the JSSE component that could allow an attacker to access critical data without authorization (bsc#1210628). - CVE-2023-21937: Fixed an issue in the Networking component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210631). - CVE-2023-21938: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210632). - CVE-2023-21939: Fixed an issue in the Swing component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210634). - CVE-2023-21954: Fixed an issue in the Hotspot component that could allow an attacker to access critical data without authorization (bsc#1210635). - CVE-2023-21967: Fixed an issue in the JSSE component that could allow an attacker to cause a hang or frequently repeatable crash without authorization (bsc#1210636). - CVE-2023-21968: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210637). Important SUSE bug 1210628 SUSE bug 1210631 SUSE bug 1210632 SUSE bug 1210634 SUSE bug 1210635 SUSE bug 1210636 SUSE bug 1210637 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 cpe:/o:opensuse:leap:15.4 Security update for ucode-intel (Important) openSUSE Leap 15.4 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20230512 release. (bsc#1211382). - New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 - Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile Important SUSE bug 1208479 SUSE bug 1211382 CVE-2022-33972 cpe:/o:opensuse:leap:15.4 Security update for ctags (Important) openSUSE Leap 15.4 This update for ctags fixes the following issues: - CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543). Important SUSE bug 1206543 CVE-2022-4515 cpe:/o:opensuse:leap:15.4 Security update for openvswitch (Important) openSUSE Leap 15.4 This update for openvswitch fixes the following issues: - CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580). - CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581). Important SUSE bug 1206580 SUSE bug 1206581 CVE-2022-4337 CVE-2022-4338 cpe:/o:opensuse:leap:15.4 Security update for terraform-provider-aws (Important) openSUSE Leap 15.4 This update of terraform-provider-aws fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). Important SUSE bug 1200441 SUSE bug 1209658 cpe:/o:opensuse:leap:15.4 Security update for containerd (Important) openSUSE Leap 15.4 This update for containerd fixes the following issues: - Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298) Important SUSE bug 1210298 cpe:/o:opensuse:leap:15.4 Security update for openvswitch (Important) openSUSE Leap 15.4 This update for openvswitch fixes the following issues: - CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580). - CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581). Important SUSE bug 1206580 SUSE bug 1206581 CVE-2022-4337 CVE-2022-4338 cpe:/o:opensuse:leap:15.4 Security update for runc (Important) openSUSE Leap 15.4 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:opensuse:leap:15.4 Security update for terraform-provider-null (Important) openSUSE Leap 15.4 This update of terraform-provider-null fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). Important SUSE bug 1200441 SUSE bug 1209658 cpe:/o:opensuse:leap:15.4 Security update for python-Flask (Important) openSUSE Leap 15.4 This update for python-Flask fixes the following issues: - CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching (bsc#1211246). Important SUSE bug 1211246 CVE-2023-30861 cpe:/o:opensuse:leap:15.4 Security update for geoipupdate (Important) openSUSE Leap 15.4 This update of geoipupdate fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). Important SUSE bug 1200441 SUSE bug 1209658 cpe:/o:opensuse:leap:15.4 Security update for openvswitch (Important) openSUSE Leap 15.4 This update for openvswitch fixes the following issues: - CVE-2023-1668: Fixed remote traffic denial of service via crafted packets with IP proto 0 (bsc#1210054). - CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580). - CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581). Important SUSE bug 1206580 SUSE bug 1206581 SUSE bug 1210054 CVE-2022-4337 CVE-2022-4338 CVE-2023-1668 cpe:/o:opensuse:leap:15.4 Security update for texlive (Important) openSUSE Leap 15.4 This update for texlive fixes the following issues: - CVE-2023-32700: Fixed arbitrary code execution in LuaTeX (bsc#1211389). Important SUSE bug 1211389 CVE-2023-32700 cpe:/o:opensuse:leap:15.4 Security update for texlive (Important) openSUSE Leap 15.4 This update for texlive fixes the following issues: - CVE-2023-32700: Fixed arbitrary code execution in LuaTeX (bsc#1211389). Important SUSE bug 1211389 CVE-2023-32700 cpe:/o:opensuse:leap:15.4 Security update for cups-filters, poppler, texlive (Important) openSUSE Leap 15.4 This update for cups-filters, poppler, texlive fixes the following issues: cups-filters: - CVE-2023-24805: Fixed a remote code execution in the beh backend (bsc#1211340). texlive: - CVE-2023-32700: Fixed arbitrary code execution in LuaTeX (bsc#1211389). poppler: - Added missing header file goo/GooCheckedOps.h. Without it, other packages using poppler as a library might fail to compile since our public headers now depend on it. (bsc#1211450) Important SUSE bug 1211340 SUSE bug 1211389 SUSE bug 1211450 CVE-2023-24805 CVE-2023-32700 cpe:/o:opensuse:leap:15.4 Security update for kubernetes1.18 (Important) openSUSE Leap 15.4 This update of kubernetes1.18 fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). Important SUSE bug 1200441 SUSE bug 1209658 cpe:/o:opensuse:leap:15.4 Security update for rmt-server (Important) openSUSE Leap 15.4 This update for rmt-server fixes the following issues: Updated to version 2.13: - CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency (bsc#1209507). - CVE-2023-27530: Fixed a denial of service issue in multipart request parsing (bsc#1209096). Non-security fixes: - Fixed transactional update on GCE (bsc#1211398). - Use HTTPS in rmt-client-setup-res (bsc#1209825). - Various build fixes (bsc#1207670, bsc#1203171, bsc#1206593, bsc#1202053). Important SUSE bug 1202053 SUSE bug 1203171 SUSE bug 1206593 SUSE bug 1207670 SUSE bug 1209096 SUSE bug 1209507 SUSE bug 1209825 SUSE bug 1211398 CVE-2023-27530 CVE-2023-28120 cpe:/o:opensuse:leap:15.4 Security update for openvswitch (Important) openSUSE Leap 15.4 This update for openvswitch fixes the following issues: - CVE-2023-1668: Fixed remote traffic denial of service via crafted packets with IP proto 0 (bsc#1210054). Important SUSE bug 1210054 CVE-2023-1668 cpe:/o:opensuse:leap:15.4 Security update for golang-github-vpenso-prometheus_slurm_exporter (Important) openSUSE Leap 15.4 This update of golang-github-vpenso-prometheus_slurm_exporter fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). Important SUSE bug 1200441 SUSE bug 1209658 cpe:/o:opensuse:leap:15.4 Security update for distribution (Moderate) openSUSE Leap 15.4 This update for distribution fixes the following issues: Update to verison 2.8.2: - Revert registry/client: set `Accept: identity` header when getting layers - Parse `http` forbidden as denied - Fix CVE-2023-2253 runaway allocation on /v2/_catalog (bsc#1207705) - Fix panic in inmemory driver - update to go1.19.9 - Add code to handle pagination of parts. Fixes max layer size of 10GB bug - Dockerfile: fix filenames of artifacts Moderate SUSE bug 1207705 SUSE bug 1210428 CVE-2023-2253 cpe:/o:opensuse:leap:15.4 Security update for go1.18-openssl (Important) openSUSE Leap 15.4 This update for go1.18-openssl fixes the following issues: - Add subpackage go1.x-libstd compiled shared object libstd.so (jsc#PED-1962) * Main go1.x package included libstd.so in previous versions * Split libstd.so into subpackage that can be installed standalone * Continues the slimming down of main go1.x package by 40 Mb * Experimental and not recommended for general use, Go currently has no ABI * Upstream Go has not committed to support buildmode=shared long-term * Do not use in packaging, build static single binaries (the default) * Upstream Go go1.x binary releases do not include libstd.so * go1.x Suggests go1.x-libstd so not installed by default Recommends * go1.x-libstd does not Require: go1.x so can install standalone * Provides go-libstd unversioned package name * Fix build step -buildmode=shared std to omit -linkshared - Packaging improvements: * go1.x Suggests go1.x-doc so not installed by default Recommends * Use Group: Development/Languages/Go instead of Other - Improvements to go1.x packaging spec: * On Tumbleweed bootstrap with current default gcc13 and gccgo118 * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap using go1.x package (%bcond_without gccgo). This is no longer needed on current SLE-12:Update and removing will consolidate the build configurations used. * Change source URLs to go.dev as per Go upstream * On x86_64 export GOAMD64=v1 as per the current baseline. At this time forgo GOAMD64=v3 option for x86_64_v3 support. * On x86_64 %define go_amd64=v1 as current instruction baseline - Update to version 1.18.10.1 cut from the go1.18-openssl-fips branch at the revision tagged go1.18.10-1-openssl-fips. * Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips * Merge go1.18.10 into dev.boringcrypto.go1.18 - go1.18.10 (released 2023-01-10) includes fixes to cgo, the compiler, the linker, and the crypto/x509, net/http, and syscall packages. Refs bsc#1193742 go1.18 release tracking * go#57705 misc/cgo: backport needed for dlltool fix * go#57426 crypto/x509: Verify on macOS does not return typed errors * go#57344 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its 'old' argument. * go#57338 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices * go#57213 os: TestLstat failure on Linux Aarch64 * go#57211 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length * go#57057 cmd/go: remove test dependency on gopkg.in service * go#57054 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders * go#57044 cgo: malformed DWARF TagVariable entry * go#57028 cmd/cgo: Wrong types in compiler errors with clang 14 * go#56833 cmd/link/internal/ppc64: too-far trampoline is reused * go#56711 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target * go#56323 net/http: bad handling of HEAD requests with a body Important SUSE bug 1183043 SUSE bug 1193742 SUSE bug 1198423 SUSE bug 1198424 SUSE bug 1198427 SUSE bug 1199413 SUSE bug 1200134 SUSE bug 1200135 SUSE bug 1200136 SUSE bug 1200137 SUSE bug 1201434 SUSE bug 1201436 SUSE bug 1201437 SUSE bug 1201440 SUSE bug 1201443 SUSE bug 1201444 SUSE bug 1201445 SUSE bug 1201447 SUSE bug 1201448 SUSE bug 1202035 SUSE bug 1203185 SUSE bug 1204023 SUSE bug 1204024 SUSE bug 1204025 SUSE bug 1204941 SUSE bug 1206134 SUSE bug 1206135 SUSE bug 1208270 SUSE bug 1208271 SUSE bug 1208272 SUSE bug 1208491 CVE-2022-1705 CVE-2022-1962 CVE-2022-24675 CVE-2022-27536 CVE-2022-27664 CVE-2022-28131 CVE-2022-28327 CVE-2022-2879 CVE-2022-2880 CVE-2022-29526 CVE-2022-29804 CVE-2022-30580 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30634 CVE-2022-30635 CVE-2022-32148 CVE-2022-32189 CVE-2022-41715 CVE-2022-41716 CVE-2022-41717 CVE-2022-41720 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 cpe:/o:opensuse:leap:15.4 Security update for c-ares (Important) openSUSE Leap 15.4 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support Important SUSE bug 1211604 SUSE bug 1211605 SUSE bug 1211606 SUSE bug 1211607 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 cpe:/o:opensuse:leap:15.4 Security update for libaom (Moderate) openSUSE Leap 15.4 This update for libaom fixes the following issues: - CVE-2020-0470: Fixed heap buffer overflow in extend_frame_highbd() (bsc#1180033). Moderate SUSE bug 1180033 CVE-2020-0470 cpe:/o:opensuse:leap:15.4 Security update for wireshark (Moderate) openSUSE Leap 15.4 This update for wireshark fixes the following issues: Updated to version 3.6.14: - CVE-2023-2855: Fixed a crash in the Candump log file parser (boo#1211703). - CVE-2023-2856: Fixed a crash in the VMS TCPIPtrace file parser (boo#1211707). - CVE-2023-2857: Fixed a crash in the BLF file parser (boo#1211705). - CVE-2023-2858: Fixed a crash in the NetScaler file parser (boo#1211706). - CVE-2023-0668: Fixed a crash in the IEEE C37.118 Synchrophasor dissector (boo#1211710). - CVE-2023-2879: GDSDB dissector infinite loop (boo#1211793). Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.14.html Moderate SUSE bug 1211703 SUSE bug 1211705 SUSE bug 1211706 SUSE bug 1211707 SUSE bug 1211710 SUSE bug 1211793 CVE-2023-0668 CVE-2023-2855 CVE-2023-2856 CVE-2023-2857 CVE-2023-2858 CVE-2023-2859 cpe:/o:opensuse:leap:15.4 Security update for terraform-provider-helm (Important) openSUSE Leap 15.4 This update of terraform-provider-helm fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:opensuse:leap:15.4 Security update for cni-plugins (Important) openSUSE Leap 15.4 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:opensuse:leap:15.4 Security update for cni (Important) openSUSE Leap 15.4 This update of cni fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:opensuse:leap:15.4 Security update for amazon-ssm-agent (Important) openSUSE Leap 15.4 This update of amazon-ssm-agent fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_0_0 (Important) openSUSE Leap 15.4 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). Important SUSE bug 1211430 CVE-2023-2650 cpe:/o:opensuse:leap:15.4 Security update for tiff (Moderate) openSUSE Leap 15.4 This update for tiff fixes the following issues: Fixed multiple out of bounds read/write security issues: CVE-2023-0795 (bsc#1208226), CVE-2023-0796 (bsc#1208227), CVE-2023-0797 (bsc#1208228), CVE-2023-0798 (bsc#1208229), CVE-2023-0799 (bsc#1208230), CVE-2023-0800 (bsc#1208231), CVE-2023-0801 (bsc#1208232), CVE-2023-0802 (bsc#1208233), CVE-2023-0803 (bsc#1208234), CVE-2023-0804 (bsc#1208236). Moderate SUSE bug 1208226 SUSE bug 1208227 SUSE bug 1208228 SUSE bug 1208229 SUSE bug 1208230 SUSE bug 1208231 SUSE bug 1208232 SUSE bug 1208233 SUSE bug 1208234 SUSE bug 1208236 CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_1 (Important) openSUSE Leap 15.4 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). Important SUSE bug 1211430 CVE-2023-2650 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Important) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2023-34151: Fixed an undefined behavior issue due to floating point truncation (bsc#1211791). - CVE-2023-34153: Fixed a command injection issue when encoding or decoding VIDEO files (bsc#1211792). Important SUSE bug 1211791 SUSE bug 1211792 CVE-2023-34151 CVE-2023-34153 cpe:/o:opensuse:leap:15.4 Security update for cups (Important) openSUSE Leap 15.4 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). Important SUSE bug 1211643 CVE-2023-32324 cpe:/o:opensuse:leap:15.4 Security update for libvirt (Moderate) openSUSE Leap 15.4 This update for libvirt fixes the following issues: - CVE-2023-2700: Fixed a memory leak that could be triggered by repeatedly querying an SR-IOV PCI device's capabilities (bsc#1211390). Non-security fixes: - Fixed a potential crash during driver cleanup (bsc#1209861). - Added Apparmor support for SUSE edk2 firmware paths (boo#1208567). - Fixed lxc container initialization with systemd and hybrid groups (boo#1183247). - Added the option to specify the virtual CPU address size in bits for qemu (bsc#1199583). Moderate SUSE bug 1183247 SUSE bug 1199583 SUSE bug 1208567 SUSE bug 1209861 SUSE bug 1211390 CVE-2023-2700 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Low) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2023-34151: Fixed an undefined behavior issue due to floating point truncation (bsc#1211791). Low SUSE bug 1211791 CVE-2023-34151 cpe:/o:opensuse:leap:15.4 Security update for apache-commons-fileupload (Important) openSUSE Leap 15.4 This update for apache-commons-fileupload fixes the following issues: Updated to version 1.5: - CVE-2023-24998: Added a configurable maximum number of files to upload per request (bsc#1208513). Important SUSE bug 1208513 CVE-2023-24998 cpe:/o:opensuse:leap:15.4 Security update for python310 (Moderate) openSUSE Leap 15.4 This update for python310 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). Moderate SUSE bug 1203750 CVE-2007-4559 cpe:/o:opensuse:leap:15.4 Security update for libwebp (Important) openSUSE Leap 15.4 This update for libwebp fixes the following issues: - CVE-2023-1999: Fixed a double free (bsc#1210212). Important SUSE bug 1210212 CVE-2023-1999 cpe:/o:opensuse:leap:15.4 Security update for openssl-3 (Moderate) openSUSE Leap 15.4 This update for openssl-3 fixes the following issues: - Update to version 3.0.8 (bsc#1207541). - CVE-2022-40735: Fixed remote trigger of expensive server-side DHE modular-exponentiation with long exponents in Diffie-Hellman Key Agreement Protocol (bsc#1205476). - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). Moderate SUSE bug 1205476 SUSE bug 1210714 SUSE bug 1211430 CVE-2022-40735 CVE-2023-1255 CVE-2023-2650 cpe:/o:opensuse:leap:15.4 Security update for mariadb (Low) openSUSE Leap 15.4 This update for mariadb fixes the following issues: Updated to version 10.6.13: - CVE-2022-47015: Fixed a denial of service that could be triggered by a crafted SQL query (bsc#1207404). Low SUSE bug 1207404 CVE-2022-47015 cpe:/o:opensuse:leap:15.4 Security update for openldap2 (Moderate) openSUSE Leap 15.4 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). Moderate SUSE bug 1211795 CVE-2023-2953 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Extended Support Release 102.12.0 ESR (bsc#1211922): - CVE-2023-34414: Click-jacking certificate exceptions through rendering lag - CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 Important SUSE bug 1211922 CVE-2023-34414 CVE-2023-34416 cpe:/o:opensuse:leap:15.4 Security update for libwebp (Important) openSUSE Leap 15.4 This update for libwebp fixes the following issues: - CVE-2023-1999: Fixed a double free (bsc#1210212). Important SUSE bug 1210212 CVE-2023-1999 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.4 This update for java-1_8_0-ibm fixes the following issues: - CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628). - CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631). - CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632). - CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634). - CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637). - CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615). - CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636). - CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635). Additional reference fixed already in 8.0.7.15: - CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711). Important SUSE bug 1210628 SUSE bug 1210631 SUSE bug 1210632 SUSE bug 1210634 SUSE bug 1210635 SUSE bug 1210636 SUSE bug 1210637 SUSE bug 1210711 SUSE bug 1210826 SUSE bug 1211615 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-2597 CVE-2023-30441 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 AZURE kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). - CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). The following non-security bugs were fixed: - 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). - ACPI: EC: Fix oops when removing custom query handlers (git-fixes). - ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes). - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - ACPI: tables: Add support for NBFT (bsc#1195921). - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). - ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes). - ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). - ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). - ALSA: firewire-digi00x: prevent potential use after free (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). - ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). - ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes). - ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). - ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes). - ALSA: hda: Fix unhandled register update during auto-suspend period (git-fixes). - ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). - ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). - ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). - ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes). - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes). - ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). - ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes). - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes). - Add a bug reference to two existing drm-hyperv changes (bsc#1211281). - Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes). - Bluetooth: btintel: Add LE States quirk support (git-fixes). - Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes). - HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). - HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). - HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). - HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). - HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes). - HID: wacom: Set a default resolution for older tablets (git-fixes). - HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). - HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). - HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes). - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) - IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes) - IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) - Input: xpad - add constants for GIP interface numbers (git-fixes). - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes) - KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes) - KVM: Do not create VM debugfs files outside of the VM directory (git-fixes) - KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). - KVM: Prevent module exit until all VMs are freed (git-fixes) - KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes). - KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes). - KVM: SVM: Fix potential overflow in SEV's send|receive_update_data() (git-fixes). - KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes). - KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes). - KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes). - KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes). - KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes). - KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). - KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) - KVM: arm64: Do not return from void function (git-fixes) - KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) - KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes) - KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) - KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) - KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) - KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes) - KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) - KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes) - KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) - KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) - KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes) - KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) - KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes). - KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). - KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes). - KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes). - KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). - KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). - KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). - KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes). - KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes). - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes). - KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). - KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). - KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes). - KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). - KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes). - KVM: x86: do not set st->preempted when going back to user space (git-fixes). - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). - KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). - Move upstreamed media patches into sorted section - PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes). - PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes). - PM: hibernate: Turn snapshot_test into global variable (git-fixes). - PM: hibernate: fix load_image_and_restore() error path (git-fixes). - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) - RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes) - RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) - RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes) - RDMA/efa: Fix unsupported page sizes in device (git-fixes) - RDMA/hns: Fix base address table allocation (git-fixes) - RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes) - RDMA/hns: Modify the value of long message loopback slice (git-fixes) - RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). - RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). - RDMA/irdma: Fix Local Invalidate fencing (git-fixes) - RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383). - RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). - RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). - RDMA/irdma: Prevent QP use after free (git-fixes) - RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383). - RDMA/irdma: Remove excess error variables (jsc#SLE-18383). - RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). - RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). - RDMA/mlx5: Fix flow counter query via DEVX (git-fixes) - RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes) - RDMA/rdmavt: Delete unnecessary NULL check (git-fixes) - RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes) - RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes) - RDMA/siw: Fix potential page_array out of range access (git-fixes) - RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes) - RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) - SMB3.1.1: add new tree connect ShareFlags (bsc#1193629). - SMB3: Add missing locks to protect deferred close file list (git-fixes). - SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). - SMB3: Close deferred file handles in case of handle lease break (bsc#1193629). - SMB3: drop reference to cfile before sending oplock break (bsc#1193629). - SMB3: force unmount was failing to close deferred close files (bsc#1193629). - SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). - USB / dwc3: Fix a checkpatch warning in core.c (git-fixes). - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes). - USB: core: Add routines for endpoint checks in old drivers (git-fixes). - USB: sisusbvga: Add endpoint checks (git-fixes). - USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). - Update patches.suse/powerpc-64s-Fix-local-irq-disable-when-PMIs-are-disa.patch (bsc#1195655 ltc#195733 git-fixes). - Update patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch (bsc#1195655 ltc#195733). - apparmor: add a kernel label to use on kernel objects (bsc#1211113). - arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). - ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). - ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). - blacklist.conf: s390/boot: allocate amode31 section in decompressor - blacklist.conf: the commit might cause regression (bsc#1210947) - block: add a bdev_max_zone_append_sectors helper (git-fixes). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes). - bnxt: Do not read past the end of test names (jsc#SLE-18978). - bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). - bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). - bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). - bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). - bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). - bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). - bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). - bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes). - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes). - can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). - can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes). - can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). - can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). - cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). - ceph: force updating the msg pointer in non-split case (bsc#1211804). - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). - cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). - cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). - cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). - cgroup: reduce dependency on cgroup_mutex (bsc#1205650). - cifs: Avoid a cast in add_lease_context() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). - cifs: fix potential race when tree connecting ipc (bsc#1208758). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). - cifs: fix sharing of DFS connections (bsc#1208758). - cifs: fix smb1 mount regression (bsc#1193629). - cifs: mapchars mount option ignored (bsc#1193629). - cifs: missing lock when updating session status (bsc#1193629). - cifs: print smb3_fs_context::source when mounting (bsc#1193629). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). - cifs: protect session status check in smb2_reconnect() (bsc#1208758). - cifs: release leases for deferred close handles when freezing (bsc#1193629). - cifs: sanitize paths in cifs_update_super_prepath (git-fixes). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). - clk: qcom: regmap: add PHY clock source implementation (git-fixes). - clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). - configfs: fix possible memory leak in configfs_create_dir() (git-fixes). - crypto: acomp - define max size for destination (jsc#PED-3692) - crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) - crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) - crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) - crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) - crypto: qat - abstract PFVF receive logic (jsc#PED-3692) - crypto: qat - abstract PFVF send function (jsc#PED-3692) - crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) - crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) - crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) - crypto: qat - add backlog mechanism (jsc#PED-3692) - crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) - crypto: qat - add check to validate firmware images (jsc#PED-3692) - crypto: qat - add limit to linked list parsing (jsc#PED-3692) - crypto: qat - add misc workqueue (jsc#PED-3692) - crypto: qat - add missing restarting event notification in (jsc#PED-3692) - crypto: qat - add param check for DH (jsc#PED-3692) - crypto: qat - add param check for RSA (jsc#PED-3692) - crypto: qat - add pfvf_ops (jsc#PED-3692) - crypto: qat - add resubmit logic for decompression (jsc#PED-3692) - crypto: qat - add support for 401xx devices (jsc#PED-3692) - crypto: qat - add support for compression for 4xxx (jsc#PED-3692) - crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) - crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) - crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) - crypto: qat - change behaviour of (jsc#PED-3692) - crypto: qat - change bufferlist logic interface (jsc#PED-3692) - crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) - crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) - crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) - crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) - crypto: qat - do not rely on min version (jsc#PED-3692) - crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) - crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) - crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) - crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) - crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) - crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - extend buffer list interface (jsc#PED-3692) - crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) - crypto: qat - extract send and wait from (jsc#PED-3692) - crypto: qat - fix DMA transfer direction (jsc#PED-3692) - crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) - crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) - crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) - crypto: qat - fix a typo in a comment (jsc#PED-3692) - crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) - crypto: qat - fix definition of ring reset results (jsc#PED-3692) - crypto: qat - fix error return code in adf_probe (jsc#PED-3692) - crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) - crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) - crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) - crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) - crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) - crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) - crypto: qat - free irq in case of failure (jsc#PED-3692) - crypto: qat - free irqs only if allocated (jsc#PED-3692) - crypto: qat - generalize crypto request buffers (jsc#PED-3692) - crypto: qat - get compression extended capabilities (jsc#PED-3692) - crypto: qat - handle retries due to collisions in (jsc#PED-3692) - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) - crypto: qat - improve logging of PFVF messages (jsc#PED-3692) - crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) - crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) - crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) - crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) - crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) - crypto: qat - make PFVF message construction direction (jsc#PED-3692) - crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) - crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) - crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) - crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) - crypto: qat - move pfvf collision detection values (jsc#PED-3692) - crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) - crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) - crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) - crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) - crypto: qat - re-enable registration of algorithms (jsc#PED-3692) - crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) - crypto: qat - refactor pfvf version request messages (jsc#PED-3692) - crypto: qat - refactor submission logic (jsc#PED-3692) - crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF disabled function (jsc#PED-3692) - crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) - crypto: qat - relocate backlog related structures (jsc#PED-3692) - crypto: qat - relocate bufferlist logic (jsc#PED-3692) - crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) - crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) - crypto: qat - remove empty sriov_configure() (jsc#PED-3692) - crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) - crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) - crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) - crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) - crypto: qat - remove unneeded assignment (jsc#PED-3692) - crypto: qat - remove unneeded braces (jsc#PED-3692) - crypto: qat - remove unneeded packed attribute (jsc#PED-3692) - crypto: qat - remove unused PFVF stubs (jsc#PED-3692) - crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) - crypto: qat - rename bufferlist functions (jsc#PED-3692) - crypto: qat - rename pfvf collision constants (jsc#PED-3692) - crypto: qat - reorganize PFVF code (jsc#PED-3692) - crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) - crypto: qat - replace deprecated MSI API (jsc#PED-3692) - crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) - crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) - crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) - crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) - crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) - crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) - crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) - crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) - crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) - crypto: qat - stop using iommu_present() (jsc#PED-3692) - crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) - crypto: qat - store the ring-to-service mapping (jsc#PED-3692) - crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) - crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) - crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) - crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) - crypto: qat - use hweight for bit counting (jsc#PED-3692) - crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) - crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) - crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). - cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). - debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). - dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). - dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). - dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). - dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). - dmaengine: mv_xor_v2: Fix an error code (git-fixes). - do not reuse connection if share marked as isolated (bsc#1193629). - docs: networking: fix x25-iface.rst heading & index order (git-fixes). - drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). - drm/amd/display: Fix hang when skipping modeset (git-fixes). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). - drm/amd/display: fix flickering caused by S/G mode (git-fixes). - drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). - drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes). - drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). - drm/amdgpu: update drm_display_info correctly when the edid is read (git-fixes). - drm/displayid: add displayid_get_header() and check bounds better (git-fixes). - drm/exynos: fix g2d_open/close helper function definitions (git-fixes). - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes). - drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). - drm/i915/dg2: Support 4k@30 on HDMI (git-fixes). - drm/i915/dp: prevent potential div-by-zero (git-fixes). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). - drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). - drm/msm/dp: unregister audio driver during unbind (git-fixes). - drm/msm/dpu: Add INTF_5 interrupts (git-fixes). - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes). - drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). - drm/sched: Remove redundant check (git-fixes). - drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). - drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). - drm/ttm: optimize pool allocations a bit v2 (git-fixes). - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). - dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). - dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes). - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). - fbdev: udlfb: Fix endpoint check (git-fixes). - firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). - fuse: always revalidate rename target dentry (bsc#1211808). - fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). - futex: Resend potentially swallowed owner death notification (git-fixes). - google/gve:fix repeated words in comments (bsc#1211519). - gpio: mockup: Fix mode of debugfs files (git-fixes). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (git-fixes). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (git-fixes). - gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). - gve: enhance no queue page list detection (bsc#1211519). - i2c: omap: Fix standard mode false ACK readings (git-fixes). - i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). - i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). - i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). - i40e: Fix DMA mappings leak (jsc#SLE-18378). - i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). - i40e: Fix VF set max MTU size (jsc#SLE-18378). - i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). - i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). - i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). - i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). - i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). - i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). - i40e: Fix for VF MAC address 0 (jsc#SLE-18378). - i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). - i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). - i40e: Fix kernel crash during module removal (jsc#SLE-18378). - i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). - i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). - i40e: Refactor tc mqprio checks (jsc#SLE-18378). - i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). - i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). - i40e: fix flow director packet filter programming (jsc#SLE-18378). - i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). - i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). - iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). - iavf: Detach device during reset task (jsc#SLE-18385). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). - iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). - iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). - iavf: Fix a crash during reset task (jsc#SLE-18385). - iavf: Fix bad page state (jsc#SLE-18385). - iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). - iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). - iavf: Fix max_rate limiting (jsc#SLE-18385). - iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). - iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). - iavf: fix hang on reboot with ice (jsc#SLE-18385). - iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). - iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). - ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). - igb: Add lock to avoid data race (jsc#SLE-18379). - igb: Enable SR-IOV after reinit (jsc#SLE-18379). - igb: Initialize mailbox message for VF reset (jsc#SLE-18379). - igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). - igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). - igbvf: Regard vf reset nack as success (jsc#SLE-18379). - igc: Add checking for basetime less than zero (jsc#SLE-18377). - igc: Add ndo_tx_timeout support (jsc#SLE-18377). - igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). - igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). - igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). - igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). - igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). - igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). - igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). - igc: read before write to SRRCTL register (jsc#SLE-18377). - igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). - iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes). - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). - iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). - iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). - iio: imu: inv_icm42600: fix timestamp reset (git-fixes). - iio: light: vcnl4035: fixed chip ID check (git-fixes). - intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). - ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). - ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). - ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). - ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). - ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). - ixgbe: fix pci device refcount leak (jsc#SLE-18384). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). - kABI workaround for btbcm.c (git-fixes). - kABI workaround for mt76_poll_msec() (git-fixes). - kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) - kabi/severities: added Microsoft mana symbold (bsc#1210551) - kabi/severities: ignore kABI in bq27xxx_battery module Those are local symbols that are used only by child drivers - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). - leds: Fix reference to led_set_brightness() in doc (git-fixes). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). - leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). - mailbox: zynqmp: Fix IPI isr handling (git-fixes). - mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). - media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes). - media: radio-shark: Add endpoint checks (git-fixes). - media: rcar_fdp1: Fix the correct variable assignments (git-fixes). - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). - mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). - mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). - misc: fastrpc: reject new invocations during device removal (git-fixes). - misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). - mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes). - mmc: vub300: fix invalid response handling (git-fixes). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes). - mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). - mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). - mtd: rawnand: marvell: ensure timing values are written (git-fixes). - net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). - net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). - net: mana: Add support for jumbo frame (bsc#1210551). - net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). - net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). - net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). - net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). - net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes). - net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). - net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). - net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). - net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). - net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). - net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). - net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). - net: mana: Use napi_build_skb in RX path (bsc#1210551). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes). - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). - net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes). - net: qrtr: correct types of trace event parameters (git-fixes). - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - net: tun: avoid disabling NAPI twice (git-fixes). - net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). - net: tun: stop NAPI when detaching queues (git-fixes). - net: tun: unlink NAPI from device on destruction (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - nilfs2: do not write dirty data after degenerating to read-only (git-fixes). - nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes). - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes). - nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). - nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes). - nvme-pci: clear the prp2 field when not used (git-fixes). - nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). - nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). - nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes). - nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). - nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). - nvme: also return I/O command effects from nvme_command_effects (git-fixes). - nvme: check for duplicate identifiers earlier (git-fixes). - nvme: cleanup __nvme_check_ids (git-fixes). - nvme: fix discard support without oncs (git-fixes). - nvme: fix interpretation of DMRSL (git-fixes). - nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). - nvme: fix passthrough csi check (git-fixes). - nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). - nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). - nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). - nvme: set non-mdts limits in nvme_scan_work (git-fixes). - nvmet-tcp: add bounds check on Transfer Tag (git-fixes). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). - nvmet: fix mar and mor off-by-one errors (git-fixes). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). - phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). - pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes). - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). - platform/x86: hp-wmi: Support touchpad on/off (git-fixes). - platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes). - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). - power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). - power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). - power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git-fixes). - power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes). - power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes). - power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). - power: supply: leds: Fix blink to LED on transition (git-fixes). - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). - pstore: Revert pmsg_lock back to a normal mutex (git-fixes). - purgatory: fix disabling debug info (git-fixes). - pwm: meson: Fix axg ao mux parents (git-fixes). - pwm: meson: Fix g12a ao clk81 name (git-fixes). - qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). - qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). - qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). - r8152: fix flow control issue of RTL8156A (git-fixes). - r8152: fix the poor throughput for 2.5G devices (git-fixes). - r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes). - regulator: mt6359: add read check for PMIC MT6359 (git-fixes). - regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). - remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - ring-buffer: Fix kernel-doc (git-fixes). - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rtmutex: Ensure that the top waiter is always woken up (git-fixes). - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). - s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688). - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). - s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). - s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). - s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). - scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes). - scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). - scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). - scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). - scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). - scsi: lpfc: Update congestion warning notification period (bsc#1211847). - scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes). - scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). - selftests mount: Fix mount_setattr_test builds failed (git-fixes). - selftests/resctrl: Allow ->setup() to return errors (git-fixes). - selftests/resctrl: Check for return value after write_schemata() (git-fixes). - selftests/resctrl: Extend CPU vendor detection (git-fixes). - selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). - selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes). - selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). - selftests: xsk: Disable IPv6 on VETH1 (git-fixes). - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). - selinux: do not use make's grouped targets feature yet (git-fixes). - serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). - serial: 8250_bcm7271: balance clk_enable calls (git-fixes). - serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). - serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes). - serial: Add support for Advantech PCI-1611U card (git-fixes). - serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). - serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). - serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). - sfc: Change VF mac via PF as first preference if available (git-fixes). - sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). - sfc: Fix use-after-free due to selftest_work (git-fixes). - sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). - sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). - sfc: fix TX channel offset when using legacy interrupts (git-fixes). - sfc: fix considering that all channels have TX queues (git-fixes). - sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). - sfc: include vport_id in filter spec hash and equal() (git-fixes). - smb3: display debug information better for encryption (bsc#1193629). - smb3: fix problem remounting a share after shutdown (bsc#1193629). - smb3: improve parallel reads of large files (bsc#1193629). - smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). - smb3: move some common open context structs to smbfs_common (bsc#1193629). - soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). - soundwire: qcom: gracefully handle too many ports in DT (git-fixes). - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). - struct ci_hdrc: hide new member at end (git-fixes). - supported.conf: mark mana_ib supported - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). - thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). - thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). - tools/virtio: compile with -pthread (git-fixes). - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - tools/virtio: fix virtio_test execution (git-fixes). - tools/virtio: initialize spinlocks in vring_test.c (git-fixes). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). - tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). - tracing: Fix permissions for the buffer_percent file (git-fixes). - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). - usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). - usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). - usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). - usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). - usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). - usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes). - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes). - usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes). - usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). - usb: gadget: u_ether: Fix host MAC address case (git-fixes). - usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - usb: typec: tcpm: fix multiple times discover svids error (git-fixes). - usb: usbfs: Enforce page requirements for mmap (git-fixes). - usb: usbfs: Use consistent mmap functions (git-fixes). - usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796). - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). - vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - virtio_net: split free_unused_bufs() (git-fixes). - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes). - watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). - wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). - wifi: ath: Silence memcpy run-time false positive warning (git-fixes). - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). - wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). - wifi: iwlwifi: fw: fix DBGI dump (git-fixes). - wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes). - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). - wifi: mac80211: fix min center freq offset tracing (git-fixes). - wifi: mt76: add flexible polling wait-interval support (git-fixes). - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes). - wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). - wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). - wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). - workqueue: Fix hung time report of worker pools (bsc#1211044). - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - workqueue: Warn when a new worker could not be created (bsc#1211044). - workqueue: Warn when a rescuer could not be created (bsc#1211044). - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). - x86/MCE/AMD: Use an u64 for bank_map (git-fixes). - x86/alternative: Make debug-alternative selective (bsc#1206578). - x86/alternative: Report missing return thunk details (git-fixes). - x86/alternative: Support relocations in alternatives (bsc#1206578). - x86/amd: Use IBPB for firmware calls (git-fixes). - x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes). - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). - x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes). - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). - x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes). - x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes). - x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). - x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes). - x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch - x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes). - x86/microcode/AMD: Fix mixed steppings support (git-fixes). - x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). - x86/microcode: Add explicit CPU vendor dependency (git-fixes). - x86/microcode: Adjust late loading result reporting message (git-fixes). - x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes). - x86/microcode: Rip out the OLD_INTERFACE (git-fixes). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). - x86/mm: Use proper mask when setting PUD mapping (git-fixes). - x86/nospec: Unwreck the RSB stuffing (git-fixes). - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). - x86/pat: Fix x86_has_pat_wp() (git-fixes). - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). - x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). - x86/signal: Fix the value returned by strict_sas_size() (git-fixes). - x86/speculation/mmio: Print SMT warning (git-fixes). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes). - x86/static_call: Serialize __static_call_fixup() properly (git-fixes). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - x86/topology: Fix duplicated core ID within a package (git-fixes). - x86/topology: Fix multiple packages shown on a single-package system (git-fixes). - x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). - x86: Fix return value of __setup handlers (git-fixes). - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes). - xen/netback: do not do grant copy across page boundary (git-fixes). - xen/netback: use same error messages for same errors (git-fixes). - xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). - xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). Important SUSE bug 1065729 SUSE bug 1172073 SUSE bug 1191731 SUSE bug 1193629 SUSE bug 1195655 SUSE bug 1195921 SUSE bug 1203906 SUSE bug 1205650 SUSE bug 1205756 SUSE bug 1205758 SUSE bug 1205760 SUSE bug 1205762 SUSE bug 1205803 SUSE bug 1206024 SUSE bug 1206578 SUSE bug 1207553 SUSE bug 1208604 SUSE bug 1208758 SUSE bug 1209287 SUSE bug 1209288 SUSE bug 1209856 SUSE bug 1209982 SUSE bug 1210165 SUSE bug 1210294 SUSE bug 1210449 SUSE bug 1210450 SUSE bug 1210498 SUSE bug 1210533 SUSE bug 1210551 SUSE bug 1210566 SUSE bug 1210647 SUSE bug 1210741 SUSE bug 1210775 SUSE bug 1210783 SUSE bug 1210791 SUSE bug 1210806 SUSE bug 1210940 SUSE bug 1210947 SUSE bug 1211037 SUSE bug 1211043 SUSE bug 1211044 SUSE bug 1211089 SUSE bug 1211105 SUSE bug 1211113 SUSE bug 1211131 SUSE bug 1211187 SUSE bug 1211205 SUSE bug 1211260 SUSE bug 1211263 SUSE bug 1211280 SUSE bug 1211281 SUSE bug 1211395 SUSE bug 1211449 SUSE bug 1211465 SUSE bug 1211519 SUSE bug 1211564 SUSE bug 1211590 SUSE bug 1211592 SUSE bug 1211686 SUSE bug 1211687 SUSE bug 1211688 SUSE bug 1211689 SUSE bug 1211690 SUSE bug 1211691 SUSE bug 1211692 SUSE bug 1211693 SUSE bug 1211714 SUSE bug 1211796 SUSE bug 1211804 SUSE bug 1211807 SUSE bug 1211808 SUSE bug 1211819 SUSE bug 1211847 SUSE bug 1211855 SUSE bug 1211960 CVE-2022-4269 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1079 CVE-2023-1380 CVE-2023-1382 CVE-2023-2002 CVE-2023-2124 CVE-2023-2156 CVE-2023-2162 CVE-2023-2269 CVE-2023-2483 CVE-2023-2513 CVE-2023-28410 CVE-2023-3006 CVE-2023-30456 CVE-2023-31084 CVE-2023-31436 CVE-2023-32233 CVE-2023-33288 cpe:/o:opensuse:leap:15.4 Security update for tomcat (Important) openSUSE Leap 15.4 This update for tomcat fixes the following issues: Updated to version 9.0.75: - CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1208513, bsc#1211608). Important SUSE bug 1208513 SUSE bug 1211608 CVE-2023-24998 CVE-2023-28709 cpe:/o:opensuse:leap:15.4 Security update for rekor (Moderate) openSUSE Leap 15.4 This update for rekor fixes the following issues: - updated to rekor 1.2.1 (jsc#SLE-23476): - CVE-2023-33199: Fixed that malformed proposed intoto v0.0.2 entries can cause a panic (bsc#1211790). Moderate SUSE bug 1211790 CVE-2023-33199 cpe:/o:opensuse:leap:15.4 Security update for opensc (Moderate) openSUSE Leap 15.4 This update for opensc fixes the following issues: - CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894). Moderate SUSE bug 1211894 CVE-2023-2977 cpe:/o:opensuse:leap:15.4 Security update for python3 (Moderate) openSUSE Leap 15.4 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). Moderate SUSE bug 1203750 SUSE bug 1211158 CVE-2007-4559 cpe:/o:opensuse:leap:15.4 Security update for go1.19 (Moderate) openSUSE Leap 15.4 This update for go1.19 fixes the following issues: Update to go1.19.10 (bsc#1200441): - CVE-2023-29402: cmd/go: Fixed cgo code injection (bsc#1212073). - CVE-2023-29403: runtime: Fixed unexpected behavior of setuid/setgid binaries (bsc#1212074). - CVE-2023-29404: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212075). - CVE-2023-29405: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212076). Moderate SUSE bug 1200441 SUSE bug 1212073 SUSE bug 1212074 SUSE bug 1212075 SUSE bug 1212076 CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 cpe:/o:opensuse:leap:15.4 Security update for go1.20 (Moderate) openSUSE Leap 15.4 This update for go1.20 fixes the following issues: Update to go1.20.5 (bsc#1206346): - CVE-2023-29402: cmd/go: Fixed cgo code injection (bsc#1212073). - CVE-2023-29403: runtime: Fixed unexpected behavior of setuid/setgid binaries (bsc#1212074). - CVE-2023-29404: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212075). - CVE-2023-29405: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212076). Moderate SUSE bug 1206346 SUSE bug 1212073 SUSE bug 1212074 SUSE bug 1212075 SUSE bug 1212076 CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). The following non-security bugs were fixed: - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - google/gve:fix repeated words in comments (bsc#1211519). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (bsc#1211519). - gve: Fix GFP flags when allocing pages (bsc#1211519). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (bsc#1211519). - gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). - gve: enhance no queue page list detection (bsc#1211519). - hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - scsi: storvsc: Parameterize number hardware queues (bsc#1211622). - usrmerge: Compatibility with earlier rpm (boo#1211796) Important SUSE bug 1172073 SUSE bug 1191731 SUSE bug 1199046 SUSE bug 1204405 SUSE bug 1205756 SUSE bug 1205758 SUSE bug 1205760 SUSE bug 1205762 SUSE bug 1205803 SUSE bug 1206878 SUSE bug 1208600 SUSE bug 1209287 SUSE bug 1209366 SUSE bug 1210629 SUSE bug 1210715 SUSE bug 1210783 SUSE bug 1210791 SUSE bug 1210940 SUSE bug 1211037 SUSE bug 1211089 SUSE bug 1211105 SUSE bug 1211186 SUSE bug 1211519 SUSE bug 1211592 SUSE bug 1211622 SUSE bug 1211796 CVE-2022-3566 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1077 CVE-2023-1380 CVE-2023-2176 CVE-2023-2194 CVE-2023-2483 CVE-2023-2513 CVE-2023-28466 CVE-2023-31084 CVE-2023-31436 CVE-2023-32269 cpe:/o:opensuse:leap:15.4 Security update for jetty-minimal (Moderate) openSUSE Leap 15.4 This update for jetty-minimal fixes the following issues: Updated to version 9.4.51.v20230217: - CVE-2023-26048: Fixed an excessive memory consumption when processing a large multipart request (bsc#1210620) - CVE-2023-26049: Fixed a cookie exfiltration issue due to improper parsing (bsc#1210621). Moderate SUSE bug 1210620 SUSE bug 1210621 CVE-2023-26048 CVE-2023-26049 cpe:/o:opensuse:leap:15.4 Security update for kubernetes1.18 (Important) openSUSE Leap 15.4 This update for kubernetes1.18 fixes the following issues: - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin (bsc#1211630). - CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631). Important SUSE bug 1211630 SUSE bug 1211631 CVE-2023-2727 CVE-2023-2728 cpe:/o:opensuse:leap:15.4 Security update for python-reportlab (Critical) openSUSE Leap 15.4 This update for python-reportlab fixes the following issues: - CVE-2023-33733: Fixed arbitrary code execution via supplying a crafted PDF file (bsc#1212065). Critical SUSE bug 1212065 CVE-2023-33733 cpe:/o:opensuse:leap:15.4 Security update for Salt (Moderate) openSUSE Leap 15.4 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) Moderate SUSE bug 1207071 SUSE bug 1209233 SUSE bug 1211612 SUSE bug 1211754 SUSE bug 1212516 SUSE bug 1212517 cpe:/o:opensuse:leap:15.4 Security update for SUSE Manager Client Tools (Important) openSUSE Leap 15.4 This update fixes the following issues: grafana: - Version update from 8.5.22 to 9.5.1 (jsc#PED-3694): * Security fixes: - CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645) - CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests (bnc#1210907) - CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596) - CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597) - CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501) - CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539) - CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535) - CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185) - CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor - CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480) - CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (bsc#1192696) - CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154) - CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function * Important changes: - Default named retention policies won't be used to query. Users who have a default named retention policy in their influxdb database, have to rename it to something else. To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy from dropdown and save the panel/dashboard. - Grafana Alerting rules with NoDataState configuration set to Alerting will now respect 'For' duration. - Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it will default to false. - The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior. In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4 and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either: Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json` or `dashboard.json` - The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function in your tests please update your code accordingly. - Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3. - Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and `getMappedValue` function from grafana-data. See the documentation for the migration. This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the database, or error in querying the database would cause all alert rules to be unscheduled in Grafana. Following this change scheduled alert rules are not updated unless the query is successful. - The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds` - Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0 won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the database has changed. Although secrets created or modified with previous versions will still be decryptable by Grafana v9.0. - If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to keep envelope encryption disabled once updating to Grafana - In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable). - As a final attempt to deal with issues related with the aforementioned situations, the `grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to disable envelope encryption and/or roll back to a previous version of Grafana. Alternatively or complementarily to all the points above, backing up the Grafana database before updating could be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those updates/created with after updating to Grafana v9.0). - In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode please switch to server access mode on the datasource configuration page. - Environment variables passed from Grafana to external Azure plugins have been renamed: `AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`, `AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`, `AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`. There are no known plugins which were relying on these variables. Moving forward plugins should read Azure settings only via Grafana Azure SDK which properly handles old and new environment variables. - Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0. To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+. - Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally removed in 9.0. Deprecated queries will no longer be executed. - grafana/ui: Button now specifies a default type='button'. The `Button` component provided by @grafana/ui now specifies a default `type='button'` when no type is provided. In previous versions, if the attribute was not specified for buttons associated with a `<form>` the default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the type attribute: `<Button type='submit' />` - The `Rename by regex` transformation has been improved to allow global patterns of the form `/<stringToReplace>/g`. Depending on the regex match used, this may cause some transformations to behave slightly differently. You can guarantee the same behaviour as before by wrapping the `match` string in forward slashes (`/`), e.g. `(.*)` would become `/(.*)/` - `<Select />` menus will now portal to the document body by default. This is to give more consistent behaviour when positioning and overlaying. If you were setting`menuShouldPortal={true}` before you can safely remove that prop and behaviour will be the same. If you weren't explicitly setting that prop, there should be no visible changes in behaviour but your tests may need updating. If you were setting `menuShouldPortal={false}` this will continue to prevent the menu from portalling. - Grafana alerting endpoint prefixed with `api/v1/rule/test` that tests a rule against a Corte/Loki data source now expects the data source UID as a path parameter instead of the data source numeric identifier. - Grafana alerting endpoints prefixed with `api/prometheus/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data source numeric identifier. - Grafana alerting endpoints prefixed with `api/ruler/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data - Grafana alerting endpoints prefixed with `api/alertmanager/` that proxy requests to an Alertmanager now expect the data source UID as a path parameter instead of the data source numeric identifier. - The format of log messages have been updated, `lvl` is now `level` and `eror`and `dbug` has been replaced with `error` and `debug`. The precision of timestamps has been increased. To smooth the transition, it is possible to opt-out of the new log format by enabling the feature toggle `oldlog`. This option will be removed in a future minor release. - In the Loki data source, the dataframe format used to represent Loki logs-data has been changed to a more efficient format. The query-result is represented by a single dataframe with a 'labels' column, instead of the separate dataframes for every labels-value. When displaying such data in explore, or in a logs-panel in the dashboard will continue to work without changes, but if the data was loaded into a different dashboard-panel, or Transforms were used, adjustments may be necessary. For example, if you used the 'labels to fields' transformation with the logs data, please switch to the 'extract fields' transformation. * Deprecations: - The `grafana_database_conn_*` metrics are deprecated, and will be removed in a future version of Grafana. Use the `go_sql_stats_*` metrics instead. - Support for compact Explore URLs is deprecated and will be removed in a future release. Until then, when navigating to Explore using the deprecated format the URLs are automatically converted. If you have existing links pointing to Explore update them using the format generated by Explore upon navigation. You can identify a compact URL by its format. Compact URLs have the left (and optionally right) url parameter as an array of strings, for example `&left=['now-1h','now'...]`. The standard explore URLs follow a key/value pattern, for example `&left={'datasource':'test'...}`. Please be sure to check your dashboards for any hardcoded links to Explore and update them to the standard URL pattern. - Chore: Remove deprecated DataSourceAPI methods. - Data: Remove deprecated types and functions from valueMappings. - Elasticsearch: Remove browser access mode. - Elasticsearch: Remove support for versions after their end of the life (<7.10.0). - Explore: Remove support for legacy, compact format URLs. - Graph: Deprecate Graph (old) and make it no longer a visualization option for new panels. - `setExploreQueryField`, `setExploreMetricsQueryField` and `setExploreLogsQueryField` are now deprecated and will be removed in a future release. If you need to set a different query editor for Explore, conditionally render based on `props.app` in your regular query editor. * Changes: - User: Fix externalUserId not being populated. If you used any of these components please use them from grafana/experimental from now on: - AccessoryButton - EditorFieldGroup - EditorHeader - EditorField - EditorRow - EditorList - EditorRows - EditorSwitch - FlexItem - Stack - InlineSelect - InputGroup - Space - Starting with 9.1.0, existing heatmap panels will start using a new implementation. This can be disabled by setting the `useLegacyHeatmapPanel` feature flag to true. It can be tested on a single dashbobard by adding `?__feature.useLegacyHeatmapPanel=true` to any dashboard URL. - Logger: Enable new logging format by default. - Loki: Enable new visual query builder by default. - Plugins: Remove plugin list panel. - Install wrapper scripts under /usr/sbin - Install actual binaries under /usr/libexec/grafana (or /usr/lib under older distributions) and create a simlink for wrapper scripts and the service (which expect the binary to be under /usr/share/grafana/bin) - Chore: Upgrade typescript to 4.6.4. Important SUSE bug 1192154 SUSE bug 1192696 SUSE bug 1200480 SUSE bug 1201535 SUSE bug 1201539 SUSE bug 1203185 SUSE bug 1203596 SUSE bug 1203597 SUSE bug 1204501 SUSE bug 1209645 SUSE bug 1210907 CVE-2020-7753 CVE-2021-3807 CVE-2021-3918 CVE-2021-43138 CVE-2022-0155 CVE-2022-27664 CVE-2022-31097 CVE-2022-31107 CVE-2022-32149 CVE-2022-35957 CVE-2022-36062 CVE-2023-1387 CVE-2023-1410 cpe:/o:opensuse:leap:15.4 Security update for SUSE Manager Client Tools (Important) openSUSE Leap 15.4 This update fixes the following issues: bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source changes dracut-saltboot: - Update to version 0.1.1681904360.84ef141 * Load network configuration even when missing protocol version (bsc#1210640) grafana: - Version update from 8.5.22 to 9.5.1 (jsc#PED-3694): * Security fixes: - CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645) - CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests (bnc#1210907) - CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596) - CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597) - CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501) - CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539) - CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535) - CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185) - CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor - CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480) - CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (bsc#1192696) - CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154) - CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function * Important changes: - Default named retention policies won't be used to query. Users who have a default named retention policy in their influxdb database, have to rename it to something else. To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy from dropdown and save the panel/dashboard. - Grafana Alerting rules with NoDataState configuration set to Alerting will now respect 'For' duration. - Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it will default to false. - The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior. In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4 and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either: Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json` or `dashboard.json` - The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function in your tests please update your code accordingly. - Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3. - Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and `getMappedValue` function from grafana-data. See the documentation for the migration. This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the database, or error in querying the database would cause all alert rules to be unscheduled in Grafana. Following this change scheduled alert rules are not updated unless the query is successful. - The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds` - Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0 won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the database has changed. Although secrets created or modified with previous versions will still be decryptable by Grafana v9.0. - If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to keep envelope encryption disabled once updating to Grafana - In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable). - As a final attempt to deal with issues related with the aforementioned situations, the `grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to disable envelope encryption and/or roll back to a previous version of Grafana. Alternatively or complementarily to all the points above, backing up the Grafana database before updating could be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those updates/created with after updating to Grafana v9.0). - In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode please switch to server access mode on the datasource configuration page. - Environment variables passed from Grafana to external Azure plugins have been renamed: `AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`, `AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`, `AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`. There are no known plugins which were relying on these variables. Moving forward plugins should read Azure settings only via Grafana Azure SDK which properly handles old and new environment variables. - Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0. To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+. - Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally removed in 9.0. Deprecated queries will no longer be executed. - grafana/ui: Button now specifies a default type='button'. The `Button` component provided by @grafana/ui now specifies a default `type='button'` when no type is provided. In previous versions, if the attribute was not specified for buttons associated with a `<form>` the default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the type attribute: `<Button type='submit' />` - The `Rename by regex` transformation has been improved to allow global patterns of the form `/<stringToReplace>/g`. Depending on the regex match used, this may cause some transformations to behave slightly differently. You can guarantee the same behaviour as before by wrapping the `match` string in forward slashes (`/`), e.g. `(.*)` would become `/(.*)/` - `<Select />` menus will now portal to the document body by default. This is to give more consistent behaviour when positioning and overlaying. If you were setting`menuShouldPortal={true}` before you can safely remove that prop and behaviour will be the same. If you weren't explicitly setting that prop, there should be no visible changes in behaviour but your tests may need updating. If you were setting `menuShouldPortal={false}` this will continue to prevent the menu from portalling. - Grafana alerting endpoint prefixed with `api/v1/rule/test` that tests a rule against a Corte/Loki data source now expects the data source UID as a path parameter instead of the data source numeric identifier. - Grafana alerting endpoints prefixed with `api/prometheus/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data source numeric identifier. - Grafana alerting endpoints prefixed with `api/ruler/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data - Grafana alerting endpoints prefixed with `api/alertmanager/` that proxy requests to an Alertmanager now expect the data source UID as a path parameter instead of the data source numeric identifier. - The format of log messages have been updated, `lvl` is now `level` and `eror`and `dbug` has been replaced with `error` and `debug`. The precision of timestamps has been increased. To smooth the transition, it is possible to opt-out of the new log format by enabling the feature toggle `oldlog`. This option will be removed in a future minor release. - In the Loki data source, the dataframe format used to represent Loki logs-data has been changed to a more efficient format. The query-result is represented by a single dataframe with a 'labels' column, instead of the separate dataframes for every labels-value. When displaying such data in explore, or in a logs-panel in the dashboard will continue to work without changes, but if the data was loaded into a different dashboard-panel, or Transforms were used, adjustments may be necessary. For example, if you used the 'labels to fields' transformation with the logs data, please switch to the 'extract fields' transformation. * Deprecations: - The `grafana_database_conn_*` metrics are deprecated, and will be removed in a future version of Grafana. Use the `go_sql_stats_*` metrics instead. - Support for compact Explore URLs is deprecated and will be removed in a future release. Until then, when navigating to Explore using the deprecated format the URLs are automatically converted. If you have existing links pointing to Explore update them using the format generated by Explore upon navigation. You can identify a compact URL by its format. Compact URLs have the left (and optionally right) url parameter as an array of strings, for example `&left=['now-1h','now'...]`. The standard explore URLs follow a key/value pattern, for example `&left={'datasource':'test'...}`. Please be sure to check your dashboards for any hardcoded links to Explore and update them to the standard URL pattern. - Chore: Remove deprecated DataSourceAPI methods. - Data: Remove deprecated types and functions from valueMappings. - Elasticsearch: Remove browser access mode. - Elasticsearch: Remove support for versions after their end of the life (<7.10.0). - Explore: Remove support for legacy, compact format URLs. - Graph: Deprecate Graph (old) and make it no longer a visualization option for new panels. - `setExploreQueryField`, `setExploreMetricsQueryField` and `setExploreLogsQueryField` are now deprecated and will be removed in a future release. If you need to set a different query editor for Explore, conditionally render based on `props.app` in your regular query editor. * Changes: - User: Fix externalUserId not being populated. If you used any of these components please use them from grafana/experimental from now on: - AccessoryButton - EditorFieldGroup - EditorHeader - EditorField - EditorRow - EditorList - EditorRows - EditorSwitch - FlexItem - Stack - InlineSelect - InputGroup - Space - Starting with 9.1.0, existing heatmap panels will start using a new implementation. This can be disabled by setting the `useLegacyHeatmapPanel` feature flag to true. It can be tested on a single dashbobard by adding `?__feature.useLegacyHeatmapPanel=true` to any dashboard URL. - Logger: Enable new logging format by default. - Loki: Enable new visual query builder by default. - Plugins: Remove plugin list panel. - Install wrapper scripts under /usr/sbin - Install actual binaries under /usr/libexec/grafana (or /usr/lib under older distributions) and create a simlink for wrapper scripts and the service (which expect the binary to be under /usr/share/grafana/bin) - Chore: Upgrade typescript to 4.6.4. mgr-daemon: - Version 4.3.7-1 * Update translation strings spacecmd: - Version 4.3.21-1 * fix argument parsing of distribution_update (bsc#1210458) - Version 4.3.20-1 * Display activation key details after executing the corresponding command (bsc#1208719) * Show targetted packages before actually removing them (bsc#1207830) uyuni-common-libs: - Version 4.3.8-1 * Allow default component for context manager zypp-plugin-spacewalk: - 1.0.14 * SPEC cleanup Important SUSE bug 1192154 SUSE bug 1192696 SUSE bug 1200480 SUSE bug 1201535 SUSE bug 1201539 SUSE bug 1203185 SUSE bug 1203596 SUSE bug 1203597 SUSE bug 1203599 SUSE bug 1204501 SUSE bug 1207830 SUSE bug 1208719 SUSE bug 1209645 SUSE bug 1210458 SUSE bug 1210640 SUSE bug 1210907 CVE-2020-7753 CVE-2021-3807 CVE-2021-3918 CVE-2021-43138 CVE-2022-0155 CVE-2022-27664 CVE-2022-31097 CVE-2022-31107 CVE-2022-32149 CVE-2022-35957 CVE-2022-36062 CVE-2022-41715 CVE-2022-46146 CVE-2023-1387 CVE-2023-1410 cpe:/o:opensuse:leap:15.4 Security update for salt and python-pyzmq (Moderate) openSUSE Leap 15.4 This update for salt and python-pyzmq fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-pyzmq: - Update python-pyzmq to version 17.1.2 in LTSS products (bsc#1186945) Moderate SUSE bug 1186945 SUSE bug 1207071 SUSE bug 1209233 SUSE bug 1211612 SUSE bug 1211754 SUSE bug 1212516 SUSE bug 1212517 cpe:/o:opensuse:leap:15.4 Security update for prometheus-ha_cluster_exporter (Important) openSUSE Leap 15.4 This update of prometheus-ha_cluster_exporter fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:opensuse:leap:15.4 Security update for golang-github-prometheus-prometheus (Important) openSUSE Leap 15.4 This update for golang-github-prometheus-prometheus fixes the following issues: golang-github-prometheus-prometheus: - Security issues fixed in this version update to 2.37.6: * CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576) * CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023) * CVE-2022-41723: Fixed go issue to avoid quadratic complexity in HPACK decoding (bsc#1208298) - Other non-security bugs fixed and changes in this version update to 2.37.6: * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak. * [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup. * [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired. * [BUGFIX] Properly close file descriptor when logging unfinished queries. * [BUGFIX] TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar records. * [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued. * [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file. * [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures. * [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads. * [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled. * [BUGFIX] TSDB: Fix panic if series is not found when deleting series. * [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors. * [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default configuration values. * [BUGFIX] Fix serving of static assets like fonts and favicon. * [BUGFIX] promtool: Add --lint-fatal option. * [BUGFIX] Changing TotalQueryableSamples from int to int64. * [BUGFIX] tsdb/agent: Ignore duplicate exemplars. * [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate. * [BUGFIX] Stop rule manager before TSDB is stopped. * [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io. * [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly. * [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page. * [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false. * [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments. * [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue. * [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset. * [BUGFIX] UI: Fix bug that sets the range input to the resolution. * [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled. * [BUGFIX] Parser: Specify type in metadata parser errors. * [BUGFIX] Scrape: Fix label limit changes not applying. * [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch. * [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk. * [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set. * [BUGFIX] Azure SD: Fix panic when public IP Address isn't set. * [BUGFIX] Remote-write: Fix deadlock when stopping a shard. * [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s. * [BUGFIX] Promtool: Make exit codes more consistent. * [BUGFIX] Promtool: Fix flakiness of rule testing. * [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write irrecoverably fails. * [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator. * [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks. * [BUGFIX] TSDB: Fix logging of exemplar storage size. * [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes. * [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets. * [BUGFIX] UI: Fix autocompletion when expression is empty. * [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write. * [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts. * [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting in a new exit code (3) for linter errors. * [CHANGE] UI: Classic UI removed. * [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing. * [CHANGE] PromQL: Promote negative offset and @ modifer to stable features. * [CHANGE] Web: Promote remote-write-receiver to stable. * [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery. * [FEATURE] Add lowercase and uppercase relabel action. * [FEATURE] SD: Add IONOS Cloud integration. * [FEATURE] SD: Add Vultr integration. * [FEATURE] SD: Add Linode SD failure count metric. * [FEATURE] Add prometheus_ready metric. * [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit. Enable with the flag `--enable-feature=auto-gomaxprocs`. * [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query. Additionally, per-step statistics are available with --enable-feature=promql-per-step-stats and using stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`. * [FEATURE] Config: Add stripPort template function. * [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended. * [FEATURE] SD: Enable target discovery in own K8s namespace. * [FEATURE] SD: Add provider ID label in K8s SD. * [FEATURE] Web: Add limit field to the rules API. * [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role. * [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels. * [ENHANCEMENT] TSDB: Memory optimizations. * [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL. * [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header. * [ENHANCEMENT] Add stripDomain to template function. * [ENHANCEMENT] UI: Enable active search through dropped targets. * [ENHANCEMENT] promtool: support matchers when querying label * [ENHANCEMENT] Add agent mode identifier. * [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup. * [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures. * [ENHANCEMENT] Azure SD: Add an optional resource_group configuration. * [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1 EndpointSlice (previously only discovery.k8s.io/v1beta1 EndpointSlice was supported). * [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods. * [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens. * [ENHANCEMENT] Configuration: Add the ability to disable HTTP2. * [ENHANCEMENT] Config: Support overriding minimum TLS version. * [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag `--storage.tsdb.head-chunks-write-queue-size`. * [ENHANCEMENT] HTTP SD: Add a failure counter. * [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests. * [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni. * [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape. * [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1. * [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read. * [ENHANCEMENT] UI: Optimize the alerts page and add a search bar. * [ENHANCEMENT] UI: Improve graph colors that were hard to see. * [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels. * [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces. * [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver. * [ENHANCEMENT] Remote-write: Shard up more when backlogged. * [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance. * [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap. * [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write. * [ENHANCEMENT] TSDB: Improve label matching performance. * [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar. * [ENHANCEMENT] UI: Optimize the target page and add a search bar. Important SUSE bug 1204023 SUSE bug 1208049 SUSE bug 1208298 CVE-2022-41715 CVE-2022-41723 CVE-2022-46146 cpe:/o:opensuse:leap:15.4 Security update for rustup (Moderate) openSUSE Leap 15.4 This update for rustup fixes the following issues: - CVE-2022-31394: Fixed possible HTTP2 attacks by specifying the HTTP/2 SETTINGS_MAX_HEADER_LIST_SIZE (bsc#1208552). - CVE-2023-26964: Fixed high memory and CPU usage when stream stacking occurs when H2 processes HTTP2 RST_STREAM frames (bsc#1210345). Moderate SUSE bug 1208552 SUSE bug 1210345 CVE-2022-31394 CVE-2023-26964 cpe:/o:opensuse:leap:15.4 Security update for open-vm-tools (Moderate) openSUSE Leap 15.4 This update for open-vm-tools fixes the following issues: - CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143). Bug fixes: - Fixed build problem with grpc 1.54 (bsc#1210695). Moderate SUSE bug 1210695 SUSE bug 1212143 CVE-2023-20867 cpe:/o:opensuse:leap:15.4 Security update for bluez (Important) openSUSE Leap 15.4 This update for bluez fixes the following issues: - CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398). Important SUSE bug 1210398 CVE-2023-27349 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Add security patches (bsc#1211846): - CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659). - CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658). Important SUSE bug 1211658 SUSE bug 1211659 SUSE bug 1211846 CVE-2023-28204 CVE-2023-32373 cpe:/o:opensuse:leap:15.4 Security update for ntp (Moderate) openSUSE Leap 15.4 This update for ntp fixes the following issues: - CVE-2023-26555: Fixed assertion failure on malformed RT-11 dates (bsc#1210390). Moderate SUSE bug 1210390 CVE-2023-26555 cpe:/o:opensuse:leap:15.4 Security update for php8 (Moderate) openSUSE Leap 15.4 This update for php8 fixes the following issues: - CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (bsc#1212349). Moderate SUSE bug 1212349 CVE-2023-3247 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208). - CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474). The following non-security bugs were fixed: - SUNRPC: Ensure the transport backchannel association (bsc#1211203). - hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). Important SUSE bug 1184208 SUSE bug 1199636 SUSE bug 1204405 SUSE bug 1205756 SUSE bug 1205758 SUSE bug 1205760 SUSE bug 1205762 SUSE bug 1205803 SUSE bug 1206024 SUSE bug 1208474 SUSE bug 1208604 SUSE bug 1209287 SUSE bug 1209779 SUSE bug 1210715 SUSE bug 1210783 SUSE bug 1210940 SUSE bug 1211037 SUSE bug 1211043 SUSE bug 1211105 SUSE bug 1211131 SUSE bug 1211186 SUSE bug 1211203 SUSE bug 1211590 SUSE bug 1211592 SUSE bug 1211596 SUSE bug 1211622 CVE-2020-36694 CVE-2021-29650 CVE-2022-3566 CVE-2022-4269 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1079 CVE-2023-1380 CVE-2023-1637 CVE-2023-2156 CVE-2023-2194 CVE-2023-23586 CVE-2023-2483 CVE-2023-2513 CVE-2023-31084 CVE-2023-31436 CVE-2023-32233 CVE-2023-32269 CVE-2023-33288 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 102.12 MFSA 2023-21 (bsc#1211922): - CVE-2023-34414: Click-jacking certificate exceptions through rendering lag - CVE-2023-34416: Memory safety bugs fixed in Thunderbird 102.12 Important SUSE bug 1211922 CVE-2023-34414 CVE-2023-34416 cpe:/o:opensuse:leap:15.4 Security update for libX11 (Important) openSUSE Leap 15.4 This update for libX11 fixes the following issues: - CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102). Important SUSE bug 1212102 CVE-2023-3138 cpe:/o:opensuse:leap:15.4 Security update for cups (Important) openSUSE Leap 15.4 This update for cups fixes the following issues: - CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). Important SUSE bug 1212230 CVE-2023-34241 cpe:/o:opensuse:leap:15.4 Security update for python-sqlparse (Moderate) openSUSE Leap 15.4 This update for python-sqlparse fixes the following issues: - CVE-2023-30608: Fixed a Regular Expression Denial of Service (ReDOS) vulnerability (bsc#1210617). Moderate SUSE bug 1210617 CVE-2023-30608 cpe:/o:opensuse:leap:15.4 Security update for cloud-init (Important) openSUSE Leap 15.4 This update for cloud-init fixes the following issues: - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277) - CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652) - Update to version 23.1 + Support transactional-updates for SUSE based distros + Set ownership for new folders in Write Files Module + add OpenCloudOS and TencentOS support + lxd: Retry if the server isn't ready + test: switch pycloudlib source to pypi + test: Fix integration test deprecation message + Recognize opensuse-microos, dev tooling fixes + sources/azure: refactor imds handler into own module + docs: deprecation generation support + add function is_virtual to distro/FreeBSD + cc_ssh: support multiple hostcertificates + Fix minor schema validation regression and fixup typing + doc: Reword user data debug section + cli: schema also validate vendordata*. + ci: sort and add checks for cla signers file + Add 'ederst' as contributor + readme: add reference to packages dir + docs: update downstream package list + docs: add google search verification + docs: fix 404 render use default notfound_urls_prefix in RTD conf + Fix OpenStack datasource detection on bare metal + docs: add themed RTD 404 page and pointer to readthedocs-hosted + schema: fix gpt labels, use type string for GUID + cc_disk_setup: code cleanup + netplan: keep custom strict perms when 50-cloud-init.yaml exists + cloud-id: better handling of change in datasource files + Warn on empty network key + Fix Vultr cloud_interfaces usage + cc_puppet: Update puppet service name + docs: Clarify networking docs + lint: remove httpretty + cc_set_passwords: Prevent traceback when restarting ssh + tests: fix lp1912844 + tests: Skip ansible test on bionic + Wait for NetworkManager + docs: minor polishing + CI: migrate integration-test to GH actions + Fix permission of SSH host keys + Fix default route rendering on v2 ipv6 + doc: fix path in net_convert command + docs: update net_convert docs + doc: fix dead link + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty + distros/rhel.py: _read_hostname() missing strip on 'hostname' + integration tests: add IBM VPC support + machine-id: set to uninitialized to trigger regeneration on clones + sources/azure: retry on connection error when fetching metdata + Ensure ssh state accurately obtained + bddeb: drop dh-systemd dependency on newer deb-based releases + doc: fix `config formats` link in cloudsigma.rst + Fix wrong subp syntax in cc_set_passwords.py + docs: update the PR template link to readthedocs + ci: switch unittests to gh actions + Add mount_default_fields for PhotonOS. + sources/azure: minor refactor for metadata source detection logic + add 'CalvoM' as contributor + ci: doc to gh actions + lxd: handle 404 from missing devices route for LXD 4.0 + docs: Diataxis overhaul + vultr: Fix issue regarding cache and region codes + cc_set_passwords: Move ssh status checking later + Improve Wireguard module idempotency + network/netplan: add gateways as on-link when necessary + tests: test_lxd assert features.networks.zones when present + Use btrfs enquque when available (#1926) [Robert Schweikert] + sources/azure: fix device driver matching for net config (#1914) + BSD: fix duplicate macs in Ifconfig parser + pycloudlib: add lunar support for integration tests + nocloud: add support for dmi variable expansion for seedfrom URL + tools: read-version drop extra call to git describe --long + doc: improve cc_write_files doc + read-version: When insufficient tags, use cloudinit.version.get_version + mounts: document weird prefix in schema + Ensure network ready before cloud-init service runs on RHEL + docs: add copy button to code blocks + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag + azure: fix support for systems without az command installed + Fix the distro.osfamily output problem in the openEuler system. + pycloudlib: bump commit dropping azure api smoke test + net: netplan config root read-only as wifi config can contain creds + autoinstall: clarify docs for users + sources/azure: encode health report as utf-8 + Add back gateway4/6 deprecation to docs + networkd: Add support for multiple [Route] sections + doc: add qemu tutorial + lint: fix tip-flake8 and tip-mypy + Add support for setting uid when creating users on FreeBSD + Fix exception in BSD networking code-path + Append derivatives to is_rhel list in cloud.cfg.tmpl + FreeBSD init: use cloudinit_enable as only rcvar + feat: add support aliyun metadata security harden mode + docs: uprate analyze to performance page + test: fix lxd preseed managed network config + Add support for static IPv6 addresses for FreeBSD + Make 3.12 failures not fail the build + Docs: adding relative links + Fix setup.py to align with PEP 440 versioning replacing trailing + Add 'nkukard' as contributor + doc: add how to render new module doc + doc: improve module creation explanation + Add Support for IPv6 metadata to OpenStack + add xiaoge1001 to .github-cla-signers + network: Deprecate gateway{4,6} keys in network config v2 + VMware: Move Guest Customization transport from OVF to VMware + doc: home page links added + net: skip duplicate mac check for netvsc nic and its VF This update for python-responses fixes the following issues: - update to 0.21.0: * Add `threading.Lock()` to allow `responses` working with `threading` module. * Add `urllib3` `Retry` mechanism. See #135 * Removed internal `_cookies_from_headers` function * Now `add`, `upsert`, `replace` methods return registered response. `remove` method returns list of removed responses. * Added null value support in `urlencoded_params_matcher` via `allow_blank` keyword argument * Added strict version of decorator. Now you can apply `@responses.activate(assert_all_requests_are_fired=True)` to your function to validate that all requests were executed in the wrapped function. See #183 Important SUSE bug 1171511 SUSE bug 1203393 SUSE bug 1210277 SUSE bug 1210652 CVE-2022-2084 CVE-2023-1786 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_0_0 (Moderate) openSUSE Leap 15.4 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). Moderate SUSE bug 1207534 CVE-2022-4304 cpe:/o:opensuse:leap:15.4 Security update for vim (Important) openSUSE Leap 15.4 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). Important SUSE bug 1210996 SUSE bug 1211256 SUSE bug 1211257 CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 cpe:/o:opensuse:leap:15.4 Security update for python39 (Moderate) openSUSE Leap 15.4 This update for python39 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). Moderate SUSE bug 1203750 SUSE bug 1211158 CVE-2007-4559 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Add security patches (bsc#1211846): - CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659). - CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658). Important SUSE bug 1211658 SUSE bug 1211659 SUSE bug 1211846 CVE-2023-28204 CVE-2023-32373 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_1 (Moderate) openSUSE Leap 15.4 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). Moderate SUSE bug 1201627 SUSE bug 1207534 CVE-2022-4304 cpe:/o:opensuse:leap:15.4 Security update for amazon-ssm-agent (Important) openSUSE Leap 15.4 This update of amazon-ssm-agent fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). - CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). The following non-security bugs were fixed: - 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). - ACPI: EC: Fix oops when removing custom query handlers (git-fixes). - ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes). - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - ACPI: tables: Add support for NBFT (bsc#1195921). - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). - ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes). - ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). - ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). - ALSA: firewire-digi00x: prevent potential use after free (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). - ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). - ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes). - ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). - ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes). - ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). - ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). - ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). - ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes). - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes). - ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). - ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes). - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes). - Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes). - Bluetooth: btintel: Add LE States quirk support (git-fixes). - Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes). - HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). - HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). - HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). - HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). - HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes). - HID: wacom: Set a default resolution for older tablets (git-fixes). - HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). - HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). - HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes). - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) - IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes) - Input: xpad - add constants for GIP interface numbers (git-fixes). - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes) - KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes) - KVM: Do not create VM debugfs files outside of the VM directory (git-fixes) - KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). - KVM: Prevent module exit until all VMs are freed (git-fixes) - KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes). - KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes). - KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes). - KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes). - KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes). - KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes). - KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes). - KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). - KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) - KVM: arm64: Do not return from void function (git-fixes) - KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) - KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes) - KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) - KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) - KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) - KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes) - KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) - KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes) - KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) - KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) - KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes) - KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) - KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes). - KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). - KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes). - KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes). - KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). - KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). - KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). - KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes). - KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes). - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes). - KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). - KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). - KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes). - KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). - KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes). - KVM: x86: do not set st->preempted when going back to user space (git-fixes). - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). - KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). - PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes). - PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes). - PM: hibernate: Turn snapshot_test into global variable (git-fixes). - PM: hibernate: fix load_image_and_restore() error path (git-fixes). - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) - RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes) - RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) - RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes) - RDMA/efa: Fix unsupported page sizes in device (git-fixes) - RDMA/hns: Fix base address table allocation (git-fixes) - RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes) - RDMA/hns: Modify the value of long message loopback slice (git-fixes) - RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). - RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). - RDMA/irdma: Fix Local Invalidate fencing (git-fixes) - RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383). - RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). - RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). - RDMA/irdma: Prevent QP use after free (git-fixes) - RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383). - RDMA/irdma: Remove excess error variables (jsc#SLE-18383). - RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). - RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). - RDMA/mlx5: Fix flow counter query via DEVX (git-fixes) - RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes) - RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes) - RDMA/siw: Fix potential page_array out of range access (git-fixes) - RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes) - RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) - Revert 'KVM: set owner of cpu and vm file operations' (git-fixes) - SMB3.1.1: add new tree connect ShareFlags (bsc#1193629). - SMB3: Add missing locks to protect deferred close file list (git-fixes). - SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). - SMB3: Close deferred file handles in case of handle lease break (bsc#1193629). - SMB3: drop reference to cfile before sending oplock break (bsc#1193629). - SMB3: force unmount was failing to close deferred close files (bsc#1193629). - SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). - USB / dwc3: Fix a checkpatch warning in core.c (git-fixes). - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes). - USB: core: Add routines for endpoint checks in old drivers (git-fixes). - USB: sisusbvga: Add endpoint checks (git-fixes). - USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). - apparmor: add a kernel label to use on kernel objects (bsc#1211113). - arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage. - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). - ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). - ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). - block: add a bdev_max_zone_append_sectors helper (git-fixes). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes). - bnxt: Do not read past the end of test names (jsc#SLE-18978). - bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). - bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). - bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). - bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). - bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). - bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). - bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). - bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes). - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes). - can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). - can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes). - can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). - can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). - cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). - ceph: force updating the msg pointer in non-split case (bsc#1211804). - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). - cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). - cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). - cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). - cgroup: reduce dependency on cgroup_mutex (bsc#1205650). - cifs: Avoid a cast in add_lease_context() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). - cifs: fix potential race when tree connecting ipc (bsc#1208758). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). - cifs: fix sharing of DFS connections (bsc#1208758). - cifs: fix smb1 mount regression (bsc#1193629). - cifs: mapchars mount option ignored (bsc#1193629). - cifs: missing lock when updating session status (bsc#1193629). - cifs: print smb3_fs_context::source when mounting (bsc#1193629). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). - cifs: protect session status check in smb2_reconnect() (bsc#1208758). - cifs: release leases for deferred close handles when freezing (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). - clk: qcom: regmap: add PHY clock source implementation (git-fixes). - clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). - configfs: fix possible memory leak in configfs_create_dir() (git-fixes). - crypto: acomp - define max size for destination (jsc#PED-3692) - crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) - crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) - crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) - crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) - crypto: qat - abstract PFVF receive logic (jsc#PED-3692) - crypto: qat - abstract PFVF send function (jsc#PED-3692) - crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) - crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) - crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) - crypto: qat - add backlog mechanism (jsc#PED-3692) - crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) - crypto: qat - add check to validate firmware images (jsc#PED-3692) - crypto: qat - add limit to linked list parsing (jsc#PED-3692) - crypto: qat - add misc workqueue (jsc#PED-3692) - crypto: qat - add missing restarting event notification in (jsc#PED-3692) - crypto: qat - add param check for DH (jsc#PED-3692) - crypto: qat - add param check for RSA (jsc#PED-3692) - crypto: qat - add pfvf_ops (jsc#PED-3692) - crypto: qat - add resubmit logic for decompression (jsc#PED-3692) - crypto: qat - add support for 401xx devices (jsc#PED-3692) - crypto: qat - add support for compression for 4xxx (jsc#PED-3692) - crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) - crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) - crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) - crypto: qat - change behaviour of (jsc#PED-3692) - crypto: qat - change bufferlist logic interface (jsc#PED-3692) - crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) - crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) - crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) - crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) - crypto: qat - do not rely on min version (jsc#PED-3692) - crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) - crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) - crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) - crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) - crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) - crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - extend buffer list interface (jsc#PED-3692) - crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) - crypto: qat - extract send and wait from (jsc#PED-3692) - crypto: qat - fix DMA transfer direction (jsc#PED-3692) - crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) - crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) - crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) - crypto: qat - fix a typo in a comment (jsc#PED-3692) - crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) - crypto: qat - fix definition of ring reset results (jsc#PED-3692) - crypto: qat - fix error return code in adf_probe (jsc#PED-3692) - crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) - crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) - crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) - crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) - crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) - crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) - crypto: qat - free irq in case of failure (jsc#PED-3692) - crypto: qat - free irqs only if allocated (jsc#PED-3692) - crypto: qat - generalize crypto request buffers (jsc#PED-3692) - crypto: qat - get compression extended capabilities (jsc#PED-3692) - crypto: qat - handle retries due to collisions in (jsc#PED-3692) - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) - crypto: qat - improve logging of PFVF messages (jsc#PED-3692) - crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) - crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) - crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) - crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) - crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) - crypto: qat - make PFVF message construction direction (jsc#PED-3692) - crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) - crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) - crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) - crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) - crypto: qat - move pfvf collision detection values (jsc#PED-3692) - crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) - crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) - crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) - crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) - crypto: qat - re-enable registration of algorithms (jsc#PED-3692) - crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) - crypto: qat - refactor pfvf version request messages (jsc#PED-3692) - crypto: qat - refactor submission logic (jsc#PED-3692) - crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF disabled function (jsc#PED-3692) - crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) - crypto: qat - relocate backlog related structures (jsc#PED-3692) - crypto: qat - relocate bufferlist logic (jsc#PED-3692) - crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) - crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) - crypto: qat - remove empty sriov_configure() (jsc#PED-3692) - crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) - crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) - crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) - crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) - crypto: qat - remove unneeded assignment (jsc#PED-3692) - crypto: qat - remove unneeded braces (jsc#PED-3692) - crypto: qat - remove unneeded packed attribute (jsc#PED-3692) - crypto: qat - remove unused PFVF stubs (jsc#PED-3692) - crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) - crypto: qat - rename bufferlist functions (jsc#PED-3692) - crypto: qat - rename pfvf collision constants (jsc#PED-3692) - crypto: qat - reorganize PFVF code (jsc#PED-3692) - crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) - crypto: qat - replace deprecated MSI API (jsc#PED-3692) - crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) - crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) - crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) - crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) - crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) - crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) - crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) - crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) - crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) - crypto: qat - stop using iommu_present() (jsc#PED-3692) - crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) - crypto: qat - store the ring-to-service mapping (jsc#PED-3692) - crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) - crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) - crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) - crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) - crypto: qat - use hweight for bit counting (jsc#PED-3692) - crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) - crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) - crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). - cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). - debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). - dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). - dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). - dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). - dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). - dmaengine: mv_xor_v2: Fix an error code (git-fixes). - do not reuse connection if share marked as isolated (bsc#1193629). - docs: networking: fix x25-iface.rst heading & index order (git-fixes). - drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). - drm-hyperv: Add a bug reference to two existing changes (bsc#1211281). - drm/amd/display: Fix hang when skipping modeset (git-fixes). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). - drm/amd/display: fix flickering caused by S/G mode (git-fixes). - drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). - drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes). - drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). - drm/displayid: add displayid_get_header() and check bounds better (git-fixes). - drm/exynos: fix g2d_open/close helper function definitions (git-fixes). - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes). - drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). - drm/i915/dg2: Support 4k@30 on HDMI (git-fixes). - drm/i915/dp: prevent potential div-by-zero (git-fixes). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). - drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). - drm/msm/dp: unregister audio driver during unbind (git-fixes). - drm/msm/dpu: Add INTF_5 interrupts (git-fixes). - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes). - drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). - drm/sched: Remove redundant check (git-fixes). - drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). - drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). - drm/ttm: optimize pool allocations a bit v2 (git-fixes). - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). - dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). - dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes). - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). - fbdev: udlfb: Fix endpoint check (git-fixes). - firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). - fuse: always revalidate rename target dentry (bsc#1211808). - fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). - futex: Resend potentially swallowed owner death notification (git-fixes). - google/gve:fix repeated words in comments (bsc#1211519). - gpio: mockup: Fix mode of debugfs files (git-fixes). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (git-fixes). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (git-fixes). - gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). - gve: enhance no queue page list detection (bsc#1211519). - i2c: omap: Fix standard mode false ACK readings (git-fixes). - i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). - i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). - i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). - i40e: Fix DMA mappings leak (jsc#SLE-18378). - i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). - i40e: Fix VF set max MTU size (jsc#SLE-18378). - i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). - i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). - i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). - i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). - i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). - i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). - i40e: Fix for VF MAC address 0 (jsc#SLE-18378). - i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). - i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). - i40e: Fix kernel crash during module removal (jsc#SLE-18378). - i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). - i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). - i40e: Refactor tc mqprio checks (jsc#SLE-18378). - i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). - i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). - i40e: fix flow director packet filter programming (jsc#SLE-18378). - i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). - i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). - iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). - iavf: Detach device during reset task (jsc#SLE-18385). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). - iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). - iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). - iavf: Fix a crash during reset task (jsc#SLE-18385). - iavf: Fix bad page state (jsc#SLE-18385). - iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). - iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). - iavf: Fix max_rate limiting (jsc#SLE-18385). - iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). - iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). - iavf: fix hang on reboot with ice (jsc#SLE-18385). - iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). - iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). - ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). - igb: Add lock to avoid data race (jsc#SLE-18379). - igb: Enable SR-IOV after reinit (jsc#SLE-18379). - igb: Initialize mailbox message for VF reset (jsc#SLE-18379). - igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). - igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). - igbvf: Regard vf reset nack as success (jsc#SLE-18379). - igc: Add checking for basetime less than zero (jsc#SLE-18377). - igc: Add ndo_tx_timeout support (jsc#SLE-18377). - igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). - igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). - igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). - igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). - igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). - igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). - igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). - igc: read before write to SRRCTL register (jsc#SLE-18377). - igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). - iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes). - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). - iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). - iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). - iio: imu: inv_icm42600: fix timestamp reset (git-fixes). - iio: light: vcnl4035: fixed chip ID check (git-fixes). - intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). - ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). - ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). - ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). - ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). - ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). - ixgbe: fix pci device refcount leak (jsc#SLE-18384). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). - kABI workaround for btbcm.c (git-fixes). - kABI workaround for mt76_poll_msec() (git-fixes). - kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) - kabi/severities: added Microsoft mana symbold (bsc#1210551) - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). - leds: Fix reference to led_set_brightness() in doc (git-fixes). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). - leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). - mailbox: zynqmp: Fix IPI isr handling (git-fixes). - mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). - media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes). - media: radio-shark: Add endpoint checks (git-fixes). - media: rcar_fdp1: Fix the correct variable assignments (git-fixes). - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). - mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). - mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). - misc: fastrpc: reject new invocations during device removal (git-fixes). - misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). - mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes). - mmc: vub300: fix invalid response handling (git-fixes). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes). - mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). - mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). - mtd: rawnand: marvell: ensure timing values are written (git-fixes). - net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). - net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). - net: mana: Add support for jumbo frame (bsc#1210551). - net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). - net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). - net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). - net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). - net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes). - net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). - net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). - net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). - net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). - net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). - net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). - net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). - net: mana: Use napi_build_skb in RX path (bsc#1210551). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes). - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). - net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes). - net: qrtr: correct types of trace event parameters (git-fixes). - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - net: tun: avoid disabling NAPI twice (git-fixes). - net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). - net: tun: stop NAPI when detaching queues (git-fixes). - net: tun: unlink NAPI from device on destruction (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - nilfs2: do not write dirty data after degenerating to read-only (git-fixes). - nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes). - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes). - nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). - nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes). - nvme-pci: clear the prp2 field when not used (git-fixes). - nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). - nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). - nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes). - nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). - nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). - nvme: also return I/O command effects from nvme_command_effects (git-fixes). - nvme: check for duplicate identifiers earlier (git-fixes). - nvme: cleanup __nvme_check_ids (git-fixes). - nvme: fix discard support without oncs (git-fixes). - nvme: fix interpretation of DMRSL (git-fixes). - nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). - nvme: fix passthrough csi check (git-fixes). - nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). - nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). - nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). - nvme: set non-mdts limits in nvme_scan_work (git-fixes). - nvmet-tcp: add bounds check on Transfer Tag (git-fixes). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). - nvmet: fix mar and mor off-by-one errors (git-fixes). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). - phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). - pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes). - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). - platform/x86: hp-wmi: Support touchpad on/off (git-fixes). - platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes). - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). - power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). - power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). - power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes). - power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). - power: supply: leds: Fix blink to LED on transition (git-fixes). - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). - pstore: Revert pmsg_lock back to a normal mutex (git-fixes). - purgatory: fix disabling debug info (git-fixes). - pwm: meson: Fix axg ao mux parents (git-fixes). - pwm: meson: Fix g12a ao clk81 name (git-fixes). - qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). - qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). - qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). - r8152: fix flow control issue of RTL8156A (git-fixes). - r8152: fix the poor throughput for 2.5G devices (git-fixes). - r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes). - regulator: mt6359: add read check for PMIC MT6359 (git-fixes). - regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). - remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - ring-buffer: Fix kernel-doc (git-fixes). - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rtmutex: Ensure that the top waiter is always woken up (git-fixes). - s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947) - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). - s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688). - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). - s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). - s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). - s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). - s390x: Fixed hard lockups while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). - scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes). - scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). - scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). - scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). - scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). - scsi: lpfc: Update congestion warning notification period (bsc#1211847). - scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes). - scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). - selftests mount: Fix mount_setattr_test builds failed (git-fixes). - selftests/resctrl: Allow ->setup() to return errors (git-fixes). - selftests/resctrl: Check for return value after write_schemata() (git-fixes). - selftests/resctrl: Extend CPU vendor detection (git-fixes). - selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). - selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes). - selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). - selftests: xsk: Disable IPv6 on VETH1 (git-fixes). - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). - selinux: do not use make's grouped targets feature yet (git-fixes). - serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). - serial: 8250_bcm7271: balance clk_enable calls (git-fixes). - serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). - serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes). - serial: Add support for Advantech PCI-1611U card (git-fixes). - serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). - serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). - serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). - sfc: Change VF mac via PF as first preference if available (git-fixes). - sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). - sfc: Fix use-after-free due to selftest_work (git-fixes). - sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). - sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). - sfc: fix TX channel offset when using legacy interrupts (git-fixes). - sfc: fix considering that all channels have TX queues (git-fixes). - sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). - sfc: include vport_id in filter spec hash and equal() (git-fixes). - smb3: display debug information better for encryption (bsc#1193629). - smb3: fix problem remounting a share after shutdown (bsc#1193629). - smb3: improve parallel reads of large files (bsc#1193629). - smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). - smb3: move some common open context structs to smbfs_common (bsc#1193629). - soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). - soundwire: qcom: gracefully handle too many ports in DT (git-fixes). - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). - struct ci_hdrc: hide new member at end (git-fixes). - supported.conf: mark mana_ib supported - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). - thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). - thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). - tools/virtio: compile with -pthread (git-fixes). - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - tools/virtio: fix virtio_test execution (git-fixes). - tools/virtio: initialize spinlocks in vring_test.c (git-fixes). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). - tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). - tracing: Fix permissions for the buffer_percent file (git-fixes). - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). - usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). - usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). - usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). - usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). - usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). - usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes). - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes). - usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes). - usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). - usb: gadget: u_ether: Fix host MAC address case (git-fixes). - usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - usb: typec: tcpm: fix multiple times discover svids error (git-fixes). - usb: usbfs: Enforce page requirements for mmap (git-fixes). - usb: usbfs: Use consistent mmap functions (git-fixes). - usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796). - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). - vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - virtio_net: split free_unused_bufs() (git-fixes). - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes). - watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). - wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). - wifi: ath: Silence memcpy run-time false positive warning (git-fixes). - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). - wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). - wifi: iwlwifi: fw: fix DBGI dump (git-fixes). - wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes). - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). - wifi: mac80211: fix min center freq offset tracing (git-fixes). - wifi: mt76: add flexible polling wait-interval support (git-fixes). - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes). - wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). - wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). - wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). - workqueue: Fix hung time report of worker pools (bsc#1211044). - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - workqueue: Warn when a new worker could not be created (bsc#1211044). - workqueue: Warn when a rescuer could not be created (bsc#1211044). - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). - x86/MCE/AMD: Use an u64 for bank_map (git-fixes). - x86/alternative: Make debug-alternative selective (bsc#1206578). - x86/alternative: Report missing return thunk details (git-fixes). - x86/alternative: Support relocations in alternatives (bsc#1206578). - x86/amd: Use IBPB for firmware calls (git-fixes). - x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes). - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). - x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes). - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). - x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes). - x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes). - x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). - x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes). - x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch - x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes). - x86/microcode/AMD: Fix mixed steppings support (git-fixes). - x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). - x86/microcode: Add explicit CPU vendor dependency (git-fixes). - x86/microcode: Adjust late loading result reporting message (git-fixes). - x86/microcode: Rip out the OLD_INTERFACE (git-fixes). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). - x86/mm: Use proper mask when setting PUD mapping (git-fixes). - x86/nospec: Unwreck the RSB stuffing (git-fixes). - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). - x86/pat: Fix x86_has_pat_wp() (git-fixes). - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). - x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). - x86/signal: Fix the value returned by strict_sas_size() (git-fixes). - x86/speculation/mmio: Print SMT warning (git-fixes). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes). - x86/static_call: Serialize __static_call_fixup() properly (git-fixes). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - x86/topology: Fix duplicated core ID within a package (git-fixes). - x86/topology: Fix multiple packages shown on a single-package system (git-fixes). - x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). - x86: Fix return value of __setup handlers (git-fixes). - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes). - xen/netback: do not do grant copy across page boundary (git-fixes). - xen/netback: use same error messages for same errors (git-fixes). - xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). - xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). Important SUSE bug 1065729 SUSE bug 1172073 SUSE bug 1191731 SUSE bug 1193629 SUSE bug 1195655 SUSE bug 1195921 SUSE bug 1203906 SUSE bug 1205650 SUSE bug 1205756 SUSE bug 1205758 SUSE bug 1205760 SUSE bug 1205762 SUSE bug 1205803 SUSE bug 1206024 SUSE bug 1206578 SUSE bug 1207553 SUSE bug 1208604 SUSE bug 1208758 SUSE bug 1209287 SUSE bug 1209288 SUSE bug 1209856 SUSE bug 1209982 SUSE bug 1210165 SUSE bug 1210294 SUSE bug 1210449 SUSE bug 1210450 SUSE bug 1210498 SUSE bug 1210533 SUSE bug 1210551 SUSE bug 1210647 SUSE bug 1210741 SUSE bug 1210775 SUSE bug 1210783 SUSE bug 1210791 SUSE bug 1210806 SUSE bug 1210940 SUSE bug 1210947 SUSE bug 1211037 SUSE bug 1211043 SUSE bug 1211044 SUSE bug 1211089 SUSE bug 1211105 SUSE bug 1211113 SUSE bug 1211131 SUSE bug 1211205 SUSE bug 1211263 SUSE bug 1211280 SUSE bug 1211281 SUSE bug 1211449 SUSE bug 1211465 SUSE bug 1211519 SUSE bug 1211564 SUSE bug 1211590 SUSE bug 1211592 SUSE bug 1211686 SUSE bug 1211687 SUSE bug 1211688 SUSE bug 1211689 SUSE bug 1211690 SUSE bug 1211691 SUSE bug 1211692 SUSE bug 1211693 SUSE bug 1211714 SUSE bug 1211796 SUSE bug 1211804 SUSE bug 1211807 SUSE bug 1211808 SUSE bug 1211847 SUSE bug 1211855 SUSE bug 1211960 CVE-2022-4269 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1079 CVE-2023-1380 CVE-2023-1382 CVE-2023-2002 CVE-2023-2124 CVE-2023-2156 CVE-2023-2162 CVE-2023-2269 CVE-2023-2483 CVE-2023-2513 CVE-2023-28410 CVE-2023-3006 CVE-2023-30456 CVE-2023-31084 CVE-2023-31436 CVE-2023-32233 CVE-2023-33288 cpe:/o:opensuse:leap:15.4 Security update for kubernetes1.24 (Important) openSUSE Leap 15.4 This update of kubernetes1.24 fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:opensuse:leap:15.4 Security update for nodejs16 (Important) openSUSE Leap 15.4 This update for nodejs16 fixes the following issues: Update to version 16.20.1: - CVE-2023-30581: Fixed mainModule.__proto__ Bypass Experimental Policy Mechanism (bsc#1212574). - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (bsc#1212579). - CVE-2023-30588: Fixed process interuption due to invalid Public Key information in x509 certificates (bsc#1212581). - CVE-2023-30589: Fixed HTTP Request Smuggling via empty headers separated by CR (bsc#1212582). - CVE-2023-30590: Fixed DiffieHellman key generation after setting a private key (bsc#1212583). - CVE-2023-31124: Fixed cross compilation issue with AutoTools that does not set CARES_RANDOM_FILE (bsc#1211607). - CVE-2023-31130: Fixed buffer underwrite problem in ares_inet_net_pton() (bsc#1211606). - CVE-2023-31147: Fixed insufficient randomness in generation of DNS query IDs (bsc#1211605). - CVE-2023-32067: Fixed denial-of-service via 0-byte UDP payload (bsc#1211604). Bug fixes: - Increased the default timeout on unit tests from 2 to 20 minutes. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407) Important SUSE bug 1211407 SUSE bug 1211604 SUSE bug 1211605 SUSE bug 1211606 SUSE bug 1211607 SUSE bug 1212574 SUSE bug 1212579 SUSE bug 1212581 SUSE bug 1212582 SUSE bug 1212583 CVE-2023-30581 CVE-2023-30585 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 cpe:/o:opensuse:leap:15.4 Security update for cosign (Important) openSUSE Leap 15.4 This update of cosign fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:opensuse:leap:15.4 Security update for bind (Important) openSUSE Leap 15.4 This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. (CVE-2023-2828) * A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) Bug Fixes: * Previously, it was possible for a delegation from cache to be returned to the client after the stale-answer-client-timeout duration. This has been fixed. [bsc#1212544, bsc#1212567, jsc#SLE-24600] Update to release 9.16.41 Bug Fixes: * When removing delegations from an opt-out range, empty-non-terminal NSEC3 records generated by those delegations were not cleaned up. This has been fixed. [jsc#SLE-24600] Update to release 9.16.40 Bug Fixes: * Logfiles using timestamp-style suffixes were not always correctly removed when the number of files exceeded the limit set by versions. This has been fixed for configurations which do not explicitly specify a directory path as part of the file argument in the channel specification. * Performance of DNSSEC validation in zones with many DNSKEY records has been improved. Update to release 9.16.39 Feature Changes: * libuv support for receiving multiple UDP messages in a single recvmmsg() system call has been tweaked several times between libuv versions 1.35.0 and 1.40.0; the current recommended libuv version is 1.40.0 or higher. New rules are now in effect for running with a different version of libuv than the one used at compilation time. These rules may trigger a fatal error at startup: - Building against or running with libuv versions 1.35.0 and 1.36.0 is now a fatal error. - Running with libuv version higher than 1.34.2 is now a fatal error when named is built against libuv version 1.34.2 or lower. - Running with libuv version higher than 1.39.0 is now a fatal error when named is built against libuv version 1.37.0, 1.38.0, 1.38.1, or 1.39.0. * This prevents the use of libuv versions that may trigger an assertion failure when receiving multiple UDP messages in a single system call. Bug Fixes: * named could crash with an assertion failure when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone. This has been fixed. * When named starts up, it sends a query for the DNSSEC key for each configured trust anchor to determine whether the key has changed. In some unusual cases, the query might depend on a zone for which the server is itself authoritative, and would have failed if it were sent before the zone was fully loaded. This has now been fixed by delaying the key queries until all zones have finished loading. [jsc#SLE-24600] Important SUSE bug 1212544 SUSE bug 1212567 CVE-2023-2828 CVE-2023-2911 cpe:/o:opensuse:leap:15.4 Security update for nodejs18 (Important) openSUSE Leap 15.4 This update for nodejs18 fixes the following issues: Update to version 18.16.1: - CVE-2023-30581: Fixed mainModule.__proto__ Bypass Experimental Policy Mechanism (bsc#1212574). - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (bsc#1212579). - CVE-2023-30588: Fixed process interuption due to invalid Public Key information in x509 certificates (bsc#1212581). - CVE-2023-30589: Fixed HTTP Request Smuggling via empty headers separated by CR (bsc#1212582). - CVE-2023-30590: Fixed DiffieHellman key generation after setting a private key (bsc#1212583). - CVE-2023-31124: Fixed cross compilation issue with AutoTools that does not set CARES_RANDOM_FILE (bsc#1211607). - CVE-2023-31130: Fixed buffer underwrite problem in ares_inet_net_pton() (bsc#1211606). - CVE-2023-31147: Fixed insufficient randomness in generation of DNS query IDs (bsc#1211605). - CVE-2023-32067: Fixed denial-of-service via 0-byte UDP payload (bsc#1211604). - CVE-2022-25881: Fixed a Regular Expression Denial of Service (bsc#1208744). Bug fixes: - Increased the default timeout on unit tests from 2 to 20 minutes. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407) Important SUSE bug 1208744 SUSE bug 1211407 SUSE bug 1211604 SUSE bug 1211605 SUSE bug 1211606 SUSE bug 1211607 SUSE bug 1212574 SUSE bug 1212579 SUSE bug 1212581 SUSE bug 1212582 SUSE bug 1212583 CVE-2022-25881 CVE-2023-30581 CVE-2023-30585 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 cpe:/o:opensuse:leap:15.4 Security update for buildah (Important) openSUSE Leap 15.4 This update of buildah fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:opensuse:leap:15.4 Security update for rekor (Important) openSUSE Leap 15.4 This update of rekor fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:opensuse:leap:15.4 Security update for rubygem-activesupport-5_1 (Moderate) openSUSE Leap 15.4 This update for rubygem-activesupport-5_1 fixes the following issues: - CVE-2023-22796: Fixed a potential denial of service when passing a crafted input to the underscore method due to an inefficient regular expression (bsc#1207454). Moderate SUSE bug 1207454 CVE-2023-22796 cpe:/o:opensuse:leap:15.4 Security update for terraform-provider-aws (Important) openSUSE Leap 15.4 This update of terraform-provider-aws fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:opensuse:leap:15.4 Security update for terraform-provider-helm (Important) openSUSE Leap 15.4 This update of terraform-provider-helm fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:opensuse:leap:15.4 Security update for terraform-provider-null (Important) openSUSE Leap 15.4 This update of terraform-provider-null fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:opensuse:leap:15.4 Security update for rubygem-rack (Moderate) openSUSE Leap 15.4 This update for rubygem-rack fixes the following issues: - CVE-2022-44570: Fixed a potential denial of service when parsing a RFC2183 multipart boundary (bsc#1207597). - CVE-2022-44571: Fixed a potential denial of service when parsing a Range header (bsc#1207599). - CVE-2022-44572: Fixed a potential denial of service when parsing a Content-Disposition header (bsc#1207596). Moderate SUSE bug 1207596 SUSE bug 1207597 SUSE bug 1207599 CVE-2022-44570 CVE-2022-44571 CVE-2022-44572 cpe:/o:opensuse:leap:15.4 Security update for dnsdist (Moderate) openSUSE Leap 15.4 This update for dnsdist fixes the following issues: - update to 1.8.0 - Implements dnsdist in SLE15 (jsc#PED-3402) - Security fix: fixes a possible record smugging with a crafted DNS query with trailing data (CVE-2018-14663, bsc#1114511) - update to 1.2.0 (bsc#1054799, bsc#1054802) This release also addresses two security issues of low severity, CVE-2016-7069 and CVE-2017-7557. The first issue can lead to a denial of service on 32-bit if a backend sends crafted answers, and the second to an alteration of dnsdist’s ACL if the API is enabled, writable and an authenticated user is tricked into visiting a crafted website. Moderate SUSE bug 1054799 SUSE bug 1054802 SUSE bug 1114511 CVE-2016-7069 CVE-2017-7557 CVE-2018-14663 cpe:/o:opensuse:leap:15.4 Security update for amazon-ecs-init (Important) openSUSE Leap 15.4 This update of amazon-ecs-init fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:opensuse:leap:15.4 Security update for libcap (Moderate) openSUSE Leap 15.4 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). Moderate SUSE bug 1211418 SUSE bug 1211419 CVE-2023-2602 CVE-2023-2603 cpe:/o:opensuse:leap:15.4 Security update for xmltooling (Moderate) openSUSE Leap 15.4 This update for xmltooling fixes the following issues: - CVE-2023-36661: Fixed a server-side-request-forgery (SSRF) vulnerability (bsc#1212359). Moderate SUSE bug 1212359 CVE-2023-36661 cpe:/o:opensuse:leap:15.4 Security update for kubernetes1.18 (Important) openSUSE Leap 15.4 This update of kubernetes1.18 fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:opensuse:leap:15.4 Security update for python311 (Moderate) openSUSE Leap 15.4 This update for python311 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). Moderate SUSE bug 1203750 CVE-2007-4559 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-35828: Fixed a use-after-free flaw inside renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-35823: Fixed a use-after-free in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). - CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). - CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). - CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-1249: Fixed a use-after-free flaw inside the core dump subsystem, that could have been used to crash the system (bsc#1209039). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). The following non-security bugs were fixed: - 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). - ACPI: EC: Fix oops when removing custom query handlers (git-fixes). - ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes). - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). - ACPI: tables: Add support for NBFT (bsc#1195921). - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). - ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes). - ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). - ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). - ALSA: firewire-digi00x: prevent potential use after free (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). - ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). - ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). - ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). - ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes). - ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes). - ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes). - ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). - ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes). - ALSA: hda: Fix unhandled register update during auto-suspend period (git-fixes). - ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes). - ALSA: oss: avoid missing-prototype warnings (git-fixes). - ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). - ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). - ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). - ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). - ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). - ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). - ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). - ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). - ARM: dts: vexpress: add missing cache properties (git-fixes). - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes). - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes). - ASoC: codecs: wsa881x: do not set can_multi_write flag (git-fixes). - ASoC: dwc: limit the number of overrun messages (git-fixes). - ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). - ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). - ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes). - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes). - ASoC: soc-pcm: test if a BE can be prepared (git-fixes). - ASoC: ssm2602: Add workaround for playback distortions (git-fixes). - Add a bug reference to two existing drm-hyperv changes (bsc#1211281). - Also include kernel-docs build requirements for ALP - Avoid unsuported tar parameter on SLE12 - Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). - Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). - Bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). - Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes). - Bluetooth: btintel: Add LE States quirk support (git-fixes). - Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes). - Bluetooth: hci_qca: fix debugfs registration (git-fixes). - Documentation/filesystems: ramfs-rootfs-initramfs: use :Author: (git-fixes). - Documentation/filesystems: sharedsubtree: add section headings (git-fixes). - HID: google: add jewel USB id (git-fixes). - HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). - HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). - HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). - HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). - HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes). - HID: wacom: Set a default resolution for older tablets (git-fixes). - HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). - HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). - HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes). - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) - IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes) - IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) - Input: fix open count when closing inhibited device (git-fixes). - Input: psmouse - fix OOB access in Elantech protocol (git-fixes). - Input: xpad - add constants for GIP interface numbers (git-fixes). - Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes) - KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes) - KVM: Do not create VM debugfs files outside of the VM directory (git-fixes) - KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). - KVM: Prevent module exit until all VMs are freed (git-fixes) - KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes). - KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes). - KVM: SVM: Fix potential overflow in SEV's send|receive_update_data() (git-fixes). - KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes). - KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes). - KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes). - KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes). - KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes). - KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). - KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) - KVM: arm64: Do not hypercall before EL2 init (git-fixes) - KVM: arm64: Do not return from void function (git-fixes) - KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) - KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes) - KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) - KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) - KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) - KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes) - KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) - KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes) - KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) - KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) - KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) - KVM: arm64: Save PSTATE early on exit (git-fixes) - KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes) - KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) - KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) - KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes). - KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). - KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes). - KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes). - KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). - KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). - KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). - KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes). - KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes). - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes). - KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). - KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). - KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes). - KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). - KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes). - KVM: x86: do not set st->preempted when going back to user space (git-fixes). - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). - KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). - PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes). - PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes). - PM: hibernate: Turn snapshot_test into global variable (git-fixes). - PM: hibernate: fix load_image_and_restore() error path (git-fixes). - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) - RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes) - RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) - RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes) - RDMA/efa: Fix unsupported page sizes in device (git-fixes) - RDMA/hns: Fix base address table allocation (git-fixes) - RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes) - RDMA/hns: Modify the value of long message loopback slice (git-fixes) - RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). - RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). - RDMA/irdma: Fix Local Invalidate fencing (git-fixes) - RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383). - RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). - RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). - RDMA/irdma: Prevent QP use after free (git-fixes) - RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383). - RDMA/irdma: Remove excess error variables (jsc#SLE-18383). - RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). - RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). - RDMA/mlx5: Fix flow counter query via DEVX (git-fixes) - RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes) - RDMA/rdmavt: Delete unnecessary NULL check (git-fixes) - RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes) - RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes) - RDMA/siw: Fix potential page_array out of range access (git-fixes) - RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes) - RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) - Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). - Revert 'KVM: set owner of cpu and vm file operations' (git-fixes) - SMB3.1.1: add new tree connect ShareFlags (bsc#1193629). - SMB3: Add missing locks to protect deferred close file list (git-fixes). - SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). - SMB3: Close deferred file handles in case of handle lease break (bsc#1193629). - SMB3: drop reference to cfile before sending oplock break (bsc#1193629). - SMB3: force unmount was failing to close deferred close files (bsc#1193629). - SUNRPC: Clean up svc_deferred_class trace events (git-fixes). - SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). - Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). - Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. - USB / dwc3: Fix a checkpatch warning in core.c (git-fixes). - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes). - USB: core: Add routines for endpoint checks in old drivers (git-fixes). - USB: dwc3: fix use-after-free on core driver unbind (git-fixes). - USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes). - USB: serial: option: add Quectel EM061KGL series (git-fixes). - USB: sisusbvga: Add endpoint checks (git-fixes). - USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). - affs: initialize fsdata in affs_truncate() (git-fixes). - apparmor: add a kernel label to use on kernel objects (bsc#1211113). - arm64: Always load shadow stack pointer directly from the task struct (git-fixes) - arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes) - arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes). - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). - ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). - ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). - ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). - batman-adv: Broken sync while rescheduling delayed work (git-fixes). - block: add a bdev_max_zone_append_sectors helper (git-fixes). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes). - bnxt: Do not read past the end of test names (jsc#SLE-18978). - bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). - bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). - bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). - bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). - bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). - bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). - bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). - bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). - bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). - bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). - bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) - bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) - bpf, arm64: Feed byte-offset into bpf line info (git-fixes) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) - bpf: Add extra path pointer check to d_path helper (git-fixes). - bpf: Fix UAF in task local storage (bsc#1212564). - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). - can: j1939: change j1939_netdev_lock type to mutex (git-fixes). - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes). - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes). - can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). - can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes). - can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). - can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). - cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). - ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). - ceph: force updating the msg pointer in non-split case (bsc#1211804). - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). - cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). - cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). - cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). - cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). - cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). - cgroup: reduce dependency on cgroup_mutex (bsc#1205650). - cifs: Avoid a cast in add_lease_context() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). - cifs: fix potential race when tree connecting ipc (bsc#1208758). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). - cifs: fix sharing of DFS connections (bsc#1208758). - cifs: fix smb1 mount regression (bsc#1193629). - cifs: mapchars mount option ignored (bsc#1193629). - cifs: missing lock when updating session status (bsc#1193629). - cifs: print smb3_fs_context::source when mounting (bsc#1193629). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). - cifs: protect session status check in smb2_reconnect() (bsc#1208758). - cifs: release leases for deferred close handles when freezing (bsc#1193629). - cifs: sanitize paths in cifs_update_super_prepath (git-fixes). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). - clk: qcom: regmap: add PHY clock source implementation (git-fixes). - clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). - configfs: fix possible memory leak in configfs_create_dir() (git-fixes). - crypto: acomp - define max size for destination (jsc#PED-3692) - crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) - crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) - crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) - crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) - crypto: qat - abstract PFVF receive logic (jsc#PED-3692) - crypto: qat - abstract PFVF send function (jsc#PED-3692) - crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) - crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) - crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) - crypto: qat - add backlog mechanism (jsc#PED-3692) - crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) - crypto: qat - add check to validate firmware images (jsc#PED-3692) - crypto: qat - add limit to linked list parsing (jsc#PED-3692) - crypto: qat - add misc workqueue (jsc#PED-3692) - crypto: qat - add missing restarting event notification in (jsc#PED-3692) - crypto: qat - add param check for DH (jsc#PED-3692) - crypto: qat - add param check for RSA (jsc#PED-3692) - crypto: qat - add pfvf_ops (jsc#PED-3692) - crypto: qat - add resubmit logic for decompression (jsc#PED-3692) - crypto: qat - add support for 401xx devices (jsc#PED-3692) - crypto: qat - add support for compression for 4xxx (jsc#PED-3692) - crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) - crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) - crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) - crypto: qat - change behaviour of (jsc#PED-3692) - crypto: qat - change bufferlist logic interface (jsc#PED-3692) - crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) - crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) - crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) - crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) - crypto: qat - do not rely on min version (jsc#PED-3692) - crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) - crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) - crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) - crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) - crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) - crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - extend buffer list interface (jsc#PED-3692) - crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) - crypto: qat - extract send and wait from (jsc#PED-3692) - crypto: qat - fix DMA transfer direction (jsc#PED-3692) - crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) - crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) - crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) - crypto: qat - fix a typo in a comment (jsc#PED-3692) - crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) - crypto: qat - fix definition of ring reset results (jsc#PED-3692) - crypto: qat - fix error return code in adf_probe (jsc#PED-3692) - crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) - crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) - crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) - crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) - crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) - crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) - crypto: qat - free irq in case of failure (jsc#PED-3692) - crypto: qat - free irqs only if allocated (jsc#PED-3692) - crypto: qat - generalize crypto request buffers (jsc#PED-3692) - crypto: qat - get compression extended capabilities (jsc#PED-3692) - crypto: qat - handle retries due to collisions in (jsc#PED-3692) - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) - crypto: qat - improve logging of PFVF messages (jsc#PED-3692) - crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) - crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) - crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) - crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) - crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) - crypto: qat - make PFVF message construction direction (jsc#PED-3692) - crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) - crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) - crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) - crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) - crypto: qat - move pfvf collision detection values (jsc#PED-3692) - crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) - crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) - crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) - crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) - crypto: qat - re-enable registration of algorithms (jsc#PED-3692) - crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) - crypto: qat - refactor pfvf version request messages (jsc#PED-3692) - crypto: qat - refactor submission logic (jsc#PED-3692) - crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF disabled function (jsc#PED-3692) - crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) - crypto: qat - relocate backlog related structures (jsc#PED-3692) - crypto: qat - relocate bufferlist logic (jsc#PED-3692) - crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) - crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) - crypto: qat - remove empty sriov_configure() (jsc#PED-3692) - crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) - crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) - crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) - crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) - crypto: qat - remove unneeded assignment (jsc#PED-3692) - crypto: qat - remove unneeded braces (jsc#PED-3692) - crypto: qat - remove unneeded packed attribute (jsc#PED-3692) - crypto: qat - remove unused PFVF stubs (jsc#PED-3692) - crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) - crypto: qat - rename bufferlist functions (jsc#PED-3692) - crypto: qat - rename pfvf collision constants (jsc#PED-3692) - crypto: qat - reorganize PFVF code (jsc#PED-3692) - crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) - crypto: qat - replace deprecated MSI API (jsc#PED-3692) - crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) - crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) - crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) - crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) - crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) - crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) - crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) - crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) - crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) - crypto: qat - stop using iommu_present() (jsc#PED-3692) - crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) - crypto: qat - store the ring-to-service mapping (jsc#PED-3692) - crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) - crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) - crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) - crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) - crypto: qat - use hweight for bit counting (jsc#PED-3692) - crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) - crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) - crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). - cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). - debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). - dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). - dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes). - dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes). - dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). - dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). - dmaengine: mv_xor_v2: Fix an error code (git-fixes). - dmaengine: pl330: rename _start to prevent build error (git-fixes). - do not reuse connection if share marked as isolated (bsc#1193629). - docs: networking: fix x25-iface.rst heading & index order (git-fixes). - drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). - drm/amd/display: Fix hang when skipping modeset (git-fixes). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). - drm/amd/display: edp do not add non-edid timings (git-fixes). - drm/amd/display: fix flickering caused by S/G mode (git-fixes). - drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). - drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). - drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes). - drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes). - drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). - drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). - drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes). - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). - drm/amdgpu: update drm_display_info correctly when the edid is read (git-fixes). - drm/ast: Fix ARM compatibility (git-fixes). - drm/displayid: add displayid_get_header() and check bounds better (git-fixes). - drm/exynos: fix g2d_open/close helper function definitions (git-fixes). - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes). - drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). - drm/i915/dg2: Support 4k@30 on HDMI (git-fixes). - drm/i915/dp: prevent potential div-by-zero (git-fixes). - drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes). - drm/i915/selftests: Add some missing error propagation (git-fixes). - drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). - drm/i915/selftests: Stop using kthread_stop() (git-fixes). - drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes). - drm/i915: Use 18 fast wake AUX sync len (git-fixes). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). - drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). - drm/msm/dp: unregister audio driver during unbind (git-fixes). - drm/msm/dpu: Add INTF_5 interrupts (git-fixes). - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes). - drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). - drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). - drm/msm: Set max segment size earlier (git-fixes). - drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). - drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). - drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). - drm/sched: Remove redundant check (git-fixes). - drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). - drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). - drm/ttm: optimize pool allocations a bit v2 (git-fixes). - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes). - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). - dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). - dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes). - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). - dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes). - eeprom: at24: also select REGMAP (git-fixes). - ext4: unconditionally enable the i_version counter (bsc#1211299). - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). - fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472). - fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). - fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). - fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). - fbdev: udlfb: Fix endpoint check (git-fixes). - firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). - firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes). - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). - fs/jfs: fix shift exponent db_agl2size negative (git-fixes). - fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). - fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). - fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). - fuse: always revalidate rename target dentry (bsc#1211808). - fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). - futex: Resend potentially swallowed owner death notification (git-fixes). - google/gve:fix repeated words in comments (bsc#1211519). - gpio: mockup: Fix mode of debugfs files (git-fixes). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (git-fixes). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (git-fixes). - gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). - gve: enhance no queue page list detection (bsc#1211519). - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). - hfs/hfsplus: use WARN_ON for sanity check (git-fixes). - hfs: Fix OOB Write in hfs_asc2mac (git-fixes). - hfs: fix OOB Read in __hfs_brec_find (git-fixes). - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). - i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). - i2c: omap: Fix standard mode false ACK readings (git-fixes). - i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). - i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). - i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). - i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). - i40e: Fix DMA mappings leak (jsc#SLE-18378). - i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). - i40e: Fix VF set max MTU size (jsc#SLE-18378). - i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). - i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). - i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). - i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). - i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). - i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). - i40e: Fix for VF MAC address 0 (jsc#SLE-18378). - i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). - i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). - i40e: Fix kernel crash during module removal (jsc#SLE-18378). - i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). - i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). - i40e: Refactor tc mqprio checks (jsc#SLE-18378). - i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). - i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). - i40e: fix flow director packet filter programming (jsc#SLE-18378). - i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). - i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). - iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). - iavf: Detach device during reset task (jsc#SLE-18385). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). - iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). - iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). - iavf: Fix a crash during reset task (jsc#SLE-18385). - iavf: Fix bad page state (jsc#SLE-18385). - iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). - iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). - iavf: Fix max_rate limiting (jsc#SLE-18385). - iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). - iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). - iavf: fix hang on reboot with ice (jsc#SLE-18385). - iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). - iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). - iavf: remove mask from iavf_irq_enable_queues() (git-fixes). - ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). - igb: Add lock to avoid data race (jsc#SLE-18379). - igb: Enable SR-IOV after reinit (jsc#SLE-18379). - igb: Initialize mailbox message for VF reset (jsc#SLE-18379). - igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). - igb: fix bit_shift to be in [1..8] range (git-fixes). - igb: fix nvm.ops.read() error handling (git-fixes). - igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). - igbvf: Regard vf reset nack as success (jsc#SLE-18379). - igc: Add checking for basetime less than zero (jsc#SLE-18377). - igc: Add ndo_tx_timeout support (jsc#SLE-18377). - igc: Clean the TX buffer and TX descriptor ring (git-fixes). - igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). - igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). - igc: Fix possible system crash when loading module (git-fixes). - igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). - igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). - igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). - igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). - igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). - igc: read before write to SRRCTL register (jsc#SLE-18377). - igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). - iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes). - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). - iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). - iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). - iio: imu: inv_icm42600: fix timestamp reset (git-fixes). - iio: light: vcnl4035: fixed chip ID check (git-fixes). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). - init: Provide arch_cpu_finalize_init() (bsc#1212448). - init: Remove check_bugs() leftovers (bsc#1212448). - intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). - ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). - ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). - ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). - ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). - ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). - ixgbe: fix pci device refcount leak (jsc#SLE-18384). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). - jfs: Fix fortify moan in symlink (git-fixes). - kABI workaround for btbcm.c (git-fixes). - kABI workaround for mt76_poll_msec() (git-fixes). - kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) - kABI: Fixed broken 3rd party dirvers issue (bsc#1208050 bsc#1211414). - kabi/severities: added Microsoft mana symbold (bsc#1210551) - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. - kernel-docs: Add missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). - kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). - kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes). - kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). - kprobes: Prohibit probes in gate area (git-fixes). - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). - kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). - leds: Fix reference to led_set_brightness() in doc (git-fixes). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). - leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). - lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). - lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). - lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). - lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). - lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). - lpfc: Enhance congestion statistics collection (bsc#1211852). - lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). - lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). - lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). - mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). - mailbox: zynqmp: Fix IPI isr handling (git-fixes). - mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes). - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes). - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). - media: dvb_ca_en50221: fix a size write bug (git-fixes). - media: dvb_demux: fix a bug for the continuity counter (git-fixes). - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). - media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes). - media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes). - media: radio-shark: Add endpoint checks (git-fixes). - media: rcar_fdp1: Fix the correct variable assignments (git-fixes). - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). - mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). - mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). - misc: fastrpc: reject new invocations during device removal (git-fixes). - misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). - mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). - mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes). - mmc: vub300: fix invalid response handling (git-fixes). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes). - mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). - mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). - mtd: rawnand: marvell: ensure timing values are written (git-fixes). - net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). - net/net_failover: fix txq exceeding warning (git-fixes). - net/sched: fix initialization order when updating chain 0 head (git-fixes). - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - net: ena: Account for the number of processed bytes in XDP (git-fixes). - net: ena: Do not register memory info on XDP exchange (git-fixes). - net: ena: Fix rx_copybreak value update (git-fixes). - net: ena: Fix toeplitz initial hash value (git-fixes). - net: ena: Set default value for RX interrupt moderation (git-fixes). - net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). - net: ena: Use bitmask to indicate packet redirection (git-fixes). - net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). - net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). - net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). - net: hns3: fix sending pfc frames after reset issue (git-fixes). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). - net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). - net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). - net: mana: Add support for jumbo frame (bsc#1210551). - net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). - net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). - net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). - net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). - net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes). - net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). - net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). - net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). - net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). - net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). - net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). - net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). - net: mana: Use napi_build_skb in RX path (bsc#1210551). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes). - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). - net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes). - net: qrtr: correct types of trace event parameters (git-fixes). - net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - net: tun: avoid disabling NAPI twice (git-fixes). - net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). - net: tun: stop NAPI when detaching queues (git-fixes). - net: tun: unlink NAPI from device on destruction (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - nfp: only report pause frame configuration for physical device (git-fixes). - nilfs2: do not write dirty data after degenerating to read-only (git-fixes). - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). - nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes). - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes). - nouveau: fix client work fence deletion race (git-fixes). - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes). - nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). - nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes). - nvme-pci: clear the prp2 field when not used (git-fixes). - nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). - nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). - nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes). - nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). - nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). - nvme: also return I/O command effects from nvme_command_effects (git-fixes). - nvme: check for duplicate identifiers earlier (git-fixes). - nvme: cleanup __nvme_check_ids (git-fixes). - nvme: fix discard support without oncs (git-fixes). - nvme: fix interpretation of DMRSL (git-fixes). - nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). - nvme: fix passthrough csi check (git-fixes). - nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). - nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). - nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). - nvme: set non-mdts limits in nvme_scan_work (git-fixes). - nvmet-tcp: add bounds check on Transfer Tag (git-fixes). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). - nvmet: fix mar and mor off-by-one errors (git-fixes). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). - octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes). - phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). - pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). - pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes). - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). - platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). - platform/x86: hp-wmi: Support touchpad on/off (git-fixes). - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). - platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes). - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). - power: supply: Fix logic checking if system is running from battery (git-fixes). - power: supply: Ratelimit no data debug output (git-fixes). - power: supply: ab8500: Fix external_power_changed race (git-fixes). - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). - power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). - power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). - power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git-fixes). - power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes). - power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes). - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). - power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). - power: supply: leds: Fix blink to LED on transition (git-fixes). - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). - power: supply: sc27xx: Fix external_power_changed race (git-fixes). - powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). - powerpc/purgatory: remove PGO flags (bsc#1194869). - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). - powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). - pstore: Revert pmsg_lock back to a normal mutex (git-fixes). - purgatory: fix disabling debug info (git-fixes). - pwm: meson: Fix axg ao mux parents (git-fixes). - pwm: meson: Fix g12a ao clk81 name (git-fixes). - qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). - qed/qede: Fix scheduling while atomic (git-fixes). - qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). - qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). - r8152: fix flow control issue of RTL8156A (git-fixes). - r8152: fix the poor throughput for 2.5G devices (git-fixes). - r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). - regmap: Account for register length when chunking (git-fixes). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes). - regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). - regulator: Fix error checking for debugfs_create_dir (git-fixes). - regulator: mt6359: add read check for PMIC MT6359 (git-fixes). - regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). - reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). - remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). - revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes). - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - ring-buffer: Fix kernel-doc (git-fixes). - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches - rtmutex: Ensure that the top waiter is always woken up (git-fixes). - s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947) - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). - s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). - s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688). - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). - s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). - s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). - s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). - s390: Hard lockups are observed while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733). - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). - scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes). - scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). - scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). - scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). - scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). - scsi: lpfc: Update congestion warning notification period (bsc#1211847). - scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes). - scsi: stex: Fix gcc 13 warnings (git-fixes). - scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). - selftests mount: Fix mount_setattr_test builds failed (git-fixes). - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). - selftests/resctrl: Allow ->setup() to return errors (git-fixes). - selftests/resctrl: Check for return value after write_schemata() (git-fixes). - selftests/resctrl: Extend CPU vendor detection (git-fixes). - selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). - selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes). - selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). - selftests: xsk: Disable IPv6 on VETH1 (git-fixes). - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). - selinux: do not use make's grouped targets feature yet (git-fixes). - serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). - serial: 8250_bcm7271: balance clk_enable calls (git-fixes). - serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). - serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes). - serial: Add support for Advantech PCI-1611U card (git-fixes). - serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). - serial: lantiq: add missing interrupt ack (git-fixes). - serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). - serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). - sfc: Change VF mac via PF as first preference if available (git-fixes). - sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). - sfc: Fix use-after-free due to selftest_work (git-fixes). - sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). - sfc: disable RXFCS and RXALL features by default (git-fixes). - sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). - sfc: fix TX channel offset when using legacy interrupts (git-fixes). - sfc: fix considering that all channels have TX queues (git-fixes). - sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). - sfc: include vport_id in filter spec hash and equal() (git-fixes). - smb3: display debug information better for encryption (bsc#1193629). - smb3: fix problem remounting a share after shutdown (bsc#1193629). - smb3: improve parallel reads of large files (bsc#1193629). - smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). - smb3: move some common open context structs to smbfs_common (bsc#1193629). - soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). - soundwire: qcom: gracefully handle too many ports in DT (git-fixes). - spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). - spi: qup: Request DMA before enabling clocks (git-fixes). - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - spi: tegra210-quad: Fix combined sequence (bsc#1212584) - spi: tegra210-quad: Fix iterator outside loop (git-fixes). - spi: tegra210-quad: Multi-cs support (bsc#1212584) - squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). - struct ci_hdrc: hide new member at end (git-fixes). - supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) - supported.conf: mark mana_ib supported - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). - test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). - test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes). - test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). - thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). - thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). - thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). - tls: Skip tls_append_frag on zero copy size (git-fixes). - tools/virtio: compile with -pthread (git-fixes). - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - tools/virtio: fix virtio_test execution (git-fixes). - tools/virtio: initialize spinlocks in vring_test.c (git-fixes). - tools: bpftool: Remove invalid \' json escape (git-fixes). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). - tpm, tpm_tis: Request threaded interrupt handler (git-fixes). - tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). - tracing/histograms: Allow variables to have some modifiers (git-fixes). - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). - tracing: Fix permissions for the buffer_percent file (git-fixes). - tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350). - tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes). - tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350). - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes). - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). - usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). - usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). - usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). - usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). - usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). - usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes). - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). - usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes). - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes). - usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes). - usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). - usb: gadget: u_ether: Fix host MAC address case (git-fixes). - usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - usb: typec: tcpm: fix multiple times discover svids error (git-fixes). - usb: typec: ucsi: Fix command cancellation (git-fixes). - usb: usbfs: Enforce page requirements for mmap (git-fixes). - usb: usbfs: Use consistent mmap functions (git-fixes). - usrmerge: Compatibility with earlier rpm (boo#1211796) - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). - vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - virtio_net: split free_unused_bufs() (git-fixes). - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes). - watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). - watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). - wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). - wifi: ath: Silence memcpy run-time false positive warning (git-fixes). - wifi: b43: fix incorrect __packed annotation (git-fixes). - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). - wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). - wifi: cfg80211: fix locking in sched scan stop work (git-fixes). - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). - wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). - wifi: iwlwifi: fw: fix DBGI dump (git-fixes). - wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes). - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). - wifi: mac80211: fix min center freq offset tracing (git-fixes). - wifi: mac80211: simplify chanctx allocation (git-fixes). - wifi: mt76: add flexible polling wait-interval support (git-fixes). - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes). - wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). - wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). - wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes). - workqueue: Fix hung time report of worker pools (bsc#1211044). - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - workqueue: Warn when a new worker could not be created (bsc#1211044). - workqueue: Warn when a rescuer could not be created (bsc#1211044). - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). - x86/MCE/AMD: Use an u64 for bank_map (git-fixes). - x86/alternative: Make debug-alternative selective (bsc#1206578). - x86/alternative: Report missing return thunk details (git-fixes). - x86/alternative: Support relocations in alternatives (bsc#1206578). - x86/amd: Use IBPB for firmware calls (git-fixes). - x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes). - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). - x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). - x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes). - x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes). - x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). - x86/fpu: Mark init functions __init (bsc#1212448). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). - x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes). - x86/init: Initialize signal frame size late (bsc#1212448). - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes). - x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch - x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes). - x86/microcode/AMD: Fix mixed steppings support (git-fixes). - x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). - x86/microcode: Add explicit CPU vendor dependency (git-fixes). - x86/microcode: Adjust late loading result reporting message (git-fixes). - x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes). - x86/microcode: Rip out the OLD_INTERFACE (git-fixes). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). - x86/mm: Use proper mask when setting PUD mapping (git-fixes). - x86/mm: fix poking_init() for Xen PV guests (git-fixes). - x86/nospec: Unwreck the RSB stuffing (git-fixes). - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). - x86/pat: Fix x86_has_pat_wp() (git-fixes). - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). - x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). - x86/signal: Fix the value returned by strict_sas_size() (git-fixes). - x86/speculation/mmio: Print SMT warning (git-fixes). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes). - x86/static_call: Serialize __static_call_fixup() properly (git-fixes). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - x86/topology: Fix duplicated core ID within a package (git-fixes). - x86/topology: Fix multiple packages shown on a single-package system (git-fixes). - x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). - x86: Fix return value of __setup handlers (git-fixes). - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes). - xen/netback: do not do grant copy across page boundary (git-fixes). - xen/netback: use same error messages for same errors (git-fixes). - xfs: fix rm_offset flag handling in rmap keys (git-fixes). - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). - xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). - xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). Important SUSE bug 1065729 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1160435 SUSE bug 1172073 SUSE bug 1189998 SUSE bug 1191731 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1195655 SUSE bug 1195921 SUSE bug 1203906 SUSE bug 1205650 SUSE bug 1205756 SUSE bug 1205758 SUSE bug 1205760 SUSE bug 1205762 SUSE bug 1205803 SUSE bug 1206024 SUSE bug 1206578 SUSE bug 1207553 SUSE bug 1208050 SUSE bug 1208410 SUSE bug 1208600 SUSE bug 1208604 SUSE bug 1208758 SUSE bug 1209039 SUSE bug 1209287 SUSE bug 1209288 SUSE bug 1209367 SUSE bug 1209856 SUSE bug 1209982 SUSE bug 1210165 SUSE bug 1210294 SUSE bug 1210449 SUSE bug 1210450 SUSE bug 1210498 SUSE bug 1210533 SUSE bug 1210551 SUSE bug 1210647 SUSE bug 1210741 SUSE bug 1210775 SUSE bug 1210783 SUSE bug 1210791 SUSE bug 1210806 SUSE bug 1210940 SUSE bug 1210947 SUSE bug 1211037 SUSE bug 1211043 SUSE bug 1211044 SUSE bug 1211089 SUSE bug 1211105 SUSE bug 1211113 SUSE bug 1211131 SUSE bug 1211205 SUSE bug 1211263 SUSE bug 1211280 SUSE bug 1211281 SUSE bug 1211299 SUSE bug 1211346 SUSE bug 1211387 SUSE bug 1211410 SUSE bug 1211414 SUSE bug 1211449 SUSE bug 1211465 SUSE bug 1211519 SUSE bug 1211564 SUSE bug 1211590 SUSE bug 1211592 SUSE bug 1211686 SUSE bug 1211687 SUSE bug 1211688 SUSE bug 1211689 SUSE bug 1211690 SUSE bug 1211691 SUSE bug 1211692 SUSE bug 1211693 SUSE bug 1211714 SUSE bug 1211796 SUSE bug 1211804 SUSE bug 1211807 SUSE bug 1211808 SUSE bug 1211847 SUSE bug 1211852 SUSE bug 1211855 SUSE bug 1211960 SUSE bug 1212129 SUSE bug 1212154 SUSE bug 1212155 SUSE bug 1212158 SUSE bug 1212350 SUSE bug 1212448 SUSE bug 1212494 SUSE bug 1212504 SUSE bug 1212513 SUSE bug 1212540 SUSE bug 1212561 SUSE bug 1212563 SUSE bug 1212564 SUSE bug 1212584 SUSE bug 1212592 CVE-2022-4269 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1077 CVE-2023-1079 CVE-2023-1249 CVE-2023-1380 CVE-2023-1382 CVE-2023-2002 CVE-2023-21102 CVE-2023-2124 CVE-2023-2156 CVE-2023-2162 CVE-2023-2269 CVE-2023-2483 CVE-2023-2513 CVE-2023-28410 CVE-2023-3006 CVE-2023-30456 CVE-2023-31084 CVE-2023-3141 CVE-2023-31436 CVE-2023-3161 CVE-2023-32233 CVE-2023-33288 CVE-2023-35788 CVE-2023-35823 CVE-2023-35828 cpe:/o:opensuse:leap:15.4 Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets (Important) openSUSE Leap 15.4 This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues: grpc: - Update in SLE-15 (bsc#1197726, bsc#1144068) protobuf: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681 - Fix a potential DoS issue when parsing with binary data in protobuf-java, CVE-2022-3171, bsc#1204256 - Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530 - Add missing dependency of python subpackages on python-six (bsc#1177127) - Updated to version 3.9.2 (bsc#1162343) * Remove OSReadLittle* due to alignment requirements. * Don't use unions and instead use memcpy for the type swaps. - Disable LTO (bsc#1133277) python-aiocontextvars: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-avro: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-cryptography: - update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331) * SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. CVE-2020-36242 python-cryptography-vectors: - update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Support for OpenSSL 1.0.2 has been removed. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. - update to 3.3.2 (bsc#1198331) python-Deprecated: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 1.2.13: python-google-api-core: - Update to 1.14.2 python-googleapis-common-protos: - Update to 1.6.0 python-grpcio-gcp: - Initial spec for v0.2.2 python-humanfriendly: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to 10.0 python-jsondiff: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 1.3.0 python-knack: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 0.9.0 python-opencensus: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Disable Python2 build - Update to 0.8.0 python-opencensus-context: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-opencensus-ext-threading: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Initial build version 0.1.2 python-opentelemetry-api: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Version update to 1.5.0 python-psutil: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 5.9.1 - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753) - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-PyGithub: - Update to 1.43.5: python-pytest-asyncio: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Initial release of python-pytest-asyncio 0.8.0 python-requests: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-websocket-client: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 1.3.2 python-websockets: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 9.1: Important SUSE bug 1099269 SUSE bug 1133277 SUSE bug 1144068 SUSE bug 1162343 SUSE bug 1177127 SUSE bug 1178168 SUSE bug 1182066 SUSE bug 1184753 SUSE bug 1194530 SUSE bug 1197726 SUSE bug 1198331 SUSE bug 1199282 SUSE bug 1203681 SUSE bug 1204256 CVE-2018-1000518 CVE-2020-25659 CVE-2020-36242 CVE-2021-22569 CVE-2021-22570 CVE-2022-1941 CVE-2022-3171 cpe:/o:opensuse:leap:15.4 Security update for libdwarf (Moderate) openSUSE Leap 15.4 This update for libdwarf fixes the following issues: - CVE-2020-27545: Fixed corrupted line table being able to crash calling app (bsc#1193102). Moderate SUSE bug 1193102 CVE-2020-27545 cpe:/o:opensuse:leap:15.4 Security update for bind (Important) openSUSE Leap 15.4 This update for bind fixes the following issues: - CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544). Important SUSE bug 1212544 CVE-2023-2828 cpe:/o:opensuse:leap:15.4 Security update for prometheus-sap_host_exporter (Important) openSUSE Leap 15.4 This update for prometheus-sap_host_exporter fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1208270). - fixed exporter package description (bsc#1211311). Important SUSE bug 1208270 SUSE bug 1211311 cpe:/o:opensuse:leap:15.4 Security update for prometheus-ha_cluster_exporter (Important) openSUSE Leap 15.4 This update for prometheus-ha_cluster_exporter fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1208296). Important SUSE bug 1208296 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). The following non-security bugs were fixed: - Get module prefix from kmod (bsc#1212835). - Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes). - Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes). - alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). - alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). - alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). - alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). - arm64: Add missing Set/Way CMO encodings (git-fixes). - arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes) - arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). - asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). - asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). - asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). - asoc: mediatek: mt8173: Fix irq error path (git-fixes). - asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). - asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). - bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). - bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). - can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). - can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). - can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). - can: length: fix bitstuffing count (git-fixes). - can: length: fix description of the RRS field (git-fixes). - can: length: make header self contained (git-fixes). - clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). - clk: cdce925: check return value of kasprintf() (git-fixes). - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes). - clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes). - clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). - clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). - clk: si5341: check return value of {devm_}kasprintf() (git-fixes). - clk: si5341: free unused memory on probe failure (git-fixes). - clk: si5341: return error if one synth clock registration fails (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). - clk: ti: clkctrl: check return value of kasprintf() (git-fixes). - clk: vc5: check memory returned by kasprintf() (git-fixes). - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes). - crypto: marvell/cesa - Fix type mismatch warning (git-fixes). - crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). - drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). - drm/amd/display: Add logging for display MALL refresh setting (git-fixes). - drm/amd/display: Add minimal pipe split transition state (git-fixes). - drm/amd/display: Add wrapper to call planes and stream update (git-fixes). - drm/amd/display: Explicitly specify update type per plane info change (git-fixes). - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). - drm/amd/display: Use dc_update_planes_and_stream (git-fixes). - drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes). - drm/amd/display: fix the system hang while disable PSR (git-fixes). - drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). - drm/bridge: tc358768: always enable HS video mode (git-fixes). - drm/bridge: tc358768: fix PLL parameters computation (git-fixes). - drm/bridge: tc358768: fix PLL target frequency (git-fixes). - drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). - drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). - drm/exynos: vidi: fix a wrong error return (git-fixes). - drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes). - drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). - drm/msm/dp: Free resources after unregistering them (git-fixes). - drm/msm/dpu: correct MERGE_3D length (git-fixes). - drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes). - drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes). - drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes). - drm/radeon: fix possible division-by-zero errors (git-fixes). - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes). - drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). - drm/vram-helper: fix function names in vram helper doc (git-fixes). - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes). - elf: correct note name comment (git-fixes). - extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes). - extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). - extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). - extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes). - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). - firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). - hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). - hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). - hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). - hwrng: st - keep clock enabled while hwrng is registered (git-fixes). - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). - i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). - ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes) - ib/isert: Fix dead lock in ib_isert (git-fixes) - ib/isert: Fix incorrect release of isert connection (git-fixes) - ib/isert: Fix possible list corruption in CMA handler (git-fixes) - ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) - ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). - ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). - ice: Do not double unplug aux on peer initiated reset (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). - ice: Fix DSCP PFC TLV creation (git-fixes). - ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes). - ice: Fix memory corruption in VF driver (git-fixes). - ice: Ignore EEXIST when setting promisc mode (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (git-fixes). - ice: Reset FDIR counter in FDIR init stage (git-fixes). - ice: add profile conflict check for AVF FDIR (git-fixes). - ice: block LAN in case of VF to VF offload (git-fixes). - ice: config netdev tc before setting queues number (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). - ice: ethtool: Prohibit improper channel config for DCB (git-fixes). - ice: ethtool: advertise 1000M speeds properly (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes). - ice: fix wrong fallback logic for FDIR (git-fixes). - ice: handle E822 generic device ID in PLDM header (git-fixes). - ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). - ice: use bitmap_free instead of devm_kfree (git-fixes). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). - ieee802154: hwsim: Fix possible memory leaks (git-fixes). - ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes). - iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). - iio: adc: ad7192: Fix internal/external clock selection (git-fixes). - iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). - input: adxl34x - do not hardcode interrupt trigger type (git-fixes). - input: drv260x - fix typo in register value define (git-fixes). - input: drv260x - remove unused .reg_defaults (git-fixes). - input: drv260x - sleep between polling GO bit (git-fixes). - input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes). - integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes). - irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). - irqchip/ftintc010: Mark all function static (git-fixes). - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). - kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). - media: cec: core: do not set last_initiator if tx in progress (git-fixes). - memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). - meson saradc: fix clock divider mask length (git-fixes). - mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). - mfd: pm8008: Fix module autoloading (git-fixes). - mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). - mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). - mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). - mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). - misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). - misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). - misc: pci_endpoint_test: Re-init completion for every test (git-fixes). - mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). - mmc: bcm2835: fix deferred probing (git-fixes). - mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). - mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). - mmc: mtk-sd: fix deferred probing (git-fixes). - mmc: mvsdio: fix deferred probing (git-fixes). - mmc: omap: fix deferred probing (git-fixes). - mmc: omap_hsmmc: fix deferred probing (git-fixes). - mmc: owl: fix deferred probing (git-fixes). - mmc: sdhci-acpi: fix deferred probing (git-fixes). - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). - mmc: sdhci-spear: fix deferred probing (git-fixes). - mmc: sh_mmcif: fix deferred probing (git-fixes). - mmc: sunxi: fix deferred probing (git-fixes). - mmc: usdhi60rol0: fix deferred probing (git-fixes). - mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). - net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). - net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). - net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). - net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). - net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). - net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). - net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). - net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). - net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). - net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). - net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). - net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). - net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). - net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). - net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). - net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). - net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). - net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). - net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). - net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). - net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). - net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) - net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). - net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). - net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). - net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). - net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). - net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). - net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). - net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). - net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). - net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). - net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). - net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). - nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). - nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). - nvme-core: fix dev_pm_qos memleak (git-fixes). - nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). - nvme-core: fix memory leak in dhchap_secret_store (git-fixes). - nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes). - nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). - ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). - ocfs2: fix non-auto defrag path not working issue (git-fixes). - pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes). - pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). - pci: Release resource invalidated by coalescing (git-fixes). - pci: cadence: Fix Gen2 Link Retraining process (git-fixes). - pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes). - pci: ftpci100: Release the clock resources (git-fixes). - pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). - pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes). - pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes). - pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). - pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes). - pci: rockchip: Set address alignment for endpoint mode (git-fixes). - pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). - pci: rockchip: Write PCI Device ID to correct register (git-fixes). - pci: vmd: Reset VMD config register between soft reboots (git-fixes). - pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). - pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes). - pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes). - platform/x86: think-lmi: Correct NVME password handling (git-fixes). - platform/x86: think-lmi: Correct System password interface (git-fixes). - platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes). - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). - pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). - powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). - powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). - pstore/ram: Add check for kstrdup (git-fixes). - radeon: avoid double free in ci_dpm_init() (git-fixes). - rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes) - rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) - rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) - rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) - rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) - rdma/bnxt_re: Remove unnecessary checks (git-fixes) - rdma/bnxt_re: Return directly without goto jumps (git-fixes) - rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) - rdma/bnxt_re: wraparound mbox producer index (git-fixes) - rdma/cma: Always set static rate to 0 for RoCE (git-fixes) - rdma/hns: Fix hns_roce_table_get return value (git-fixes) - rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) - rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) - rdma/mlx5: Fix affinity assignment (git-fixes) - rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) - rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). - rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) - rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) - rdma/rxe: Fix packet length checks (git-fixes) - rdma/rxe: Fix ref count error in check_rkey() (git-fixes) - rdma/rxe: Fix rxe_cq_post (git-fixes) - rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) - rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) - rdma/rxe: Remove the unused variable obj (git-fixes) - rdma/rxe: Removed unused name from rxe_task struct (git-fixes) - rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) - rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) - regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes). - regulator: core: Streamline debugfs operations (git-fixes). - regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). - rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes). - s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). - s390/pkey: zeroize key blobs (git-fixes bsc#1212619). - serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). - serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). - serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). - serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes). - serial: atmel: do not enable IRQs prematurely (git-fixes). - signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). - soc/fsl/qe: fix usb.c build errors (git-fixes). - soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). - soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). - spi: dw: Round of n_bytes to power of 2 (git-fixes). - spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes). - tty: serial: imx: fix rs485 rx after tx (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). - usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes). - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes). - usb: dwc3: qcom: Fix potential memory leak (git-fixes). - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes). - usb: gadget: udc: fix NULL dereference in remove() (git-fixes). - usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). - usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). - usrmerge: Adjust module path in the kernel sources (bsc#1212835). - vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). - w1: fix loop in w1_fini() (git-fixes). - w1: w1_therm: fix locking behavior in convert_t (git-fixes). - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: convert msecs to jiffies where needed (git-fixes). - wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). - wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). - wifi: cfg80211: rewrite merging of inherited elements (git-fixes). - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). - wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). - wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes). - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes). - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). - wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). - writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). - x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). - x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). - x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). - x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). - x86/xen: fix secondary processor fpu initialization (bsc#1212869). Important SUSE bug 1187829 SUSE bug 1194869 SUSE bug 1210335 SUSE bug 1212051 SUSE bug 1212265 SUSE bug 1212603 SUSE bug 1212605 SUSE bug 1212606 SUSE bug 1212619 SUSE bug 1212701 SUSE bug 1212741 SUSE bug 1212835 SUSE bug 1212838 SUSE bug 1212842 SUSE bug 1212861 SUSE bug 1212869 SUSE bug 1212892 CVE-2023-1829 CVE-2023-3090 CVE-2023-3111 CVE-2023-3212 CVE-2023-3357 CVE-2023-3358 CVE-2023-3389 cpe:/o:opensuse:leap:15.4 Security update for geoipupdate (Important) openSUSE Leap 15.4 This update of geoipupdate fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:opensuse:leap:15.4 Security update for skopeo (Important) openSUSE Leap 15.4 This update of skopeo fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). The following non-security bugs were fixed: - Drop dvb-core fix patch due to a bug (bsc#1205758). - Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931). - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796). - Generalize kernel-doc build requirements. - Get module prefix from kmod (bsc#1212835). - Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). - Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes). - Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes). - Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). - Update the Mellanox/Nvidia mlx5_core driver (jsc#SLE-19253). - acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). - affs: initialize fsdata in affs_truncate() (git-fixes). - alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). - alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes). - alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). - alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). - alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). - alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). - alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). - alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). - alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes). - alsa: oss: avoid missing-prototype warnings (git-fixes). - alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). - alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). - arm64: Add missing Set/Way CMO encodings (git-fixes). - arm64: Always load shadow stack pointer directly from the task struct (git-fixes) - arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes) - arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes) - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes). - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). - arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) - arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). - arm: dts: vexpress: add missing cache properties (git-fixes). - asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes). - asoc: dwc: limit the number of overrun messages (git-fixes). - asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). - asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). - asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). - asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). - asoc: mediatek: mt8173: Fix irq error path (git-fixes). - asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). - asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). - asoc: soc-pcm: test if a BE can be prepared (git-fixes). - asoc: ssm2602: Add workaround for playback distortions (git-fixes). - ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). - batman-adv: Broken sync while rescheduling delayed work (git-fixes). - binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249). - bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). - bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). - bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). - bluetooth: hci_qca: fix debugfs registration (git-fixes). - bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). - bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes). - bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) - bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) - bpf, arm64: Feed byte-offset into bpf line info (git-fixes) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) - bpf: Add extra path pointer check to d_path helper (git-fixes). - bpf: Fix UAF in task local storage (bsc#1212564). - btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111). - bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). - bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). - can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). - can: j1939: change j1939_netdev_lock type to mutex (git-fixes). - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). - can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). - can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). - can: length: fix bitstuffing count (git-fixes). - can: length: fix description of the RRS field (git-fixes). - can: length: make header self contained (git-fixes). - ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). - cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). - cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). - clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). - clk: cdce925: check return value of kasprintf() (git-fixes). - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes). - clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes). - clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). - clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). - clk: si5341: check return value of {devm_}kasprintf() (git-fixes). - clk: si5341: free unused memory on probe failure (git-fixes). - clk: si5341: return error if one synth clock registration fails (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). - clk: ti: clkctrl: check return value of kasprintf() (git-fixes). - clk: vc5: check memory returned by kasprintf() (git-fixes). - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes). - crypto: marvell/cesa - Fix type mismatch warning (git-fixes). - crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). - dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes). - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes). - dmaengine: pl330: rename _start to prevent build error (git-fixes). - drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). - drm/amd/display: Add logging for display MALL refresh setting (git-fixes). - drm/amd/display: Add minimal pipe split transition state (git-fixes). - drm/amd/display: Add wrapper to call planes and stream update (git-fixes). - drm/amd/display: Explicitly specify update type per plane info change (git-fixes). - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). - drm/amd/display: Use dc_update_planes_and_stream (git-fixes). - drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes). - drm/amd/display: edp do not add non-edid timings (git-fixes). - drm/amd/display: fix the system hang while disable PSR (git-fixes). - drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). - drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes). - drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). - drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes). - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). - drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). - drm/ast: Fix ARM compatibility (git-fixes). - drm/bridge: tc358768: always enable HS video mode (git-fixes). - drm/bridge: tc358768: fix PLL parameters computation (git-fixes). - drm/bridge: tc358768: fix PLL target frequency (git-fixes). - drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). - drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). - drm/exynos: vidi: fix a wrong error return (git-fixes). - drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes). - drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes). - drm/i915/selftests: Add some missing error propagation (git-fixes). - drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). - drm/i915/selftests: Stop using kthread_stop() (git-fixes). - drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes). - drm/i915: Use 18 fast wake AUX sync len (git-fixes). - drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). - drm/msm/dp: Free resources after unregistering them (git-fixes). - drm/msm/dpu: correct MERGE_3D length (git-fixes). - drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes). - drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes). - drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). - drm/msm: Set max segment size earlier (git-fixes). - drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). - drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). - drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). - drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes). - drm/radeon: fix possible division-by-zero errors (git-fixes). - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes). - drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). - drm/vram-helper: fix function names in vram helper doc (git-fixes). - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes). - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes). - dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes). - eeprom: at24: also select REGMAP (git-fixes). - elf: correct note name comment (git-fixes). - ext4: unconditionally enable the i_version counter (bsc#1211299). - extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes). - extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). - extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). - extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes). - fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). - fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read() - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). - fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). - fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). - firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes). - firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). - fs/jfs: fix shift exponent db_agl2size negative (git-fixes). - fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). - fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). - fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). - gfs2: Do not deref jdesc in evict (bsc#1212265 CVE-2023-3212). - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). - hfs/hfsplus: use WARN_ON for sanity check (git-fixes). - hfs: Fix OOB Write in hfs_asc2mac (git-fixes). - hfs: fix OOB Read in __hfs_brec_find (git-fixes). - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). - hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357). - hid: google: add jewel USB id (git-fixes). - hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). - hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). - hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). - hwrng: st - keep clock enabled while hwrng is registered (git-fixes). - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). - i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). - i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). - i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). - iavf: remove mask from iavf_irq_enable_queues() (git-fixes). - ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes) - ib/isert: Fix dead lock in ib_isert (git-fixes) - ib/isert: Fix incorrect release of isert connection (git-fixes) - ib/isert: Fix possible list corruption in CMA handler (git-fixes) - ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) - ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) - ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). - ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). - ice: Do not double unplug aux on peer initiated reset (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). - ice: Fix DSCP PFC TLV creation (git-fixes). - ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes). - ice: Fix memory corruption in VF driver (git-fixes). - ice: Ignore EEXIST when setting promisc mode (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (git-fixes). - ice: Reset FDIR counter in FDIR init stage (git-fixes). - ice: add profile conflict check for AVF FDIR (git-fixes). - ice: block LAN in case of VF to VF offload (git-fixes). - ice: config netdev tc before setting queues number (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). - ice: ethtool: Prohibit improper channel config for DCB (git-fixes). - ice: ethtool: advertise 1000M speeds properly (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes). - ice: fix wrong fallback logic for FDIR (git-fixes). - ice: handle E822 generic device ID in PLDM header (git-fixes). - ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). - ice: use bitmap_free instead of devm_kfree (git-fixes). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). - ieee802154: hwsim: Fix possible memory leaks (git-fixes). - ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). - igb: fix bit_shift to be in [1..8] range (git-fixes). - igb: fix nvm.ops.read() error handling (git-fixes). - igc: Clean the TX buffer and TX descriptor ring (git-fixes). - igc: Fix possible system crash when loading module (git-fixes). - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes). - iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). - iio: adc: ad7192: Fix internal/external clock selection (git-fixes). - iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). - init: Provide arch_cpu_finalize_init() (bsc#1212448). - init: Remove check_bugs() leftovers (bsc#1212448). - input: adxl34x - do not hardcode interrupt trigger type (git-fixes). - input: drv260x - fix typo in register value define (git-fixes). - input: drv260x - remove unused .reg_defaults (git-fixes). - input: drv260x - sleep between polling GO bit (git-fixes). - input: fix open count when closing inhibited device (git-fixes). - input: psmouse - fix OOB access in Elantech protocol (git-fixes). - input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes). - input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). - integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes). - io_uring: hold uring mutex around poll removal (bsc#1212838 CVE-2023-3389). - ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090). - irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). - irqchip/ftintc010: Mark all function static (git-fixes). - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). - jfs: Fix fortify moan in symlink (git-fixes). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. - kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). - kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). - kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes). - kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). - kprobes: Prohibit probes in gate area (git-fixes). - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). - kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). - kvm: arm64: Do not hypercall before EL2 init (git-fixes) - kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) - kvm: arm64: Save PSTATE early on exit (git-fixes) - kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) - lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). - lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). - lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). - lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). - lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). - lpfc: Enhance congestion statistics collection (bsc#1211852). - lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). - lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). - lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). - mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). - media: cec: core: do not set last_initiator if tx in progress (git-fixes). - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes). - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes). - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). - media: dvb_ca_en50221: fix a size write bug (git-fixes). - media: dvb_demux: fix a bug for the continuity counter (git-fixes). - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). - media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes). - memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). - meson saradc: fix clock divider mask length (git-fixes). - mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). - mfd: pm8008: Fix module autoloading (git-fixes). - mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). - mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). - mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). - mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). - misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). - misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). - misc: pci_endpoint_test: Re-init completion for every test (git-fixes). - mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). - mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). - mm: Move mm_cachep initialization to mm_init() (bsc#1212448). - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). - mmc: bcm2835: fix deferred probing (git-fixes). - mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). - mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). - mmc: mtk-sd: fix deferred probing (git-fixes). - mmc: mvsdio: fix deferred probing (git-fixes). - mmc: omap: fix deferred probing (git-fixes). - mmc: omap_hsmmc: fix deferred probing (git-fixes). - mmc: owl: fix deferred probing (git-fixes). - mmc: sdhci-acpi: fix deferred probing (git-fixes). - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). - mmc: sdhci-spear: fix deferred probing (git-fixes). - mmc: sh_mmcif: fix deferred probing (git-fixes). - mmc: sunxi: fix deferred probing (git-fixes). - mmc: usdhi60rol0: fix deferred probing (git-fixes). - mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). - net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). - net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). - net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). - net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). - net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). - net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). - net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). - net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). - net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). - net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). - net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). - net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). - net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). - net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). - net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). - net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). - net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). - net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). - net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). - net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). - net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). - net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) - net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). - net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). - net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). - net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). - net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). - net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). - net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). - net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). - net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). - net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). - net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). - net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). - net/net_failover: fix txq exceeding warning (git-fixes). - net/sched: fix initialization order when updating chain 0 head (git-fixes). - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). - net/sched: tcindex: Do not use perfect hashing (bsc#1210335 CVE-2023-1829). - net: ena: Account for the number of processed bytes in XDP (git-fixes). - net: ena: Do not register memory info on XDP exchange (git-fixes). - net: ena: Fix rx_copybreak value update (git-fixes). - net: ena: Fix toeplitz initial hash value (git-fixes). - net: ena: Set default value for RX interrupt moderation (git-fixes). - net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). - net: ena: Use bitmask to indicate packet redirection (git-fixes). - net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). - net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). - net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). - net: hns3: fix sending pfc frames after reset issue (git-fixes). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). - net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). - net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). - nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). - nfp: only report pause frame configuration for physical device (git-fixes). - nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes). - nouveau: fix client work fence deletion race (git-fixes). - nvme-core: fix dev_pm_qos memleak (git-fixes). - nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). - nvme-core: fix memory leak in dhchap_secret_store (git-fixes). - nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes). - nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). - ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). - ocfs2: fix non-auto defrag path not working issue (git-fixes). - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). - octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes). - pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes). - pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). - pci: Release resource invalidated by coalescing (git-fixes). - pci: cadence: Fix Gen2 Link Retraining process (git-fixes). - pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes). - pci: ftpci100: Release the clock resources (git-fixes). - pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). - pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes). - pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes). - pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). - pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes). - pci: rockchip: Set address alignment for endpoint mode (git-fixes). - pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). - pci: rockchip: Write PCI Device ID to correct register (git-fixes). - pci: vmd: Reset VMD config register between soft reboots (git-fixes). - pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). - pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes). - pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). - pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes). - platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). - platform/x86: think-lmi: Correct NVME password handling (git-fixes). - platform/x86: think-lmi: Correct System password interface (git-fixes). - platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes). - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). - pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). - power: supply: Fix logic checking if system is running from battery (git-fixes). - power: supply: Ratelimit no data debug output (git-fixes). - power: supply: ab8500: Fix external_power_changed race (git-fixes). - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). - power: supply: sc27xx: Fix external_power_changed race (git-fixes). - powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). - powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). - powerpc/purgatory: remove PGO flags (bsc#1194869). - powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). - powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). - pstore/ram: Add check for kstrdup (git-fixes). - qed/qede: Fix scheduling while atomic (git-fixes). - radeon: avoid double free in ci_dpm_init() (git-fixes). - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). - rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes) - rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) - rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) - rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) - rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) - rdma/bnxt_re: Remove unnecessary checks (git-fixes) - rdma/bnxt_re: Return directly without goto jumps (git-fixes) - rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) - rdma/bnxt_re: wraparound mbox producer index (git-fixes) - rdma/cma: Always set static rate to 0 for RoCE (git-fixes) - rdma/hns: Fix hns_roce_table_get return value (git-fixes) - rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) - rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) - rdma/mlx5: Fix affinity assignment (git-fixes) - rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) - rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). - rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) - rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) - rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) - rdma/rxe: Fix packet length checks (git-fixes) - rdma/rxe: Fix ref count error in check_rkey() (git-fixes) - rdma/rxe: Fix rxe_cq_post (git-fixes) - rdma/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes) - rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) - rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) - rdma/rxe: Remove the unused variable obj (git-fixes) - rdma/rxe: Removed unused name from rxe_task struct (git-fixes) - rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) - rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) - regmap: Account for register length when chunking (git-fixes). - regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). - regulator: Fix error checking for debugfs_create_dir (git-fixes). - regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes). - regulator: core: Streamline debugfs operations (git-fixes). - regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). - reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). - revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes). - rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes). - s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). - s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). - s390/pkey: zeroize key blobs (git-fixes bsc#1212619). - sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077) - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes). - scsi: stex: Fix gcc 13 warnings (git-fixes). - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). - serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). - serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). - serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). - serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes). - serial: atmel: do not enable IRQs prematurely (git-fixes). - serial: lantiq: add missing interrupt ack (git-fixes). - sfc: disable RXFCS and RXALL features by default (git-fixes). - signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). - soc/fsl/qe: fix usb.c build errors (git-fixes). - soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). - soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). - spi: dw: Round of n_bytes to power of 2 (git-fixes). - spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). - spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). - spi: qup: Request DMA before enabling clocks (git-fixes). - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). - spi: tegra210-quad: Fix combined sequence (bsc#1212584) - spi: tegra210-quad: Fix iterator outside loop (git-fixes). - spi: tegra210-quad: Multi-cs support (bsc#1212584) - squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). - staging: octeon: delete my name from TODO contact (git-fixes). - sunrpc: Clean up svc_deferred_class trace events (git-fixes). - supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) - test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). - test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes). - test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). - thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). - tls: Skip tls_append_frag on zero copy size (git-fixes). - tools: bpftool: Remove invalid \' json escape (git-fixes). - tpm, tpm_tis: Request threaded interrupt handler (git-fixes). - tracing/histograms: Allow variables to have some modifiers (git-fixes). - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes). - tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350). - tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes). - tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350). - tty: serial: imx: fix rs485 rx after tx (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes). - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). - usb: dwc3: fix use-after-free on core driver unbind (git-fixes). - usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes). - usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes). - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes). - usb: dwc3: qcom: Fix potential memory leak (git-fixes). - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes). - usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes). - usb: gadget: udc: fix NULL dereference in remove() (git-fixes). - usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). - usb: serial: option: add Quectel EM061KGL series (git-fixes). - usb: typec: ucsi: Fix command cancellation (git-fixes). - usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). - usrmerge: Adjust module path in the kernel sources (bsc#1212835). - usrmerge: Compatibility with earlier rpm (boo#1211796) - vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). - w1: fix loop in w1_fini() (git-fixes). - w1: w1_therm: fix locking behavior in convert_t (git-fixes). - watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: convert msecs to jiffies where needed (git-fixes). - wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). - wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). - wifi: b43: fix incorrect __packed annotation (git-fixes). - wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). - wifi: cfg80211: fix locking in sched scan stop work (git-fixes). - wifi: cfg80211: rewrite merging of inherited elements (git-fixes). - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). - wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). - wifi: mac80211: simplify chanctx allocation (git-fixes). - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). - wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes). - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes). - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes). - wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). - writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Mark init functions __init (bsc#1212448). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). - x86/init: Initialize signal frame size late (bsc#1212448). - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes). - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes). - x86/microcode: Print previous version of microcode after reload (git-fixes). - x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). - x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). - x86/mm: Initialize text poking earlier (bsc#1212448). - x86/mm: Use mm_alloc() in poking_init() (bsc#1212448). - x86/mm: fix poking_init() for Xen PV guests (git-fixes). - x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). - x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). - x86/xen: fix secondary processor fpu initialization (bsc#1212869). - xfs: fix rm_offset flag handling in rmap keys (git-fixes). - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). Important SUSE bug 1065729 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1160435 SUSE bug 1187829 SUSE bug 1189998 SUSE bug 1194869 SUSE bug 1205758 SUSE bug 1208410 SUSE bug 1208600 SUSE bug 1209039 SUSE bug 1209367 SUSE bug 1210335 SUSE bug 1211299 SUSE bug 1211346 SUSE bug 1211387 SUSE bug 1211410 SUSE bug 1211449 SUSE bug 1211796 SUSE bug 1211852 SUSE bug 1212051 SUSE bug 1212129 SUSE bug 1212154 SUSE bug 1212155 SUSE bug 1212158 SUSE bug 1212265 SUSE bug 1212350 SUSE bug 1212448 SUSE bug 1212494 SUSE bug 1212495 SUSE bug 1212504 SUSE bug 1212513 SUSE bug 1212540 SUSE bug 1212561 SUSE bug 1212563 SUSE bug 1212564 SUSE bug 1212584 SUSE bug 1212592 SUSE bug 1212603 SUSE bug 1212605 SUSE bug 1212606 SUSE bug 1212619 SUSE bug 1212701 SUSE bug 1212741 SUSE bug 1212835 SUSE bug 1212838 SUSE bug 1212842 SUSE bug 1212861 SUSE bug 1212869 SUSE bug 1212892 CVE-2023-1077 CVE-2023-1249 CVE-2023-1829 CVE-2023-21102 CVE-2023-3090 CVE-2023-3111 CVE-2023-3141 CVE-2023-3161 CVE-2023-3212 CVE-2023-3357 CVE-2023-3358 CVE-2023-3389 CVE-2023-35788 CVE-2023-35823 CVE-2023-35828 CVE-2023-35829 cpe:/o:opensuse:leap:15.4 Security update for rabbitmq-c (Important) openSUSE Leap 15.4 This update for rabbitmq-c fixes the following issues: - CVE-2023-35789: Fixed insecure credentials submission (bsc#1212499). Important SUSE bug 1212499 CVE-2023-35789 cpe:/o:opensuse:leap:15.4 Security update for php7 (Moderate) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (bsc#1212349). Moderate SUSE bug 1212349 CVE-2023-3247 cpe:/o:opensuse:leap:15.4 Security update for ghostscript (Important) openSUSE Leap 15.4 This update for ghostscript fixes the following issues: - CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix (bsc#1212711). Important SUSE bug 1212711 CVE-2023-36664 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3268: Fixed an out of bounds flaw in relay_file_read_start_pos in kernel/relay.c that allowed a local attacker to crash the system or leak kernel internal information (bsc#1212502). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). The following non-security bugs were fixed: - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Move setting %%build_html to config.sh - Move setting %%split_optional to config.sh - Move setting %%supported_modules_check to config.sh - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) Important SUSE bug 1160435 SUSE bug 1198400 SUSE bug 1208604 SUSE bug 1209039 SUSE bug 1209779 SUSE bug 1210533 SUSE bug 1211449 SUSE bug 1212051 SUSE bug 1212128 SUSE bug 1212129 SUSE bug 1212154 SUSE bug 1212158 SUSE bug 1212501 SUSE bug 1212502 SUSE bug 1212606 SUSE bug 1212842 CVE-2023-1079 CVE-2023-1249 CVE-2023-1637 CVE-2023-2002 CVE-2023-3090 CVE-2023-3111 CVE-2023-3141 CVE-2023-3159 CVE-2023-3161 CVE-2023-3268 CVE-2023-3358 CVE-2023-35824 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). - CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495). The following non-security bugs were fixed: - ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). - ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). - ALSA: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes). - ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). - ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). - ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). - ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). - ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). - ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes). - ALSA: oss: avoid missing-prototype warnings (git-fixes). - ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). - ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). - ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) - ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - ARM: dts: Fix erroneous ADS touchscreen polarities (git-fixes). - ARM: dts: vexpress: add missing cache properties (git-fixes). - ASoC: codecs: wsa881x: do not set can_multi_write flag (git-fixes). - ASoC: dwc: limit the number of overrun messages (git-fixes). - ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). - ASoC: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). - ASoC: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). - ASoC: imx-audmix: check return value of devm_kasprintf() (git-fixes). - ASoC: mediatek: mt8173: Fix irq error path (git-fixes). - ASoC: nau8824: Add quirk to active-high jack-detect (git-fixes). - ASoC: simple-card: Add missing of_node_put() in case of error (git-fixes). - ASoC: soc-pcm: test if a BE can be prepared (git-fixes). - ASoC: ssm2602: Add workaround for playback distortions (git-fixes). - Also include kernel-docs build requirements for ALP - Avoid unsuported tar parameter on SLE12 - Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). - Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). - Bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). - Bluetooth: hci_qca: fix debugfs registration (git-fixes). - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796) - Generalize kernel-doc build requirements. - Get module prefix from kmod (bsc#1212835). - HID: google: add jewel USB id (git-fixes). - HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). - HID: wacom: Add error check to wacom_parse_and_register() (git-fixes). - IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes) - IB/isert: Fix dead lock in ib_isert (git-fixes) - IB/isert: Fix incorrect release of isert connection (git-fixes) - IB/isert: Fix possible list corruption in CMA handler (git-fixes) - IB/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) - Input: adxl34x - do not hardcode interrupt trigger type (git-fixes). - Input: drv260x - fix typo in register value define (git-fixes). - Input: drv260x - remove unused .reg_defaults (git-fixes). - Input: drv260x - sleep between polling GO bit (git-fixes). - Input: fix open count when closing inhibited device (git-fixes). - Input: psmouse - fix OOB access in Elantech protocol (git-fixes). - Input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes). - Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). - KVM: arm64: Do not hypercall before EL2 init (git-fixes) - KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) - KVM: arm64: Save PSTATE early on exit (git-fixes) - KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) - Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file. - Move setting %%build_html to config.sh - Move setting %%split_optional to config.sh - Move setting %%supported_modules_check to config.sh - Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file. - PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes). - PCI: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). - PCI: Release resource invalidated by coalescing (git-fixes). - PCI: cadence: Fix Gen2 Link Retraining process (git-fixes). - PCI: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes). - PCI: ftpci100: Release the clock resources (git-fixes). - PCI: pciehp: Cancel bringup sequence if card is not present (git-fixes). - PCI: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes). - PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes). - PCI: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). - PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes). - PCI: rockchip: Set address alignment for endpoint mode (git-fixes). - PCI: rockchip: Use u32 variable to access 32-bit registers (git-fixes). - PCI: rockchip: Write PCI Device ID to correct register (git-fixes). - PCI: vmd: Reset VMD config register between soft reboots (git-fixes). - PM: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). - RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes) - RDMA/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) - RDMA/bnxt_re: Fix to remove an unnecessary log (git-fixes) - RDMA/bnxt_re: Fix to remove unnecessary return labels (git-fixes) - RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) - RDMA/bnxt_re: Remove unnecessary checks (git-fixes) - RDMA/bnxt_re: Return directly without goto jumps (git-fixes) - RDMA/bnxt_re: Use unique names while registering interrupts (git-fixes) - RDMA/bnxt_re: wraparound mbox producer index (git-fixes) - RDMA/cma: Always set static rate to 0 for RoCE (git-fixes) - RDMA/hns: Fix hns_roce_table_get return value (git-fixes) - RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) - RDMA/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) - RDMA/mlx5: Fix affinity assignment (git-fixes) - RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) - RDMA/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). - RDMA/rtrs: Fix rxe_dealloc_pd warning (git-fixes) - RDMA/rtrs: Fix the last iu->buf leak in err path (git-fixes) - RDMA/rxe: Fix packet length checks (git-fixes) - RDMA/rxe: Fix ref count error in check_rkey() (git-fixes) - RDMA/rxe: Fix rxe_cq_post (git-fixes) - RDMA/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) - RDMA/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) - RDMA/rxe: Remove the unused variable obj (git-fixes) - RDMA/rxe: Removed unused name from rxe_task struct (git-fixes) - RDMA/uverbs: Restrict usage of privileged QKEYs (git-fixes) - RDMA/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) - Remove more packaging cruft for SLE &lt; 12 SP3 - Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). - Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes). - Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes). - SUNRPC: Clean up svc_deferred_class trace events (git-fixes). - Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). - Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. - USB: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes). - USB: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). - USB: dwc3: fix use-after-free on core driver unbind (git-fixes). - USB: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes). - USB: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes). - USB: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes). - USB: dwc3: qcom: Fix potential memory leak (git-fixes). - USB: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes). - USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes). - USB: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes). - USB: gadget: udc: fix NULL dereference in remove() (git-fixes). - USB: hide unused usbfs_notify_suspend/resume functions (git-fixes). - USB: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). - USB: serial: option: add Quectel EM061KGL series (git-fixes). - USB: typec: ucsi: Fix command cancellation (git-fixes). - USB: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). - affs: initialize fsdata in affs_truncate() (git-fixes). - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). - arm64: Add missing Set/Way CMO encodings (git-fixes). - arm64: Always load shadow stack pointer directly from the task struct (git-fixes) - arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes) - arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes) - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes). - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). - ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). - batman-adv: Broken sync while rescheduling delayed work (git-fixes). - bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). - bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes). - bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) - bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) - bpf, arm64: Feed byte-offset into bpf line info (git-fixes) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) - bpf: Add extra path pointer check to d_path helper (git-fixes). - bpf: Fix UAF in task local storage (bsc#1212564). - bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). - bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). - can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). - can: j1939: change j1939_netdev_lock type to mutex (git-fixes). - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). - can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). - can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). - can: length: fix bitstuffing count (git-fixes). - can: length: fix description of the RRS field (git-fixes). - can: length: make header self contained (git-fixes). - ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). - cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). - cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). - clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). - clk: cdce925: check return value of kasprintf() (git-fixes). - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes). - clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes). - clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). - clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). - clk: si5341: check return value of {devm_}kasprintf() (git-fixes). - clk: si5341: free unused memory on probe failure (git-fixes). - clk: si5341: return error if one synth clock registration fails (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). - clk: ti: clkctrl: check return value of kasprintf() (git-fixes). - clk: vc5: check memory returned by kasprintf() (git-fixes). - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes). - crypto: marvell/cesa - Fix type mismatch warning (git-fixes). - crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). - dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes). - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes). - dmaengine: pl330: rename _start to prevent build error (git-fixes). - drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). - drm/amd/display: Add logging for display MALL refresh setting (git-fixes). - drm/amd/display: Add minimal pipe split transition state (git-fixes). - drm/amd/display: Add wrapper to call planes and stream update (git-fixes). - drm/amd/display: Explicitly specify update type per plane info change (git-fixes). - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). - drm/amd/display: Use dc_update_planes_and_stream (git-fixes). - drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes). - drm/amd/display: edp do not add non-edid timings (git-fixes). - drm/amd/display: fix the system hang while disable PSR (git-fixes). - drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). - drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes). - drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). - drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes). - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). - drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). - drm/ast: Fix ARM compatibility (git-fixes). - drm/bridge: tc358768: always enable HS video mode (git-fixes). - drm/bridge: tc358768: fix PLL parameters computation (git-fixes). - drm/bridge: tc358768: fix PLL target frequency (git-fixes). - drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). - drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). - drm/exynos: vidi: fix a wrong error return (git-fixes). - drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes). - drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes). - drm/i915/selftests: Add some missing error propagation (git-fixes). - drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). - drm/i915/selftests: Stop using kthread_stop() (git-fixes). - drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes). - drm/i915: Use 18 fast wake AUX sync len (git-fixes). - drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). - drm/msm/dp: Free resources after unregistering them (git-fixes). - drm/msm/dpu: correct MERGE_3D length (git-fixes). - drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes). - drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes). - drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). - drm/msm: Set max segment size earlier (git-fixes). - drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). - drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). - drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). - drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes). - drm/radeon: fix possible division-by-zero errors (git-fixes). - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes). - drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). - drm/vram-helper: fix function names in vram helper doc (git-fixes). - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes). - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes). - dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes). - eeprom: at24: also select REGMAP (git-fixes). - elf: correct note name comment (git-fixes). - ext4: unconditionally enable the i_version counter (bsc#1211299). - extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes). - extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). - extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). - extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes). - fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). - fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read() - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). - fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). - fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). - firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes). - firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). - fs/jfs: fix shift exponent db_agl2size negative (git-fixes). - fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). - fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). - fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). - hfs/hfsplus: use WARN_ON for sanity check (git-fixes). - hfs: Fix OOB Write in hfs_asc2mac (git-fixes). - hfs: fix OOB Read in __hfs_brec_find (git-fixes). - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). - hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). - hwrng: st - keep clock enabled while hwrng is registered (git-fixes). - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). - i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). - i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). - i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). - iavf: remove mask from iavf_irq_enable_queues() (git-fixes). - ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). - ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). - ice: Do not double unplug aux on peer initiated reset (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). - ice: Fix DSCP PFC TLV creation (git-fixes). - ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes). - ice: Fix memory corruption in VF driver (git-fixes). - ice: Ignore EEXIST when setting promisc mode (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (git-fixes). - ice: Reset FDIR counter in FDIR init stage (git-fixes). - ice: add profile conflict check for AVF FDIR (git-fixes). - ice: block LAN in case of VF to VF offload (git-fixes). - ice: config netdev tc before setting queues number (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). - ice: ethtool: Prohibit improper channel config for DCB (git-fixes). - ice: ethtool: advertise 1000M speeds properly (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes). - ice: fix wrong fallback logic for FDIR (git-fixes). - ice: handle E822 generic device ID in PLDM header (git-fixes). - ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). - ice: use bitmap_free instead of devm_kfree (git-fixes). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). - ieee802154: hwsim: Fix possible memory leaks (git-fixes). - ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). - igb: fix bit_shift to be in [1..8] range (git-fixes). - igb: fix nvm.ops.read() error handling (git-fixes). - igc: Clean the TX buffer and TX descriptor ring (git-fixes). - igc: Fix possible system crash when loading module (git-fixes). - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes). - iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). - iio: adc: ad7192: Fix internal/external clock selection (git-fixes). - iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). - init: Provide arch_cpu_finalize_init() (bsc#1212448). - init: Remove check_bugs() leftovers (bsc#1212448). - integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes). - irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). - irqchip/ftintc010: Mark all function static (git-fixes). - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). - jfs: Fix fortify moan in symlink (git-fixes). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. - kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). - kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). - kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes). - kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). - kprobes: Prohibit probes in gate area (git-fixes). - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). - kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). - lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). - lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). - lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). - lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). - lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). - lpfc: Enhance congestion statistics collection (bsc#1211852). - lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). - lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). - lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). - mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). - media: cec: core: do not set last_initiator if tx in progress (git-fixes). - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes). - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes). - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). - media: dvb_ca_en50221: fix a size write bug (git-fixes). - media: dvb_demux: fix a bug for the continuity counter (git-fixes). - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). - media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes). - memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). - meson saradc: fix clock divider mask length (git-fixes). - mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). - mfd: pm8008: Fix module autoloading (git-fixes). - mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). - mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). - mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). - mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). - misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). - misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). - misc: pci_endpoint_test: Re-init completion for every test (git-fixes). - mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). - mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). - mm: Move mm_cachep initialization to mm_init() (bsc#1212448). - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). - mmc: bcm2835: fix deferred probing (git-fixes). - mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). - mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). - mmc: mtk-sd: fix deferred probing (git-fixes). - mmc: mvsdio: fix deferred probing (git-fixes). - mmc: omap: fix deferred probing (git-fixes). - mmc: omap_hsmmc: fix deferred probing (git-fixes). - mmc: owl: fix deferred probing (git-fixes). - mmc: sdhci-acpi: fix deferred probing (git-fixes). - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). - mmc: sdhci-spear: fix deferred probing (git-fixes). - mmc: sh_mmcif: fix deferred probing (git-fixes). - mmc: sunxi: fix deferred probing (git-fixes). - mmc: usdhi60rol0: fix deferred probing (git-fixes). - mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). - net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). - net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). - net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). - net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). - net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). - net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). - net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). - net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). - net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). - net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). - net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). - net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). - net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). - net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). - net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). - net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). - net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). - net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). - net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). - net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). - net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). - net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) - net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). - net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). - net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). - net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). - net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). - net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). - net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). - net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). - net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). - net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). - net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). - net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). - net/net_failover: fix txq exceeding warning (git-fixes). - net/sched: fix initialization order when updating chain 0 head (git-fixes). - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). - net: ena: Account for the number of processed bytes in XDP (git-fixes). - net: ena: Do not register memory info on XDP exchange (git-fixes). - net: ena: Fix rx_copybreak value update (git-fixes). - net: ena: Fix toeplitz initial hash value (git-fixes). - net: ena: Set default value for RX interrupt moderation (git-fixes). - net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). - net: ena: Use bitmask to indicate packet redirection (git-fixes). - net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). - net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). - net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). - net: hns3: fix sending pfc frames after reset issue (git-fixes). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). - net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). - net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). - nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). - nfp: only report pause frame configuration for physical device (git-fixes). - nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes). - nouveau: fix client work fence deletion race (git-fixes). - nvme-core: fix dev_pm_qos memleak (git-fixes). - nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). - nvme-core: fix memory leak in dhchap_secret_store (git-fixes). - nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes). - nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). - ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). - ocfs2: fix non-auto defrag path not working issue (git-fixes). - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). - octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes). - pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). - pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes). - pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). - pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes). - platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). - platform/x86: think-lmi: Correct NVME password handling (git-fixes). - platform/x86: think-lmi: Correct System password interface (git-fixes). - platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes). - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). - power: supply: Fix logic checking if system is running from battery (git-fixes). - power: supply: Ratelimit no data debug output (git-fixes). - power: supply: ab8500: Fix external_power_changed race (git-fixes). - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). - power: supply: sc27xx: Fix external_power_changed race (git-fixes). - powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). - powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). - powerpc/purgatory: remove PGO flags (bsc#1194869). - powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). - powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). - pstore/ram: Add check for kstrdup (git-fixes). - qed/qede: Fix scheduling while atomic (git-fixes). - radeon: avoid double free in ci_dpm_init() (git-fixes). - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). - regmap: Account for register length when chunking (git-fixes). - regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). - regulator: Fix error checking for debugfs_create_dir (git-fixes). - regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes). - regulator: core: Streamline debugfs operations (git-fixes). - regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). - reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). - revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes). - rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes). - s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). - s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). - s390/pkey: zeroize key blobs (git-fixes bsc#1212619). - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes). - scsi: stex: Fix gcc 13 warnings (git-fixes). - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). - serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). - serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). - serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). - serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes). - serial: atmel: do not enable IRQs prematurely (git-fixes). - serial: lantiq: add missing interrupt ack (git-fixes). - sfc: disable RXFCS and RXALL features by default (git-fixes). - signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). - soc/fsl/qe: fix usb.c build errors (git-fixes). - soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). - soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). - spi: dw: Round of n_bytes to power of 2 (git-fixes). - spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). - spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). - spi: qup: Request DMA before enabling clocks (git-fixes). - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). - spi: tegra210-quad: Fix combined sequence (bsc#1212584) - spi: tegra210-quad: Fix iterator outside loop (git-fixes). - spi: tegra210-quad: Multi-cs support (bsc#1212584) - squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). - staging: octeon: delete my name from TODO contact (git-fixes). - supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) - test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). - test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes). - test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). - thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). - tls: Skip tls_append_frag on zero copy size (git-fixes). - tools: bpftool: Remove invalid \' json escape (git-fixes). - tpm, tpm_tis: Request threaded interrupt handler (git-fixes). - tracing/histograms: Allow variables to have some modifiers (git-fixes). - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes). - tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350). - tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes). - tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350). - tty: serial: imx: fix rs485 rx after tx (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). - usrmerge: Adjust module path in the kernel sources (bsc#1212835). - usrmerge: Compatibility with earlier rpm (boo#1211796) - vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). - w1: fix loop in w1_fini() (git-fixes). - w1: w1_therm: fix locking behavior in convert_t (git-fixes). - watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: convert msecs to jiffies where needed (git-fixes). - wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). - wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). - wifi: b43: fix incorrect __packed annotation (git-fixes). - wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). - wifi: cfg80211: fix locking in sched scan stop work (git-fixes). - wifi: cfg80211: rewrite merging of inherited elements (git-fixes). - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). - wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). - wifi: mac80211: simplify chanctx allocation (git-fixes). - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). - wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes). - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes). - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes). - wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). - writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Mark init functions __init (bsc#1212448). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). - x86/init: Initialize signal frame size late (bsc#1212448). - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes). - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes). - x86/microcode: Print previous version of microcode after reload (git-fixes). - x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). - x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). - x86/mm: Initialize text poking earlier (bsc#1212448). - x86/mm: Use mm_alloc() in poking_init() (bsc#1212448). - x86/mm: fix poking_init() for Xen PV guests (git-fixes). - x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). - x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). - x86/xen: fix secondary processor fpu initialization (bsc#1212869). - xfs: fix rm_offset flag handling in rmap keys (git-fixes). - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). Important SUSE bug 1065729 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1160435 SUSE bug 1187829 SUSE bug 1189998 SUSE bug 1194869 SUSE bug 1205758 SUSE bug 1208410 SUSE bug 1208600 SUSE bug 1209039 SUSE bug 1209367 SUSE bug 1210335 SUSE bug 1211299 SUSE bug 1211346 SUSE bug 1211387 SUSE bug 1211410 SUSE bug 1211796 SUSE bug 1211852 SUSE bug 1212051 SUSE bug 1212129 SUSE bug 1212154 SUSE bug 1212155 SUSE bug 1212158 SUSE bug 1212265 SUSE bug 1212350 SUSE bug 1212448 SUSE bug 1212494 SUSE bug 1212495 SUSE bug 1212504 SUSE bug 1212513 SUSE bug 1212540 SUSE bug 1212561 SUSE bug 1212563 SUSE bug 1212564 SUSE bug 1212584 SUSE bug 1212592 SUSE bug 1212603 SUSE bug 1212605 SUSE bug 1212606 SUSE bug 1212619 SUSE bug 1212701 SUSE bug 1212741 SUSE bug 1212835 SUSE bug 1212838 SUSE bug 1212842 SUSE bug 1212861 SUSE bug 1212869 SUSE bug 1212892 CVE-2023-1077 CVE-2023-1249 CVE-2023-1829 CVE-2023-21102 CVE-2023-3090 CVE-2023-3111 CVE-2023-3141 CVE-2023-3161 CVE-2023-3212 CVE-2023-3357 CVE-2023-3358 CVE-2023-3389 CVE-2023-35788 CVE-2023-35823 CVE-2023-35828 CVE-2023-35829 cpe:/o:opensuse:leap:15.4 Security update for mariadb (Moderate) openSUSE Leap 15.4 This update for mariadb fixes the following issues: - CVE-2022-32084: Fixed segmentation fault via the component sub_select (bsc#1201164). Moderate SUSE bug 1201164 CVE-2022-32084 cpe:/o:opensuse:leap:15.4 Security update for poppler (Moderate) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272). - CVE-2018-21009: Fixed integer overflow in Parser:makeStream in Parser.cc (bsc#1149635). - CVE-2019-12293: Fixed heap-based buffer over-read in JPXStream:init in JPEG2000Stream.cc (bsc#1136105). Moderate SUSE bug 1136105 SUSE bug 1149635 SUSE bug 1199272 CVE-2018-21009 CVE-2019-12293 CVE-2022-27337 cpe:/o:opensuse:leap:15.4 Security update for bouncycastle (Important) openSUSE Leap 15.4 This update for bouncycastle fixes the following issues: - CVE-2023-33201: Fixed an issue with the X509LDAPCertStoreSpi where a specially crafted certificate subject could be used to try and extract extra information out of an LDAP server (bsc#1212508). Important SUSE bug 1212508 CVE-2023-33201 cpe:/o:opensuse:leap:15.4 Security update for go1.19 (Moderate) openSUSE Leap 15.4 This update for go1.19 fixes the following issues: go was updated to version 1.19.11 (bsc#1200441): - CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http (bsc#1213229). Moderate SUSE bug 1200441 SUSE bug 1213229 CVE-2023-29406 cpe:/o:opensuse:leap:15.4 Security update for go1.20 (Moderate) openSUSE Leap 15.4 This update for go1.20 fixes the following issues: go was updated to version 1.20.6 (bsc#1206346): - CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http (bsc#1213229). Moderate SUSE bug 1206346 SUSE bug 1213229 CVE-2023-29406 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). Important SUSE bug 1207783 CVE-2023-0494 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). The following non-security bugs were fixed: - Also include kernel-docs build requirements for ALP - Avoid unsuported tar parameter on SLE12 - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796) - Generalize kernel-doc build requirements. - Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file. - Move setting %%build_html to config.sh - Move setting %%split_optional to config.sh - Move setting %%supported_modules_check to config.sh - Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file. - Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore - Remove usrmerge compatibility symlink in buildroot (boo#1211796). - Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. - cifs: do not include page data when checking signature (bsc#1200217). - cifs: fix open leaks in open_cached_dir() (bsc#1209342). - google/gve:fix repeated words in comments (bsc#1211519). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (bsc#1211519). - gve: Fix GFP flags when allocing pages (bsc#1211519). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (bsc#1211519). - gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). - gve: enhance no queue page list detection (bsc#1211519). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides - rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE. - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - usrmerge: Compatibility with earlier rpm (boo#1211796) - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). Important SUSE bug 1160435 SUSE bug 1172073 SUSE bug 1187829 SUSE bug 1191731 SUSE bug 1199046 SUSE bug 1200217 SUSE bug 1205758 SUSE bug 1208600 SUSE bug 1209039 SUSE bug 1209342 SUSE bug 1210533 SUSE bug 1210791 SUSE bug 1211089 SUSE bug 1211519 SUSE bug 1211796 SUSE bug 1212128 SUSE bug 1212129 SUSE bug 1212154 SUSE bug 1212158 SUSE bug 1212494 SUSE bug 1212501 SUSE bug 1212502 SUSE bug 1212504 SUSE bug 1212513 SUSE bug 1212606 SUSE bug 1212842 CVE-2023-1077 CVE-2023-1249 CVE-2023-2002 CVE-2023-3090 CVE-2023-3141 CVE-2023-3159 CVE-2023-3161 CVE-2023-3268 CVE-2023-3358 CVE-2023-35788 CVE-2023-35823 CVE-2023-35824 CVE-2023-35828 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.4 This update for java-1_8_0-ibm fixes the following issues: Updated to Java 8.0 Service Refresh 8 Fix Pack 6 (bsc#1213000): - Fixed issue in Java Virtual Machine where outofmemory (OOM) killer terminates the jvm due to failure in control groups detection. Important SUSE bug 1213000 cpe:/o:opensuse:leap:15.4 Security update for python-requests (Moderate) openSUSE Leap 15.4 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). Moderate SUSE bug 1211674 CVE-2023-32681 cpe:/o:opensuse:leap:15.4 Security update for cni (Important) openSUSE Leap 15.4 This update of cni fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:opensuse:leap:15.4 Security update for cni-plugins (Important) openSUSE Leap 15.4 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:opensuse:leap:15.4 Security update for dbus-1 (Moderate) openSUSE Leap 15.4 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). Moderate SUSE bug 1212126 CVE-2023-34969 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Moderate) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2023-34474: Fixed heap-based buffer overflow in ReadTIM2ImageData() function in coders/tim2.c (bsc#1212237). Moderate SUSE bug 1212237 CVE-2023-34474 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). Important SUSE bug 1207783 CVE-2023-0494 cpe:/o:opensuse:leap:15.4 Security update for perl (Important) openSUSE Leap 15.4 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). Important SUSE bug 1210999 CVE-2023-31484 cpe:/o:opensuse:leap:15.4 Security update for python310 (Important) openSUSE Leap 15.4 This update for python310 fixes the following issues: - Make marshalling of `set` and `frozenset` deterministic (bsc#1211765) python310 was updated to 3.10.12: - urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 (bsc#1208471). - Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. - Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. - trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). - CVE-2007-4559: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details (fixing bsc#1203750). Important SUSE bug 1203750 SUSE bug 1208471 SUSE bug 1211765 CVE-2007-4559 CVE-2023-24329 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox, MozillaFirefox-branding-SLE (Important) openSUSE Leap 15.4 This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox and MozillaFirefox-branding-SLE: This update provides Firefox Extended Support Release 115.0 ESR * New: - Required fields are now highlighted in PDF forms. - Improved performance on high-refresh rate monitors (120Hz+). - Buttons in the Tabs toolbar can now be reached with Tab, Shift+Tab, and Arrow keys. View this article for additional details. - Windows' 'Make text bigger' accessibility setting now affects all the UI and content pages, rather than only applying to system font sizes. - Non-breaking spaces are now preserved—preventing automatic line breaks—when copying text from a form control. - Fixed WebGL performance issues on NVIDIA binary drivers via DMA-Buf on Linux. - Fixed an issue in which Firefox startup could be significantly slowed down by the processing of Web content local storage. This had the greatest impact on users with platter hard drives and significant local storage. - Removed a configuration option to allow SHA-1 signatures in certificates: SHA-1 signatures in certificates—long since determined to no longer be secure enough—are now not supported. - Highlight color is preserved correctly after typing `Enter` in the mail composer of Yahoo Mail and Outlook. After bypassing the https only error page navigating back would take you to the error page that was previously dismissed. Back now takes you to the previous site that was visited. - Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text contexts, such as input and text area. - Added an option to print only the current page from the print preview dialog. - Swipe to navigate (two fingers on a touchpad swiped left or right to perform history back or forward) on Windows is now enabled. - Stability on Windows is significantly improved as Firefox handles low-memory situations much better. - Touchpad scrolling on macOS was made more accessible by reducing unintended diagonal scrolling opposite of the intended scroll axis. - Firefox is less likely to run out of memory on Linux and performs more efficiently for the rest of the system when memory runs low. - It is now possible to edit PDFs: including writing text, drawing, and adding signatures. - Setting Firefox as your default browser now also makes it the default PDF application on Windows systems. - Swipe-to-navigate (two fingers on a touchpad swiped left or right to perform history back or forward) now works for Linux users on Wayland. - Text Recognition in images allows users on macOS 10.15 and higher to extract text from the selected image (such as a meme or screenshot). - Firefox View helps you get back to content you previously discovered. A pinned tab allows you to find and open recently closed tabs on your current device and access tabs from other devices (via our “Tab Pickup” feature). - Import maps, which allow web pages to control the behavior of JavaScript imports, are now enabled by default. - Processes used for background tabs now use efficiency mode on Windows 11 to limit resource use. - The shift+esc keyboard shortcut now opens the Process Manager, offering a way to quickly identify processes that are using too many resources. - Firefox now supports properly color correcting images tagged with ICCv4 profiles. - Support for non-English characters when saving and printing PDF forms. - The bookmarks toolbar's default 'Only show on New Tab' state works correctly for blank new tabs. As before, you can change the bookmark toolbar's behavior using the toolbar context menu. - Manifest Version 3 (MV3) extension support is now enabled by default (MV2 remains enabled/supported). This major update also ushers an exciting user interface change in the form of the new extensions button. - The Arbitrary Code Guard exploit protection has been enabled in the media playback utility processes, improving security for Windows users. - The native HTML date picker for date and datetime inputs can now be used with a keyboard alone, improving its accessibility for screen reader users. Users with limited mobility can also now use common keyboard shortcuts to navigate the calendar grid and month selection spinners. - Firefox builds in the Spanish from Spain (es-ES) and Spanish from Argentina (es-AR) locales now come with a built- in dictionary for the Firefox spellchecker. - On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls the page instead of zooming. This avoids accidental zooming and matches the behavior of other web browsers on macOS. - It's now possible to import bookmarks, history and passwords not only from Edge, Chrome or Safari but also from Opera, Opera GX, and Vivaldi. - GPU sandboxing has been enabled on Windows. - On Windows, third-party modules can now be blocked from injecting themselves into Firefox, which can be helpful if they are causing crashes or other undesirable behavior. - Date, time, and datetime-local input fields can now be cleared with `Cmd+Backspace` and `Cmd+Delete` shortcut on macOS and `Ctrl+Backspace` and `Ctrl+Delete` on Windows and Linux. - GPU-accelerated Canvas2D is enabled by default on macOS and Linux. - WebGL performance improvement on Windows, MacOS and Linux. - Enables overlay of hardware-decoded video with non-Intel GPUs on Windows 10/11, improving video playback performance and video scaling quality. - Windows native notifications are now enabled. - Firefox Relay users can now opt-in to create Relay email masks directly from the Firefox credential manager. You must be signed in with your Firefox Account. - We’ve added two new locales: Silhe Friulian (fur) and Sardinian (sc). - Right-clicking on password fields now shows an option to reveal the password. - Private windows and ETP set to strict will now include email tracking protection. This will make it harder for email trackers to learn the browsing habits of Firefox users. You can check the Tracking Content in the sub-panel on the shield icon panel. - The deprecated U2F Javascript API is now disabled by default. The U2F protocol remains usable through the WebAuthn API. The U2F API can be re-enabled using the `security.webauth.u2f` preference. - Say hello to enhanced Picture-in-Picture! Rewind, check video duration, and effortlessly switch to full-screen mode on the web's most popular video websites. - Firefox's address bar is already a great place to search for what you're looking for. Now you'll always be able to see your web search terms and refine them while viewing your search's results - no additional scrolling needed! Also, a new result menu has been added making it easier to remove history results and dismiss sponsored Firefox Suggest entries. - Private windows now protect users even better by blocking third-party cookies and storage of content trackers. - Passwords automatically generated by Firefox now include special characters, giving users more secure passwords by default. - Firefox 115 introduces a redesigned accessibility engine which significantly improves the speed, responsiveness, and stability of Firefox when used with: - Screen readers, as well as certain other accessibility software; - East Asian input methods; - Enterprise single sign-on software; and - Other applications which use accessibility frameworks to access information. - Firefox 115 now supports AV1 Image Format files containing animations (AVIS), improving support for AVIF images across the web. - The Windows GPU sandbox first shipped in the Firefox 110 release has been tightened to enhance the security benefits it provides. - A 13-year-old feature request was fulfilled and Firefox now supports files being drag-and-dropped directly from Microsoft Outlook. A special thanks to volunteer contributor Marco Spiess for helping to get this across the finish line! - Users on macOS can now access the Services sub-menu directly from Firefox context menus. - On Windows, the elastic overscroll effect has been enabled by default. When two-finger scrolling on the touchpad or scrolling on the touchscreen, you will now see a bouncing animation when scrolling past the edge of a scroll container. - Firefox is now available in the Tajik (tg) language. - Added UI to manage the DNS over HTTPS exception list. - Bookmarks can now be searched from the Bookmarks menu. The Bookmarks menu is accessible by adding the Bookmarks menu button to the toolbar. - Restrict searches to your local browsing history by selecting Search history from the History, Library or Application menu buttons. - Mac users can now capture video from their cameras in all supported native resolutions. This enables resolutions higher than 1280x720. - It is now possible to reorder the extensions listed in the extensions panel. - Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn authenticators over USB. Some advanced features, such as fully passwordless logins, require a PIN to be set on the authenticator. - Pocket Recommended content can now be seen in France, Italy, and Spain. - DNS over HTTPS settings are now part of the Privacy & Security section of the Settings page and allow the user to choose from all the supported modes. - Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox. - Hardware video decoding enabled for Intel GPUs on Linux. - The Tab Manager dropdown now features close buttons, so you can close tabs more quickly. - Windows Magnifier now follows the text cursor correctly when the Firefox title bar is visible. - Undo and redo are now available in Password fields. [1]:https://support.mozilla.org/kb/access-toolbar-functions- using-keyboard?_gl=1*16it7nj*_ga*MTEzNjg4MjY5NC4xNjQ1MjAxMDU3 *_ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w [2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view [3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are-slowing-firefox [4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing-available-november-21-on-firefox-nightly/ [5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/ [6]:https://support.mozilla.org/kb/unified-extensions [7]:https://support.mozilla.org/kb/import-data-another-browser [8]:https://support.mozilla.org/kb/identify-problems-third-party-modules-firefox-windows [9]:https://support.mozilla.org/kb/how-generate-secure-password-firefox [10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility-performance/ * Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438) * CVE-2023-3482 (bmo#1839464) Block all cookies bypass for localstorage * CVE-2023-37201 (bmo#1826002) Use-after-free in WebRTC certificate generation * CVE-2023-37202 (bmo#1834711) Potential use-after-free from compartment mismatch in SpiderMonkey * CVE-2023-37203 (bmo#291640) Drag and Drop API may provide access to local system files * CVE-2023-37204 (bmo#1832195) Fullscreen notification obscured via option element * CVE-2023-37205 (bmo#1704420) URL spoofing in address bar using RTL characters * CVE-2023-37206 (bmo#1813299) Insufficient validation of symlinks in the FileSystem API * CVE-2023-37207 (bmo#1816287) Fullscreen notification obscured * CVE-2023-37208 (bmo#1837675) Lack of warning when opening Diagcab files * CVE-2023-37209 (bmo#1837993) Use-after-free in `NotifyOnHistoryReload` * CVE-2023-37210 (bmo#1821886) Full-screen mode exit prevention * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886, bmo#1836550, bmo#1837450) Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 * CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206, bmo#1827076, bmo#1828690, bmo#1833503, bmo#1835710, bmo#1838587) Memory safety bugs fixed in Firefox 115 - Fixed potential SIGILL on older CPUs (bsc#1212101) * Fixed: Various security fixes and other quality Important SUSE bug 1212101 SUSE bug 1212438 CVE-2023-3482 CVE-2023-37201 CVE-2023-37202 CVE-2023-37203 CVE-2023-37204 CVE-2023-37205 CVE-2023-37206 CVE-2023-37207 CVE-2023-37208 CVE-2023-37209 CVE-2023-37210 CVE-2023-37211 CVE-2023-37212 cpe:/o:opensuse:leap:15.4 Security update for xwayland (Important) openSUSE Leap 15.4 This update for xwayland fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). Important SUSE bug 1207783 CVE-2023-0494 cpe:/o:opensuse:leap:15.4 Security update for curl (Moderate) openSUSE Leap 15.4 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). Moderate SUSE bug 1213237 CVE-2023-32001 cpe:/o:opensuse:leap:15.4 Security update for python-azure-core, python-azure-storage-blob (Critical) openSUSE Leap 15.4 This update for python-azure-core, python-azure-storage-blob fixes the following issues: Security fixes: - CVE-2022-30187: Fixed information disclosure vulnerability (bsc#1202088). Recommended fixes: - New upstream release version 1.23.1 to SLE 15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629). Critical SUSE bug 1199282 SUSE bug 1202088 CVE-2022-30187 cpe:/o:opensuse:leap:15.4 Security update for php8-pear (Moderate) openSUSE Leap 15.4 This update for php8-pear fixes the following issues: - Add php8-pear to SLE15-SP4 (jsc#SLE-24728) - Update to 1.10.21 - PEAR 1.10.13 * unsupported protocol - use --force to continue * Add $this operator to _determineIfPowerpc calls - Update to 1.10.20 - Archive_Tar 1.4.14 * Properly fix symbolic link path traversal (CVE-2021-32610) - Archive_Tar 1.4.13 * Relative symlinks failing (out-of path file extraction) - Archive_Tar 1.4.12 - Archive_Tar 1.4.11 - Archive_Tar 1.4.10 * Fix block padding when the file buffer length is a multiple of 512 and smaller than Archive_Tar buffer length * Don't try to copy username/groupname in chroot jail - provides and obsoletes php7-pear-Archive_Tar, former location of PEAR/Archive/Tar.php - Update to version 1.10.19 - PEAR 1.10.12 * adjust dependencies based on new releases - XML_Util 1.4.5 * fix Trying to access array offset on value of type int - Update to version 1.10.18 - Remove pear-cacheid-array-check.patch (upstreamed) - Contents of .filemap are now sorted internally - Sort contents of .filemap to make build reproducible - Recommend php7-openssl to allow https sources to be used - Modify metadata_dir for system configuration only - Add /var/lib/pear directory where xml files are stored - Cleanup %files section - Only use the GPG keys of Chuck Burgess. Extracted from the Release Manager public keys. - Add release versions of PEAR modules - Install metadata files (registry, filemap, channels, ...) in /var/lib/pear/ instead of /usr/share/php7/PEAR/ - Update to version 1.10.17 Moderate CVE-2021-32610 cpe:/o:opensuse:leap:15.4 Security update for SUSE Manager Client Tools (Critical) openSUSE Leap 15.4 This update fixes the following issues: grafana: - Update to version 9.5.5: * CVE-2023-3128: Fix authentication bypass using Azure AD OAuth (bsc#1212641, jsc#PED-3694) * Bug fixes: * Auth: Show invite button if disable login form is set to false. * Azure: Fix Kusto auto-completion for Azure datasources. * RBAC: Remove legacy AC editor and admin role on new dashboard route. * API: Revert allowing editors to access GET /datasources. * Settings: Add ability to override skip_org_role_sync with Env variables. - Update to version 9.5.3: * CVE-2023-2801: Query: Prevent crash while executing concurrent mixed queries (bsc#1212099) * CVE-2023-2183: Alerting: Require alert.notifications:write permissions to test receivers and templates (bsc#1212100) - Update to version 9.5.2: Alerting: Scheduler use rule fingerprint instead of version. Explore: Update table min height. DataLinks: Encoded URL fixed. TimeSeries: Fix leading null-fill for missing intervals. Dashboard: Revert fixed header shown on mobile devices in the new panel header. PostgreSQL: Fix TLS certificate issue by downgrading lib/pq. Provisioning: Fix provisioning issues with legacy alerting and data source permissions. Alerting: Fix misleading status code in provisioning API. Loki: Fix log samples using `instant` queries. Panel Header: Implement new Panel Header on Angular Panels. Azure Monitor: Fix bug that was not showing resources for certain locations. Alerting: Fix panic when reparenting receivers to groups following an attempted rename via Provisioning. Cloudwatch Logs: Clarify Cloudwatch Logs Limits. - Update to 9.5.1 Loki Variable Query Editor: Fix bug when the query is updated Expressions: Fix expression load with legacy UID -100 Critical SUSE bug 1212099 SUSE bug 1212100 SUSE bug 1212641 CVE-2023-2183 CVE-2023-2801 CVE-2023-3128 cpe:/o:opensuse:leap:15.4 Security update for redis (Important) openSUSE Leap 15.4 This update for redis fixes the following issues: - CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries (bsc#1213193). Important SUSE bug 1213193 CVE-2022-24834 cpe:/o:opensuse:leap:15.4 Security update for samba (Important) openSUSE Leap 15.4 This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). - CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). - CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). Bugfixes: - Fixed trust relationship failure (bsc#1213384). Important SUSE bug 1213171 SUSE bug 1213172 SUSE bug 1213173 SUSE bug 1213174 SUSE bug 1213384 CVE-2022-2127 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 cpe:/o:opensuse:leap:15.4 Security update for python-pip (Low) openSUSE Leap 15.4 This update for python-pip fixes the following issues: - Removed .exe files from the RPM package, to prevent issues with security scanners (bsc#1212015). Low SUSE bug 1212015 cpe:/o:opensuse:leap:15.4 Security update for python311 (Important) openSUSE Leap 15.4 This update for python311 fixes the following issues: python was updated to version 3.11.4: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). - CVE-2007-4559: Fixed python tarfile module directory traversal (bsc#1203750). - Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. - Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. Bugfixes: - trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). Important SUSE bug 1203750 SUSE bug 1208471 CVE-2007-4559 CVE-2023-24329 cpe:/o:opensuse:leap:15.4 Security update for poppler (Moderate) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272). Moderate SUSE bug 1199272 CVE-2022-27337 cpe:/o:opensuse:leap:15.4 Security update for openssh (Important) openSUSE Leap 15.4 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] Important SUSE bug 1186673 SUSE bug 1209536 SUSE bug 1213004 SUSE bug 1213008 SUSE bug 1213504 CVE-2023-38408 cpe:/o:opensuse:leap:15.4 Security update for redis (Important) openSUSE Leap 15.4 This update for redis fixes the following issues: - CVE-2022-35977: Fixed an integer overflow that could allow authenticated users to cause a crash (bsc#1207202). - CVE-2023-22458: Fixed a missing check that could allow authenticated users to cause a crash (bsc#1207203). Important SUSE bug 1207202 SUSE bug 1207203 SUSE bug 1207448 CVE-2022-35977 CVE-2023-22458 cpe:/o:opensuse:leap:15.4 Security update for bind (Important) openSUSE Leap 15.4 This update for bind fixes the following issues: - CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544). Important SUSE bug 1212544 CVE-2023-2828 cpe:/o:opensuse:leap:15.4 Security update for libcap (Moderate) openSUSE Leap 15.4 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). Moderate SUSE bug 1211419 CVE-2023-2603 cpe:/o:opensuse:leap:15.4 Security update for python39 (Important) openSUSE Leap 15.4 This update for python39 fixes the following issues: Update to 3.9.17: - urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 (bsc#1208471). - Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. - Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. - trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). - CVE-2007-4559: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details (fixing bsc#1203750). - Fixed a deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. - Fixed a crash due to a race while iterating over thread states in clearing threading.local. Important SUSE bug 1203750 SUSE bug 1208471 CVE-2007-4559 CVE-2023-24329 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Firefox was updated to version 115.0.2 ESR (bsc#1213230): - CVE-2023-3600: Fixed Use-after-free in workers (bmo#1839703). Bugfixes: - Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL (bmo#1841751). - Fixed a bug with displaying a caret in the text editor on some websites (bmo#1840804). - Fixed a bug with broken audio rendering on some websites (bmo#1841982). - Fixed a bug with patternTransform translate using the wrong units (bmo#1840746). - Fixed a crash affecting Windows 7 users related to the DLL blocklist. - Fixed a startup crash for Windows users with Kingsoft Antivirus software installed (bmo#1837242). Important SUSE bug 1213230 CVE-2023-3600 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_1 (Moderate) openSUSE Leap 15.4 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). Moderate SUSE bug 1213487 CVE-2023-3446 cpe:/o:opensuse:leap:15.4 Security update for python-scipy (Moderate) openSUSE Leap 15.4 This update for python-scipy fixes the following issues: - CVE-2023-25399: Fixed minor refcounting issue in Py_FindObjects (bsc#1213062). - CVE-2023-29824: Fixed use-after-free in Py_FindObjects (bsc#1213137). Moderate SUSE bug 1213062 SUSE bug 1213137 CVE-2023-25399 CVE-2023-29824 cpe:/o:opensuse:leap:15.4 Security update for netty, netty-tcnative (Moderate) openSUSE Leap 15.4 This update for netty, netty-tcnative fixes the following issues: Upgrade to upstream version 4.1.94: - CVE-2023-34462: Allow to limit the maximum lenght of the ClientHello (bsc#1212637). Moderate SUSE bug 1212637 CVE-2023-34462 cpe:/o:opensuse:leap:15.4 Security update for mysql-connector-java (Moderate) openSUSE Leap 15.4 This update for mysql-connector-java fixes the following issues: - CVE-2023-21971: Fixed a denial-of-service vulnerability in the java.sql.DriverManager.getConnection() method when used with untrusted inputs (bsc#1211247). Moderate SUSE bug 1211247 CVE-2023-21971 cpe:/o:opensuse:leap:15.4 Security update for php7 (Moderate) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (bsc#1212349). Moderate SUSE bug 1212349 CVE-2023-3247 cpe:/o:opensuse:leap:15.4 Security update for libqt5-qtsvg (Moderate) openSUSE Leap 15.4 This update for libqt5-qtsvg fixes the following issues: - CVE-2021-45930: Fixed an out-of-bounds write that may have lead to a denial-of-service (bsc#1196654). - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont m_unitsPerEm variable (bsc#1211298). Moderate SUSE bug 1196654 SUSE bug 1211298 CVE-2021-45930 CVE-2023-32573 cpe:/o:opensuse:leap:15.4 Security update for libqt5-qtbase (Important) openSUSE Leap 15.4 This update for libqt5-qtbase fixes the following issues: - CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616). - CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport-security (HSTS) header (bsc#1211797). - CVE-2023-32763: Fixed buffer overflow when rendering an SVG file with an image inside it (bsc#1211798). - CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642). - CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate (bsc#1211994). - CVE-2023-38197: Fixed infinite loops in QXmlStreamReader(bsc#1213326). Important SUSE bug 1209616 SUSE bug 1211024 SUSE bug 1211642 SUSE bug 1211797 SUSE bug 1211798 SUSE bug 1211994 SUSE bug 1213326 CVE-2023-24607 CVE-2023-32762 CVE-2023-32763 CVE-2023-33285 CVE-2023-34410 CVE-2023-38197 cpe:/o:opensuse:leap:15.4 Security update for iperf (Important) openSUSE Leap 15.4 This update for iperf fixes the following issues: - CVE-2023-38403: Fixed integer overflow leading to heap buffer overflow (bsc#1213430). Important SUSE bug 1213430 CVE-2023-38403 cpe:/o:opensuse:leap:15.4 Security update for conmon (Important) openSUSE Leap 15.4 This update for conmon fixes the following issues: conmon was updated to version 2.1.7: - Bumped go version to 1.19 (bsc#1209307). Bugfixes: - Fixed leaking symbolic links in the opt_socket_path directory. - Fixed cgroup oom issues (bsc#1208737). - Fixed OOM watcher for cgroupv2 `oom_kill` events. Important SUSE bug 1208737 SUSE bug 1209307 cpe:/o:opensuse:leap:15.4 Security update for tcl (Important) openSUSE Leap 15.4 This update for tcl fixes the following issues: - Fixed a race condition in test socket-13.1. - Removed the SQLite extension and use the packaged sqlite3 instead (bsc#1195773). Important SUSE bug 1195773 cpe:/o:opensuse:leap:15.4 Security update for go1.20-openssl (Moderate) openSUSE Leap 15.4 This update for go1.20-openssl fixes the following issues: Update to version 1.20.6.1 (bsc#1206346): - CVE-2023-29406: Fixed insufficient sanitization of Host header (bsc#1213229). Moderate SUSE bug 1206346 SUSE bug 1213229 CVE-2023-29406 cpe:/o:opensuse:leap:15.4 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate) openSUSE Leap 15.4 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: This update rebuilds containerized-data-importer against the current GO security release. Moderate cpe:/o:opensuse:leap:15.4 Security update for openssl-3 (Moderate) openSUSE Leap 15.4 This update for openssl-3 fixes the following issues: - CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries (bsc#1213383). - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). Moderate SUSE bug 1213383 SUSE bug 1213487 CVE-2023-2975 CVE-2023-3446 cpe:/o:opensuse:leap:15.4 Security update for samba (Moderate) openSUSE Leap 15.4 This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). Bugfixes: - Fixed trust relationship failure (bsc#1213384). Moderate SUSE bug 1213174 SUSE bug 1213384 CVE-2022-2127 cpe:/o:opensuse:leap:15.4 Security update for librsvg (Important) openSUSE Leap 15.4 This update for librsvg fixes the following issues: librsvg was updated to version 2.52.10: - CVE-2023-38633: Fixed directory traversal in URI decoder (bsc#1213502). Important SUSE bug 1213502 CVE-2023-38633 cpe:/o:opensuse:leap:15.4 Security update for kernel-firmware (Moderate) openSUSE Leap 15.4 This update for kernel-firmware fixes the following issues: - CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286). Moderate SUSE bug 1213286 CVE-2023-20593 cpe:/o:opensuse:leap:15.4 Security update for java-17-openjdk (Important) openSUSE Leap 15.4 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.8+7 (July 2023 CPU): - CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473). - CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474). - CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475). - CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479). - CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481). - CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482). - CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922). - JDK-8294323: Improve Shared Class Data - JDK-8296565: Enhanced archival support - JDK-8298676, JDK-8300891: Enhanced Look and Feel - JDK-8300285: Enhance TLS data handling - JDK-8300596: Enhance Jar Signature validation - JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 - JDK-8302475: Enhance HTTP client file downloading - JDK-8302483: Enhance ZIP performance - JDK-8303376: Better launching of JDI - JDK-8304460: Improve array usages - JDK-8304468: Better array usages - JDK-8305312: Enhanced path handling - JDK-8308682: Enhance AES performance Bugfixes: - JDK-8178806: Better exception logging in crypto code - JDK-8201516: DebugNonSafepoints generates incorrect information - JDK-8224768: Test ActalisCA.java fails - JDK-8227060: Optimize safepoint cleanup subtask order - JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError - JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel - JDK-8244976: vmTestbase/nsk/jdi/Event/request/request001.java doesn' initialize eName - JDK-8245877: assert(_value != __null) failed: resolving NULL _value in JvmtiExport::post_compiled_method_load - JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken - JDK-8252990: Intrinsify Unsafe.storeStoreFence - JDK-8254711: Add java.security.Provider.getService JFR Event - JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates - JDK-8261495: Shenandoah: reconsider update references memory ordering - JDK-8268288: jdk/jfr/api/consumer/streaming/ /TestOutOfProcessMigration.java fails with 'Error: ShouldNotReachHere()' - JDK-8268298: jdk/jfr/api/consumer/log/TestVerbosity.java fails: unexpected log message - JDK-8268582: javadoc throws NPE with --ignore-source-errors option - JDK-8269821: Remove is-queue-active check in inner loop of write_ref_array_pre_work - JDK-8270434: JDI+UT: Unexpected event in JDI tests - JDK-8270859: Post JEP 411 refactoring: client libs with maximum covering > 10K - JDK-8270869: G1ServiceThread may not terminate - JDK-8271519: java/awt/event/SequencedEvent/ /MultipleContextsFunctionalTest.java failed with 'Total [200] - Expected [400]' - JDK-8273909: vmTestbase/nsk/jdi/Event/request/request001 can still fail with 'ERROR: new event is not ThreadStartEvent' - JDK-8274243: Implement fast-path for ASCII-compatible CharsetEncoders on aarch64 - JDK-8274615: Support relaxed atomic add for linux-aarch64 - JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile - JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression - JDK-8275287: Relax memory ordering constraints on updating instance class and array class counters - JDK-8275721: Name of UTC timezone in a locale changes depending on previous code - JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) - JDK-8276058: Some swing test fails on specific CI macos system - JDK-8277407: javax/swing/plaf/synth/SynthButtonUI/6276188/ /bug6276188.java fails to compile after JDK-8276058 - JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 - JDK-8278146: G1: Rework VM_G1Concurrent VMOp to clearly identify it as pause - JDK-8278434: timeouts in test java/time/test/java/time/ /format/TestZoneTextPrinterParser.java - JDK-8278834: Error 'Cannot read field 'sym' because 'this.lvar[od]' is null' when compiling - JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error - JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test - JDK-8282227: Locale information for nb is not working properly - JDK-8282704: runtime/Thread/StopAtExit.java may leak memory - JDK-8283057: Update GCC to version 11.2.0 for Oracle builds on Linux - JDK-8283062: Uninitialized warnings in libgtest with GCC 11.2 - JDK-8283520: JFR: Memory leak in dcmd_arena - JDK-8283566: G1: Improve G1BarrierSet::enqueue performance - JDK-8284331: Add sanity check for signal handler modification warning. - JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java failed with Default Button not pressed for L&F: com.sun.java.swing.plaf.motif.MotifLookAndFeel - JDK-8285987: executing shell scripts without #! fails on Alpine linux - JDK-8286191: misc tests fail due to JDK-8285987 - JDK-8286287: Reading file as UTF-16 causes Error which 'shouldn't happen' - JDK-8286331: jni_GetStringUTFChars() uses wrong heap allocator - JDK-8286346: 3-parameter version of AllocateHeap should not ignore AllocFailType - JDK-8286398: Address possibly lossy conversions in jdk.internal.le - JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code - JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider - JDK-8287541: Files.writeString fails to throw IOException for charset 'windows-1252' - JDK-8287854: Dangling reference in ClassVerifier::verify_class - JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable - JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies - JDK-8288589: Files.readString ignores encoding errors for UTF-16 - JDK-8289509: Improve test coverage for XPath Axes: descendant, descendant-or-self, following, following-sibling - JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space - JDK-8289949: Improve test coverage for XPath: operators - JDK-8290822: C2: assert in PhaseIdealLoop::do_unroll() is subject to undefined behavior - JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 - JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value - JDK-8291638: Keep-Alive timeout of 0 should close connection immediately - JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected - JDK-8292301: [REDO v2] C2 crash when allocating array of size too large - JDK-8292407: Improve Weak CAS VarHandle/Unsafe tests resilience under spurious failures - JDK-8292713: Unsafe.allocateInstance should be intrinsified without UseUnalignedAccesses - JDK-8292755: Non-default method in interface leads to a stack overflow in JShell - JDK-8292990: Improve test coverage for XPath Axes: parent - JDK-8293295: Add type check asserts to java_lang_ref_Reference accessors - JDK-8293492: ShenandoahControlThread missing from hs-err log and thread dump - JDK-8293858: Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG - JDK-8293887: AArch64 build failure with GCC 12 due to maybe-uninitialized warning in libfdlibm k_rem_pio2.c - JDK-8294183: AArch64: Wrong macro check in SharedRuntime::generate_deopt_blob - JDK-8294281: Allow warnings to be disabled on a per-file basis - JDK-8294673: JFR: Add SecurityProviderService#threshold to TestActiveSettingEvent.java - JDK-8294717: (bf) DirectByteBuffer constructor will leak if allocating Deallocator or Cleaner fails with OOME - JDK-8294906: Memory leak in PKCS11 NSS TLS server - JDK-8295564: Norwegian Nynorsk Locale is missing formatting - JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames - JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java fails intermittently on a VM - JDK-8296318: use-def assert: special case undetected loops nested in infinite loops - JDK-8296343: CPVE thrown on missing content-length in OCSP response - JDK-8296412: Special case infinite loops with unmerged backedges in IdealLoopTree::check_safepts - JDK-8296545: C2 Blackholes should allow load optimizations - JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not - JDK-8297000: [jib] Add more friendly warning for proxy issues - JDK-8297154: Improve safepoint cleanup logging - JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter - JDK-8297587: Upgrade JLine to 3.22.0 - JDK-8297730: C2: Arraycopy intrinsic throws incorrect exception - JDK-8297955: LDAP CertStore should use LdapName and not String for DNs - JDK-8298488: [macos13] tools/jpackage tests failing with 'Exit code: 137' on macOS - JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors - JDK-8299179: ArrayFill with store on backedge needs to reduce length by 1 - JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE - JDK-8299544: Improve performance of CRC32C intrinsics (non-AVX-512) for small inputs - JDK-8299570: [JVMCI] Insufficient error handling when CodeBuffer is exhausted - JDK-8299959: C2: CmpU::Value must filter overflow computation against local sub computation - JDK-8300042: Improve CPU related JFR events descriptions - JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument - JDK-8300823: UB: Compile::_phase_optimize_finished is initialized too late - JDK-8300939: sun/security/provider/certpath/OCSP/ /OCSPNoContentLength.java fails due to network errors - JDK-8301050: Detect Xen Virtualization on Linux aarch64 - JDK-8301119: Support for GB18030-2022 - JDK-8301123: Enable Symbol refcounting underflow checks in PRODUCT - JDK-8301190: [vectorapi] The typeChar of LaneType is incorrect when default locale is tr - JDK-8301216: ForkJoinPool invokeAll() ignores timeout - JDK-8301338: Identical branch conditions in CompileBroker::print_heapinfo - JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic called with negative character argument - JDK-8301637: ThreadLocalRandom.current().doubles().parallel() contention - JDK-8301661: Enhance os::pd_print_cpu_info on macOS and Windows - JDK-8302151: BMPImageReader throws an exception reading BMP images - JDK-8302172: [JVMCI] HotSpotResolvedJavaMethodImpl.canBeInlined must respect ForceInline - JDK-8302320: AsyncGetCallTrace obtains too few frames in sanity test - JDK-8302491: NoClassDefFoundError omits the original cause of an error - JDK-8302508: Add timestamp to the output TraceCompilerThreads - JDK-8302594: use-after-free in Node::destruct - JDK-8302595: use-after-free related to GraphKit::clone_map - JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message - JDK-8302849: SurfaceManager might expose partially constructed object - JDK-8303069: Memory leak in CompilerOracle::parse_from_line - JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN - JDK-8303130: Document required Accessibility permissions on macOS - JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303433: Bump update version for OpenJDK: jdk-17.0.8 - JDK-8303440: The 'ZonedDateTime.parse' may not accept the 'UTC+XX' zone id - JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates - JDK-8303476: Add the runtime version in the release file of a JDK image - JDK-8303482: Update LCMS to 2.15 - JDK-8303508: Vector.lane() gets wrong value on x86 - JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during unrolling - JDK-8303564: C2: 'Bad graph detected in build_loop_late' after a CMove is wrongly split thru phi - JDK-8303575: adjust Xen handling on Linux aarch64 - JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303588: [JVMCI] make JVMCI source directories conform with standard layout - JDK-8303809: Dispose context in SPNEGO NegotiatorImpl - JDK-8303822: gtestMain should give more helpful output - JDK-8303861: Error handling step timeouts should never be blocked by OnError and others - JDK-8303937: Corrupted heap dumps due to missing retries for os::write() - JDK-8303949: gcc10 warning Linux ppc64le - note: the layout of aggregates containing vectors with 8-byte alignment has changed in GCC 5 - JDK-8304054: Linux: NullPointerException from FontConfiguration.getVersion in case no fonts are installed - JDK-8304063: tools/jpackage/share/AppLauncherEnvTest.java fails when checking LD_LIBRARY_PATH - JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype - JDK-8304291: [AIX] Broken build after JDK-8301998 - JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 - JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 - JDK-8304671: javac regression: Compilation with --release 8 fails on underscore in enum identifiers - JDK-8304683: Memory leak in WB_IsMethodCompatible - JDK-8304760: Add 2 Microsoft TLS roots - JDK-8304867: Explicitly disable dtrace for ppc builds - JDK-8304880: [PPC64] VerifyOops code in C1 doesn't work with ZGC - JDK-8305088: SIGSEGV in Method::is_method_handle_intrinsic - JDK-8305113: (tz) Update Timezone Data to 2023c - JDK-8305400: ISO 4217 Amendment 175 Update - JDK-8305403: Shenandoah evacuation workers may deadlock - JDK-8305481: gtest is_first_C_frame failing on ARM - JDK-8305690: [X86] Do not emit two REX prefixes in Assembler::prefix - JDK-8305711: Arm: C2 always enters slowpath for monitorexit - JDK-8305721: add `make compile-commands` artifacts to .gitignore - JDK-8305975: Add TWCA Global Root CA - JDK-8305993: Add handleSocketErrorWithMessage to extend nio Net.c exception message - JDK-8305994: Guarantee eventual async monitor deflation - JDK-8306072: Open source several AWT MouseInfo related tests - JDK-8306133: Open source few AWT Drag & Drop related tests - JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests - JDK-8306432: Open source several AWT Text Component related tests - JDK-8306466: Open source more AWT Drag & Drop related tests - JDK-8306489: Open source AWT List related tests - JDK-8306543: GHA: MSVC installation is failing - JDK-8306640: Open source several AWT TextArea related tests - JDK-8306652: Open source AWT MenuItem related tests - JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed - JDK-8306664: GHA: Update MSVC version to latest stepping - JDK-8306681: Open source more AWT DnD related tests - JDK-8306683: Open source several clipboard and color AWT tests - JDK-8306752: Open source several container and component AWT tests - JDK-8306753: Open source several container AWT tests - JDK-8306755: Open source few Swing JComponent and AbstractButton tests - JDK-8306768: CodeCache Analytics reports wrong threshold - JDK-8306774: Make runtime/Monitor/ /GuaranteedAsyncDeflationIntervalTest.java more reliable - JDK-8306825: Monitor deflation might be accidentally disabled by zero intervals - JDK-8306850: Open source AWT Modal related tests - JDK-8306871: Open source more AWT Drag & Drop tests - JDK-8306883: Thread stacksize is reported with wrong units in os::create_thread logging - JDK-8306941: Open source several datatransfer and dnd AWT tests - JDK-8306943: Open source several dnd AWT tests - JDK-8306954: Open source five Focus related tests - JDK-8306955: Open source several JComboBox jtreg tests - JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep - JDK-8306996: Open source Swing MenuItem related tests - JDK-8307080: Open source some more JComboBox jtreg tests - JDK-8307128: Open source some drag and drop tests 4 - JDK-8307130: Open source few Swing JMenu tests - JDK-8307133: Open source some JTable jtreg tests - JDK-8307134: Add GTS root CAs - JDK-8307135: java/awt/dnd/NotReallySerializableTest/ /NotReallySerializableTest.java failed - JDK-8307331: Correctly update line maps when class redefine rewrites bytecodes - JDK-8307346: Add missing gc+phases logging for ObjectCount(AfterGC) JFR event collection code - JDK-8307347: serviceability/sa/ClhsdbDumpclass.java could leave files owned by root on macOS - JDK-8307378: Allow collectors to provide specific values for GC notifications' actions - JDK-8307381: Open Source JFrame, JIF related Swing Tests - JDK-8307425: Socket input stream read burns CPU cycles with back-to-back poll(0) calls - JDK-8307799: Newly added java/awt/dnd/MozillaDnDTest.java has invalid jtreg `@requires` clause - JDK-8308554: [17u] Fix commit of 8286191. vm.musl was not removed from ExternalEditorTest - JDK-8308880: [17u] micro bench ZoneStrings missed in backport of 8278434 - JDK-8308884: [17u/11u] Backout JDK-8297951 - JDK-8311467: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.8 Important SUSE bug 1207922 SUSE bug 1213473 SUSE bug 1213474 SUSE bug 1213475 SUSE bug 1213479 SUSE bug 1213481 SUSE bug 1213482 CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_0_0 (Important) openSUSE Leap 15.4 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). Important SUSE bug 1207533 SUSE bug 1207534 SUSE bug 1207536 CVE-2022-4304 CVE-2023-0215 CVE-2023-0286 cpe:/o:opensuse:leap:15.4 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Moderate) openSUSE Leap 15.4 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: This update rebuilds the kubevirt stack with the current GO release. Moderate cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird was updated to version 115.0.1 (bsc#1212438): - CVE-2023-3600: Fixed use-after-free in workers (bmo#1839703). - CVE-2023-3417: Fixed File Extension Spoofing using the Text Direction Override Character (bmo#1835582). Bugfixes: - changed: Added Thunderbird Supernova branding to about:dialog (bmo#1842102) - fixed: Message list was not updated when message was deleted from server outside of Thunderbird (bmo#1837041) - fixed: Scrolling behaved unexpectedly when moving to next message unread message in another folder (bmo#1841711) - fixed: Scrolling animation was unnecessarily used when switching or toggling the sort column in message list (bmo#1838522) - fixed: Attempting to delete a message and then cancelling the action still marked the message as read (bmo#793353) - fixed: Unified Toolbar could not be customized under certain tabs (bmo#1841480) - fixed: Selecting a folder with one or more subfolders and pressing enter did not expand folder (bmo#1841200) - fixed: Tooltips did not appear when hovering over folders (bmo#1839780) - fixed: Deleting large amounts of messages from Trash folder consumed excessive time and memory (bmo#1833665) - fixed: Message Summary header buttons were not keyboard accessible (bmo#1827199) - fixed: 'New' button in Message Filters dialog was not keyboard accessible (bmo#1841477) - fixed: Backing up secret keys from OpenPGP Key Manager dialog silently failed (bmo#1839415) - fixed: Various visual and UX improvements (bmo#1843172,bmo#1831422,bmo#1838360,bmo#1842319) Important SUSE bug 1212438 CVE-2023-3417 CVE-2023-3600 cpe:/o:opensuse:leap:15.4 Security update for xmltooling (Moderate) openSUSE Leap 15.4 This update for xmltooling fixes the following issues: - CVE-2023-36661: Fix server-side request forgery vulnerability (bsc#1212359) Moderate SUSE bug 1212359 CVE-2023-36661 cpe:/o:opensuse:leap:15.4 Security update for guava (Moderate) openSUSE Leap 15.4 This update for guava fixes the following issues: Upgrade to guava 32.0.1: - CVE-2020-8908: Fixed predictable temporary files and directories used in FileBackedOutputStream (bsc#1179926). - CVE-2023-2976: Fixed a temp directory creation vulnerability (bsc#1212401). Moderate SUSE bug 1179926 SUSE bug 1212401 CVE-2020-8908 CVE-2023-2976 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_0_0 (Moderate) openSUSE Leap 15.4 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). Moderate SUSE bug 1213487 CVE-2023-3446 cpe:/o:opensuse:leap:15.4 Security update for pipewire (Moderate) openSUSE Leap 15.4 This update for pipewire fixes the following security issues: - Fixed issue where an app which only has permission to access one stream can also access other streams (bsc#1213682). Bugfixes: - Fixed division by 0 and other issues with invalid values (glfo#pipewire/pipewire#2953) - Fixed an overflow resulting in choppy sound in some cases (glfo#pipewire/pipewire#2680) Moderate SUSE bug 1213682 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_1 (Important) openSUSE Leap 15.4 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). Important SUSE bug 1207533 SUSE bug 1207534 SUSE bug 1207536 SUSE bug 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 cpe:/o:opensuse:leap:15.4 Security update for openssl-3 (Important) openSUSE Leap 15.4 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0401: Fixed NULL pointer dereference during PKCS7 data verification (bsc#1207541). - CVE-2023-0217: Fixed NULL pointer dereference validating DSA public key (bsc#1207540). - CVE-2023-0216: Fixed invalid pointer dereference in d2i_PKCS7 functions (bsc#1207539). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - CVE-2022-4203: Fixed read Buffer Overflow with X.509 Name Constraints (bsc#1207535). Non-security fixes: - Fix SHA, SHAKE, KECCAK ASM and EC ASM flag passing (bsc#1206222). - Enable zlib compression support (bsc#1195149). - Add crypto-policies dependency. Important SUSE bug 1195149 SUSE bug 1206222 SUSE bug 1207533 SUSE bug 1207534 SUSE bug 1207535 SUSE bug 1207536 SUSE bug 1207538 SUSE bug 1207539 SUSE bug 1207540 SUSE bug 1207541 CVE-2022-4203 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 CVE-2023-0286 CVE-2023-0401 cpe:/o:opensuse:leap:15.4 Security update for apache2-mod_security2 (Important) openSUSE Leap 15.4 This update for apache2-mod_security2 fixes the following issues: - CVE-2022-48279: Fixed a potential firewall bypass due to an incorrect parsing of HTTP multipart requests (bsc#1207378). Important SUSE bug 1207378 CVE-2022-48279 cpe:/o:opensuse:leap:15.4 Security update for SUSE Manager Client Tools (Moderate) openSUSE Leap 15.4 This update fixes the following issues: python-tornado: - Security fixes: * CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741) prometheus-blackbox_exporter: - Use obscpio for go modules service - Set version number - Set build date from SOURCE_DATE_EPOCH - Update to 0.24.0 (bsc#1212279, jsc#PED-4556) * Requires go1.19 - Avoid empty validation script - Add rc symlink for backwards compatibility spacecmd: - Version 4.3.22-1 * Bypass traditional systems check on older SUMA instances (bsc#1208612) Moderate SUSE bug 1208612 SUSE bug 1211741 SUSE bug 1212279 CVE-2023-28370 cpe:/o:opensuse:leap:15.4 Security update for salt (Moderate) openSUSE Leap 15.4 This update for salt fixes the following issues: Security fixes: - CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741) Bug fixes: - Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994) - Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) Moderate SUSE bug 1210994 SUSE bug 1211591 SUSE bug 1211741 CVE-2023-28370 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following security issues: Firefox was updated to Extended Support Release 115.1.0 ESR (bsc#1213746): - CVE-2023-4045: Fixed cross-origin restrictions bypass with Offscreen Canvas (bmo#1833876). - CVE-2023-4046: Fixed incorrect value used during WASM compilation (bmo#1837686). - CVE-2023-4047: Fixed potential permissions request bypass via clickjacking (bmo#1839073). - CVE-2023-4048: Fixed crash in DOMParser due to out-of-memory conditions (bmo#1841368). - CVE-2023-4049: Fixed potential race conditions when releasing platform objects (bmo#1842658). - CVE-2023-4050: Fixed stack buffer overflow in StorageManager (bmo#1843038). - CVE-2023-4052: Fixed file deletion and privilege escalation through Firefox uninstaller (bmo#1824420). - CVE-2023-4054: Fixed lack of warning when opening appref-ms files (bmo#1840777). - CVE-2023-4055: Fixed cookie jar overflow caused unexpected cookie jar state (bmo#1782561). - CVE-2023-4056: Fixed memory safety bugs (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847). - CVE-2023-4057: Fixed memory safety bugs (bmo#1841682). Bugfixes: - Remove bashisms from startup-script (bsc#1213657) Important SUSE bug 1213657 SUSE bug 1213746 CVE-2023-4045 CVE-2023-4046 CVE-2023-4047 CVE-2023-4048 CVE-2023-4049 CVE-2023-4050 CVE-2023-4052 CVE-2023-4054 CVE-2023-4055 CVE-2023-4056 CVE-2023-4057 cpe:/o:opensuse:leap:15.4 Security update for jtidy (Moderate) openSUSE Leap 15.4 This update for jtidy fixes the following issues: - CVE-2023-34623: Prevent crash when parsing documents with excessive nesting (bsc#1212404). Moderate SUSE bug 1212404 CVE-2023-34623 cpe:/o:opensuse:leap:15.4 Security update for poppler (Moderate) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272). Moderate SUSE bug 1199272 CVE-2022-27337 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). The following non-security bugs were fixed: - ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). - ALSA: fireface: make read-only const array for model names static (git-fixes). - ALSA: hda/realtek - remove 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes). - ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes). - ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes). - ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes). - ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes). - ALSA: hda/realtek: Whitespace fix (git-fixes). - ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). - ALSA: oxfw: make read-only const array models static (git-fixes). - ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes). - ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes). - ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes). - ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes). - ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes). - ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). - ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes). - ASoC: tegra: Fix ADX byte map (git-fixes). - ASoC: tegra: Fix AMX byte map (git-fixes). - Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes). - Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes). - Documentation: bonding: fix the doc of peer_notif_delay (git-fixes). - Documentation: timers: hrtimers: Make hybrid union historical (git-fixes). - Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758) - Fix documentation of panic_on_warn (git-fixes). - IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes) - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes). - RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes) - Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes) - Revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes). - USB: dwc2: Fix some error handling paths (git-fixes). - USB: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes). - USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). - USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). - USB: serial: option: add LARA-R6 01B PIDs (git-fixes). - Update config and supported.conf files due to renaming. - apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). - arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes) - arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes) - arm64: vdso: Pass (void *) to virt_to_page() (git-fixes) - arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) - can: bcm: Fix UAF in bcm_proc_show() (git-fixes). - cifs: add a warning when the in-flight count goes negative (bsc#1193629). - cifs: address unused variable warning (bsc#1193629). - cifs: do all necessary checks for credits within or before locking (bsc#1193629). - cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). - cifs: fix max_credits implementation (bsc#1193629). - cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). - cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). - cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). - cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). - cifs: fix status checks in cifs_tree_connect (bsc#1193629). - cifs: log session id when a matching ses is not found (bsc#1193629). - cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). - cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). - cifs: print all credit counters in DebugData (bsc#1193629). - cifs: print client_guid in DebugData (bsc#1193629). - cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). - cifs: print nosharesock value while dumping mount options (bsc#1193629). - clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes). - codel: fix kernel-doc notation warnings (git-fixes). - crypto: kpp - Add helper to set reqsize (git-fixes). - crypto: qat - Use helper to set reqsize (git-fixes). - devlink: fix kernel-doc notation warnings (git-fixes). - docs: networking: Update codeaurora references for rmnet (git-fixes). - drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes). - drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes). - drm/amdgpu: Validate VM ioctl flags (git-fixes). - drm/amdgpu: avoid restore process run into dead loop (git-fixes). - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes). - drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes). - drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes). - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). - drm/client: Fix memory leak in drm_client_target_cloned (git-fixes). - drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes). - drm/i915: Fix one wrong caching mode enum usage (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). - drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes). - drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes). - drm/ttm: Do not leak a resource on swapout move error (git-fixes). - dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes). - ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). - ext4: add EA_INODE checking to ext4_iget() (bsc#1213106). - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). - ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). - ext4: add strict range checks while freeing blocks (bsc#1213089). - ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). - ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). - ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). - ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). - ext4: disallow ea_inodes with extended attributes (bsc#1213108). - ext4: fail ext4_iget if special inode unallocated (bsc#1213010). - ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). - ext4: fix WARNING in mb_find_extent (bsc#1213099). - ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). - ext4: fix data races when using cached status extents (bsc#1213102). - ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). - ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). - ext4: fix lockdep warning when enabling MMP (bsc#1213100). - ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). - ext4: improve error handling from ext4_dirhash() (bsc#1213104). - ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). - ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). - ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). - ext4: refuse to create ea block when umounted (bsc#1213093). - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). - ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). - ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). - ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). - ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes). - fbdev: imxfb: warn about invalid left/right margin (git-fixes). - fuse: ioctl: translate ENOSYS in outarg (bsc#1213524). - fuse: revalidate: do not invalidate if interrupted (bsc#1213523). - hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861). - hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861). - hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861). - hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). - hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861). - hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861). - hwmon: (adm1275) Allow setting sample averaging (git-fixes). - hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes). - i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). - i2c: xiic: Do not try to handle more interrupt events after error (git-fixes). - inotify: Avoid reporting event with invalid wd (bsc#1213025). - jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). - jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). - kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). - kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers - kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes). - leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes). - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). - media: cec: i2c: ch7322: also select REGMAP (git-fixes). - media: i2c: Correct format propagation for st-mipid02 (git-fixes). - media: usb: Check az6007_read() return value (git-fixes). - media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes). - media: venus: helpers: Fix ALIGN() of non power of two (git-fixes). - media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). - memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). - mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes). - mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes). - net: mana: Add support for vlan tagging (bsc#1212301). - net: phy: prevent stale pointer dereference in phy_init() (git-fixes). - ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes). - ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes). - ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes). - ntb: ntb_tool: Add check for devm_kcalloc (git-fixes). - ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). - nvme-multipath: support io stats on the mpath device (bsc#1210565). - nvme: introduce nvme_start_request (bsc#1210565). - ocfs2: Switch to security_inode_init_security() (git-fixes). - ocfs2: check new file size on fallocate call (git-fixes). - ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). - opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). - phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes). - phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes). - phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). - pie: fix kernel-doc notation warning (git-fixes). - pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes). - pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes). - pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes). - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869). - powerpc/64s: Fix VAS mm use after free (bsc#1194869). - powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869). - powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869). - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869). - powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869). - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes). - powerpc/mm: Switch obsolete dssall to .long (bsc#1194869). - powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). - powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). - powerpc/prom_init: Fix kernel config grep (bsc#1194869). - powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). - powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). - powerpc: clean vdso32 and vdso64 directories (bsc#1194869). - powerpc: define get_cycles macro for arch-override (bsc#1194869). - powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). - pwm: ab8500: Fix error code in probe() (git-fixes). - pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). - pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes). - rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*. - rsi: remove kernel-doc comment marker (git-fixes). - s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). - s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). - s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263). - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). - s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld &lt; 2.36 (git-fixes bsc#1213264). - s390: discard .interp section (git-fixes bsc#1213247). - sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) - sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes) - security: keys: Modify mismatched function name (git-fixes). - selftests: mptcp: depend on SYN_COOKIES (git-fixes). - selftests: mptcp: sockopt: return error if wrong mark (git-fixes). - selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes). - selftests: tc: add 'ct' action kconfig dep (git-fixes). - selftests: tc: add ConnTrack procfs kconfig (git-fixes). - selftests: tc: set timeout to 15 minutes (git-fixes). - signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869). - signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869). - smb3: do not reserve too many oplock credits (bsc#1193629). - smb3: missing null check in SMB2_change_notify (bsc#1193629). - smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). - smb: client: fix missed ses refcounting (git-fixes). - smb: client: fix parsing of source mount option (bsc#1193629). - smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629). - smb: client: fix warning in CIFSFindFirst() (bsc#1193629). - smb: client: fix warning in CIFSFindNext() (bsc#1193629). - smb: client: fix warning in cifs_match_super() (bsc#1193629). - smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). - smb: client: fix warning in generic_ip_connect() (bsc#1193629). - smb: client: improve DFS mount check (bsc#1193629). - smb: client: remove redundant pointer 'server' (bsc#1193629). - smb: delete an unnecessary statement (bsc#1193629). - smb: move client and server files to common directory fs/smb (bsc#1193629). - smb: remove obsolete comment (bsc#1193629). - soundwire: qcom: fix storing port config out-of-bounds (git-fixes). - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes). - spi: bcm63xx: fix max prepend length (git-fixes). - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes). - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubi: ensure that VID header offset + VID header size &lt;= alloc, size (bsc#1210584). - udf: Avoid double brelse() in udf_rename() (bsc#1213032). - udf: Define EFSCORRUPTED error code (bsc#1213038). - udf: Detect system inodes linked into directory hierarchy (bsc#1213114). - udf: Discard preallocation before extending file with a hole (bsc#1213036). - udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). - udf: Do not bother merging very long extents (bsc#1213040). - udf: Do not update file length for failed writes to inline files (bsc#1213041). - udf: Fix error handling in udf_new_inode() (bsc#1213112). - udf: Fix extending file within last block (bsc#1213037). - udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). - udf: Preserve link count of system files (bsc#1213113). - udf: Truncate added extents on failed expansion (bsc#1213039). - wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). - wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes). - wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes). - wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes). - wl3501_cs: use eth_hw_addr_set() (git-fixes). - writeback: fix call of incorrect macro (bsc#1213024). - x86: Fix .brk attribute in linker script (git-fixes). - xfs: AIL needs asynchronous CIL forcing (bsc#1211811). - xfs: CIL work is serialised, not pipelined (bsc#1211811). - xfs: XLOG_STATE_IOERROR must die (bsc#1211811). - xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811). - xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). - xfs: clean up the rtbitmap fsmap backend (git-fixes). - xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes). - xfs: do not reverse order of items in bulk AIL insertion (git-fixes). - xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). - xfs: drop async cache flushes from CIL commits (bsc#1211811). - xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). - xfs: fix getfsmap reporting past the last rt extent (git-fixes). - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes). - xfs: fix interval filtering in multi-step fsmap queries (git-fixes). - xfs: fix logdev fsmap query result filtering (git-fixes). - xfs: fix off-by-one error when the last rt extent is in use (git-fixes). - xfs: fix uninitialized variable access (git-fixes). - xfs: make fsmap backend function key parameters const (git-fixes). - xfs: make the record pointer passed to query_range functions const (git-fixes). - xfs: move the CIL workqueue to the CIL (bsc#1211811). - xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). - xfs: order CIL checkpoint start records (bsc#1211811). - xfs: pass a CIL context to xlog_write() (bsc#1211811). - xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). - xfs: rework xlog_state_do_callback() (bsc#1211811). - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). - xfs: separate out log shutdown callback processing (bsc#1211811). - xfs: wait iclog complete before tearing down AIL (bsc#1211811). - xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes). - xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes). - xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes). Important SUSE bug 1150305 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1207894 SUSE bug 1208788 SUSE bug 1210565 SUSE bug 1210584 SUSE bug 1210853 SUSE bug 1211243 SUSE bug 1211811 SUSE bug 1211867 SUSE bug 1212301 SUSE bug 1212846 SUSE bug 1212905 SUSE bug 1213010 SUSE bug 1213011 SUSE bug 1213012 SUSE bug 1213013 SUSE bug 1213014 SUSE bug 1213015 SUSE bug 1213016 SUSE bug 1213017 SUSE bug 1213018 SUSE bug 1213019 SUSE bug 1213020 SUSE bug 1213021 SUSE bug 1213024 SUSE bug 1213025 SUSE bug 1213032 SUSE bug 1213034 SUSE bug 1213035 SUSE bug 1213036 SUSE bug 1213037 SUSE bug 1213038 SUSE bug 1213039 SUSE bug 1213040 SUSE bug 1213041 SUSE bug 1213059 SUSE bug 1213061 SUSE bug 1213087 SUSE bug 1213088 SUSE bug 1213089 SUSE bug 1213090 SUSE bug 1213092 SUSE bug 1213093 SUSE bug 1213094 SUSE bug 1213095 SUSE bug 1213096 SUSE bug 1213098 SUSE bug 1213099 SUSE bug 1213100 SUSE bug 1213102 SUSE bug 1213103 SUSE bug 1213104 SUSE bug 1213105 SUSE bug 1213106 SUSE bug 1213107 SUSE bug 1213108 SUSE bug 1213109 SUSE bug 1213110 SUSE bug 1213111 SUSE bug 1213112 SUSE bug 1213113 SUSE bug 1213114 SUSE bug 1213134 SUSE bug 1213245 SUSE bug 1213247 SUSE bug 1213252 SUSE bug 1213258 SUSE bug 1213259 SUSE bug 1213263 SUSE bug 1213264 SUSE bug 1213286 SUSE bug 1213523 SUSE bug 1213524 SUSE bug 1213543 SUSE bug 1213705 CVE-2023-20593 CVE-2023-2985 CVE-2023-3117 CVE-2023-31248 CVE-2023-3390 CVE-2023-35001 CVE-2023-3812 cpe:/o:opensuse:leap:15.4 Security update for go1.20 (Important) openSUSE Leap 15.4 This update for go1.20 fixes the following issues: - Update to go v1.20.7 (released 2023-08-01) (bsc#1206346) - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) Important SUSE bug 1206346 SUSE bug 1213880 CVE-2023-29409 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-3609: Fixed an use-after-free vulnerability in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write vulnerability in net/sched (bsc#1213585). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). The following non-security bugs were fixed: - Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes). - Drop patch that caused issues with k3s (bsc#1213705). - Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758) - Fix documentation of panic_on_warn (git-fixes). - Fixed launch issue on 15-SP5 (git-fixes, bsc#1210853). - Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes) - Revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes). - acpi: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). - alsa: fireface: make read-only const array for model names static (git-fixes). - alsa: hda/realtek - remove 3k pull low procedure (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NS70AU (git-fixes). - alsa: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes). - alsa: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes). - alsa: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes). - alsa: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes). - alsa: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes). - alsa: hda/realtek: Whitespace fix (git-fixes). - alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). - alsa: oxfw: make read-only const array models static (git-fixes). - alsa: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes). - apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). - arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes) - arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes) - arm64: vdso: Pass (void *) to virt_to_page() (git-fixes) - arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) - asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes). - asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes). - asoc: codecs: wcd938x: fix codec initialisation race (git-fixes). - asoc: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes). - asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). - asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes). - asoc: tegra: Fix ADX byte map (git-fixes). - asoc: tegra: Fix AMX byte map (git-fixes). - can: bcm: Fix UAF in bcm_proc_show() (git-fixes). - cifs: add a warning when the in-flight count goes negative (bsc#1193629). - cifs: address unused variable warning (bsc#1193629). - cifs: do all necessary checks for credits within or before locking (bsc#1193629). - cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). - cifs: fix max_credits implementation (bsc#1193629). - cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). - cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). - cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). - cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). - cifs: fix status checks in cifs_tree_connect (bsc#1193629). - cifs: log session id when a matching ses is not found (bsc#1193629). - cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). - cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). - cifs: print all credit counters in DebugData (bsc#1193629). - cifs: print client_guid in DebugData (bsc#1193629). - cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). - cifs: print nosharesock value while dumping mount options (bsc#1193629). - clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes). - codel: fix kernel-doc notation warnings (git-fixes). - crypto: kpp - Add helper to set reqsize (git-fixes). - crypto: qat - Use helper to set reqsize (git-fixes). - devlink: fix kernel-doc notation warnings (git-fixes). - docs: networking: Update codeaurora references for rmnet (git-fixes). - documentation: bonding: fix the doc of peer_notif_delay (git-fixes). - documentation: timers: hrtimers: Make hybrid union historical (git-fixes). - drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes). - drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes). - drm/amdgpu: Validate VM ioctl flags (git-fixes). - drm/amdgpu: avoid restore process run into dead loop (git-fixes). - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes). - drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes). - drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes). - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). - drm/client: Fix memory leak in drm_client_target_cloned (git-fixes). - drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes). - drm/i915: Fix one wrong caching mode enum usage (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). - drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes). - drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes). - drm/ttm: Do not leak a resource on swapout move error (git-fixes). - dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes). - ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). - ext4: add EA_INODE checking to ext4_iget() (bsc#1213106). - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). - ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). - ext4: add strict range checks while freeing blocks (bsc#1213089). - ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). - ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). - ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). - ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). - ext4: disallow ea_inodes with extended attributes (bsc#1213108). - ext4: fail ext4_iget if special inode unallocated (bsc#1213010). - ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). - ext4: fix WARNING in mb_find_extent (bsc#1213099). - ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). - ext4: fix data races when using cached status extents (bsc#1213102). - ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). - ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). - ext4: fix lockdep warning when enabling MMP (bsc#1213100). - ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). - ext4: improve error handling from ext4_dirhash() (bsc#1213104). - ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). - ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). - ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). - ext4: refuse to create ea block when umounted (bsc#1213093). - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). - ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). - ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). - ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). - ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes). - fbdev: imxfb: warn about invalid left/right margin (git-fixes). - fuse: ioctl: translate ENOSYS in outarg (bsc#1213524). - fuse: revalidate: do not invalidate if interrupted (bsc#1213523). - hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861). - hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861). - hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861). - hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). - hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861). - hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861). - hwmon: (adm1275) Allow setting sample averaging (git-fixes). - hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes). - i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). - i2c: xiic: Do not try to handle more interrupt events after error (git-fixes). - ib/hfi1: Use bitmap_zalloc() when applicable (git-fixes) - inotify: Avoid reporting event with invalid wd (bsc#1213025). - jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). - jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). - kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). - kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers - kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes). - leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes). - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). - media: cec: i2c: ch7322: also select REGMAP (git-fixes). - media: i2c: Correct format propagation for st-mipid02 (git-fixes). - media: usb: Check az6007_read() return value (git-fixes). - media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes). - media: venus: helpers: Fix ALIGN() of non power of two (git-fixes). - media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). - memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). - mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes). - mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585). - net: mana: Add support for vlan tagging (bsc#1212301). - net: phy: prevent stale pointer dereference in phy_init() (git-fixes). - ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes). - ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes). - ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes). - ntb: ntb_tool: Add check for devm_kcalloc (git-fixes). - ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). - nvme-multipath: support io stats on the mpath device (bsc#1210565). - nvme: introduce nvme_start_request (bsc#1210565). - ocfs2: Switch to security_inode_init_security() (git-fixes). - ocfs2: check new file size on fallocate call (git-fixes). - ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). - opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). - pci/pm: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes). - pci: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes). - phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes). - phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes). - phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). - pie: fix kernel-doc notation warning (git-fixes). - pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes). - pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes). - pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes). - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869). - powerpc/64s: Fix VAS mm use after free (bsc#1194869). - powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869). - powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869). - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869). - powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869). - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes). - powerpc/mm: Switch obsolete dssall to .long (bsc#1194869). - powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). - powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). - powerpc/prom_init: Fix kernel config grep (bsc#1194869). - powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). - powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). - powerpc: clean vdso32 and vdso64 directories (bsc#1194869). - powerpc: define get_cycles macro for arch-override (bsc#1194869). - powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). - pwm: ab8500: Fix error code in probe() (git-fixes). - pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). - pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes). - rdma/rxe: Fix access checks in rxe_check_bind_mw (git-fixes) - rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*. - rsi: remove kernel-doc comment marker (git-fixes). - s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). - s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). - s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263). - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). - s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld &lt; 2.36 (git-fixes bsc#1213264). - s390: discard .interp section (git-fixes bsc#1213247). - sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) - sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes) - security: keys: Modify mismatched function name (git-fixes). - selftests: mptcp: depend on SYN_COOKIES (git-fixes). - selftests: mptcp: sockopt: return error if wrong mark (git-fixes). - selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes). - selftests: tc: add 'ct' action kconfig dep (git-fixes). - selftests: tc: add ConnTrack procfs kconfig (git-fixes). - selftests: tc: set timeout to 15 minutes (git-fixes). - signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869). - signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869). - smb3: do not reserve too many oplock credits (bsc#1193629). - smb3: missing null check in SMB2_change_notify (bsc#1193629). - smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). - smb: client: fix missed ses refcounting (git-fixes). - smb: client: fix parsing of source mount option (bsc#1193629). - smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629). - smb: client: fix warning in CIFSFindFirst() (bsc#1193629). - smb: client: fix warning in CIFSFindNext() (bsc#1193629). - smb: client: fix warning in cifs_match_super() (bsc#1193629). - smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). - smb: client: fix warning in generic_ip_connect() (bsc#1193629). - smb: client: improve DFS mount check (bsc#1193629). - smb: client: remove redundant pointer 'server' (bsc#1193629). - smb: delete an unnecessary statement (bsc#1193629). - smb: move client and server files to common directory fs/smb (bsc#1193629). - smb: remove obsolete comment (bsc#1193629). - soundwire: qcom: fix storing port config out-of-bounds (git-fixes). - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes). - spi: bcm63xx: fix max prepend length (git-fixes). - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes). - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubi: ensure that VID header offset + VID header size &lt;= alloc, size (bsc#1210584). - udf: Avoid double brelse() in udf_rename() (bsc#1213032). - udf: Define EFSCORRUPTED error code (bsc#1213038). - udf: Detect system inodes linked into directory hierarchy (bsc#1213114). - udf: Discard preallocation before extending file with a hole (bsc#1213036). - udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). - udf: Do not bother merging very long extents (bsc#1213040). - udf: Do not update file length for failed writes to inline files (bsc#1213041). - udf: Fix error handling in udf_new_inode() (bsc#1213112). - udf: Fix extending file within last block (bsc#1213037). - udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). - udf: Preserve link count of system files (bsc#1213113). - udf: Truncate added extents on failed expansion (bsc#1213039). - usb: dwc2: Fix some error handling paths (git-fixes). - usb: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes). - usb: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). - usb: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). - usb: serial: option: add LARA-R6 01B PIDs (git-fixes). - wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). - wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes). - wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes). - wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes). - wl3501_cs: use eth_hw_addr_set() (git-fixes). - writeback: fix call of incorrect macro (bsc#1213024). - x86: Fix .brk attribute in linker script (git-fixes). - xfs: AIL needs asynchronous CIL forcing (bsc#1211811). - xfs: CIL work is serialised, not pipelined (bsc#1211811). - xfs: XLOG_STATE_IOERROR must die (bsc#1211811). - xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811). - xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). - xfs: clean up the rtbitmap fsmap backend (git-fixes). - xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes). - xfs: do not reverse order of items in bulk AIL insertion (git-fixes). - xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). - xfs: drop async cache flushes from CIL commits (bsc#1211811). - xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). - xfs: fix getfsmap reporting past the last rt extent (git-fixes). - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes). - xfs: fix interval filtering in multi-step fsmap queries (git-fixes). - xfs: fix logdev fsmap query result filtering (git-fixes). - xfs: fix off-by-one error when the last rt extent is in use (git-fixes). - xfs: fix uninitialized variable access (git-fixes). - xfs: make fsmap backend function key parameters const (git-fixes). - xfs: make the record pointer passed to query_range functions const (git-fixes). - xfs: move the CIL workqueue to the CIL (bsc#1211811). - xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). - xfs: order CIL checkpoint start records (bsc#1211811). - xfs: pass a CIL context to xlog_write() (bsc#1211811). - xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). - xfs: rework xlog_state_do_callback() (bsc#1211811). - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). - xfs: separate out log shutdown callback processing (bsc#1211811). - xfs: wait iclog complete before tearing down AIL (bsc#1211811). - xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes). - xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes). - xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes). Important SUSE bug 1150305 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1207894 SUSE bug 1208788 SUSE bug 1210565 SUSE bug 1210584 SUSE bug 1210853 SUSE bug 1211243 SUSE bug 1211811 SUSE bug 1211867 SUSE bug 1212301 SUSE bug 1212846 SUSE bug 1212905 SUSE bug 1213010 SUSE bug 1213011 SUSE bug 1213012 SUSE bug 1213013 SUSE bug 1213014 SUSE bug 1213015 SUSE bug 1213016 SUSE bug 1213017 SUSE bug 1213018 SUSE bug 1213019 SUSE bug 1213020 SUSE bug 1213021 SUSE bug 1213024 SUSE bug 1213025 SUSE bug 1213032 SUSE bug 1213034 SUSE bug 1213035 SUSE bug 1213036 SUSE bug 1213037 SUSE bug 1213038 SUSE bug 1213039 SUSE bug 1213040 SUSE bug 1213041 SUSE bug 1213059 SUSE bug 1213061 SUSE bug 1213087 SUSE bug 1213088 SUSE bug 1213089 SUSE bug 1213090 SUSE bug 1213092 SUSE bug 1213093 SUSE bug 1213094 SUSE bug 1213095 SUSE bug 1213096 SUSE bug 1213098 SUSE bug 1213099 SUSE bug 1213100 SUSE bug 1213102 SUSE bug 1213103 SUSE bug 1213104 SUSE bug 1213105 SUSE bug 1213106 SUSE bug 1213107 SUSE bug 1213108 SUSE bug 1213109 SUSE bug 1213110 SUSE bug 1213111 SUSE bug 1213112 SUSE bug 1213113 SUSE bug 1213114 SUSE bug 1213134 SUSE bug 1213245 SUSE bug 1213247 SUSE bug 1213252 SUSE bug 1213258 SUSE bug 1213259 SUSE bug 1213263 SUSE bug 1213264 SUSE bug 1213286 SUSE bug 1213523 SUSE bug 1213524 SUSE bug 1213543 SUSE bug 1213585 SUSE bug 1213586 SUSE bug 1213705 CVE-2023-20593 CVE-2023-2985 CVE-2023-3117 CVE-2023-31248 CVE-2023-3390 CVE-2023-35001 CVE-2023-3609 CVE-2023-3611 CVE-2023-3812 cpe:/o:opensuse:leap:15.4 Security update for pipewire (Moderate) openSUSE Leap 15.4 This update for pipewire fixes the following security issues: - Fixed issue where an app which only has permission to access one stream can also access other streams (bsc#1213682). Bugfixes: - Fixed division by 0 and other issues with invalid values (glfo#pipewire/pipewire#2953) - Fixed an overflow resulting in choppy sound in some cases (glfo#pipewire/pipewire#2680) Moderate SUSE bug 1213682 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Low) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2023-3745: Fixed heap out of bounds read in PushCharPixel() in quantum-private.h (bsc#1213624). Low SUSE bug 1213624 CVE-2023-3745 cpe:/o:opensuse:leap:15.4 Security update for xtrans (Low) openSUSE Leap 15.4 This update for xtrans fixes the following issues: - CVE-2020-25697: Fixed local privilege escalation via TRANS_ABSTRACT on the client side (bsc#1178613). Low SUSE bug 1178613 CVE-2020-25697 cpe:/o:opensuse:leap:15.4 Security update for rpmlint-mini (Low) openSUSE Leap 15.4 This update for rpmlint-mini fixes the following issues: Update polkit-default-privs to version 13.2+20221216.a0c29e6: - backport usbguard actions (bsc#1206414). Low SUSE bug 1206414 cpe:/o:opensuse:leap:15.4 Security update for gstreamer-plugins-good (Important) openSUSE Leap 15.4 This update for gstreamer-plugins-good fixes the following issues: - CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128). Important SUSE bug 1213128 CVE-2023-37327 cpe:/o:opensuse:leap:15.4 Security update for apache2 (Important) openSUSE Leap 15.4 This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251). - CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250). - CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247). Important SUSE bug 1207247 SUSE bug 1207250 SUSE bug 1207251 CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 cpe:/o:opensuse:leap:15.4 Security update for gstreamer-plugins-base (Important) openSUSE Leap 15.4 This update for gstreamer-plugins-base fixes the following issues: - CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128). - CVE-2023-37328: Fixed Heap-based Buffer Overflow in GStreamer PGS (bsc#1213131). Important SUSE bug 1213128 SUSE bug 1213131 CVE-2023-37327 CVE-2023-37328 cpe:/o:opensuse:leap:15.4 Security update for gstreamer-plugins-ugly (Important) openSUSE Leap 15.4 This update for gstreamer-plugins-ugly fixes the following issues: - CVE-2023-38103: Fixed integer overflow during parsing of MDPR chunks (bsc#1213751). - CVE-2023-38104: Fixed integer overflow during parsing of MDPR chunks (bsc#1213750). Important SUSE bug 1213750 SUSE bug 1213751 CVE-2023-38103 CVE-2023-38104 cpe:/o:opensuse:leap:15.4 Security update for gstreamer-plugins-ugly (Important) openSUSE Leap 15.4 This update for gstreamer-plugins-ugly fixes the following issues: - CVE-2023-38104: Fixed integer overflow during parsing of MDPR chunks (bsc#1213750). - CVE-2023-38103: Fixed integer overflow during parsing of MDPR chunks (bsc#1213751). Important SUSE bug 1213750 SUSE bug 1213751 CVE-2023-38103 CVE-2023-38104 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Update Mozilla Thunderbird 115.1.0 (bsc#1213746): - CVE-2023-4045: Fixed cross-origin restrictions bypass with Offscreen Canvas (bmo#1833876). - CVE-2023-4046: Fixed incorrect value used during WASM compilation (bmo#1837686). - CVE-2023-4047: Fixed potential permissions request bypass via clickjacking (bmo#1839073). - CVE-2023-4048: Fixed crash in DOMParser due to out-of-memory conditions (bmo#1841368). - CVE-2023-4049: Fixed potential race conditions when releasing platform objects (bmo#1842658). - CVE-2023-4050: Fixed stack buffer overflow in StorageManager (bmo#1843038). - CVE-2023-4052: Fixed file deletion and privilege escalation through Firefox uninstaller (bmo#1824420). - CVE-2023-4054: Fixed lack of warning when opening appref-ms files (bmo#1840777). - CVE-2023-4055: Fixed cookie jar overflow caused unexpected cookie jar state (bmo#1782561). - CVE-2023-4056: Fixed memory safety bugs (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847). - CVE-2023-4057: Fixed memory safety bugs (bmo#1841682). Bugfixes: - Remove bashisms from startup-script (bsc#1213657). Important SUSE bug 1213657 SUSE bug 1213746 CVE-2023-4045 CVE-2023-4046 CVE-2023-4047 CVE-2023-4048 CVE-2023-4049 CVE-2023-4050 CVE-2023-4052 CVE-2023-4054 CVE-2023-4055 CVE-2023-4056 CVE-2023-4057 cpe:/o:opensuse:leap:15.4 Security update for rubygem-actionpack-5_1 (Important) openSUSE Leap 15.4 This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2023-28362: Fixed possible XSS via User Supplied Values to redirect_to (bsc#1213312). Important SUSE bug 1213312 CVE-2023-28362 cpe:/o:opensuse:leap:15.4 Security update for cjose (Important) openSUSE Leap 15.4 This update for cjose fixes the following issues: - CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385). Important SUSE bug 1213385 CVE-2023-37464 cpe:/o:opensuse:leap:15.4 Security update for qemu (Important) openSUSE Leap 15.4 This update for qemu fixes the following issues: - CVE-2023-2861: Fixed improper access control on special files in 9pfs (bsc#1212968). - CVE-2023-3301: Fixed NULL pointer dereference in vhost_vdpa_get_vhost_net() (bsc#1213414). - CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001). Important SUSE bug 1212968 SUSE bug 1213001 SUSE bug 1213414 CVE-2023-2861 CVE-2023-3255 CVE-2023-3301 cpe:/o:opensuse:leap:15.4 Security update for bluez (Moderate) openSUSE Leap 15.4 This update for bluez fixes the following issues: - CVE-2021-41229: Fix leaking buffers stored in cstates cache. (bsc#1192760) Moderate SUSE bug 1192760 CVE-2021-41229 cpe:/o:opensuse:leap:15.4 Security update for poppler (Moderate) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2019-16115: Fixed an uninitialized memory error in GfxUnivariateShading::setupCache. (bsc#1150039) Moderate SUSE bug 1124150 SUSE bug 1150039 CVE-2019-16115 CVE-2019-7310 cpe:/o:opensuse:leap:15.4 Security update for openssl-3 (Moderate) openSUSE Leap 15.4 This update for openssl-3 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) Moderate SUSE bug 1213853 CVE-2023-3817 cpe:/o:opensuse:leap:15.4 Security update for keylime (Important) openSUSE Leap 15.4 This update for keylime fixes the following issues: - CVE-2023-38200: Fixed a DoS attack against it's SSL connections. (bsc#1213310) Important SUSE bug 1213310 CVE-2023-38200 cpe:/o:opensuse:leap:15.4 Security update for rust1.71 (Important) openSUSE Leap 15.4 This update for rust1.71 fixes the following issues: Update to version 1.71.1: - CVE-2023-38497: Fixed privilege escalation with Cargo not respecting umask when extracting dependencies (bsc#1213817). Important SUSE bug 1213817 CVE-2023-38497 cpe:/o:opensuse:leap:15.4 Security update for wireshark (Moderate) openSUSE Leap 15.4 This update for wireshark fixes the following issues: Update to Wireshark 3.6.15: - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.15.html Security fixes: - CVE-2023-0667: Fixed failure to validate MS-MMS packet length (bsc#1212084). - CVE-2023-0668: Fixed IEEE C37.118 Synchrophasor dissector crash (bsc#1211710). - CVE-2023-2855: Fixed Candump log file parser crash (bsc#1211703). - CVE-2023-2856: Fixed VMS TCPIPtrace file parser crash (bsc#1211707). - CVE-2023-2857: Fixed BLF file parser crash (bsc#1211705). - CVE-2023-2858: Fixed NetScaler file parser crash (bsc#1211706). - CVE-2023-2879: Fixed GDSDB dissector infinite loop (bsc#1211793). - CVE-2023-2952: Fixed XRA dissector infinite loop (bsc#1211844). - CVE-2023-3648: Fixed Kafka dissector crash (bsc#1213319). Moderate SUSE bug 1211703 SUSE bug 1211705 SUSE bug 1211706 SUSE bug 1211707 SUSE bug 1211710 SUSE bug 1211793 SUSE bug 1211844 SUSE bug 1212084 SUSE bug 1213319 CVE-2023-0667 CVE-2023-0668 CVE-2023-2855 CVE-2023-2856 CVE-2023-2857 CVE-2023-2858 CVE-2023-2879 CVE-2023-2952 CVE-2023-3648 cpe:/o:opensuse:leap:15.4 Security update for pipewire (Moderate) openSUSE Leap 15.4 This update for pipewire fixes the following security issues: - Fixed issue where an app which only has permission to access one stream can also access other streams (bsc#1213682). Bugfixes: - Fixed division by 0 and other issues with invalid values (glfo#pipewire/pipewire#2953) - Fixed an overflow resulting in choppy sound in some cases (glfo#pipewire/pipewire#2680) Moderate SUSE bug 1213682 cpe:/o:opensuse:leap:15.4 Security update for kubernetes1.24 (Important) openSUSE Leap 15.4 This update for kubernetes1.24 fixes the following issues: Update to version 1.24.16: - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin(bsc#1211630). - CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631). Important SUSE bug 1211630 SUSE bug 1211631 CVE-2023-2727 CVE-2023-2728 cpe:/o:opensuse:leap:15.4 Security update for go1.19 (Important) openSUSE Leap 15.4 This update for go1.19 fixes the following issues: - Update to go v1.19.12 (released 2023-08-01) (bsc#1200441) - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) Important SUSE bug 1200441 SUSE bug 1213880 CVE-2023-29409 cpe:/o:opensuse:leap:15.4 Security update for gstreamer-plugins-base (Important) openSUSE Leap 15.4 This update for gstreamer-plugins-base fixes the following issues: - CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128). - CVE-2023-37328: Fixed Heap-based Buffer Overflow in GStreamer PGS (bsc#1213131). Important SUSE bug 1213128 SUSE bug 1213131 CVE-2023-37327 CVE-2023-37328 cpe:/o:opensuse:leap:15.4 Security update for gstreamer-plugins-good (Important) openSUSE Leap 15.4 This update for gstreamer-plugins-good fixes the following issues: - CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128). Important SUSE bug 1213128 CVE-2023-37327 cpe:/o:opensuse:leap:15.4 Security update for python-scipy (Moderate) openSUSE Leap 15.4 This update for python-scipy fixes the following issues: - CVE-2023-25399: Fixed minor refcounting issue in Py_FindObjects (bsc#1213062). - CVE-2023-29824: Fixed use-after-free in Py_FindObjects (bsc#1213137). Moderate SUSE bug 1213062 SUSE bug 1213137 CVE-2023-25399 CVE-2023-29824 cpe:/o:opensuse:leap:15.4 Security update for rubygem-globalid (Moderate) openSUSE Leap 15.4 This update for rubygem-globalid fixes the following issues: - CVE-2023-22799: Fixed ReDoS vulnerability (bsc#1207587). Moderate SUSE bug 1207587 CVE-2023-22799 cpe:/o:opensuse:leap:15.4 Security update for java-11-openjdk (Important) openSUSE Leap 15.4 This update for java-11-openjdk fixes the following issues: Updated to jdk-11.0.20+8 (July 2023 CPU): - CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473). - CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474). - CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475). - CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479). - CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481). - CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482). - CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922). - JDK-8298676: Enhanced Look and Feel - JDK-8300285: Enhance TLS data handling - JDK-8300596: Enhance Jar Signature validation - JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 - JDK-8302475: Enhance HTTP client file downloading - JDK-8302483: Enhance ZIP performance - JDK-8303376: Better launching of JDI - JDK-8304468: Better array usages - JDK-8305312: Enhanced path handling - JDK-8308682: Enhance AES performance Bugfixes: - JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with Stream closed - JDK-8178806: Better exception logging in crypto code - JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed out - JDK-8209167: Use CLDR's time zone mappings for Windows - JDK-8209546: Make sun/security/tools/keytool/autotest.sh to support macosx - JDK-8209880: tzdb.dat is not reproducibly built - JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java fails - JDK-8214459: NSS source should be removed - JDK-8214807: Improve handling of very old class files - JDK-8215015: [TESTBUG] remove unneeded -Xfuture option from tests - JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded - JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle - JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError - JDK-8232853: AuthenticationFilter.Cache::remove may throw ConcurrentModificationException - JDK-8243936: NonWriteable system properties are actually writeable - JDK-8246383: NullPointerException in JceSecurity.getVerificationResult when using Entrust provider - JDK-8248701: On Windows generated modules-deps.gmk can contain backslash-r (CR) characters - JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates - JDK-8259530: Generated docs contain MIT/GPL-licenced works without reproducing the licence - JDK-8263420: Incorrect function name in NSAccessibilityStaticText native peer implementation - JDK-8264290: Create implementation for NSAccessibilityComponentGroup protocol peer - JDK-8264304: Create implementation for NSAccessibilityToolbar protocol peer - JDK-8265486: ProblemList javax/sound/midi/Sequencer/ /Recording.java on macosx-aarch64 - JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped - JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with no controlling input? - JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile - JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression - JDK-8275721: Name of UTC timezone in a locale changes depending on previous code - JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) - JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir as unnecessary - JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 - JDK-8278434: timeouts in test java/time/test/java/time/format/ /TestZoneTextPrinterParser.java - JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption - JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error - JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test - JDK-8282467: add extra diagnostics for JDK-8268184 - JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary - JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2 - JDK-8285497: Add system property for Java SE specification maintenance version - JDK-8286398: Address possibly lossy conversions in jdk.internal.le - JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code - JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider - JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable - JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies - JDK-8289301: P11Cipher should not throw out of bounds exception during padding - JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space - JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 - JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value - JDK-8291638: Keep-Alive timeout of 0 should close connection immediately - JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected - JDK-8293232: Fix race condition in pkcs11 SessionManager - JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation - JDK-8294548: Problem list SA core file tests on macosx-x64 due to JDK-8294316 - JDK-8294906: Memory leak in PKCS11 NSS TLS server - JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames - JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not - JDK-8297000: [jib] Add more friendly warning for proxy issues - JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter - JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors - JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE - JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument - JDK-8300205: Swing test bug8078268 make latch timeout configurable - JDK-8300490: Spaces in name of MacOS Code Signing Identity are not correctly handled after JDK-8293550 - JDK-8301119: Support for GB18030-2022 - JDK-8301170: perfMemory_windows.cpp add free_security_attr to early returns - JDK-8301401: Allow additional characters for GB18030-2022 support - JDK-8302151: BMPImageReader throws an exception reading BMP images - JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message - JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN - JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303432: Bump update version for OpenJDK: jdk-11.0.20 - JDK-8303440: The 'ZonedDateTime.parse' may not accept the 'UTC+XX' zone id - JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates - JDK-8303476: Add the runtime version in the release file of a JDK image - JDK-8303482: Update LCMS to 2.15 - JDK-8303564: C2: 'Bad graph detected in build_loop_late' after a CMove is wrongly split thru phi - JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303822: gtestMain should give more helpful output - JDK-8303861: Error handling step timeouts should never be blocked by OnError and others - JDK-8303937: Corrupted heap dumps due to missing retries for os::write() - JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype - JDK-8304291: [AIX] Broken build after JDK-8301998 - JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 - JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 - JDK-8304760: Add 2 Microsoft TLS roots - JDK-8305113: (tz) Update Timezone Data to 2023c - JDK-8305400: ISO 4217 Amendment 175 Update - JDK-8305528: [11u] Backport of JDK-8259530 breaks build with JDK10 bootstrap VM - JDK-8305682: Update the javadoc in the Character class to state support for GB 18030-2022 Implementation Level 2 - JDK-8305711: Arm: C2 always enters slowpath for monitorexit - JDK-8305721: add `make compile-commands` artifacts to .gitignore - JDK-8305975: Add TWCA Global Root CA - JDK-8306543: GHA: MSVC installation is failing - JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed - JDK-8306664: GHA: Update MSVC version to latest stepping - JDK-8306768: CodeCache Analytics reports wrong threshold - JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep - JDK-8307134: Add GTS root CAs - JDK-8307811: [TEST] compilation of TimeoutInErrorHandlingTest fails after backport of JDK-8303861 - JDK-8308006: Missing NMT memory tagging in CMS - JDK-8308884: [17u/11u] Backout JDK-8297951 - JDK-8309476: [11u] tools/jmod/hashes/HashesOrderTest.java fails intermittently - JDK-8311465: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.20 Important SUSE bug 1207922 SUSE bug 1213473 SUSE bug 1213474 SUSE bug 1213475 SUSE bug 1213479 SUSE bug 1213481 SUSE bug 1213482 CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Updated to version 102.7.1 (bsc#1207119): * CVE-2022-46871: Fixed out of date libusrsctp. * CVE-2023-23598: Fixed arbitrary file read from GTK drag and drop on Linux. * CVE-2023-23599: Fixed issue where malicious command that could be hidden in devtools output on Windows. * CVE-2023-23601: Fixed issue where URL being dragged from cross-origin iframe into same tab triggers navigation. * CVE-2023-23602: Fixed Content Security Policy not being correctly applied to WebSockets in WebWorkers. * CVE-2022-46877: Fixed fullscreen notification bypass. * CVE-2023-23603: Fixed issue where calls to code tag allowed bypassing Content Security Policy via format directive. * CVE-2023-23605: Fixed memory safety bugs. Important SUSE bug 1207119 CVE-2022-46871 CVE-2022-46877 CVE-2023-0430 CVE-2023-23598 CVE-2023-23599 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23605 cpe:/o:opensuse:leap:15.4 Security update for qatengine (Moderate) openSUSE Leap 15.4 This update for qatengine fixes the following issues: - CVE-2022-43507: Fixed a buffer overflow issue with SHA3. (bsc#1211296) Moderate SUSE bug 1211296 CVE-2022-43507 cpe:/o:opensuse:leap:15.4 Security update for poppler (Moderate) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2019-16115: Fixed an uninitialized memory error in GfxUnivariateShading::setupCache. (bsc#1150039) Moderate SUSE bug 1150039 CVE-2019-16115 cpe:/o:opensuse:leap:15.4 Security update for xrdp (Important) openSUSE Leap 15.4 This update for xrdp fixes the following issues: - CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300). - CVE-2022-23478: Fixed an out of bound write in xrdp_mm_trans_process_drdynvc_chan() (bsc#1206302). - CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303). - CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306). - CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307). - CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310). - CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311). - CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312). - CVE-2022-23493: Fixed an out of bound read in xrdp_mm_trans_process_drdynvc_channel_close() (bsc#1206313). Important SUSE bug 1206300 SUSE bug 1206302 SUSE bug 1206303 SUSE bug 1206306 SUSE bug 1206307 SUSE bug 1206310 SUSE bug 1206311 SUSE bug 1206312 SUSE bug 1206313 CVE-2022-23468 CVE-2022-23478 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 CVE-2022-23493 cpe:/o:opensuse:leap:15.4 Security update for libyajl (Moderate) openSUSE Leap 15.4 This update for libyajl fixes the following issues: - CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928). Moderate SUSE bug 1212928 CVE-2023-33460 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-openj9 (Important) openSUSE Leap 15.4 This update for java-1_8_0-openj9 fixes the following issues: Update to OpenJDK 8u372 build 07 with OpenJ9 0.38.0 virtual machine. CVE-2023-21930: Unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1210628). CVE-2023-21937: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). (bsc#1210631). CVE-2023-21938: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). (bsc#1210632). CVE-2023-21939: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). (bsc#1210634). CVE-2023-21954: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). (bsc#1210635). CVE-2023-21967: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). (bsc#1210636). CVE-2023-21968: Fixed ulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries) (bsc#1210637). CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615). Important SUSE bug 1210628 SUSE bug 1210631 SUSE bug 1210632 SUSE bug 1210634 SUSE bug 1210635 SUSE bug 1210636 SUSE bug 1210637 SUSE bug 1211615 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-2597 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: - afs: Fix access after dec in put functions (git-fixes). - afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes). - afs: Fix dynamic root getattr (git-fixes). - afs: Fix fileserver probe RTT handling (git-fixes). - afs: Fix infinite loop found by xfstest generic/676 (git-fixes). - afs: Fix lost servers_outstanding count (git-fixes). - afs: Fix server->active leak in afs_put_server (git-fixes). - afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes). - afs: Fix updating of i_size with dv jump from server (git-fixes). - afs: Fix vlserver probe RTT handling (git-fixes). - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes). - afs: Use refcount_t rather than atomic_t (git-fixes). - afs: Use the operation issue time instead of the reply time for callbacks (git-fixes). - afs: adjust ack interpretation to try and cope with nat (git-fixes). - alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes). - alsa: hda/realtek: support asus g713pv laptop (git-fixes). - alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes). - alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129). - alsa: usb-audio: update for native dsd support quirks (git-fixes). - asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes). - asoc: codecs: es8316: fix dmic config (git-fixes). - asoc: da7219: check for failure reading aad irq events (git-fixes). - asoc: da7219: flush pending aad irq when suspending (git-fixes). - asoc: fsl_sai: disable bit clock with transmitter (git-fixes). - asoc: fsl_spdif: silence output on stop (git-fixes). - asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes). - ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). - block, bfq: Fix division by zero error on zero wsum (bsc#1213653). - block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes). - can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes). - ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). - coda: Avoid partial allocation of sig_inputArgs (git-fixes). - dlm: fix missing lkb refcount handling (git-fixes). - dlm: fix plock invalid read (git-fixes). - documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes). - drm/amd/display: Disable MPC split by default on special asic (git-fixes). - drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes). - drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes). - drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes). - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). - drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-fixes). - drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes). - file: always lock position for FMODE_ATOMIC_POS (bsc#1213759). - fs: dlm: add midcomms init/start functions (git-fixes). - fs: dlm: do not set stop rx flag after node reset (git-fixes). - fs: dlm: filter user dlm messages for kernel locks (git-fixes). - fs: dlm: fix log of lowcomms vs midcomms (git-fixes). - fs: dlm: fix race between test_bit() and queue_work() (git-fixes). - fs: dlm: fix race in lowcomms (git-fixes). - fs: dlm: handle -EBUSY first in lock arg validation (git-fixes). - fs: dlm: move sending fin message into state change handling (git-fixes). - fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes). - fs: dlm: return positive pid value for F_GETLK (git-fixes). - fs: dlm: start midcomms before scand (git-fixes). - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes). - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes). - fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes). - fs: jfs: fix null-ptr-deref read in txbegin (git-fixes). - gve: Set default duplex configuration to full (git-fixes). - gve: unify driver name usage (git-fixes). - hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-fixes). - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes). - iavf: Fix out-of-bounds when setting channels on remove (git-fixes). - iavf: Fix use-after-free in free_netdev (git-fixes). - iavf: use internal state to free traffic IRQs (git-fixes). - igc: Check if hardware TX timestamping is enabled earlier (git-fixes). - igc: Enable and fix RX hash usage by netstack (git-fixes). - igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes). - igc: Fix inserting of empty frame for launchtime (git-fixes). - igc: Fix launchtime before start of cycle (git-fixes). - igc: Fix race condition in PTP tx code (git-fixes). - igc: Handle PPS start time programming for past time values (git-fixes). - igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes). - igc: Remove delay during TX ring configuration (git-fixes). - igc: Work around HW bug causing missing timestamps (git-fixes). - igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). - input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes). - input: iqs269a - do not poll during ati (git-fixes). - input: iqs269a - do not poll during suspend or resume (git-fixes). - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-fixes). - jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). - jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). - jffs2: fix memory leak in jffs2_scan_medium (git-fixes). - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). - jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes). - kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes) - kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620) - kvm: do not null dereference ops->destroy (git-fixes) - kvm: downgrade two bug_ons to warn_on_once (git-fixes) - kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes) - kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867). - kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes). - kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes). - kvm: vmx: restore vmx_vmexit alignment (git-fixes). - kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes). - libceph: harden msgr2.1 frame segment length checks (bsc#1213857). - media: staging: atomisp: select V4L2_FWNODE (git-fixes). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585). - net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). - net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901). - net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901). - net: phy: marvell10g: fix 88x3310 power up (git-fixes). - nfsd: add encoding of op_recall flag for write delegation (git-fixes). - nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). - nfsd: fix sparse warning (git-fixes). - nfsd: remove open coding of string copy (git-fixes). - nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes). - nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes). - nvme-pci: fix DMA direction of unmapping integrity data (git-fixes). - nvme-pci: remove nvme_queue from nvme_iod (git-fixes). - octeontx-af: fix hardware timestamp configuration (git-fixes). - octeontx2-af: Move validation of ptp pointer before its usage (git-fixes). - octeontx2-pf: Add additional check for MCAM rules (git-fixes). - phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-fixes). - pinctrl: amd: Do not show `Invalid config param` errors (git-fixes). - pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes). - platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-fixes). - rdma/bnxt_re: fix hang during driver unload (git-fixes) - rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes) - rdma/core: update cma destination address on rdma_resolve_addr (git-fixes) - rdma/irdma: add missing read barriers (git-fixes) - rdma/irdma: fix data race on cqp completion stats (git-fixes) - rdma/irdma: fix data race on cqp request done (git-fixes) - rdma/irdma: fix op_type reporting in cqes (git-fixes) - rdma/irdma: report correct wc error (git-fixes) - rdma/mlx4: make check for invalid flags stricter (git-fixes) - rdma/mthca: fix crash when polling cq for shared qps (git-fixes) - regmap: Account for register length in SMBus I/O limits (git-fixes). - regmap: Drop initial version of maximum transfer length fixes (git-fixes). - revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes). - revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes). - revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes). - revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes). - revert 'usb: xhci: tegra: fix error check' (git-fixes). - revert 'xhci: add quirk for host controllers that do not update endpoint dcs' (git-fixes). - rxrpc, afs: Fix selection of abort codes (git-fixes). - s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870). - s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). - s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863). - s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). - s390/qeth: Fix vipa deletion (git-fixes bsc#1213713). - s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715). - s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). - scftorture: Count reschedule IPIs (git-fixes). - scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756). - scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756). - scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756). - scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756). - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756). - scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756). - scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756). - scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). - scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756). - scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756). - scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756). - scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756). - scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756). - scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). - scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756). - scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756). - scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756). - scsi: lpfc: Use struct_size() helper (bsc#1213756). - scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747). - scsi: qla2xxx: Array index may go out of bound (bsc#1213747). - scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747). - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747). - scsi: qla2xxx: Correct the index of array (bsc#1213747). - scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747). - scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747). - scsi: qla2xxx: Fix TMF leak through (bsc#1213747). - scsi: qla2xxx: Fix buffer overrun (bsc#1213747). - scsi: qla2xxx: Fix command flush during TMF (bsc#1213747). - scsi: qla2xxx: Fix deletion race condition (bsc#1213747). - scsi: qla2xxx: Fix end of loop test (bsc#1213747). - scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747). - scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747). - scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747). - scsi: qla2xxx: Fix session hang in gnl (bsc#1213747). - scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747). - scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747). - scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747). - scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747). - scsi: qla2xxx: Silence a static checker warning (bsc#1213747). - scsi: qla2xxx: Turn off noisy message log (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747). - scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747). - scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747). - serial: qcom-geni: drop bogus runtime pm state update (git-fixes). - serial: sifive: Fix sifive_serial_console_setup() section (git-fixes). - soundwire: qcom: update status correctly with mask (git-fixes). - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes). - staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes). - sunrpc: always free ctxt when freeing deferred request (git-fixes). - sunrpc: double free xprt_ctxt while still in use (git-fixes). - sunrpc: fix trace_svc_register() call site (git-fixes). - sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes). - sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes). - sunrpc: remove the maximum number of retries in call_bind_status (git-fixes). - svcrdma: Prevent page release when nothing was received (git-fixes). - tpm_tis: Explicitly check for error code (git-fixes). - tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes). - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-fixes). - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). - ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes). - ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes). - ubifs: Fix build errors as symbol undefined (git-fixes). - ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-fixes). - ubifs: Fix memory leak in alloc_wbufs() (git-fixes). - ubifs: Fix memory leak in do_rename (git-fixes). - ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). - ubifs: Fix to add refcount once page is set private (git-fixes). - ubifs: Fix wrong dirty space budget for dirty inode (git-fixes). - ubifs: Free memory for tmpfile name (git-fixes). - ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes). - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). - ubifs: Rectify space budget for ubifs_xrename() (git-fixes). - ubifs: Rename whiteout atomically (git-fixes). - ubifs: Reserve one leb for each journal head while doing budget (git-fixes). - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-fixes). - ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes). - ubifs: rename_whiteout: correct old_dir size computing (git-fixes). - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes). - ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-fixes). - usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). - usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: xhci-mtk: set the dma max_seg_size (git-fixes). - vhost: support PACKED when setting-getting vring_base (git-fixes). - vhost_net: revert upend_idx only on retriable error (git-fixes). - virtio-net: Maintain reverse cleanup order (git-fixes). - virtio_net: Fix error unwinding of XDP initialization (git-fixes). - x86/PVH: obtain VGA console info in Dom0 (git-fixes). - xen/blkfront: Only check REQ_FUA for writes (git-fixes). - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes). Important SUSE bug 1206418 SUSE bug 1207129 SUSE bug 1210627 SUSE bug 1210780 SUSE bug 1211131 SUSE bug 1211738 SUSE bug 1212502 SUSE bug 1212604 SUSE bug 1212901 SUSE bug 1213167 SUSE bug 1213272 SUSE bug 1213287 SUSE bug 1213304 SUSE bug 1213585 SUSE bug 1213586 SUSE bug 1213588 SUSE bug 1213620 SUSE bug 1213653 SUSE bug 1213713 SUSE bug 1213715 SUSE bug 1213747 SUSE bug 1213756 SUSE bug 1213759 SUSE bug 1213777 SUSE bug 1213810 SUSE bug 1213812 SUSE bug 1213842 SUSE bug 1213856 SUSE bug 1213857 SUSE bug 1213863 SUSE bug 1213867 SUSE bug 1213870 SUSE bug 1213871 CVE-2022-40982 CVE-2023-0459 CVE-2023-20569 CVE-2023-21400 CVE-2023-2156 CVE-2023-2166 CVE-2023-31083 CVE-2023-3268 CVE-2023-3567 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-4004 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: - acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). - add module_firmware() for firmware_tg357766 (git-fixes). - afs: adjust ack interpretation to try and cope with nat (git-fixes). - afs: fix access after dec in put functions (git-fixes). - afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes). - afs: fix dynamic root getattr (git-fixes). - afs: fix fileserver probe rtt handling (git-fixes). - afs: fix infinite loop found by xfstest generic/676 (git-fixes). - afs: fix lost servers_outstanding count (git-fixes). - afs: fix server->active leak in afs_put_server (git-fixes). - afs: fix setting of mtime when creating a file/dir/symlink (git-fixes). - afs: fix updating of i_size with dv jump from server (git-fixes). - afs: fix vlserver probe rtt handling (git-fixes). - afs: return -eagain, not -eremoteio, when a file already locked (git-fixes). - afs: use refcount_t rather than atomic_t (git-fixes). - afs: use the operation issue time instead of the reply time for callbacks (git-fixes). - alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes). - alsa: fireface: make read-only const array for model names static (git-fixes). - alsa: hda/realtek - remove 3k pull low procedure (git-fixes). - alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes). - alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes). - alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes). - alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes). - alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes). - alsa: hda/realtek: add quirk for clevo ns70au (git-fixes). - alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes). - alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes). - alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes). - alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes). - alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes). - alsa: hda/realtek: support asus g713pv laptop (git-fixes). - alsa: hda/realtek: whitespace fix (git-fixes). - alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes). - alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). - alsa: oxfw: make read-only const array models static (git-fixes). - alsa: pcm: fix potential data race at pcm memory allocation helpers (git-fixes). - alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129). - alsa: usb-audio: update for native dsd support quirks (git-fixes). - apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). - arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes) - arm64: dts: microchip: sparx5: do not use psci on reference boards (git-fixes) - arm64: vdso: pass (void *) to virt_to_page() (git-fixes) - arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) - asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes). - asoc: codecs: es8316: fix dmic config (git-fixes). - asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes). - asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes). - asoc: codecs: wcd938x: fix codec initialisation race (git-fixes). - asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes). - asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). - asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes). - asoc: da7219: check for failure reading aad irq events (git-fixes). - asoc: da7219: flush pending aad irq when suspending (git-fixes). - asoc: fsl_sai: disable bit clock with transmitter (git-fixes). - asoc: fsl_spdif: silence output on stop (git-fixes). - asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: tegra: fix adx byte map (git-fixes). - asoc: tegra: fix amx byte map (git-fixes). - asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes). - ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). - block, bfq: fix division by zero error on zero wsum (bsc#1213653). - block: fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes). - can: bcm: fix uaf in bcm_proc_show() (git-fixes). - can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes). - ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). - cifs: add a warning when the in-flight count goes negative (bsc#1193629). - cifs: address unused variable warning (bsc#1193629). - cifs: do all necessary checks for credits within or before locking (bsc#1193629). - cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). - cifs: fix max_credits implementation (bsc#1193629). - cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). - cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). - cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). - cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). - cifs: fix status checks in cifs_tree_connect (bsc#1193629). - cifs: log session id when a matching ses is not found (bsc#1193629). - cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). - cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). - cifs: print all credit counters in debugdata (bsc#1193629). - cifs: print client_guid in debugdata (bsc#1193629). - cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). - cifs: print nosharesock value while dumping mount options (bsc#1193629). - clk: qcom: camcc-sc7180: add parent dependency to all camera gdscs (git-fixes). - clk: qcom: gcc-ipq6018: use floor ops for sdcc clocks (git-fixes). - coda: avoid partial allocation of sig_inputargs (git-fixes). - codel: fix kernel-doc notation warnings (git-fixes). - crypto: kpp - add helper to set reqsize (git-fixes). - crypto: qat - use helper to set reqsize (git-fixes). - delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix bsc#1213705. - devlink: fix kernel-doc notation warnings (git-fixes). - dlm: fix missing lkb refcount handling (git-fixes). - dlm: fix plock invalid read (git-fixes). - docs: networking: update codeaurora references for rmnet (git-fixes). - documentation: abi: sysfs-class-net-qmi: pass_through contact update (git-fixes). - documentation: bonding: fix the doc of peer_notif_delay (git-fixes). - documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes). - documentation: timers: hrtimers: make hybrid union historical (git-fixes). - drm/amd/display: correct `dmub_fw_version` macro (git-fixes). - drm/amd/display: disable mpc split by default on special asic (git-fixes). - drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes). - drm/amdgpu: avoid restore process run into dead loop (git-fixes). - drm/amdgpu: fix clearing mappings for bos that are always valid in vm (git-fixes). - drm/amdgpu: set vmbo destroy after pt bo is created (git-fixes). - drm/amdgpu: validate vm ioctl flags (git-fixes). - drm/atomic: allow vblank-enabled + self-refresh 'disable' (git-fixes). - drm/atomic: fix potential use-after-free in nonblocking commits (git-fixes). - drm/bridge: tc358768: add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix tclk_trailcnt computation (git-fixes). - drm/bridge: tc358768: fix ths_trailcnt computation (git-fixes). - drm/bridge: tc358768: fix ths_zerocnt computation (git-fixes). - drm/client: fix memory leak in drm_client_modeset_probe (git-fixes). - drm/client: fix memory leak in drm_client_target_cloned (git-fixes). - drm/i915/psr: use hw.adjusted mode when calculating io/fast wake times (git-fixes). - drm/i915: fix one wrong caching mode enum usage (git-fixes). - drm/msm/adreno: fix snapshot bindless_data size (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). - drm/msm/dpu: set dpu_data_hctl_en for in intf_sc7180_mask (git-fixes). - drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git-fixes). - drm/panel: simple: add connector_type for innolux_at043tn24 (git-fixes). - drm/panel: simple: add powertip ph800480t013 drm_display_mode flags (git-fixes). - drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes). - drm/ttm: do not leak a resource on swapout move error (git-fixes). - drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777) - dt-bindings: phy: brcm,brcmstb-usb-phy: fix error in 'compatible' conditional schema (git-fixes). - enable nxp snvs rtc driver for i.mx 8mq/8mp (jsc#PED-4758) - ext4: add ea_inode checking to ext4_iget() (bsc#1213106). - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). - ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). - ext4: add strict range checks while freeing blocks (bsc#1213089). - ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). - ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). - ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). - ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). - ext4: disallow ea_inodes with extended attributes (bsc#1213108). - ext4: fail ext4_iget if special inode unallocated (bsc#1213010). - ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). - ext4: fix data races when using cached status extents (bsc#1213102). - ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). - ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). - ext4: fix lockdep warning when enabling mmp (bsc#1213100). - ext4: fix reusing stale buffer heads from last failed mounting (bsc#1213020). - ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). - ext4: fix warning in ext4_update_inline_data (bsc#1213012). - ext4: fix warning in mb_find_extent (bsc#1213099). - ext4: improve error handling from ext4_dirhash() (bsc#1213104). - ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). - ext4: move where set the may_inline_data flag is set (bsc#1213011). - ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). - ext4: refuse to create ea block when umounted (bsc#1213093). - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). - ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). - ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). - ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). - ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). - fbdev: au1200fb: fix missing irq check in au1200fb_drv_probe (git-fixes). - fbdev: imxfb: warn about invalid left/right margin (git-fixes). - file: always lock position for fmode_atomic_pos (bsc#1213759). - fix documentation of panic_on_warn (git-fixes). - fs: dlm: add midcomms init/start functions (git-fixes). - fs: dlm: do not set stop rx flag after node reset (git-fixes). - fs: dlm: filter user dlm messages for kernel locks (git-fixes). - fs: dlm: fix log of lowcomms vs midcomms (git-fixes). - fs: dlm: fix race between test_bit() and queue_work() (git-fixes). - fs: dlm: fix race in lowcomms (git-fixes). - fs: dlm: handle -ebusy first in lock arg validation (git-fixes). - fs: dlm: move sending fin message into state change handling (git-fixes). - fs: dlm: retry accept() until -eagain or error returns (git-fixes). - fs: dlm: return positive pid value for f_getlk (git-fixes). - fs: dlm: start midcomms before scand (git-fixes). - fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-fixes). - fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes). - fs: jfs: fix null-ptr-deref read in txbegin (git-fixes). - fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes). - fuse: ioctl: translate enosys in outarg (bsc#1213524). - fuse: revalidate: do not invalidate if interrupted (bsc#1213523). - gve: set default duplex configuration to full (git-fixes). - gve: unify driver name usage (git-fixes). - hvcs: fix hvcs port reference counting (bsc#1213134 ltc#202861). - hvcs: get reference to tty in remove (bsc#1213134 ltc#202861). - hvcs: synchronize hotplug remove with port free (bsc#1213134 ltc#202861). - hvcs: use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). - hvcs: use driver groups to manage driver attributes (bsc#1213134 ltc#202861). - hvcs: use vhangup in hotplug remove (bsc#1213134 ltc#202861). - hwmon: (adm1275) allow setting sample averaging (git-fixes). - hwmon: (k10temp) enable amd3255 proc to show negative temperature (git-fixes). - hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled (git-fixes). - hwmon: (pmbus/adm1275) fix problems with temperature monitoring on adm1272 (git-fixes). - i2c: xiic: defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). - i2c: xiic: do not try to handle more interrupt events after error (git-fixes). - iavf: fix out-of-bounds when setting channels on remove (git-fixes). - iavf: fix use-after-free in free_netdev (git-fixes). - iavf: use internal state to free traffic irqs (git-fixes). - ib/hfi1: use bitmap_zalloc() when applicable (git-fixes) - igc: check if hardware tx timestamping is enabled earlier (git-fixes). - igc: enable and fix rx hash usage by netstack (git-fixes). - igc: fix inserting of empty frame for launchtime (git-fixes). - igc: fix kernel panic during ndo_tx_timeout callback (git-fixes). - igc: fix launchtime before start of cycle (git-fixes). - igc: fix race condition in ptp tx code (git-fixes). - igc: handle pps start time programming for past time values (git-fixes). - igc: prevent garbled tx queue with xdp zerocopy (git-fixes). - igc: remove delay during tx ring configuration (git-fixes). - igc: set tp bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). - igc: work around hw bug causing missing timestamps (git-fixes). - inotify: avoid reporting event with invalid wd (bsc#1213025). - input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes). - input: iqs269a - do not poll during ati (git-fixes). - input: iqs269a - do not poll during suspend or resume (git-fixes). - jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). - jdb2: do not refuse invalidation of already invalidated buffers (bsc#1213014). - jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). - jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). - jffs2: fix memory leak in jffs2_scan_medium (git-fixes). - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). - jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git-fixes). - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). - jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes). - kabi/severities: add vas symbols changed due to recent fix vas accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers - kabi: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). - kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps') - kselftest: vdso: fix accumulation of uninitialized ret when clock_realtime is undefined (git-fixes). - kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes) - kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620) - kvm: do not null dereference ops->destroy (git-fixes) - kvm: downgrade two bug_ons to warn_on_once (git-fixes) - kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes) - kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867). - kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes). - kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes). - kvm: vmx: restore vmx_vmexit alignment (git-fixes). - kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes). - leds: trigger: netdev: recheck netdev_led_mode_linkup on dev rename (git-fixes). - libceph: harden msgr2.1 frame segment length checks (bsc#1213857). - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). - media: cec: i2c: ch7322: also select regmap (git-fixes). - media: i2c: correct format propagation for st-mipid02 (git-fixes). - media: staging: atomisp: select v4l2_fwnode (git-fixes). - media: usb: check az6007_read() return value (git-fixes). - media: usb: siano: fix warning due to null work_func_t function pointer (git-fixes). - media: venus: helpers: fix align() of non power of two (git-fixes). - media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes). - memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). - mmc: core: disable trim on kingston emmc04g-m627 (git-fixes). - mmc: sdhci: fix dma configure compatibility issue when 64bit dma mode is used (git-fixes). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net/sched: sch_qfq: reintroduce lmax bound check for mtu (bsc#1213585). - net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). - net: mana: add support for vlan tagging (bsc#1212301). - net: mana: batch ringing rx queue doorbell on receiving packets (bsc#1212901). - net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901). - net: phy: marvell10g: fix 88x3310 power up (git-fixes). - net: phy: prevent stale pointer dereference in phy_init() (git-fixes). - nfsd: add encoding of op_recall flag for write delegation (git-fixes). - nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). - nfsd: fix sparse warning (git-fixes). - nfsd: remove open coding of string copy (git-fixes). - nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes). - nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes). - ntb: amd: fix error handling in amd_ntb_pci_driver_init() (git-fixes). - ntb: idt: fix error handling in idt_pci_driver_init() (git-fixes). - ntb: intel: fix error handling in intel_ntb_pci_driver_init() (git-fixes). - ntb: ntb_tool: add check for devm_kcalloc (git-fixes). - ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). - nvme-multipath: support io stats on the mpath device (bsc#1210565). - nvme-pci: fix dma direction of unmapping integrity data (git-fixes). - nvme-pci: remove nvme_queue from nvme_iod (git-fixes). - nvme: introduce nvme_start_request (bsc#1210565). - ocfs2: check new file size on fallocate call (git-fixes). - ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). - ocfs2: switch to security_inode_init_security() (git-fixes). - octeontx-af: fix hardware timestamp configuration (git-fixes). - octeontx2-af: move validation of ptp pointer before its usage (git-fixes). - octeontx2-pf: add additional check for mcam rules (git-fixes). - opp: fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). - pci/pm: avoid putting elopos e2/s2/h2 pcie ports in d3cold (git-fixes). - pci: add function 1 dma alias quirk for marvell 88se9235 (git-fixes). - phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git-fixes). - phy: revert 'phy: remove soc_exynos4212 dep. from phy_exynos4x12_usb' (git-fixes). - phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). - phy: tegra: xusb: clear the driver reference in usb-phy dev (git-fixes). - pie: fix kernel-doc notation warning (git-fixes). - pinctrl: amd: detect internal gpio0 debounce handling (git-fixes). - pinctrl: amd: do not show `invalid config param` errors (git-fixes). - pinctrl: amd: fix mistake in handling clearing pins at startup (git-fixes). - pinctrl: amd: only use special debounce behavior for gpio 0 (git-fixes). - pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes). - platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git-fixes). - powerpc/64: only warn if __pa()/__va() called with bad addresses (bsc#1194869). - powerpc/64s: fix vas mm use after free (bsc#1194869). - powerpc/book3s64/mm: fix directmap stats in /proc/meminfo (bsc#1194869). - powerpc/bpf: fix use of user_pt_regs in uapi (bsc#1194869). - powerpc/ftrace: remove ftrace init tramp once kernel init is complete (bsc#1194869). - powerpc/interrupt: do not read msr from interrupt_exit_kernel_prepare() (bsc#1194869). - powerpc/mm/dax: fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes). - powerpc/mm: switch obsolete dssall to .long (bsc#1194869). - powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). - powerpc/powernv/vas: assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). - powerpc/prom_init: fix kernel config grep (bsc#1194869). - powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). - powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). - powerpc: clean vdso32 and vdso64 directories (bsc#1194869). - powerpc: define get_cycles macro for arch-override (bsc#1194869). - powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). - pwm: ab8500: fix error code in probe() (git-fixes). - pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). - pwm: sysfs: do not apply state to already disabled pwms (git-fixes). - rdma/bnxt_re: fix hang during driver unload (git-fixes) - rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes) - rdma/core: update cma destination address on rdma_resolve_addr (git-fixes) - rdma/irdma: add missing read barriers (git-fixes) - rdma/irdma: fix data race on cqp completion stats (git-fixes) - rdma/irdma: fix data race on cqp request done (git-fixes) - rdma/irdma: fix op_type reporting in cqes (git-fixes) - rdma/irdma: report correct wc error (git-fixes) - rdma/mlx4: make check for invalid flags stricter (git-fixes) - rdma/mthca: fix crash when polling cq for shared qps (git-fixes) - rdma/rxe: fix access checks in rxe_check_bind_mw (git-fixes) - regmap: account for register length in smbus i/o limits (git-fixes). - regmap: drop initial version of maximum transfer length fixes (git-fixes). - revert 'arm64: dts: zynqmp: add address-cells property to interrupt (git-fixes) - revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes). - revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes). - revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes). - revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes). - revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes). - revert 'usb: xhci: tegra: fix error check' (git-fixes). - revert 'xhci: add quirk for host controllers that do not update endpoint dcs' (git-fixes). - rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*. - rpm: update dependency to match current kmod. - rsi: remove kernel-doc comment marker (git-fixes). - rxrpc, afs: fix selection of abort codes (git-fixes). - s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). - s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). - s390/bpf: add expoline to tail calls (git-fixes bsc#1213870). - s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). - s390/debug: add _asm_s390_ prefix to header guard (git-fixes bsc#1213263). - s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863). - s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). - s390/percpu: add read_once() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). - s390/qeth: fix vipa deletion (git-fixes bsc#1213713). - s390/vmem: fix empty page tables cleanup under kasan (git-fixes bsc#1213715). - s390: define runtime_discard_exit to fix link error with gnu ld &lt; 2.36 (git-fixes bsc#1213264). - s390: discard .interp section (git-fixes bsc#1213247). - s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). - scftorture: count reschedule ipis (git-fixes). - sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) - sched: fix debug && !schedstats warn (git-fixes) - scsi: lpfc: abort outstanding els cmds when mailbox timeout error is detected (bsc#1213756). - scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756). - scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756). - scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756). - scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). - scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). - scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths (bsc#1213756). - scsi: lpfc: fix lpfc_name struct packing (bsc#1213756). - scsi: lpfc: make fabric zone discovery more robust when handling unsolicited logo (bsc#1213756). - scsi: lpfc: pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). - scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756). - scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756). - scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology (bsc#1213756). - scsi: lpfc: replace all non-returning strlcpy() with strscpy() (bsc#1213756). - scsi: lpfc: replace one-element array with flexible-array member (bsc#1213756). - scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). - scsi: lpfc: set establish image pair service parameter only for target functions (bsc#1213756). - scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756). - scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756). - scsi: lpfc: use struct_size() helper (bsc#1213756). - scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747). - scsi: qla2xxx: array index may go out of bound (bsc#1213747). - scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747). - scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport() (bsc#1213747). - scsi: qla2xxx: correct the index of array (bsc#1213747). - scsi: qla2xxx: drop useless list_head (bsc#1213747). - scsi: qla2xxx: fix buffer overrun (bsc#1213747). - scsi: qla2xxx: fix command flush during tmf (bsc#1213747). - scsi: qla2xxx: fix deletion race condition (bsc#1213747). - scsi: qla2xxx: fix end of loop test (bsc#1213747). - scsi: qla2xxx: fix erroneous link up failure (bsc#1213747). - scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747). - scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747). - scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747). - scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747). - scsi: qla2xxx: fix session hang in gnl (bsc#1213747). - scsi: qla2xxx: fix tmf leak through (bsc#1213747). - scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747). - scsi: qla2xxx: pointer may be dereferenced (bsc#1213747). - scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747). - scsi: qla2xxx: replace one-element array with declare_flex_array() helper (bsc#1213747). - scsi: qla2xxx: silence a static checker warning (bsc#1213747). - scsi: qla2xxx: turn off noisy message log (bsc#1213747). - scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747). - scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747). - scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747). - security: keys: modify mismatched function name (git-fixes). - selftests: mptcp: depend on syn_cookies (git-fixes). - selftests: mptcp: sockopt: return error if wrong mark (git-fixes). - selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes). - selftests: tc: add 'ct' action kconfig dep (git-fixes). - selftests: tc: add conntrack procfs kconfig (git-fixes). - selftests: tc: set timeout to 15 minutes (git-fixes). - serial: qcom-geni: drop bogus runtime pm state update (git-fixes). - serial: sifive: fix sifive_serial_console_setup() section (git-fixes). - signal/powerpc: on swapcontext failure force sigsegv (bsc#1194869). - signal: replace force_sigsegv(sigsegv) with force_fatal_sig(sigsegv) (bsc#1194869). - smb3: do not reserve too many oplock credits (bsc#1193629). - smb3: missing null check in smb2_change_notify (bsc#1193629). - smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). - smb: client: fix missed ses refcounting (git-fixes). - smb: client: fix parsing of source mount option (bsc#1193629). - smb: client: fix shared dfs root mounts with different prefixes (bsc#1193629). - smb: client: fix warning in cifs_match_super() (bsc#1193629). - smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). - smb: client: fix warning in cifsfindfirst() (bsc#1193629). - smb: client: fix warning in cifsfindnext() (bsc#1193629). - smb: client: fix warning in generic_ip_connect() (bsc#1193629). - smb: client: improve dfs mount check (bsc#1193629). - smb: client: remove redundant pointer 'server' (bsc#1193629). - smb: delete an unnecessary statement (bsc#1193629). - smb: move client and server files to common directory fs/smb (bsc#1193629). - smb: remove obsolete comment (bsc#1193629). - soundwire: qcom: fix storing port config out-of-bounds (git-fixes). - soundwire: qcom: update status correctly with mask (git-fixes). - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes). - spi: bcm63xx: fix max prepend length (git-fixes). - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes). - staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes). - sunrpc: always free ctxt when freeing deferred request (git-fixes). - sunrpc: double free xprt_ctxt while still in use (git-fixes). - sunrpc: fix trace_svc_register() call site (git-fixes). - sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes). - sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes). - sunrpc: remove the maximum number of retries in call_bind_status (git-fixes). - svcrdma: prevent page release when nothing was received (git-fixes). - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes). - tpm_tis: explicitly check for error code (git-fixes). - tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). - ubi: ensure that vid header offset + vid header size &lt;= alloc, size (bsc#1210584). - ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git-fixes). - ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git-fixes). - ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). - ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes). - ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes). - ubifs: fix build errors as symbol undefined (git-fixes). - ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git-fixes). - ubifs: fix memory leak in alloc_wbufs() (git-fixes). - ubifs: fix memory leak in do_rename (git-fixes). - ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). - ubifs: fix to add refcount once page is set private (git-fixes). - ubifs: fix wrong dirty space budget for dirty inode (git-fixes). - ubifs: free memory for tmpfile name (git-fixes). - ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes). - ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). - ubifs: rectify space budget for ubifs_xrename() (git-fixes). - ubifs: rename whiteout atomically (git-fixes). - ubifs: rename_whiteout: correct old_dir size computing (git-fixes). - ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes). - ubifs: reserve one leb for each journal head while doing budget (git-fixes). - ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes). - ubifs: ubifs_writepage: mark page dirty after writing inode failed (git-fixes). - udf: avoid double brelse() in udf_rename() (bsc#1213032). - udf: define efscorrupted error code (bsc#1213038). - udf: detect system inodes linked into directory hierarchy (bsc#1213114). - udf: discard preallocation before extending file with a hole (bsc#1213036). - udf: do not bother looking for prealloc extents if i_lenextents matches i_size (bsc#1213035). - udf: do not bother merging very long extents (bsc#1213040). - udf: do not update file length for failed writes to inline files (bsc#1213041). - udf: fix error handling in udf_new_inode() (bsc#1213112). - udf: fix extending file within last block (bsc#1213037). - udf: fix preallocation discarding at indirect extent boundary (bsc#1213034). - udf: preserve link count of system files (bsc#1213113). - udf: truncate added extents on failed expansion (bsc#1213039). - update config and supported.conf files due to renaming. - update suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes bsc#1212604). added bug reference. - usb: dwc2: fix some error handling paths (git-fixes). - usb: dwc2: platform: improve error reporting for problems during .remove() (git-fixes). - usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). - usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes). - usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes). - usb: serial: option: add lara-r6 01b pids (git-fixes). - usb: xhci-mtk: set the dma max_seg_size (git-fixes). - vhost: support packed when setting-getting vring_base (git-fixes). - vhost_net: revert upend_idx only on retriable error (git-fixes). - virtio-net: maintain reverse cleanup order (git-fixes). - virtio_net: fix error unwinding of xdp initialization (git-fixes). - wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). - wifi: ray_cs: drop useless status variable in parse_addr() (git-fixes). - wifi: ray_cs: utilize strnlen() in parse_addr() (git-fixes). - wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes). - wl3501_cs: use eth_hw_addr_set() (git-fixes). - writeback: fix call of incorrect macro (bsc#1213024). - x86/pvh: obtain vga console info in dom0 (git-fixes). - x86: fix .brk attribute in linker script (git-fixes). - xen/blkfront: only check req_fua for writes (git-fixes). - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes). - xfs: ail needs asynchronous cil forcing (bsc#1211811). - xfs: async cil flushes need pending pushes to be made stable (bsc#1211811). - xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). - xfs: cil work is serialised, not pipelined (bsc#1211811). - xfs: clean up the rtbitmap fsmap backend (git-fixes). - xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes). - xfs: do not reverse order of items in bulk ail insertion (git-fixes). - xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). - xfs: drop async cache flushes from cil commits (bsc#1211811). - xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). - xfs: fix getfsmap reporting past the last rt extent (git-fixes). - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes). - xfs: fix interval filtering in multi-step fsmap queries (git-fixes). - xfs: fix logdev fsmap query result filtering (git-fixes). - xfs: fix off-by-one error when the last rt extent is in use (git-fixes). - xfs: fix uninitialized variable access (git-fixes). - xfs: make fsmap backend function key parameters const (git-fixes). - xfs: make the record pointer passed to query_range functions const (git-fixes). - xfs: move the cil workqueue to the cil (bsc#1211811). - xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). - xfs: order cil checkpoint start records (bsc#1211811). - xfs: pass a cil context to xlog_write() (bsc#1211811). - xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). - xfs: rework xlog_state_do_callback() (bsc#1211811). - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). - xfs: separate out log shutdown callback processing (bsc#1211811). - xfs: wait iclog complete before tearing down ail (bsc#1211811). - xfs: xlog_state_ioerror must die (bsc#1211811). - xhci: fix resume issue of some zhaoxin hosts (git-fixes). - xhci: fix trb prefetch issue of zhaoxin hosts (git-fixes). - xhci: show zhaoxin xhci root hub speed correctly (git-fixes). Important SUSE bug 1150305 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1206418 SUSE bug 1207129 SUSE bug 1207894 SUSE bug 1208788 SUSE bug 1210565 SUSE bug 1210584 SUSE bug 1210627 SUSE bug 1210780 SUSE bug 1210853 SUSE bug 1211131 SUSE bug 1211243 SUSE bug 1211738 SUSE bug 1211811 SUSE bug 1211867 SUSE bug 1212301 SUSE bug 1212502 SUSE bug 1212604 SUSE bug 1212846 SUSE bug 1212901 SUSE bug 1212905 SUSE bug 1213010 SUSE bug 1213011 SUSE bug 1213012 SUSE bug 1213013 SUSE bug 1213014 SUSE bug 1213015 SUSE bug 1213016 SUSE bug 1213017 SUSE bug 1213018 SUSE bug 1213019 SUSE bug 1213020 SUSE bug 1213021 SUSE bug 1213024 SUSE bug 1213025 SUSE bug 1213032 SUSE bug 1213034 SUSE bug 1213035 SUSE bug 1213036 SUSE bug 1213037 SUSE bug 1213038 SUSE bug 1213039 SUSE bug 1213040 SUSE bug 1213041 SUSE bug 1213059 SUSE bug 1213061 SUSE bug 1213087 SUSE bug 1213088 SUSE bug 1213089 SUSE bug 1213090 SUSE bug 1213092 SUSE bug 1213093 SUSE bug 1213094 SUSE bug 1213095 SUSE bug 1213096 SUSE bug 1213098 SUSE bug 1213099 SUSE bug 1213100 SUSE bug 1213102 SUSE bug 1213103 SUSE bug 1213104 SUSE bug 1213105 SUSE bug 1213106 SUSE bug 1213107 SUSE bug 1213108 SUSE bug 1213109 SUSE bug 1213110 SUSE bug 1213111 SUSE bug 1213112 SUSE bug 1213113 SUSE bug 1213114 SUSE bug 1213134 SUSE bug 1213167 SUSE bug 1213245 SUSE bug 1213247 SUSE bug 1213252 SUSE bug 1213258 SUSE bug 1213259 SUSE bug 1213263 SUSE bug 1213264 SUSE bug 1213272 SUSE bug 1213286 SUSE bug 1213287 SUSE bug 1213304 SUSE bug 1213523 SUSE bug 1213524 SUSE bug 1213543 SUSE bug 1213585 SUSE bug 1213586 SUSE bug 1213588 SUSE bug 1213620 SUSE bug 1213653 SUSE bug 1213705 SUSE bug 1213713 SUSE bug 1213715 SUSE bug 1213747 SUSE bug 1213756 SUSE bug 1213759 SUSE bug 1213777 SUSE bug 1213810 SUSE bug 1213812 SUSE bug 1213856 SUSE bug 1213857 SUSE bug 1213863 SUSE bug 1213867 SUSE bug 1213870 SUSE bug 1213871 CVE-2022-40982 CVE-2023-0459 CVE-2023-20569 CVE-2023-20593 CVE-2023-21400 CVE-2023-2156 CVE-2023-2166 CVE-2023-2985 CVE-2023-31083 CVE-2023-3117 CVE-2023-31248 CVE-2023-3268 CVE-2023-3390 CVE-2023-35001 CVE-2023-3567 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3812 CVE-2023-4004 cpe:/o:opensuse:leap:15.4 Security update for pcre2 (Moderate) openSUSE Leap 15.4 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). Moderate SUSE bug 1213514 CVE-2022-41409 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-openj9 (Low) openSUSE Leap 15.4 This update for java-1_8_0-openj9 fixes the following issues: OpenJDK was updated to version 8u382 build 05 with OpenJ9 0.40.0 VM: - CVE-2023-22045: Fixed vulnerability in hotspot component (bsc#1213481). - CVE-2023-22049: Fixed vulnerability in library component (bsc#1213482). Low SUSE bug 1213481 SUSE bug 1213482 CVE-2023-22045 CVE-2023-22049 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_0_0 (Moderate) openSUSE Leap 15.4 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) Moderate SUSE bug 1213853 CVE-2023-3817 cpe:/o:opensuse:leap:15.4 Security update for postgresql15 (Moderate) openSUSE Leap 15.4 This update for postgresql15 fixes the following issues: - Update to 13.12 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) Moderate SUSE bug 1214059 CVE-2023-39417 cpe:/o:opensuse:leap:15.4 Security update for postgresql15 (Moderate) openSUSE Leap 15.4 This update for postgresql15 fixes the following issues: - Update to 15.4 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) - CVE-2023-39418: Fix MERGE to enforce row security. (bsc#1214061) Moderate SUSE bug 1214059 SUSE bug 1214061 CVE-2023-39417 CVE-2023-39418 cpe:/o:opensuse:leap:15.4 Security update for postgresql15 (Moderate) openSUSE Leap 15.4 This update for postgresql15 fixes the following issues: - Update to 14.9 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) Moderate SUSE bug 1214059 CVE-2023-39417 cpe:/o:opensuse:leap:15.4 Security update for re2c (Moderate) openSUSE Leap 15.4 This update for re2c fixes the following issues: - CVE-2018-21232: Fixed excess stack consumption due to uncontrolled recursion in find_fixed_tags (bsc#1170890). Moderate SUSE bug 1170890 CVE-2018-21232 cpe:/o:opensuse:leap:15.4 Security update for samba (Moderate) openSUSE Leap 15.4 This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). Bugfixes: - Fixed trust relationship failure (bsc#1213384) Moderate SUSE bug 1213174 SUSE bug 1213384 CVE-2022-2127 cpe:/o:opensuse:leap:15.4 Security update for kernel-firmware (Moderate) openSUSE Leap 15.4 This update for kernel-firmware fixes the following issues: - CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287) Moderate SUSE bug 1213287 CVE-2023-20569 cpe:/o:opensuse:leap:15.4 Security update for krb5 (Important) openSUSE Leap 15.4 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) Important SUSE bug 1214054 CVE-2023-36054 cpe:/o:opensuse:leap:15.4 Security update for python-configobj (Low) openSUSE Leap 15.4 This update for python-configobj fixes the following issues: - CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070). Low SUSE bug 1210070 CVE-2023-26112 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: - afs: adjust ack interpretation to try and cope with nat (git-fixes). - afs: fix access after dec in put functions (git-fixes). - afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes). - afs: fix dynamic root getattr (git-fixes). - afs: fix fileserver probe rtt handling (git-fixes). - afs: fix infinite loop found by xfstest generic/676 (git-fixes). - afs: fix lost servers_outstanding count (git-fixes). - afs: fix server->active leak in afs_put_server (git-fixes). - afs: fix setting of mtime when creating a file/dir/symlink (git-fixes). - afs: fix updating of i_size with dv jump from server (git-fixes). - afs: fix vlserver probe rtt handling (git-fixes). - afs: return -eagain, not -eremoteio, when a file already locked (git-fixes). - afs: use refcount_t rather than atomic_t (git-fixes). - afs: use the operation issue time instead of the reply time for callbacks (git-fixes). - alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes). - alsa: hda/realtek: support asus g713pv laptop (git-fixes). - alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes). - alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129). - alsa: usb-audio: update for native dsd support quirks (git-fixes). - asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes). - asoc: codecs: es8316: fix dmic config (git-fixes). - asoc: da7219: check for failure reading aad irq events (git-fixes). - asoc: da7219: flush pending aad irq when suspending (git-fixes). - asoc: fsl_sai: disable bit clock with transmitter (git-fixes). - asoc: fsl_spdif: silence output on stop (git-fixes). - asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes). - ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). - block, bfq: fix division by zero error on zero wsum (bsc#1213653). - block: fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes). - can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes). - ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). - coda: avoid partial allocation of sig_inputargs (git-fixes). - dlm: fix missing lkb refcount handling (git-fixes). - dlm: fix plock invalid read (git-fixes). - documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes). - drm/amd/display: disable mpc split by default on special asic (git-fixes). - drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes). - drm/client: fix memory leak in drm_client_modeset_probe (git-fixes). - drm/msm/adreno: fix snapshot bindless_data size (git-fixes). - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). - drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git-fixes). - drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes). - drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777) - file: always lock position for fmode_atomic_pos (bsc#1213759). - fs: dlm: add midcomms init/start functions (git-fixes). - fs: dlm: do not set stop rx flag after node reset (git-fixes). - fs: dlm: filter user dlm messages for kernel locks (git-fixes). - fs: dlm: fix log of lowcomms vs midcomms (git-fixes). - fs: dlm: fix race between test_bit() and queue_work() (git-fixes). - fs: dlm: fix race in lowcomms (git-fixes). - fs: dlm: handle -ebusy first in lock arg validation (git-fixes). - fs: dlm: move sending fin message into state change handling (git-fixes). - fs: dlm: retry accept() until -eagain or error returns (git-fixes). - fs: dlm: return positive pid value for f_getlk (git-fixes). - fs: dlm: start midcomms before scand (git-fixes). - fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-fixes). - fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes). - fs: jfs: fix null-ptr-deref read in txbegin (git-fixes). - fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes). - gve: set default duplex configuration to full (git-fixes). - gve: unify driver name usage (git-fixes). - hwmon: (k10temp) enable amd3255 proc to show negative temperature (git-fixes). - hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled (git-fixes). - iavf: fix out-of-bounds when setting channels on remove (git-fixes). - iavf: fix use-after-free in free_netdev (git-fixes). - iavf: use internal state to free traffic irqs (git-fixes). - igc: check if hardware tx timestamping is enabled earlier (git-fixes). - igc: enable and fix rx hash usage by netstack (git-fixes). - igc: fix inserting of empty frame for launchtime (git-fixes). - igc: fix kernel panic during ndo_tx_timeout callback (git-fixes). - igc: fix launchtime before start of cycle (git-fixes). - igc: fix race condition in ptp tx code (git-fixes). - igc: handle pps start time programming for past time values (git-fixes). - igc: prevent garbled tx queue with xdp zerocopy (git-fixes). - igc: remove delay during tx ring configuration (git-fixes). - igc: set tp bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). - igc: work around hw bug causing missing timestamps (git-fixes). - input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes). - input: iqs269a - do not poll during ati (git-fixes). - input: iqs269a - do not poll during suspend or resume (git-fixes). - jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). - jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). - jffs2: fix memory leak in jffs2_scan_medium (git-fixes). - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). - jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git-fixes). - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). - jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes). - kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps') - kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes) - kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620) - kvm: do not null dereference ops->destroy (git-fixes) - kvm: downgrade two bug_ons to warn_on_once (git-fixes) - kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes) - kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867). - kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes). - kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes). - kvm: vmx: restore vmx_vmexit alignment (git-fixes). - kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes). - libceph: harden msgr2.1 frame segment length checks (bsc#1213857). - media: staging: atomisp: select v4l2_fwnode (git-fixes). - net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). - net: mana: batch ringing rx queue doorbell on receiving packets (bsc#1212901). - net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901). - net: phy: marvell10g: fix 88x3310 power up (git-fixes). - nfsd: add encoding of op_recall flag for write delegation (git-fixes). - nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). - nfsd: fix sparse warning (git-fixes). - nfsd: remove open coding of string copy (git-fixes). - nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes). - nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes). - nvme-pci: fix dma direction of unmapping integrity data (git-fixes). - nvme-pci: remove nvme_queue from nvme_iod (git-fixes). - octeontx-af: fix hardware timestamp configuration (git-fixes). - octeontx2-af: move validation of ptp pointer before its usage (git-fixes). - octeontx2-pf: add additional check for mcam rules (git-fixes). - phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git-fixes). - pinctrl: amd: do not show `invalid config param` errors (git-fixes). - pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes). - platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git-fixes). - rdma/bnxt_re: fix hang during driver unload (git-fixes) - rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes) - rdma/core: update cma destination address on rdma_resolve_addr (git-fixes) - rdma/irdma: add missing read barriers (git-fixes) - rdma/irdma: fix data race on cqp completion stats (git-fixes) - rdma/irdma: fix data race on cqp request done (git-fixes) - rdma/irdma: fix op_type reporting in cqes (git-fixes) - rdma/irdma: report correct wc error (git-fixes) - rdma/mlx4: make check for invalid flags stricter (git-fixes) - rdma/mthca: fix crash when polling cq for shared qps (git-fixes) - regmap: account for register length in smbus i/o limits (git-fixes). - regmap: drop initial version of maximum transfer length fixes (git-fixes). - revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes). - revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes). - revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes). - revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes). - revert 'usb: xhci: tegra: fix error check' (git-fixes). - rpm: update dependency to match current kmod. - rxrpc, afs: fix selection of abort codes (git-fixes). - s390/bpf: add expoline to tail calls (git-fixes bsc#1213870). - s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). - s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863). - s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). - s390/qeth: fix vipa deletion (git-fixes bsc#1213713). - s390/vmem: fix empty page tables cleanup under kasan (git-fixes bsc#1213715). - s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). - scftorture: count reschedule ipis (git-fixes). - scsi: lpfc: abort outstanding els cmds when mailbox timeout error is detected (bsc#1213756). - scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756). - scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756). - scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756). - scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). - scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). - scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths (bsc#1213756). - scsi: lpfc: fix lpfc_name struct packing (bsc#1213756). - scsi: lpfc: make fabric zone discovery more robust when handling unsolicited logo (bsc#1213756). - scsi: lpfc: pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). - scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756). - scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756). - scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology (bsc#1213756). - scsi: lpfc: replace all non-returning strlcpy() with strscpy() (bsc#1213756). - scsi: lpfc: replace one-element array with flexible-array member (bsc#1213756). - scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). - scsi: lpfc: set establish image pair service parameter only for target functions (bsc#1213756). - scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756). - scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756). - scsi: lpfc: use struct_size() helper (bsc#1213756). - scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747). - scsi: qla2xxx: array index may go out of bound (bsc#1213747). - scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747). - scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport() (bsc#1213747). - scsi: qla2xxx: correct the index of array (bsc#1213747). - scsi: qla2xxx: drop useless list_head (bsc#1213747). - scsi: qla2xxx: fix buffer overrun (bsc#1213747). - scsi: qla2xxx: fix command flush during tmf (bsc#1213747). - scsi: qla2xxx: fix deletion race condition (bsc#1213747). - scsi: qla2xxx: fix end of loop test (bsc#1213747). - scsi: qla2xxx: fix erroneous link up failure (bsc#1213747). - scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747). - scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747). - scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747). - scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747). - scsi: qla2xxx: fix session hang in gnl (bsc#1213747). - scsi: qla2xxx: fix tmf leak through (bsc#1213747). - scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747). - scsi: qla2xxx: pointer may be dereferenced (bsc#1213747). - scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747). - scsi: qla2xxx: replace one-element array with declare_flex_array() helper (bsc#1213747). - scsi: qla2xxx: silence a static checker warning (bsc#1213747). - scsi: qla2xxx: turn off noisy message log (bsc#1213747). - scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747). - scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747). - scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747). - serial: qcom-geni: drop bogus runtime pm state update (git-fixes). - serial: sifive: fix sifive_serial_console_setup() section (git-fixes). - soundwire: qcom: update status correctly with mask (git-fixes). - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes). - staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes). - sunrpc: always free ctxt when freeing deferred request (git-fixes). - sunrpc: double free xprt_ctxt while still in use (git-fixes). - sunrpc: fix trace_svc_register() call site (git-fixes). - sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes). - sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes). - sunrpc: remove the maximum number of retries in call_bind_status (git-fixes). - svcrdma: prevent page release when nothing was received (git-fixes). - tpm_tis: explicitly check for error code (git-fixes). - tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes). - ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git-fixes). - ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git-fixes). - ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). - ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes). - ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes). - ubifs: fix build errors as symbol undefined (git-fixes). - ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git-fixes). - ubifs: fix memory leak in alloc_wbufs() (git-fixes). - ubifs: fix memory leak in do_rename (git-fixes). - ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). - ubifs: fix to add refcount once page is set private (git-fixes). - ubifs: fix wrong dirty space budget for dirty inode (git-fixes). - ubifs: free memory for tmpfile name (git-fixes). - ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes). - ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). - ubifs: rectify space budget for ubifs_xrename() (git-fixes). - ubifs: rename whiteout atomically (git-fixes). - ubifs: rename_whiteout: correct old_dir size computing (git-fixes). - ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes). - ubifs: reserve one leb for each journal head while doing budget (git-fixes). - ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes). - ubifs: ubifs_writepage: mark page dirty after writing inode failed (git-fixes). - update patches.suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes bsc#1212604). added bug reference. - usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). - usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: xhci-mtk: set the dma max_seg_size (git-fixes). - vhost: support packed when setting-getting vring_base (git-fixes). - vhost_net: revert upend_idx only on retriable error (git-fixes). - virtio-net: maintain reverse cleanup order (git-fixes). - virtio_net: fix error unwinding of xdp initialization (git-fixes). - x86/pvh: obtain vga console info in dom0 (git-fixes). - xen/blkfront: only check req_fua for writes (git-fixes). - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes). Important SUSE bug 1206418 SUSE bug 1207129 SUSE bug 1210627 SUSE bug 1210780 SUSE bug 1211131 SUSE bug 1211738 SUSE bug 1212502 SUSE bug 1212604 SUSE bug 1212901 SUSE bug 1213167 SUSE bug 1213272 SUSE bug 1213287 SUSE bug 1213304 SUSE bug 1213588 SUSE bug 1213620 SUSE bug 1213653 SUSE bug 1213713 SUSE bug 1213715 SUSE bug 1213747 SUSE bug 1213756 SUSE bug 1213759 SUSE bug 1213777 SUSE bug 1213810 SUSE bug 1213812 SUSE bug 1213856 SUSE bug 1213857 SUSE bug 1213863 SUSE bug 1213867 SUSE bug 1213870 SUSE bug 1213871 CVE-2022-40982 CVE-2023-0459 CVE-2023-20569 CVE-2023-21400 CVE-2023-2156 CVE-2023-2166 CVE-2023-31083 CVE-2023-3268 CVE-2023-3567 CVE-2023-3776 CVE-2023-4004 cpe:/o:opensuse:leap:15.4 Security update for nodejs18 (Important) openSUSE Leap 15.4 This update for nodejs18 fixes the following issues: Update to LTS version 18.17.1. - CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). - CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). Important SUSE bug 1214150 SUSE bug 1214154 SUSE bug 1214156 CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 cpe:/o:opensuse:leap:15.4 Security update for nodejs16 (Important) openSUSE Leap 15.4 This update for nodejs16 fixes the following issues: Update to LTS version 16.20.2. - CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). - CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). Important SUSE bug 1214150 SUSE bug 1214154 SUSE bug 1214156 CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 cpe:/o:opensuse:leap:15.4 Security update for qt6-base (Important) openSUSE Leap 15.4 This update for qt6-base fixes the following issues: - CVE-2023-34410: Fixed certificate validation flaw (bsc#1211994). - CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642). - CVE-2023-32762: Fixed strict-transport-security (HSTS) header parsing error (QTBUG-113392) (bsc#1211797). - CVE-2023-38197: Fixed infinite loops in QXmlStreamReader (QTBUG-92113, QTBUG-95188) (bsc#1213326). - CVE-2023-32763: Fixed buffer overflow in QTextLayout (QTBUG-113337, QTBUG-106947, QTBUG-89557, QTBUG-104986) (bsc#1211798). Important SUSE bug 1211642 SUSE bug 1211797 SUSE bug 1211798 SUSE bug 1211994 SUSE bug 1213326 CVE-2023-32762 CVE-2023-32763 CVE-2023-33285 CVE-2023-34410 CVE-2023-38197 cpe:/o:opensuse:leap:15.4 Security update for ucode-intel (Important) openSUSE Leap 15.4 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20230808 release. (bsc#1214099) - CVE-2022-40982: Fixed a potential security vulnerability in some Intel? Processors which may allow information disclosure. - CVE-2023-23908: Fixed a potential security vulnerability in some 3rd Generation Intel? Xeon? Scalable processors which may allow information disclosure. - CVE-2022-41804: Fixed a potential security vulnerability in some Intel? Xeon? Processors with Intel? Software Guard Extensions (SGX) which may allow escalation of privilege. Important SUSE bug 1206418 SUSE bug 1214099 CVE-2022-40982 CVE-2022-41804 CVE-2023-23908 cpe:/o:opensuse:leap:15.4 Security update for postgresql15 (Moderate) openSUSE Leap 15.4 This update for postgresql15 fixes the following issues: - Update to 12.16 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) Moderate SUSE bug 1214059 CVE-2023-39417 cpe:/o:opensuse:leap:15.4 Security update for janino (Low) openSUSE Leap 15.4 This update for janino fixes the following issues: janino was upgraded to version 3.1.10: - CVE-2023-33546: Fixed DoS due to missing error handling (bsc#1211923). Low SUSE bug 1211923 CVE-2023-33546 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). The following non-security bugs were fixed: - arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - block, bfq: fix division by zero error on zero wsum (bsc#1213653). - get module prefix from kmod (bsc#1212835). - init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418). - init: invoke arch_cpu_finalize_init() earlier (bsc#1206418). - init: provide arch_cpu_finalize_init() (bsc#1206418). - init: remove check_bugs() leftovers (bsc#1206418). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304). - kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps') - kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base. - kernel-docs: use python3 together with python3-sphinx (bsc#1212741). - keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354). - lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567). - locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567). - locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567). - locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567). - locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567). - locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567). - locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567). - locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567). - locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567). - locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567). - locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567). - locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567). - locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net: mana: add support for vlan tagging (bsc#1212301). - ocfs2: fix a deadlock when commit trans (bsc#1199304). - ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304). - ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304). - remove more packaging cruft for sle &lt; 12 sp3 - rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. - rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*. - rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567). - rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567). - ubi: ensure that vid header offset + vid header size &lt;= alloc, size (bsc#1210584). - ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - usrmerge: adjust module path in the kernel sources (bsc#1212835). - x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - x86/fpu: remove cpuinfo argument from init functions (bsc#1206418). - x86/microcode/AMD: Make stub function static inline (bsc#1213868). Important SUSE bug 1199304 SUSE bug 1206418 SUSE bug 1207270 SUSE bug 1210584 SUSE bug 1211131 SUSE bug 1211738 SUSE bug 1211867 SUSE bug 1212301 SUSE bug 1212741 SUSE bug 1212835 SUSE bug 1212846 SUSE bug 1213059 SUSE bug 1213061 SUSE bug 1213167 SUSE bug 1213245 SUSE bug 1213286 SUSE bug 1213287 SUSE bug 1213354 SUSE bug 1213543 SUSE bug 1213585 SUSE bug 1213586 SUSE bug 1213588 SUSE bug 1213653 SUSE bug 1213868 CVE-2022-40982 CVE-2023-0459 CVE-2023-20569 CVE-2023-20593 CVE-2023-2156 CVE-2023-2985 CVE-2023-3117 CVE-2023-31248 CVE-2023-3390 CVE-2023-35001 CVE-2023-3567 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3812 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() bsc#1214019). The following non-security bugs were fixed: - arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). - cpufeatures: allow adding more cpuid words - get module prefix from kmod (bsc#1212835). - kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps') - kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base. - kernel-docs: use python3 together with python3-sphinx (bsc#1212741). - keys: change keyring_serialise_link_sem to a mutex (bsc#1207088). - keys: fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - keys: hoist locking out of __key_link_begin() (bsc#1207088). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net: mana: add support for vlan tagging (bsc#1212301). - readme.branch: add myself as co-maintainer - remove more packaging cruft for sle &lt; 12 sp3 - rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. - rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*. - timers: add shutdown mechanism to the internal functions (bsc#1213970). - timers: provide timer_shutdown[_sync]() (bsc#1213970). - timers: rename del_timer() to timer_delete() (bsc#1213970). - timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: replace bug_on()s (bsc#1213970). - timers: silently ignore timers with a null function (bsc#1213970). - timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: update kernel-doc for various functions (bsc#1213970). - timers: use del_timer_sync() even on up (bsc#1213970). - ubi: ensure that vid header offset + vid header size &lt;= alloc, size (bsc#1210584). - ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - usrmerge: Adjust module path in the kernel sources (bsc#1212835). Important SUSE bug 1206418 SUSE bug 1207088 SUSE bug 1210584 SUSE bug 1211738 SUSE bug 1211867 SUSE bug 1212301 SUSE bug 1212741 SUSE bug 1212835 SUSE bug 1213059 SUSE bug 1213167 SUSE bug 1213286 SUSE bug 1213287 SUSE bug 1213546 SUSE bug 1213585 SUSE bug 1213586 SUSE bug 1213588 SUSE bug 1213970 SUSE bug 1214019 CVE-2022-40982 CVE-2023-0459 CVE-2023-20569 CVE-2023-20593 CVE-2023-2985 CVE-2023-34319 CVE-2023-35001 CVE-2023-3567 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-4133 CVE-2023-4194 cpe:/o:opensuse:leap:15.4 Security update for xen (Moderate) openSUSE Leap 15.4 This update for xen fixes the following issues: - CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435) - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) Moderate SUSE bug 1027519 SUSE bug 1213616 SUSE bug 1214082 SUSE bug 1214083 CVE-2022-40982 CVE-2023-20569 CVE-2023-20593 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_1 (Moderate) openSUSE Leap 15.4 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) Moderate SUSE bug 1213517 SUSE bug 1213853 CVE-2023-3817 cpe:/o:opensuse:leap:15.4 Security update for erlang (Important) openSUSE Leap 15.4 This update for erlang fixes the following issues: - Replaced the CVE-2022-37026 patch with the one released by the upstream to fix a regression in the previous one. (bsc#1205318) Important SUSE bug 1205318 SUSE bug 1207113 CVE-2022-37026 cpe:/o:opensuse:leap:15.4 Security update for nodejs14 (Important) openSUSE Leap 15.4 This update for nodejs14 fixes the following issues: - CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). - CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). - CVE-2023-30581: Fixed mainModule.proto bypass (bsc#1212574). - CVE-2023-30590: Fixed missing DiffieHellman key generation (bsc#1212583). - CVE-2023-30589: Fixed HTTP Request Smuggling via Empty headers separated by CR (bsc#1212582). Important SUSE bug 1212574 SUSE bug 1212582 SUSE bug 1212583 SUSE bug 1214150 SUSE bug 1214154 SUSE bug 1214156 CVE-2023-30581 CVE-2023-30589 CVE-2023-30590 CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 cpe:/o:opensuse:leap:15.4 Security update for bind (Important) openSUSE Leap 15.4 This update for bind fixes the following issues: - Updated to version 9.16.37 (jsc#SLE-24600): - CVE-2022-3094: Fixed an issue where a message flood could exhaust all available memory (bsc#1207471). - CVE-2022-3736: Fixed a potential crash upon receiving an RRSIG in configurations with stale cache and stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207473). - CVE-2022-3924: Fixed a potential crash upon reaching the recursive-clients soft quota in configurations with stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207475). Important SUSE bug 1207471 SUSE bug 1207473 SUSE bug 1207475 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 (bsc#1213905): - CVE-2023-38133: Fixed information disclosure. - CVE-2023-38572: Fixed Same-Origin-Policy bypass. - CVE-2023-38592: Fixed arbitrary code execution. - CVE-2023-38594: Fixed arbitrary code execution. - CVE-2023-38595: Fixed arbitrary code execution. - CVE-2023-38597: Fixed arbitrary code execution. - CVE-2023-38599: Fixed sensitive user information tracking. - CVE-2023-38600: Fixed arbitrary code execution. - CVE-2023-38611: Fixed arbitrary code execution. Update to version 2.40.3 (bsc#1212863): - CVE-2023-32439: Fixed a bug where processing maliciously crafted web content may lead to arbitrary code execution. (bsc#1212863) - CVE-2023-32435: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863) - CVE-2022-48503: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863) Important SUSE bug 1212863 SUSE bug 1213905 CVE-2022-48503 CVE-2023-32435 CVE-2023-32439 CVE-2023-38133 CVE-2023-38572 CVE-2023-38592 CVE-2023-38594 CVE-2023-38595 CVE-2023-38597 CVE-2023-38599 CVE-2023-38600 CVE-2023-38611 cpe:/o:opensuse:leap:15.4 Security update for tiff (Important) openSUSE Leap 15.4 This update for tiff fixes the following issues: - CVE-2022-48281: Fixed a buffer overflow that could be triggered via a crafted image (bsc#1207413). Important SUSE bug 1207413 CVE-2022-48281 cpe:/o:opensuse:leap:15.4 Security update for wireshark (Important) openSUSE Leap 15.4 This update for wireshark fixes the following issues: - Updated to version 3.6.11 (bsc#1207447): - CVE-2023-0417: Fixed a memory leak in the NFS dissector (bsc#1207669). - CVE-2023-0413: Fixed a crash in the dissection engine (bsc#1207665). - CVE-2023-0416: Fixed a crash in the GNW dissector (bsc#1207668). - CVE-2023-0415: Fixed a crash in the iSCSI dissector (bsc#1207667). - CVE-2023-0411: Fixed several issues where an excessive CPU consumption could be triggered in multiple dissectors (bsc#1207663). - CVE-2023-0412: Fixed a crash in the TIPC dissector (bsc#1207664). Important SUSE bug 1206189 SUSE bug 1207447 SUSE bug 1207663 SUSE bug 1207664 SUSE bug 1207665 SUSE bug 1207667 SUSE bug 1207668 SUSE bug 1207669 CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413 CVE-2023-0415 CVE-2023-0416 CVE-2023-0417 cpe:/o:opensuse:leap:15.4 Security update for indent (Low) openSUSE Leap 15.4 This update for indent fixes the following issues: - CVE-2023-40305: Fixed a memory safety issues bug. (bsc#1214243) Low SUSE bug 1214243 CVE-2023-40305 cpe:/o:opensuse:leap:15.4 Security update for ghostscript (Low) openSUSE Leap 15.4 This update for ghostscript fixes the following issues: - CVE-2023-38559: Fixed out-of-bounds read in devn_pcx_write_rle() that could result in DoS (bsc#1213637). Low SUSE bug 1213637 CVE-2023-38559 cpe:/o:opensuse:leap:15.4 Security update for gawk (Low) openSUSE Leap 15.4 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) Low SUSE bug 1214025 CVE-2023-4156 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.4 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 Fix Pack 10 (bsc#1213541) - CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a remote attacker to execute arbitrary code on the system. (bsc#1213934) - CVE-2023-22041: Fixed a flaw whcih could allow unauthorized access to critical data or complete access. (bsc#1213475) - CVE-2023-22049: Fixed a flaw which could result in unauthorized update. (bsc#1213482) - CVE-2023-22045: Fixed a flaw which could result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (bsc#1213481) - CVE-2023-22044: Fixed a flaw which could result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (bsc#1213479) - CVE-2023-22036: Fixed a flaw which could result in unauthorized ability to cause a partial denial of service. (bsc#1213474) - CVE-2023-25193: Fixed a flaw which could allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. (bsc#1207922) - CVE-2023-22006: Fixed a flaw which could result in unauthorized update, insert or delete access for JDK accessible data. (bsc#1213473) Important SUSE bug 1207922 SUSE bug 1213473 SUSE bug 1213474 SUSE bug 1213475 SUSE bug 1213479 SUSE bug 1213481 SUSE bug 1213482 SUSE bug 1213541 SUSE bug 1213934 SUSE bug 1214431 CVE-2022-40609 CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-openjdk (Moderate) openSUSE Leap 15.4 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u382 (icedtea-3.28.0): - CVE-2023-22045: Fixed a difficult to exploit vulnerability that allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK (bsc#1213481). - CVE-2023-22049: Fixed a difficult to exploit vulnerability that allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK (bsc#1213482). Moderate SUSE bug 1213481 SUSE bug 1213482 CVE-2023-22045 CVE-2023-22049 cpe:/o:opensuse:leap:15.4 Security update for ca-certificates-mozilla (Important) openSUSE Leap 15.4 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 Important SUSE bug 1214248 cpe:/o:opensuse:leap:15.4 Security update for nodejs12 (Important) openSUSE Leap 15.4 This update for nodejs12 fixes the following issues: - CVE-2023-23918: Fixed permissions policies bypass via process.mainModule (bsc#1208481). - CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). - CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). - CVE-2023-30581: Fixed mainModule.proto bypass (bsc#1212574). - CVE-2023-30590: Fixed missing DiffieHellman key generation (bsc#1212583). - CVE-2023-30589: Fixed HTTP Request Smuggling via Empty headers separated by CR (bsc#1212582). Important SUSE bug 1208481 SUSE bug 1212574 SUSE bug 1212582 SUSE bug 1212583 SUSE bug 1214150 SUSE bug 1214154 SUSE bug 1214156 CVE-2023-23918 CVE-2023-30581 CVE-2023-30589 CVE-2023-30590 CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 cpe:/o:opensuse:leap:15.4 Security update for clamav (Important) openSUSE Leap 15.4 This update for clamav fixes the following issues: - Update to 0.103.9 - CVE-2023-20197: Fixed a possible denial of service vulnerability in the HFS+ file parser. (bsc#1214342) Important SUSE bug 1214342 CVE-2023-20197 cpe:/o:opensuse:leap:15.4 Security update for freetype2 (Moderate) openSUSE Leap 15.4 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). Moderate SUSE bug 1210419 CVE-2023-2004 cpe:/o:opensuse:leap:15.4 Security update for haproxy (Moderate) openSUSE Leap 15.4 This update for haproxy fixes the following issues: - CVE-2023-40225: Fixed request smuggling with empty content-length header value (bsc#1214102). Moderate SUSE bug 1214102 CVE-2023-40225 cpe:/o:opensuse:leap:15.4 Security update for procps (Low) openSUSE Leap 15.4 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). Low SUSE bug 1214290 CVE-2023-4016 cpe:/o:opensuse:leap:15.4 Security update for less (Moderate) openSUSE Leap 15.4 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). Moderate SUSE bug 1207815 CVE-2022-46663 cpe:/o:opensuse:leap:15.4 Security update for php7 (Important) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. (bsc#1214106) - CVE-2023-3824: Fixed a buffer overflow in phar_dir_read(). (bsc#1214103) Important SUSE bug 1214103 SUSE bug 1214106 CVE-2023-3823 CVE-2023-3824 cpe:/o:opensuse:leap:15.4 Security update for open-vm-tools (Important) openSUSE Leap 15.4 This update for open-vm-tools fixes the following issues: - CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566). This update also ships a open-vm-tools-containerinfo plugin. (jsc#PED-3421) Important SUSE bug 1214566 CVE-2023-20900 cpe:/o:opensuse:leap:15.4 Security update for exempi (Moderate) openSUSE Leap 15.4 This update for exempi fixes the following issues: - CVE-2020-18652: Fixed buffer overflow vulnerability in WEBP_Support.cpp (bsc#1214488). Moderate SUSE bug 1214488 CVE-2020-18652 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Firefox was updated to Extended Support Release 115.2.0 ESR (MFSA 2023-36) (bsc#1214606). - CVE-2023-4574: Fixed memory corruption in IPC ColorPickerShownCallback (bmo#1846688) - CVE-2023-4575: Fixed memory corruption in IPC FilePickerShownCallback (bmo#1846689) - CVE-2023-4576: Fixed integer Overflow in RecordedSourceSurfaceCreation (bmo#1846694) - CVE-2023-4577: Fixed memory corruption in JIT UpdateRegExpStatics (bmo#1847397) - CVE-2023-4051: Fixed full screen notification obscured by file open dialog (bmo#1821884) - CVE-2023-4578: Fixed Out of Memory Exception in SpiderMonkey could have triggered an (bmo#1839007) - CVE-2023-4053: Fixed full screen notification obscured by external program (bmo#1839079) - CVE-2023-4580: Fixed push notifications saved to disk unencrypted (bmo#1843046) - CVE-2023-4581: Fixed XLL file extensions downloadable without warnings (bmo#1843758) - CVE-2023-4582: Fixed buffer Overflow in WebGL glGetProgramiv (bmo#1773874) - CVE-2023-4583: Fixed browsing Context potentially not cleared when closing Private Window (bmo#1842030) - CVE-2023-4584: Fixed memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529) - CVE-2023-4585: Fixed memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2(bmo#1751583, bmo#1833504, bmo#1841082, bmo#1847904, bmo#1848999). Important SUSE bug 1214606 CVE-2023-4051 CVE-2023-4053 CVE-2023-4574 CVE-2023-4575 CVE-2023-4576 CVE-2023-4577 CVE-2023-4578 CVE-2023-4580 CVE-2023-4581 CVE-2023-4582 CVE-2023-4583 CVE-2023-4584 CVE-2023-4585 cpe:/o:opensuse:leap:15.4 Security update for djvulibre (Low) openSUSE Leap 15.4 This update for djvulibre fixes the following issues: - CVE-2021-46310: Fixed divide by zero in IW44Image.cpp (bsc#1214670). - CVE-2021-46312: Fixed divide by zero in IW44EncodeCodec.cpp (bsc#1214672). Low SUSE bug 1214670 SUSE bug 1214672 CVE-2021-46310 CVE-2021-46312 cpe:/o:opensuse:leap:15.4 Security update for amazon-ecs-init (Important) openSUSE Leap 15.4 This update of amazon-ecs-init fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for keylime (Important) openSUSE Leap 15.4 This update for keylime fixes the following issues: - CVE-2023-38201: Fixed a bug to avoid leaks of the authorization tag. (bsc#1213314) Important SUSE bug 1213314 CVE-2023-38201 cpe:/o:opensuse:leap:15.4 Security update for sccache (Important) openSUSE Leap 15.4 This update for sccache fixes the following issues: - Update to version 0.4.2. - CVE-2021-45710: Fixed a segmentation fault due to data race in tokio crate. (bsc#1194119) - CVE-2022-24713: Fixed a ReDoS issue due to vulnerable regex crate. (bsc#1196972) - CVE-2022-31394: Fixed a DoS issue due to the max header list size not settable. (bsc#1208553) - CVE-2023-1521: Fixed a local privilege escalation. (bsc#1212407) Important SUSE bug 1181400 SUSE bug 1194119 SUSE bug 1196972 SUSE bug 1208553 SUSE bug 1212407 CVE-2021-45710 CVE-2022-24713 CVE-2022-31394 CVE-2023-1521 cpe:/o:opensuse:leap:15.4 Security update for gsl (Moderate) openSUSE Leap 15.4 This update for gsl fixes the following issues: - CVE-2020-35357: Fixed a stack out of bounds read in gsl_stats_quantile_from_sorted_data(). (bsc#1214681) Moderate SUSE bug 1214681 CVE-2020-35357 cpe:/o:opensuse:leap:15.4 Security update for php7 (Important) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. (bsc#1214106) - CVE-2023-3824: Fixed a buffer overflow in phar_dir_read(). (bsc#1214103) Important SUSE bug 1214103 SUSE bug 1214106 CVE-2023-3823 CVE-2023-3824 cpe:/o:opensuse:leap:15.4 Security update for busybox (Important) openSUSE Leap 15.4 This update for busybox fixes the following issues: - CVE-2022-48174: Fixed stack overflow vulnerability. (bsc#1214538) Important SUSE bug 1214538 CVE-2022-48174 cpe:/o:opensuse:leap:15.4 Security update for SUSE Manager Client Tools (Moderate) openSUSE Leap 15.4 This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1673279145.e7616bd * Add failsafe stop file when salt-minion does not stop (bsc#1172110) * Copy existing wicked config instead of generating new (bsc#1205599) grafana: - Update to version 8.5.15 (jsc#PED-2617): * CVE-2022-39306: Fix for privilege escalation (bsc#1205225) * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227) - Update to version 8.5.14: * CVE-2022-39201: Fix do not forward login cookie in outgoing requests (bsc#1204303) * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305) * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302) * CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304) mgr-osad: - Version 4.3.7-1 * Updated logrotate configuration (bsc#1206470) mgr-push: - Version 4.3.5-1 * Update translation strings rhnlib: - Version 4.3.5-1 * Don't get stuck at the end of SSL transfers (bsc#1204032) spacecmd: - Version 4.3.18-1 * Add python-dateutil dependency, required to process date values in spacecmd api calls - Version 4.3.17-1 * Remove python3-simplejson dependency * Correctly understand 'ssm' keyword on scap scheduling * Add vendor_advisory information to errata_details call (bsc#1205207) * Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126) * Changed schedule product migration to use the correct API method * Change default port of 'Containerized Proxy configuration' 8022 spacewalk-client-tools: - Version 4.3.14-1 * Update translation strings uyuni-common-libs: - Version 4.3.7-1 * unify user notification code on java side Moderate SUSE bug 1172110 SUSE bug 1204032 SUSE bug 1204126 SUSE bug 1204302 SUSE bug 1204303 SUSE bug 1204304 SUSE bug 1204305 SUSE bug 1205207 SUSE bug 1205225 SUSE bug 1205227 SUSE bug 1205599 SUSE bug 1206470 CVE-2022-31123 CVE-2022-31130 CVE-2022-39201 CVE-2022-39229 CVE-2022-39306 CVE-2022-39307 cpe:/o:opensuse:leap:15.4 Security update for buildah (Important) openSUSE Leap 15.4 This update of buildah fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for kubernetes1.18 (Important) openSUSE Leap 15.4 This update of kubernetes1.18 fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for docker (Moderate) openSUSE Leap 15.4 This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at <https://docs.docker.com/engine/release-notes/24.0/#2405> bsc#1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120 - Recommend docker-rootless-extras instead of Require(ing) it, given it's an additional functionality and not inherently required for docker to function. - Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless) - Update to Docker 24.0.2-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368 * Includes the upstreamed fix for the mount table pollution issue. bsc#1210797 - Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as being provided by this package. - was rebuilt against current GO compiler. Moderate SUSE bug 1210797 SUSE bug 1212368 SUSE bug 1213120 SUSE bug 1213229 SUSE bug 1213500 SUSE bug 1214107 SUSE bug 1214108 SUSE bug 1214109 CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 cpe:/o:opensuse:leap:15.4 Security update for amazon-ssm-agent (Important) openSUSE Leap 15.4 This update of amazon-ssm-agent fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for php7 (Important) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. (bsc#1214106) - CVE-2023-3824: Fixed a buffer overflow in phar_dir_read(). (bsc#1214103) Important SUSE bug 1214103 SUSE bug 1214106 CVE-2023-3823 CVE-2023-3824 cpe:/o:opensuse:leap:15.4 Security update for libssh2_org (Important) openSUSE Leap 15.4 This update for libssh2_org fixes the following issues: - CVE-2020-22218: Fixed a bug in _libssh2_packet_add() which allows to access out of bounds memory. (bsc#1214527) Important SUSE bug 1214527 CVE-2020-22218 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: - Provide/obsolete WebKit2GTK-%{_apiver}-lang (bsc#1214093) - Have the lang package provide libwebkit2gtk3-lang (bsc#1214093) - Adjustments of update version 2.40.5 (bsc#1213905 bsc#1213379 bsc#1213581): + Added missing CVE references: CVE-2023-32393, CVE-2023-37450 Important SUSE bug 1213379 SUSE bug 1213581 SUSE bug 1213905 SUSE bug 1214093 CVE-2023-32393 CVE-2023-37450 cpe:/o:opensuse:leap:15.4 Security update for rekor (Important) openSUSE Leap 15.4 This update of rekor fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for geoipupdate (Important) openSUSE Leap 15.4 This update of geoipupdate fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for skopeo (Important) openSUSE Leap 15.4 This update of skopeo fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for icu73_2 (Moderate) openSUSE Leap 15.4 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for “short” Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as “Hinglish”. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 - Update to release 68.1 * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper “and”/“or” form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073) * Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). - Update to version 66.1 * Unicode 13 support * Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. - Update to release 65.1 (jsc#SLE-11118). * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. Moderate SUSE bug 1030253 SUSE bug 1095425 SUSE bug 1103893 SUSE bug 1112183 SUSE bug 1146907 SUSE bug 1158955 SUSE bug 1159131 SUSE bug 1161007 SUSE bug 1162882 SUSE bug 1166844 SUSE bug 1167603 SUSE bug 1182252 SUSE bug 1182645 SUSE bug 1192935 SUSE bug 1193951 SUSE bug 354372 SUSE bug 437293 SUSE bug 824262 CVE-2020-10531 CVE-2020-21913 cpe:/o:opensuse:leap:15.4 Security update for terraform-provider-helm (Important) openSUSE Leap 15.4 This update of terraform-provider-helm fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for terraform-provider-null (Important) openSUSE Leap 15.4 This update of terraform-provider-null fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for terraform-provider-aws (Important) openSUSE Leap 15.4 This update of terraform-provider-aws fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Critical) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.2.1 ESR (bsc#1215245). - CVE-2023-4863: Fixed heap buffer overflow in libwebp (MFSA 2023-40) (bsc#1215231). The following non-security bug was fixed: - Fix i586 build by reducing debug info to -g1 (bsc#1210168). Critical SUSE bug 1210168 SUSE bug 1215231 SUSE bug 1215245 CVE-2023-4863 cpe:/o:opensuse:leap:15.4 Security update for grafana (Moderate) openSUSE Leap 15.4 This update for grafana fixes the following issues: - Version update from 8.5.13 to 8.5.15 (jsc#PED-2617): * CVE-2022-39306: Security fix for privilege escalation (bsc#1205225) * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227) * CVE-2022-39201: Do not forward login cookie in outgoing requests (bsc#1204303) * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305) * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302) * CVE-2022-39229: Fix blocking other users from signing in (bsc#1204304) Moderate SUSE bug 1204302 SUSE bug 1204303 SUSE bug 1204304 SUSE bug 1204305 SUSE bug 1205225 SUSE bug 1205227 CVE-2022-31123 CVE-2022-31130 CVE-2022-39201 CVE-2022-39229 CVE-2022-39306 CVE-2022-39307 cpe:/o:opensuse:leap:15.4 Security update for libwebp (Critical) openSUSE Leap 15.4 This update for libwebp fixes the following issues: - CVE-2023-4863: Fixed heap buffer overflow (bsc#1215231). Critical SUSE bug 1215231 CVE-2023-4863 cpe:/o:opensuse:leap:15.4 Security update for flac (Moderate) openSUSE Leap 15.4 This update for flac fixes the following issues: - CVE-2020-22219: Fixed a buffer overflow in function bitwriter_grow_ which might allow a remote attacker to run arbitrary code via crafted input to the encoder. (bsc#1214615) Moderate SUSE bug 1214615 CVE-2020-22219 cpe:/o:opensuse:leap:15.4 Security update for gcc12 (Important) openSUSE Leap 15.4 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). Important SUSE bug 1214052 CVE-2023-4039 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Critical) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Security fixes: - Mozilla Thunderbird 115.2.2 (MFSA 2023-40, bsc#1215245) - CVE-2023-4863: Fixed heap buffer overflow in libwebp (bmo#1852649). - Mozilla Thunderbird 115.2 (MFSA 2023-38, bsc#1214606) - CVE-2023-4573: Memory corruption in IPC CanvasTranslator (bmo#1846687) - CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback (bmo#1846688) - CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback (bmo#1846689) - CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation (bmo#1846694) - CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics (bmo#1847397) - CVE-2023-4051: Full screen notification obscured by file open dialog (bmo#1821884) - CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (bmo#1839007) - CVE-2023-4053: Full screen notification obscured by external program (bmo#1839079) - CVE-2023-4580: Push notifications saved to disk unencrypted (bmo#1843046) - CVE-2023-4581: XLL file extensions were downloadable without warnings (bmo#1843758) - CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv (bmo#1773874) - CVE-2023-4583: Browsing Context potentially not cleared when closing Private Window (bmo#1842030) - CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529) - CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (bmo#1751583, bmo#1833504, bmo#1841082, bmo#1847904, bmo#1848999) Other fixes: Mozilla Thunderbird 115.2.1 * new: Column separators are now shown between all columns in tree view (bmo#1847441) * fixed: Crash reporter did not work in Thunderbird Flatpak (bmo#1843102) * fixed: New mail notification always opened message in message pane, even if pane was disabled (bmo#1840092) * fixed: After moving an IMAP message to another folder, the incorrect message was selected in the message list (bmo#1845376) * fixed: Adding a tag to an IMAP message opened in a tab failed (bmo#1844452) * fixed: Junk/Spam folders were not always shown in Unified Folders mode (bmo#1838672) * fixed: Middle-clicking a folder or message did not open it in a background tab, as in previous versions (bmo#1842482) * fixed: Settings tab visual improvements: Advanced Fonts dialog, Section headers hidden behind search box (bmo#1717382,bmo#1846751) * fixed: Various visual and style fixes (bmo#1843707,bmo#1849823) Mozilla Thunderbird 115.2 * new: Thunderbird MSIX packages are now published on archive.mozilla.org (bmo#1817657) * changed: Size, Unread, and Total columns are now right- aligned (bmo#1848604) * changed: Newsgroup names in message list header are now abbreviated (bmo#1833298) * fixed: Message compose window did not apply theme colors to menus (bmo#1845699) * fixed: Reading the second new message in a folder cleared the unread indicator of all other new messages (bmo#1839805) * fixed: Displayed counts of unread or flagged messages could become out-of-sync (bmo#1846860) * fixed: Deleting a message from the context menu with messages sorted in chronological order and smooth scroll enabled caused message list to scroll to top (bmo#1843462) * fixed: Repeatedly switching accounts in Subscribe dialog caused tree view to stop updating (bmo#1845593) * fixed: 'Ignore thread' caused message cards to display incorrectly in message list (bmo#1847966) * fixed: Creating tags from unified toolbar failed (bmo#1846336) * fixed: Cross-folder navigation using F and N did not work (bmo#1845011) * fixed: Account Manager did not resize to fit content, causing 'Close' button to become hidden outside bounds of dialog when too many accounts were listed (bmo#1847555) * fixed: Remote content exceptions could not be added in Settings (bmo#1847576) * fixed: Newsgroup list file did not get updated after adding a new NNTP server (bmo#1845464) * fixed: 'Download all headers' option in NNTP 'Download Headers' dialog was incorrectly selected by default (bmo#1845457) * fixed: 'Convert to event/task' was missing from mail context menu (bmo#1817705) * fixed: Events and tasks were not shown in some cases despite being present on remote server (bmo#1827100) * fixed: Various visual and UX improvements (bmo#1844244,bmo#1845645) - Mozilla Thunderbird 115.1.1 * fixed: Some HTML emails printed headers on first page and message on subsequent pages (bmo#1843628) * fixed: Deleting messages from message list sometimes scrolled list to bottom, selecting bottommost message (bmo#1835173) * fixed: Width of icon columns (like Junk or Starred) in message list did not adjust when UI density was changed (bmo#1843014) * fixed: Old OpenPGP secret keys could not be used to decrypt messages under certain circumstances (bmo#1835786) * fixed: When multiple folder modes were active, tab focus navigated through all folder mode options before reaching message list (bmo#1842060) * fixed: Unread message count badge was not displayed on parent folders of subfolder containing unread messages (bmo#1844534) * fixed: 'Undo archive' (via Ctrl-Z) did not un-archive previously archived messages (bmo#1829340) * fixed: 'New' button dropdown menu in 'Message Filters' dialog could not be opened via keyboard navigation (bmo#1843511) * fixed: 'Show New Mail Alert for' input field in 'Customize New Mail Alert' dialog had zero width when using certain language packs (bmo#1845832) * fixed: 'Account Wizard' dialog was too narrow when adding a news server, partially hiding confirmation buttons (bmo#1846588) * fixed: Link Properties and Image Properties dialogs in the composer were too wide (bmo#1816850) * fixed: Thunderbird version number and details in 'About' dialog were not automatically read by screen readers when first opening dialog (bmo#1847078) * fixed: Flatpak improvements and bug fixes (bmo#1825399,bmo#1843094,bmo#1843097) * fixed: Various visual and UX improvements (bmo#1846262) Critical SUSE bug 1214606 SUSE bug 1215231 SUSE bug 1215245 CVE-2023-4051 CVE-2023-4053 CVE-2023-4573 CVE-2023-4574 CVE-2023-4575 CVE-2023-4576 CVE-2023-4577 CVE-2023-4578 CVE-2023-4580 CVE-2023-4581 CVE-2023-4582 CVE-2023-4583 CVE-2023-4584 CVE-2023-4585 CVE-2023-4863 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). The following non-security bugs were fixed: - kabi/severities: Ignore newly added SRSO mitigation functions - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86/srso: Fix build breakage with the LLVM linker (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). Important SUSE bug 1203517 SUSE bug 1210448 SUSE bug 1213543 SUSE bug 1213601 SUSE bug 1213666 SUSE bug 1213927 SUSE bug 1213969 SUSE bug 1213971 SUSE bug 1214149 SUSE bug 1214348 SUSE bug 1214350 SUSE bug 1214451 CVE-2022-36402 CVE-2023-2007 CVE-2023-20588 CVE-2023-3772 CVE-2023-3812 CVE-2023-3863 CVE-2023-4128 CVE-2023-4132 CVE-2023-4134 CVE-2023-4385 CVE-2023-4387 CVE-2023-4459 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: - acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes). - acpi: processor: perflib: use the 'no limit' frequency qos (git-fixes). - acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes). - alsa: ac97: fix possible error value of *rac97 (git-fixes). - alsa: hda/cs8409: support new dell dolphin variants (git-fixes). - alsa: hda/realtek - remodified 3k pull low procedure (git-fixes). - alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes). - alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes). - alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes). - alsa: hda/realtek: switch dell oasis models to use spi (git-fixes). - alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes). - alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes). - alsa: usb-audio: fix init call orders for uac1 (git-fixes). - alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes). - arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes). - arm: dts: imx6sll: fixup of operating points (git-fixes). - arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). - asoc: lower 'no backend dais enabled for ... port' log severity (git-fixes). - asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - asoc: rt5665: add missed regulator_bulk_disable (git-fixes). - asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes). - asoc: stac9766: fix build errors with regmap_ac97 (git-fixes). - asoc: tegra: fix sfc conversion for few rates (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: compare against struct fb_info.device (git-fixes). - batman-adv: do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: do not increase mtu when set by user (git-fixes). - batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: fix tt global entry leak when client roamed back (git-fixes). - batman-adv: hold rtnl lock during mtu update via netlink (git-fixes). - batman-adv: trigger events for auto adjusted mtu (git-fixes). - bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes). - bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - bluetooth: fix potential use-after-free when clear keys (git-fixes). - bluetooth: l2cap: fix use-after-free (git-fixes). - bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes). - bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - bluetooth: remove unused declaration amp_read_loc_info() (git-fixes). - bnx2x: fix page fault following eeh recovery (bsc#1214299). - bpf: disable preemption in bpf_event_output (git-fixes). - bus: ti-sysc: fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: fix cast to enum warning (git-fixes). - bus: ti-sysc: flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on mds stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). - config_nvme_verbose_errors=y gone with a82baa8083b - config_printk_safe_log_buf_shift=13 gone with 7e152d55123 - cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659). - cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004). - cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel. - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - properly handle pm_runtime_get failing (git-fixes). - dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: fix docs syntax (git-fixes). - dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: return dma_paused when transaction is paused (git-fixes). - dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes). - docs/process/howto: replace c89 with c11 (bsc#1214756). - docs: kernel-parameters: refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: fix hex printing of signed values (git-fixes). - documentation: devices.txt: fix minors for ttycpm* (git-fixes). - documentation: devices.txt: remove ttyioc* (git-fixes). - documentation: devices.txt: remove ttysioc* (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes). - drm/amd/display: check tg is non-null before checking if enabled (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes). - drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: fix dram init on ast2200 (git-fixes). - drm/atomic-helper: update reference to drm_crtc_force_disable_all() (git-fixes). - drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: fix -wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active mmu context (git-fixes). - drm/mediatek: fix dereference before null check (git-fixes). - drm/mediatek: fix potential memory leak if vmap() fail (git-fixes). - drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes). - drm/msm/mdp5: do not leak some plane state (git-fixes). - drm/msm: update dev core dump to not print backwards (git-fixes). - drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes). - drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes). - drm/qxl: fix uaf on handle creation (git-fixes). - drm/radeon: use rmw accessors for changing lnkctl (git-fixes). - drm/rockchip: do not spam logs in atomic check (git-fixes). - drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned bos for eviction&swap (git-fixes). - drm/vmwgfx: fix shader stage validation (git-fixes). - drm: adv7511: fix low refresh rate register for adv7533/5 (git-fixes). - drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes). - drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: fix typos in comments (jsc#ped-5738). - e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738). - e1000: switch to napi_build_skb() (jsc#ped-5738). - e1000: switch to napi_consume_skb() (jsc#ped-5738). - enable analog devices industrial ethernet phy driver (jsc#ped-4759) - enable tpm in azure (bsc#1214760) - exfat: fix unexpected eof while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes). - fbdev: fix potential oob read in fast_imageblit() (git-fixes). - fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: improve performance of sys_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes). - firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes). - fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). - ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: mvebu: make use of devm_pwmchip_add (git-fixes). - gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes). - hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes). - hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes). - hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes). - hid: wacom: remove the battery when the ekr is off (git-fixes). - hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes). - hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes). - hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes). - hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: delete error messages for failed memory allocations (git-fixes). - i2c: designware: correct length byte validation logic (git-fixes). - i2c: designware: handle invalid smbus block data response length value (git-fixes). - i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes). - i2c: improve size determinations (git-fixes). - i2c: nomadik: remove a useless call in the remove function (git-fixes). - i2c: nomadik: remove unnecessary goto label (git-fixes). - i2c: nomadik: use devm_clk_get_enabled() (git-fixes). - i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for fdir filters (git-fixes). - ib/hfi1: fix possible panic during hotplug remove (git-fixes) - ib/uverbs: fix an potential error pointer dereference (git-fixes) - ice: fix crash by keep old cfg when update tcs more than queues (git-fixes). - ice: fix max_rate check while configuring tx rate limits (git-fixes). - ice: fix memory management in ice_ethtool_fdir.c (git-fixes). - ice: fix rdma vsi removal during queue rebuild (git-fixes). - iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes). - iio: adc: stx104: implement and utilize register structures (git-fixes). - iio: adc: stx104: utilize iomap interface (git-fixes). - iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes). - input: exc3000 - properly stop timer on shutdown (git-fixes). - intel/e1000:fix repeated words in comments (jsc#ped-5738). - intel: remove unused macros (jsc#ped-5738). - iommu/amd: add pci segment support for ivrs_ commands (git-fixes). - iommu/amd: fix compile warning in init code (git-fixes). - iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: initialize dart_streams_enable (git-fixes). - iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes). - iommu/iova: fix module config properly (git-fixes). - iommu/omap: fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/sun50i: consider all fault sources for reset (git-fixes). - iommu/sun50i: fix flush size (git-fixes). - iommu/sun50i: fix r/w permission check (git-fixes). - iommu/sun50i: fix reset release (git-fixes). - iommu/sun50i: implement .iotlb_sync_map (git-fixes). - iommu/sun50i: remove iommu_domain_identity (git-fixes). - iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes). - iommu/vt-d: check correct capability for sagaw determination (git-fixes). - iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes). - iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes). - iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes). - ipmi:ssif: add check for kstrdup (git-fixes). - ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: ignore newly added srso mitigation functions - kabi: allow extra bugsints (bsc#1213927). - kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756). - kbuild: move to -std=gnu11 (bsc#1214756). - kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12. - kunit: make kunit_test_timeout compatible with comment (git-fixes). - kvm: s390: fix sthyi error handling (git-fixes bsc#1214370). - leds: fix bug_on check for led_color_id_multi that is always false (git-fixes). - leds: multicolor: use rounded division when calculating color components (git-fixes). - leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order max_order (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: fix potential division by zero (git-fixes). - media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: remove redundant if statement (git-fixes). - media: i2c: ccs: check rules is non-null (git-fixes). - media: i2c: rdacm21: fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: add ov2680_fill_format() helper function (git-fixes). - media: ov2680: do not take the lock for try_fmt calls (git-fixes). - media: ov2680: fix ov2680_bayer_order() (git-fixes). - media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes). - media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: fix vflip / hflip set functions (git-fixes). - media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes). - media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for h.264 (git-fixes). - media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes). - media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes). - misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes). - mkspec: allow unsupported kmps (bsc#1214386) - mlxsw: pci: add shutdown method in pci driver (git-fixes). - mmc: block: fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - move upstreamed powerpc patches into sorted section - mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: check bus width while setting qe bit (git-fixes). - mtd: spinand: toshiba: fix ecc_get_status (git-fixes). - n_tty: rename tail to old_tail in n_tty_read() (git-fixes). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: stop leaking skb's (git-fixes). - net: mana: fix mana vf unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes). - net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes). - net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: fix srso mess (git-fixes). - objtool/x86: fixup frame-pointer vs rethunk (git-fixes). - objtool: union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported. - pci/aspm: avoid link retraining race (git-fixes). - pci/aspm: factor out pcie_wait_for_retrain() (git-fixes). - pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes). - pci: acpiphp: reassign resources on bridge if necessary (git-fixes). - pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - pci: mark nvidia t4 gpus to avoid bus reset (git-fixes). - pci: meson: remove cast between incompatible function type (git-fixes). - pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes). - pci: microchip: remove cast between incompatible function type (git-fixes). - pci: pciehp: use rmw accessors for changing lnkctl (git-fixes). - pci: rockchip: remove writes to unused registers (git-fixes). - pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes). - pci: tegra194: fix possible array out of bounds access (git-fixes). - pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/x86: dell-sysman: fix reference leak (git-fixes). - pm / devfreq: fix leak in devfreq_dev_release() (git-fixes). - powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106). - powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106). - powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files. - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: check start of empty przs during init (git-fixes). - pwm: add a stub for devm_pwmchip_add() (git-fixes). - pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes). - pwm: meson: simplify duplicated per-channel tracking (git-fixes). - qed: fix scheduling in a tasklet while getting stats (git-fixes). - rdma/bnxt_re: fix error handling in probe failure path (git-fixes) - rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes) - rdma/efa: fix wrong resources deallocation order (git-fixes) - rdma/hns: fix cq and qp cache affinity (git-fixes) - rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes) - rdma/hns: fix port active speed (git-fixes) - rdma/irdma: prevent zero-length stag registration (git-fixes) - rdma/irdma: replace one-element array with flexible-array member (git-fixes) - rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes) - rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes) - rdma/siw: balance the reference of cep->kref in the error path (git-fixes) - rdma/siw: correct wrong debug message (git-fixes) - rdma/umem: set iova in odp flow (git-fixes) - readme.branch: add miroslav franc as a sle15-sp4 co-maintainer. - regmap: rbtree: use alloc_flags for memory allocations (git-fixes). - revert 'ib/isert: fix incorrect release of isert connection' (git-fixes) - revert 'tracing: add '(fault)' name injection to kernel probes' (git-fixes). - ring-buffer: do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). - rpmsg: glink: add check for kstrdup (git-fixes). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799). - scsi: bsg: increase number of devices (bsc#1210048). - scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: rdma/srp: fix residual handling (git-fixes) - scsi: sg: increase number of devices (bsc#1210048). - scsi: storvsc: always set no_report_opcodes (git-fixes). - scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). - scsi: storvsc: handle srb status value 0x30 (git-fixes). - scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes). - scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371). - selftests/futex: order calls to futex_lock_pi (git-fixes). - selftests/harness: actually report skip for signal tests (git-fixes). - selftests/resctrl: close perf value read fd on errors (git-fixes). - selftests/resctrl: do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: ethtool: skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes). - selftests: forwarding: skip test when no interfaces are specified (git-fixes). - selftests: forwarding: switch off timeout (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes). - selftests: forwarding: tc_flower: relax success criterion (git-fixes). - selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes). - serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: fix dma buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while nic is resetting (git-fixes). - smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes). - smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629). - smb: client: fix -wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: add shutdown mechanism to the internal functions (bsc#1213970). - timers: provide timer_shutdown[_sync]() (bsc#1213970). - timers: rename del_timer() to timer_delete() (bsc#1213970). - timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: replace bug_on()s (bsc#1213970). - timers: silently ignore timers with a null function (bsc#1213970). - timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: update kernel-doc for various functions (bsc#1213970). - timers: use del_timer_sync() even on up (bsc#1213970). - tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: fix not to count error code to total length (git-fixes). - tracing/probes: fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing/probes: fix to update dynamic data counter if fetcharg uses it (git-fixes). - tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: fix memleak due to race between current_tracer and trace (git-fixes). - tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: fix warning in trace_buffered_event_disable() (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes). - tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes). - ubifs: fix memleak when insert_old_idx() failed (git-fixes). - update patches.suse/cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes). - usb: chipidea: imx: do not request qos for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes). - usb: dwc3: fix typos in gadget.c (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: dwc3: properly handle processing of pending events (git-fixes). - usb: gadget: f_mass_storage: fix unused variable warning (git-fixes). - usb: gadget: fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for focusrite scarlett (git-fixes). - usb: serial: option: add quectel ec200a module support (git-fixes). - usb: serial: option: support quectel em060k_128 (git-fixes). - usb: serial: simple: add kaufmann rks+can vcp (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpm: fix response to vsafe0v event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). - watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes). - wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes). - wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes). - wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: mwifiex: fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - x86/alternative: make custom return thunk unconditional (git-fixes). - x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). - x86/cpu/kvm: provide untrain_ret_vm (git-fixes). - x86/cpu: clean up srso return thunk mess (git-fixes). - x86/cpu: cleanup the untrain mess (git-fixes). - x86/cpu: fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: rename original retbleed methods (git-fixes). - x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/mce: make sure logged mces are processed after sysfs update (git-fixes). - x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). - x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). - x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). - x86/speculation: add cpu_show_gds() prototype (git-fixes). - x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). - x86/srso: correct the mitigation status when smt is disabled (git-fixes). - x86/srso: disable the mitigation on unaffected configurations (git-fixes). - x86/srso: explain the untraining sequences a bit more (git-fixes). - x86/srso: fix build breakage with the llvm linker (git-fixes). - x86/srso: fix return thunks in generated code (git-fixes). - x86/static_call: fix __static_call_fixup() (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214661). Important SUSE bug 1023051 SUSE bug 1120059 SUSE bug 1177719 SUSE bug 1188885 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1205462 SUSE bug 1208902 SUSE bug 1208949 SUSE bug 1209284 SUSE bug 1209799 SUSE bug 1210048 SUSE bug 1210448 SUSE bug 1212091 SUSE bug 1212142 SUSE bug 1212526 SUSE bug 1212857 SUSE bug 1212873 SUSE bug 1213026 SUSE bug 1213123 SUSE bug 1213546 SUSE bug 1213580 SUSE bug 1213601 SUSE bug 1213666 SUSE bug 1213757 SUSE bug 1213759 SUSE bug 1213916 SUSE bug 1213921 SUSE bug 1213927 SUSE bug 1213946 SUSE bug 1213968 SUSE bug 1213970 SUSE bug 1213971 SUSE bug 1214000 SUSE bug 1214019 SUSE bug 1214120 SUSE bug 1214149 SUSE bug 1214180 SUSE bug 1214238 SUSE bug 1214285 SUSE bug 1214297 SUSE bug 1214299 SUSE bug 1214350 SUSE bug 1214368 SUSE bug 1214370 SUSE bug 1214371 SUSE bug 1214372 SUSE bug 1214380 SUSE bug 1214386 SUSE bug 1214392 SUSE bug 1214393 SUSE bug 1214397 SUSE bug 1214428 SUSE bug 1214451 SUSE bug 1214659 SUSE bug 1214661 SUSE bug 1214729 SUSE bug 1214742 SUSE bug 1214743 SUSE bug 1214756 SUSE bug 1214760 CVE-2023-2007 CVE-2023-20588 CVE-2023-34319 CVE-2023-3610 CVE-2023-37453 CVE-2023-3772 CVE-2023-3863 CVE-2023-4128 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4194 CVE-2023-4273 CVE-2023-4387 CVE-2023-4459 CVE-2023-4569 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). The following non-security bugs were fixed: - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - Do not add and remove genksyms ifdefs - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - e1000: Fix fall-through warnings for Clang (jsc#PED-5738). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: drop unneeded assignment in e1000_set_itr() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove checker warning (jsc#PED-5738). - kabi/severities: Ignore newly added SRSO mitigation functions - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - net: e1000: remove repeated word 'slot' for e1000_main.c (jsc#PED-5738). - net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas: move syscall filter setup into separate function (bsc#1023051). - powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051). - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214275). - xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (bsc#1214275). - xfs: update superblock counters correctly for !lazysbcount (bsc#1214275). Important SUSE bug 1023051 SUSE bug 1203517 SUSE bug 1210448 SUSE bug 1213272 SUSE bug 1213546 SUSE bug 1213601 SUSE bug 1213666 SUSE bug 1213916 SUSE bug 1213927 SUSE bug 1213968 SUSE bug 1213969 SUSE bug 1213970 SUSE bug 1213971 SUSE bug 1214019 SUSE bug 1214120 SUSE bug 1214149 SUSE bug 1214275 SUSE bug 1214297 SUSE bug 1214348 SUSE bug 1214350 SUSE bug 1214451 CVE-2022-36402 CVE-2023-2007 CVE-2023-20588 CVE-2023-21400 CVE-2023-34319 CVE-2023-3772 CVE-2023-3863 CVE-2023-4128 CVE-2023-4132 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4194 CVE-2023-4273 CVE-2023-4385 CVE-2023-4387 CVE-2023-4459 cpe:/o:opensuse:leap:15.4 Security update for gcc7 (Important) openSUSE Leap 15.4 This update for gcc7 fixes the following issues: Security issue fixed: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). Other fixes: - Fixed KASAN kernel compile. [bsc#1205145] - Fixed ICE with C++17 code as reported in [bsc#1204505] - Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517): - Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] Important SUSE bug 1195517 SUSE bug 1196861 SUSE bug 1204505 SUSE bug 1205145 SUSE bug 1214052 CVE-2023-4039 cpe:/o:opensuse:leap:15.4 Security update for libxml2 (Important) openSUSE Leap 15.4 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). Important SUSE bug 1214768 CVE-2023-39615 cpe:/o:opensuse:leap:15.4 Security update for libxml2 (Important) openSUSE Leap 15.4 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). Important SUSE bug 1214768 CVE-2023-39615 cpe:/o:opensuse:leap:15.4 Security update for ca-certificates-mozilla (Important) openSUSE Leap 15.4 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 Important SUSE bug 1206212 SUSE bug 1206622 cpe:/o:opensuse:leap:15.4 Security update for go1.20 (Important) openSUSE Leap 15.4 This update for go1.20 fixes the following issues: Update to go1.20.8 (bsc#1206346). - CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template (bsc#1215084). - CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085). The following non-security bug was fixed: - Add missing directory pprof html asset directory to package (bsc#1215090). Important SUSE bug 1206346 SUSE bug 1215084 SUSE bug 1215085 SUSE bug 1215090 CVE-2023-39318 CVE-2023-39319 cpe:/o:opensuse:leap:15.4 Security update for go1.21 (Important) openSUSE Leap 15.4 This update for go1.21 fixes the following issues: Update to go1.21.1 (bsc#1212475). - CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template (bsc#1215084). - CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085). - CVE-2023-39320: Fixed arbitrary execution in go.mod toolchain directive (bsc#1215086). - CVE-2023-39321, CVE-2023-39322: Fixed a panic when processing post-handshake message on QUIC connections in crypto/tls (bsc#1215087). The following non-security bug was fixed: - Add missing directory pprof html asset directory to package (bsc#1215090). Important SUSE bug 1212475 SUSE bug 1215084 SUSE bug 1215085 SUSE bug 1215086 SUSE bug 1215087 SUSE bug 1215090 CVE-2023-39318 CVE-2023-39319 CVE-2023-39320 CVE-2023-39321 CVE-2023-39322 cpe:/o:opensuse:leap:15.4 Security update for cups (Important) openSUSE Leap 15.4 This update for cups fixes the following issues: - CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). - CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254). Important SUSE bug 1214254 SUSE bug 1215204 CVE-2023-32360 CVE-2023-4504 cpe:/o:opensuse:leap:15.4 Security update for python39 (Important) openSUSE Leap 15.4 This update for python39 fixes the following issues: - Update to 3.9.18: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). The following non-security bugs were fixed: - making marshalling of `set` and `frozenset` deterministic (bsc#1211765). - stabilizing FLAG_REF usage (required for reproduceability (bsc#1213463). Important SUSE bug 1211765 SUSE bug 1213463 SUSE bug 1214692 CVE-2023-40217 cpe:/o:opensuse:leap:15.4 Security update for rubygem-rails-html-sanitizer (Important) openSUSE Leap 15.4 This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2022-23517: Fixed inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. (bsc#1206433) - CVE-2022-23518: Fixed XSS via data URIs when used in combination with Loofah. (bsc#1206434) - CVE-2022-23519: Fixed XSS vulnerability with certain configurations of Rails::Html::Sanitizer. (bsc#1206435) - CVE-2022-23520: Fixed XSS vulnerability with certain configurations of Rails::Html::Sanitizer. (bsc#1206436) Important SUSE bug 1206433 SUSE bug 1206434 SUSE bug 1206435 SUSE bug 1206436 CVE-2022-23517 CVE-2022-23518 CVE-2022-23519 CVE-2022-23520 cpe:/o:opensuse:leap:15.4 Security update for qemu (Important) openSUSE Leap 15.4 This update for qemu fixes the following issues: - CVE-2022-26354: Fixed a memory leak due to a missing virtqueue detach on error. (bsc#1198712) - CVE-2021-3929: Fixed an use-after-free in nvme DMA reentrancy issue. (bsc#1193880) - CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. (bsc#1207205) - CVE-2020-13754: Fixed a DoS due to an OOB access during mmio operations. (bsc#1172382) - CVE-2023-3354: Fixed a remote unauthenticated DoS due to an improper I/O watch removal in VNC TLS handshake. (bsc#1212850) - CVE-2023-3180: Fixed a heap buffer overflow in virtio_crypto_sym_op_helper(). (bsc#1213925) - CVE-2021-3638: Fixed an out-of-bounds write due to an inconsistent check in ati_2d_blt(). (bsc#1188609) - CVE-2021-3750: Fixed an use-after-free in DMA reentrancy issue. (bsc#1190011) - CVE-2023-2861: Fixed improper access control on special files in 9pfs (bsc#1212968). - CVE-2022-1050: Fixed use-after-free issue in pvrdma_exec_cmd() (bsc#1197653). The following non-security bug was fixed: - Prepare for binutils update to 2.41 update (bsc#1215311). Important SUSE bug 1172382 SUSE bug 1188609 SUSE bug 1190011 SUSE bug 1193880 SUSE bug 1197653 SUSE bug 1198712 SUSE bug 1207205 SUSE bug 1212850 SUSE bug 1212968 SUSE bug 1213925 SUSE bug 1215311 CVE-2020-13754 CVE-2021-3638 CVE-2021-3750 CVE-2021-3929 CVE-2022-1050 CVE-2022-26354 CVE-2023-0330 CVE-2023-2861 CVE-2023-3180 CVE-2023-3354 cpe:/o:opensuse:leap:15.4 Security update for rust, rust1.72 (Moderate) openSUSE Leap 15.4 This update for rust, rust1.72 fixes the following issues: Changes in rust: - Update to version 1.72.0 - for details see the rust1.72 package Changes in rust1.72: - CVE-2023-40030: fix minor non-exploited issue in cargo (bsc#1214689) Version 1.72.0 (2023-08-24) ========================== Language -------- - Replace const eval limit by a lint and add an exponential backoff warning - expand: Change how `#![cfg(FALSE)]` behaves on crate root - Stabilize inline asm for LoongArch64 - Uplift `clippy::undropped_manually_drops` lint - Uplift `clippy::invalid_utf8_in_unchecked` lint - Uplift `clippy::cast_ref_to_mut` lint - Uplift `clippy::cmp_nan` lint - resolve: Remove artificial import ambiguity errors - Don't require associated types with Self: Sized bounds in `dyn Trait` objects Compiler -------- - Remember names of `cfg`-ed out items to mention them in diagnostics - Support for native WASM exceptions - Add support for NetBSD/aarch64-be (big-endian arm64). - Write to stdout if `-` is given as output file - Force all native libraries to be statically linked when linking a static binary - Add Tier 3 support for `loongarch64-unknown-none*` - Prevent `.eh_frame` from being emitted for `-C panic=abort` - Support 128-bit enum variant in debuginfo codegen - compiler: update solaris/illumos to enable tsan support. Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - Document memory orderings of `thread::{park, unpark}` - io: soften ‘at most one write attempt’ requirement in io::Write::write - Specify behavior of HashSet::insert - Relax implicit `T: Sized` bounds on `BufReader<T>`, `BufWriter<T>` and `LineWriter<T>` - Update runtime guarantee for `select_nth_unstable` - Return `Ok` on kill if process has already exited - Implement PartialOrd for `Vec`s over different allocators - Use 128 bits for TypeId hash - Don't drain-on-drop in DrainFilter impls of various collections. - Make `{Arc,Rc,Weak}::ptr_eq` ignore pointer metadata Rustdoc ------- - Allow whitespace as path separator like double colon - Add search result item types after their name - Search for slices and arrays by type with `[]` - Clean up type unification and 'unboxing' Stabilized APIs --------------- - `impl<T: Send> Sync for mpsc::Sender<T>` - `impl TryFrom<&OsStr> for &str` - `String::leak` These APIs are now stable in const contexts: - `CStr::from_bytes_with_nul` - `CStr::to_bytes` - `CStr::to_bytes_with_nul` - `CStr::to_str` Cargo ----- - Enable `-Zdoctest-in-workspace` by default. When running each documentation test, the working directory is set to the root directory of the package the test belongs to. - Add support of the 'default' keyword to reset previously set `build.jobs` parallelism back to the default. Compatibility Notes ------------------- - Alter `Display` for `Ipv6Addr` for IPv4-compatible addresses - Cargo changed feature name validation check to a hard error. The warning was added in Rust 1.49. These extended characters aren't allowed on crates.io, so this should only impact users of other registries, or people who don't publish to a registry. Moderate SUSE bug 1214689 CVE-2023-40030 cpe:/o:opensuse:leap:15.4 Security update for libqb (Moderate) openSUSE Leap 15.4 This update for libqb fixes the following issues: - CVE-2023-39976: Fixed potential buffer overflow with long log messages (bsc#1214066). Moderate SUSE bug 1214066 CVE-2023-39976 cpe:/o:opensuse:leap:15.4 Security update for bind (Important) openSUSE Leap 15.4 This update for bind fixes the following issues: Update to release 9.16.44: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472). Important SUSE bug 1215472 CVE-2023-3341 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-ibm (Moderate) openSUSE Leap 15.4 This update for java-1_8_0-ibm fixes the following issues: IBM Security Update November 2022: (bsc#1205302, bsc#1204703) - CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here. Moderate SUSE bug 1204703 SUSE bug 1205302 CVE-2022-3676 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: - Expand lang sub-package in spec file unconditionally to handle previous name change from WebKit2GTK-lang to WebKitGTK-lang. This change affected the automatic generated Requires tag on WebKit2GTK-%{_apiver}, then getting out of sync of what's being required and what's being provided. Now, any sub-package that was providing WebKit2GTK-%{_apiver} will provide WebKitGTK-%{_apiver} instead (bsc#1214835, bsc#1214640, bsc#1214093). - Require libwaylandclient0 >= 1.20. 15.4 originally had 1.19.0, but webkitgtk uses a function added in 1.20.0, so we need to ensure that the wayland update is pulled in (bsc#1215072). - Update to version 2.40.5 (bsc#1213905 bsc#1213379 bsc#1213581 bsc#1215230): CVE-2023-38594, CVE-2023-38595, CVE-2023-38597, CVE-2023-38599, CVE-2023-38600, CVE-2023-38611, CVE-2023-40397, CVE-2023-37450, CVE-2023-28198, CVE-2023-32370 Important SUSE bug 1213379 SUSE bug 1213581 SUSE bug 1213905 SUSE bug 1214093 SUSE bug 1214640 SUSE bug 1214835 SUSE bug 1215072 SUSE bug 1215230 CVE-2023-28198 CVE-2023-32370 CVE-2023-37450 CVE-2023-38594 CVE-2023-38595 CVE-2023-38597 CVE-2023-38599 CVE-2023-38600 CVE-2023-38611 CVE-2023-40397 cpe:/o:opensuse:leap:15.4 Security update for frr (Important) openSUSE Leap 15.4 This update for frr fixes the following issues: - CVE-2023-38802: Fixed bad length handling when processing BGP attributes. (bsc#1213284) - CVE-2023-41358: Fixed a possible crash when processing NLRIs with an attribute length of zero. (bsc#1214735) - CVE-2023-41909: Fixed NULL pointer dereference due to processing in bgp_nlri_parse_flowspec (bsc#1215065). Important SUSE bug 1213284 SUSE bug 1214735 SUSE bug 1215065 CVE-2023-38802 CVE-2023-41358 CVE-2023-41909 cpe:/o:opensuse:leap:15.4 Security update for wireshark (Moderate) openSUSE Leap 15.4 This update for wireshark fixes the following issues: - Wireshark update to v3.6.16. - CVE-2023-4512: Fixed a bug in CBOR dissector which could lead to crash. (bsc#1214561) - CVE-2023-4511: Fixed a bug in BT SDP dissector which could lead to an infinite loop. (bsc#1214560) - CVE-2023-4513: Fixed a bug in BT SDP dissector which could lead to a memory leak. (bsc#1214562) - CVE-2023-2906: Fixed a bug in CP2179 dissector which could lead to crash. (bsc#1214652) Moderate SUSE bug 1214560 SUSE bug 1214561 SUSE bug 1214562 SUSE bug 1214652 CVE-2023-2906 CVE-2023-4511 CVE-2023-4512 CVE-2023-4513 cpe:/o:opensuse:leap:15.4 Security update for wire (Important) openSUSE Leap 15.4 This update of wire fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for postfix (Moderate) openSUSE Leap 15.4 This update for postfix fixes the following issues: Security fixes: - CVE-2023-32182: Fixed config_postfix SUSE specific script using potentially bad /tmp file (bsc#1211196). Other fixes: - postfix: config.postfix causes too tight permission on main.cf (bsc#1215372). Moderate SUSE bug 1211196 SUSE bug 1215372 CVE-2023-32182 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Moderate) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2020-21679: Fixed a buffer overflow in WritePCXImage function in pcx.c which may allow a remote attackers to cause a denial of service. (bsc#1214578) Moderate SUSE bug 1214578 CVE-2020-21679 cpe:/o:opensuse:leap:15.4 Security update for gstreamer-plugins-base (Important) openSUSE Leap 15.4 This update for gstreamer-plugins-base fixes the following issues: - CVE-2023-37327: Fixed FLAC file parsing integer overflow (bsc#1213128). - CVE-2023-37328: Fixed PGS file parsing heap-based buffer overflow (bsc#1213131). - CVE-2021-3522: Fixed frame size check and potential invalid reads (bsc#1185448). Important SUSE bug 1185448 SUSE bug 1213128 SUSE bug 1213131 CVE-2021-3522 CVE-2023-37327 CVE-2023-37328 cpe:/o:opensuse:leap:15.4 Security update for bind (Important) openSUSE Leap 15.4 This update for bind fixes the following issues: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472). Important SUSE bug 1215472 CVE-2023-3341 cpe:/o:opensuse:leap:15.4 Security update for rubygem-actionview-5_1 (Important) openSUSE Leap 15.4 This update for rubygem-actionview-5_1 fixes the following issues: - CVE-2023-23913: Fixed DOM Based Cross-site Scripting in rails-ujs (bsc#1209826). Important SUSE bug 1209826 CVE-2023-23913 cpe:/o:opensuse:leap:15.4 Security update for cni (Important) openSUSE Leap 15.4 This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for cni-plugins (Important) openSUSE Leap 15.4 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for containerd (Important) openSUSE Leap 15.4 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for ffmpeg (Moderate) openSUSE Leap 15.4 This update for ffmpeg fixes the following issues: - CVE-2021-28429: Fixed Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c (bsc#1214246). Moderate SUSE bug 1214246 CVE-2021-28429 cpe:/o:opensuse:leap:15.4 Security update for supportutils (Moderate) openSUSE Leap 15.4 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) Moderate SUSE bug 1181477 SUSE bug 1196933 SUSE bug 1204942 SUSE bug 1205533 SUSE bug 1206402 SUSE bug 1206608 SUSE bug 1207543 SUSE bug 1207598 SUSE bug 1208928 SUSE bug 1209979 SUSE bug 1210015 SUSE bug 1210950 SUSE bug 1211598 SUSE bug 1211599 SUSE bug 1213127 CVE-2022-45154 cpe:/o:opensuse:leap:15.4 Security update for curl (Important) openSUSE Leap 15.4 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) Important SUSE bug 1215026 CVE-2023-38039 cpe:/o:opensuse:leap:15.4 Security update for python310 (Important) openSUSE Leap 15.4 This update for python310 fixes the following issues: - Update to 3.10.13. - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692) The following non-security bug was fixed: - stabilizing FLAG_REF usage (required for reproduceability (bsc#1213463). Important SUSE bug 1213463 SUSE bug 1214692 CVE-2023-40217 cpe:/o:opensuse:leap:15.4 Security update for binutils (Important) openSUSE Leap 15.4 This update for binutils fixes the following issues: Update to version 2.41 [jsc#PED-5778]: * The MIPS port now supports the Sony Interactive Entertainment Allegrex processor, used with the PlayStation Portable, which implements the MIPS II ISA along with a single-precision FPU and a few implementation-specific integer instructions. * Objdump's --private option can now be used on PE format files to display the fields in the file header and section headers. * New versioned release of libsframe: libsframe.so.1. This release introduces versioned symbols with version node name LIBSFRAME_1.0. This release also updates the ABI in an incompatible way: this includes removal of sframe_get_funcdesc_with_addr API, change in the behavior of sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs. * SFrame Version 2 is now the default (and only) format version supported by gas, ld, readelf and objdump. * Add command-line option, --strip-section-headers, to objcopy and strip to remove ELF section header from ELF file. * The RISC-V port now supports the following new standard extensions: - Zicond (conditional zero instructions) - Zfa (additional floating-point instructions) - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng, Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions) * The RISC-V port now supports the following vendor-defined extensions: - XVentanaCondOps * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions. * A new .insn directive is recognized by x86 gas. * Add SME2 support to the AArch64 port. * The linker now accepts a command line option of --remap-inputs <PATTERN>=<FILE> to relace any input file that matches <PATTERN> with <FILE>. In addition the option --remap-inputs-file=<FILE> can be used to specify a file containing any number of these remapping directives. * The linker command line option --print-map-locals can be used to include local symbols in a linker map. (ELF targets only). * For most ELF based targets, if the --enable-linker-version option is used then the version of the linker will be inserted as a string into the .comment section. * The linker script syntax has a new command for output sections: ASCIZ 'string' This will insert a zero-terminated string at the current location. * Add command-line option, -z nosectionheader, to omit ELF section header. - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1209642 aka CVE-2023-1579 aka PR29988 * bsc#1210297 aka CVE-2023-1972 aka PR30285 * bsc#1210733 aka CVE-2023-2222 aka PR29936 * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc) * bsc#1214565 aka CVE-2020-19726 aka PR26240 * bsc#1214567 aka CVE-2022-35206 aka PR29290 * bsc#1214579 aka CVE-2022-35205 aka PR29289 * bsc#1214580 aka CVE-2022-44840 aka PR29732 * bsc#1214604 aka CVE-2022-45703 aka PR29799 * bsc#1214611 aka CVE-2022-48065 aka PR29925 * bsc#1214619 aka CVE-2022-48064 aka PR29922 * bsc#1214620 aka CVE-2022-48063 aka PR29924 * bsc#1214623 aka CVE-2022-47696 aka PR29677 * bsc#1214624 aka CVE-2022-47695 aka PR29846 * bsc#1214625 aka CVE-2022-47673 aka PR29876 - This only existed only for a very short while in SLE-15, as the main variant in devel:gcc subsumed this in binutils-revert-rela.diff. Hence: - Document fixed CVEs: * bsc#1208037 aka CVE-2023-25588 aka PR29677 * bsc#1208038 aka CVE-2023-25587 aka PR29846 * bsc#1208040 aka CVE-2023-25585 aka PR29892 * bsc#1208409 aka CVE-2023-0687 aka PR29444 - Enable bpf-none cross target and add bpf-none to the multitarget set of supported targets. - Disable packed-relative-relocs for old codestreams. They generate buggy relocations when binutils-revert-rela.diff is active. [bsc#1206556] - Disable ZSTD debug section compress by default. - Enable zstd compression algorithm (instead of zlib) for debug info sections by default. - Pack libgprofng only for supported platforms. - Move libgprofng-related libraries to the proper locations (packages). - Add --without=bootstrap for skipping of bootstrap (faster testing of the package). - Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515] Update to version 2.40: * Objdump has a new command line option --show-all-symbols which will make it display all symbols that match a given address when disassembling. (Normally only the first symbol that matches an address is shown). * Add --enable-colored-disassembly configure time option to enable colored disassembly output by default, if the output device is a terminal. Note, this configure option is disabled by default. * DCO signed contributions are now accepted. * objcopy --decompress-debug-sections now supports zstd compressed debug sections. The new option --compress-debug-sections=zstd compresses debug sections with zstd. * addr2line and objdump --dwarf now support zstd compressed debug sections. * The dlltool program now accepts --deterministic-libraries and --non-deterministic-libraries as command line options to control whether or not it generates deterministic output libraries. If neither of these options are used the default is whatever was set when the binutils were configured. * readelf and objdump now have a newly added option --sframe which dumps the SFrame section. * Add support for Intel RAO-INT instructions. * Add support for Intel AVX-NE-CONVERT instructions. * Add support for Intel MSRLIST instructions. * Add support for Intel WRMSRNS instructions. * Add support for Intel CMPccXADD instructions. * Add support for Intel AVX-VNNI-INT8 instructions. * Add support for Intel AVX-IFMA instructions. * Add support for Intel PREFETCHI instructions. * Add support for Intel AMX-FP16 instructions. * gas now supports --compress-debug-sections=zstd to compress debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug-sections. * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs, XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx, XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head ISA manual, which are implemented in the Allwinner D1. * Add support for the RISC-V Zawrs extension, version 1.0-rc4. * Add support for Cortex-X1C for Arm. * New command line option --gsframe to generate SFrame unwind information on x86_64 and aarch64 targets. * The linker has a new command line option to suppress the generation of any warning or error messages. This can be useful when there is a need to create a known non-working binary. The option is -w or --no-warnings. * ld now supports zstd compressed debug sections. The new option --compress-debug-sections=zstd compresses debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug-sections. * Remove support for -z bndplt (MPX prefix instructions). - Includes fixes for these CVEs: * bsc#1206080 aka CVE-2022-4285 aka PR29699 - Enable by default: --enable-colored-disassembly. - fix build on x86_64_vX platforms Important SUSE bug 1200962 SUSE bug 1206080 SUSE bug 1206556 SUSE bug 1208037 SUSE bug 1208038 SUSE bug 1208040 SUSE bug 1208409 SUSE bug 1209642 SUSE bug 1210297 SUSE bug 1210733 SUSE bug 1213458 SUSE bug 1214565 SUSE bug 1214567 SUSE bug 1214579 SUSE bug 1214580 SUSE bug 1214604 SUSE bug 1214611 SUSE bug 1214619 SUSE bug 1214620 SUSE bug 1214623 SUSE bug 1214624 SUSE bug 1214625 CVE-2020-19726 CVE-2021-32256 CVE-2022-35205 CVE-2022-35206 CVE-2022-4285 CVE-2022-44840 CVE-2022-45703 CVE-2022-47673 CVE-2022-47695 CVE-2022-47696 CVE-2022-48063 CVE-2022-48064 CVE-2022-48065 CVE-2023-0687 CVE-2023-1579 CVE-2023-1972 CVE-2023-2222 CVE-2023-25585 CVE-2023-25587 CVE-2023-25588 cpe:/o:opensuse:leap:15.4 Security update for mutt (Moderate) openSUSE Leap 15.4 This update for mutt fixes the following issues: - CVE-2023-4874: Fixed NULL pointer dereference when composing an email (bsc#1215189). - CVE-2023-4875: Fixed NULL pointer dereference when receiving an email (bsc#1215191). Moderate SUSE bug 1215189 SUSE bug 1215191 CVE-2023-4874 CVE-2023-4875 cpe:/o:opensuse:leap:15.4 Security update for python-brotlipy (Moderate) openSUSE Leap 15.4 This update for python-brotlipy fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). Moderate SUSE bug 1175825 CVE-2020-8927 cpe:/o:opensuse:leap:15.4 Security update for python3 (Important) openSUSE Leap 15.4 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). Important SUSE bug 1214692 CVE-2023-40217 cpe:/o:opensuse:leap:15.4 Security update for libwebp (Critical) openSUSE Leap 15.4 This update for libwebp fixes the following issues: - CVE-2023-4863: Fixed heap buffer overflow (bsc#1215231). Critical SUSE bug 1215231 CVE-2023-4863 cpe:/o:opensuse:leap:15.4 Security update for xrdp (Moderate) openSUSE Leap 15.4 This update for xrdp fixes the following issues: - CVE-2023-40184: Fixed restriction bypass via improper session handling (bsc#1214805). Moderate SUSE bug 1214805 CVE-2023-40184 cpe:/o:opensuse:leap:15.4 Security update for xen (Important) openSUSE Leap 15.4 This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). Important SUSE bug 1215145 SUSE bug 1215474 CVE-2023-20588 CVE-2023-34322 cpe:/o:opensuse:leap:15.4 Security update for exempi (Moderate) openSUSE Leap 15.4 This update for exempi fixes the following issues: - CVE-2020-18651: Fixed a buffer overflow in ID3 support (bsc#1214486). Moderate SUSE bug 1214486 CVE-2020-18651 cpe:/o:opensuse:leap:15.4 Securitys update for open-vm-tools (Important) openSUSE Leap 15.4 This update for open-vm-tools fixes the following issues: Update to 12.3.0 (build 22234872) (bsc#1214850) - There are no new features in the open-vm-tools 12.3.0 release. This is primarily a maintenance release that addresses a few critical problems, including: - This release integrates CVE-2023-20900 without the need for a patch. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2023-0019.html. - A tools.conf configuration setting is available to temporaily direct Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior of ignoring file systems already frozen. - Building of the VMware Guest Authentication Service (VGAuth) using 'xml-security-c' and 'xerces-c' is being deprecated. - A number of Coverity reported issues have been addressed. - A number of GitHub issues and pull requests have been handled. Please see the Resolves Issues section of the Release Notes. - For issues resolved in this release, see the Resolved Issues section of the Release Notes. - For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0 - Release Notes are available at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md - The granular changes that have gone into the 12.3.0 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog - Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests - jsc#PED-1344 - reinable building containerinfo plugin for SLES 15 SP4. Important SUSE bug 1205927 SUSE bug 1214850 CVE-2023-20900 cpe:/o:opensuse:leap:15.4 Security update for quagga (Important) openSUSE Leap 15.4 This update for quagga fixes the following issues: - CVE-2023-38802: Fixed bad length handling in BGP attribute handling (bsc#1213284). - CVE-2023-41358: Fixed possible crash when processing NLRIs if the attribute length is zero (bsc#1214735). Important SUSE bug 1213284 SUSE bug 1214735 CVE-2023-38802 CVE-2023-41358 cpe:/o:opensuse:leap:15.4 Security update for go1.20-openssl (Important) openSUSE Leap 15.4 This update for go1.20-openssl fixes the following issues: Update to version 1.20.8 (bsc#1206346). - CVE-2023-29409: Fixed unrestricted RSA keys in certificates (bsc#1213880). - CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085). - CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts (bsc#1215084). The following non-security bug was fixed: - Add missing directory pprof html asset directory to package (bsc#1215090). Important SUSE bug 1206346 SUSE bug 1213880 SUSE bug 1215084 SUSE bug 1215085 SUSE bug 1215090 CVE-2023-29409 CVE-2023-39318 CVE-2023-39319 cpe:/o:opensuse:leap:15.4 Security update for go1.19-openssl (Important) openSUSE Leap 15.4 This update for go1.19-openssl fixes the following issues: Update to version 1.19.13 (bsc#1200441). - CVE-2023-29409: Fixed unrestricted RSA keys in certificates (bsc#1213880). - CVE-2023-29406: Fixed insufficient sanitization of Host header (bsc#1213229). The following non-security bug was fixed: - Add missing directory pprof html asset directory to package (bsc#1215090). Important SUSE bug 1200441 SUSE bug 1213229 SUSE bug 1213880 SUSE bug 1215090 CVE-2023-29406 CVE-2023-29409 cpe:/o:opensuse:leap:15.4 Security update for gsl (Moderate) openSUSE Leap 15.4 This update for gsl fixes the following issues: - CVE-2020-35357: Fixed a stack out of bounds read in gsl_stats_quantile_from_sorted_data(). (bsc#1214681) Moderate SUSE bug 1214681 CVE-2020-35357 cpe:/o:opensuse:leap:15.4 Security update for pmix (Moderate) openSUSE Leap 15.4 This update for pmix fixes the following issues: - CVE-2023-41915: Fixed a potential vulnerability where a `chown` may follow a user-created link (bsc#1215190). - Install pmix-plugin-munge if munge is installed. Moderate SUSE bug 1215190 CVE-2023-41915 cpe:/o:opensuse:leap:15.4 Security update for salt (Moderate) openSUSE Leap 15.4 This update for salt fixes the following issues: Security issues fixed: - CVE-2023-20897: Fixed DOS in minion return. (bsc#1214796, bsc#1213441) - CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. (bsc#1214797, bsc#1193948) Bugs fixed: - Create minion_id with reproducible mtime - Fix broken tests to make them running in the testsuite - Fix detection of Salt codename by 'salt_version' execution module - Fix inconsistency in reported version by egg-info metadata (bsc#1215489) - Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844) - Fix the regression of user.present state when group is unset (bsc#1212855) - Fix utf8 handling in 'pass' renderer and make it more robust - Fix zypper repositories always being reconfigured - Make sure configured user is properly set by Salt (bsc#1210994) - Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794) - Revert usage of long running REQ channel to prevent possible missing responses on requests and duplicated responses (bsc#1213960, bsc#1213630, bsc#1213257) Moderate SUSE bug 1193948 SUSE bug 1210994 SUSE bug 1212794 SUSE bug 1212844 SUSE bug 1212855 SUSE bug 1213257 SUSE bug 1213441 SUSE bug 1213630 SUSE bug 1213960 SUSE bug 1214796 SUSE bug 1214797 SUSE bug 1215489 CVE-2023-20897 CVE-2023-20898 cpe:/o:opensuse:leap:15.4 Security update for SUSE Manager Client Tools (Important) openSUSE Leap 15.4 This update fixes the following issues: golang-github-lusitaniae-apache_exporter: - Security issues fixed: * CVE-2022-32149: Fix denial of service vulnerability (bsc#1204501) * CVE-2022-41723: Fix uncontrolled resource consumption (bsc#1208270) * CVE-2022-46146: Fix authentication bypass vulnarability (bsc#1208046) - Changes and bugs fixed: * Updated to 1.0.0 (jsc#PED-5405) + Improved flag parsing + Added support for custom headers * Changes from 0.13.1 + Fix panic caused by missing flagConfig options * Added AppArmor profile * Added sandboxing options to systemd service unit * Build using promu * Build with Go 1.19 * Exclude s390 architecture golang-github-prometheus-prometheus: - This update introduces breaking changes. Please, read carefully the provided informations. - Security issues fixed: * CVE-2022-41723: Fix uncontrolled resource consumption by updating Go to version 1.20.1 (bsc#1208298) - Updated to 2.45.0 (jsc#PED-5406): * [FEATURE] API: New limit parameter to limit the number of items returned by `/api/v1/status/tsdb` endpoint * [FEATURE] Config: Add limits to global config * [FEATURE] Consul SD: Added support for `path_prefix` * [FEATURE] Native histograms: Add option to scrape both classic and native histograms. * [FEATURE] Native histograms: Added support for two more arithmetic operators `avg_over_time` and `sum_over_time` * [FEATURE] Promtool: When providing the block id, only one block will be loaded and analyzed * [FEATURE] Remote-write: New Azure ad configuration to support remote writing directly to Azure Monitor workspace * [FEATURE] TSDB: Samples per chunk are now configurable with flag `storage.tsdb.samples-per-chunk`. By default set to its former value 120 * [ENHANCEMENT] Native histograms: bucket size can now be limited to avoid scrape fails * [ENHANCEMENT] TSDB: Dropped series are now deleted from the WAL sooner * [BUGFIX] Native histograms: ChunkSeries iterator now checks if a new sample can be appended to the open chunk * [BUGFIX] Native histograms: Fix Histogram Appender `Appendable()` segfault * [BUGFIX] Native histograms: Fix setting reset header to gauge histograms in seriesToChunkEncoder * [BUGFIX] TSDB: Tombstone intervals are not modified after Get() call * [BUGFIX] TSDB: Use path/filepath to set the WAL directory. - Changes from 2.44.0: * [FEATURE] Remote-read: Handle native histograms * [FEATURE] Promtool: Health and readiness check of prometheus server in CLI * [FEATURE] PromQL: Add `query_samples_total` metric, the total number of samples loaded by all queries * [ENHANCEMENT] Storage: Optimise buffer used to iterate through samples * [ENHANCEMENT] Scrape: Reduce memory allocations on target labels * [ENHANCEMENT] PromQL: Use faster heap method for `topk()` / `bottomk()` * [ENHANCEMENT] Rules API: Allow filtering by rule name * [ENHANCEMENT] Native Histograms: Various fixes and improvements * [ENHANCEMENT] UI: Search of scraping pools is now case-insensitive * [ENHANCEMENT] TSDB: Add an affirmative log message for successful WAL repair * [BUGFIX] TSDB: Block compaction failed when shutting down * [BUGFIX] TSDB: Out-of-order chunks could be ignored if the write-behind log was deleted - Changes from 2.43.1 * [BUGFIX] Labels: Set() after Del() would be ignored, which broke some relabeling rules - Changes from 2.43.0: * [FEATURE] Promtool: Add HTTP client configuration to query commands * [FEATURE] Scrape: Add `include_scrape_configs` to include scrape configs from different files * [FEATURE] HTTP client: Add `no_proxy` to exclude URLs from proxied requests * [FEATURE] HTTP client: Add `proxy_from_enviroment` to read proxies from env variables * [ENHANCEMENT] API: Add support for setting lookback delta per query via the API * [ENHANCEMENT] API: Change HTTP status code from 503/422 to 499 if a request is canceled * [ENHANCEMENT] Scrape: Allow exemplars for all metric types * [ENHANCEMENT] TSDB: Add metrics for head chunks and WAL folders size * [ENHANCEMENT] TSDB: Automatically remove incorrect snapshot with index that is ahead of WAL * [ENHANCEMENT] TSDB: Improve Prometheus parser error outputs to be more comprehensible * [ENHANCEMENT] UI: Scope `group by` labels to metric in autocompletion * [BUGFIX] Scrape: Fix `prometheus_target_scrape_pool_target_limit` metric not set before reloading * [BUGFIX] TSDB: Correctly update `prometheus_tsdb_head_chunks_removed_total` and `prometheus_tsdb_head_chunks` metrics when reading WAL * [BUGFIX] TSDB: Use the correct unit (seconds) when recording out-of-order append deltas in the `prometheus_tsdb_sample_ooo_delta` metric - Changes from 2.42.0: This release comes with a new feature coverage for native histograms and breaking changes. If you are trying native histograms already, we recommend you remove the `wal` directory when upgrading. Because the old WAL record for native histograms is not backward compatible in v2.42.0, this will lead to some data loss for the latest data. Additionally, if you scrape 'float histograms' or use recording rules on native histograms in v2.42.0 (which writes float histograms), it is a one-way street since older versions do not support float histograms. * [CHANGE] **breaking** TSDB: Changed WAL record format for the experimental native histograms * [FEATURE] Add 'keep_firing_for' field to alerting rules * [FEATURE] Promtool: Add support of selecting timeseries for TSDB dump * [ENHANCEMENT] Agent: Native histogram support. * [ENHANCEMENT] Rules: Support native histograms in recording rules * [ENHANCEMENT] SD: Add container ID as a meta label for pod targets for Kubernetes * [ENHANCEMENT] SD: Add VM size label to azure service discovery * [ENHANCEMENT] Support native histograms in federation * [ENHANCEMENT] TSDB: Add gauge histogram support * [ENHANCEMENT] TSDB/Scrape: Support FloatHistogram that represents buckets as float64 values * [ENHANCEMENT] UI: Show individual scrape pools on /targets page - Changes from 2.41.0: * [FEATURE] Relabeling: Add keepequal and dropequal relabel actions * [FEATURE] Add support for HTTP proxy headers * [ENHANCEMENT] Reload private certificates when changed on disk * [ENHANCEMENT] Add max_version to specify maximum TLS version in tls_config * [ENHANCEMENT] Add goos and goarch labels to prometheus_build_info * [ENHANCEMENT] SD: Add proxy support for EC2 and LightSail SDs * [ENHANCEMENT] SD: Add new metric prometheus_sd_file_watcher_errors_total * [ENHANCEMENT] Remote Read: Use a pool to speed up marshalling * [ENHANCEMENT] TSDB: Improve handling of tombstoned chunks in iterators * [ENHANCEMENT] TSDB: Optimize postings offset table reading * [BUGFIX] Scrape: Validate the metric name, label names, and label values after relabeling * [BUGFIX] Remote Write receiver and rule manager: Fix error handling - Changes from 2.40.7: * [BUGFIX] TSDB: Fix queries involving negative buckets of native histograms - Changes from 2.40.5: * [BUGFIX] TSDB: Fix queries involving native histograms due to improper reset of iterators - Changes from 2.40.3: * [BUGFIX] TSDB: Fix compaction after a deletion is called - Changes from 2.40.2: * [BUGFIX] UI: Fix black-on-black metric name color in dark mode - Changes from 2.40.1: * [BUGFIX] TSDB: Fix alignment for atomic int64 for 32 bit architecture * [BUGFIX] Scrape: Fix accept headers - Changes from 2.40.0: * [FEATURE] Add experimental support for native histograms. Enable with the flag --enable-feature=native-histograms. * [FEATURE] SD: Add service discovery for OVHcloud * [ENHANCEMENT] Kubernetes SD: Use protobuf encoding * [ENHANCEMENT] TSDB: Use golang.org/x/exp/slices for improved sorting speed * [ENHANCEMENT] Consul SD: Add enterprise admin partitions. Adds __meta_consul_partition label. Adds partition config in consul_sd_config * [BUGFIX] API: Fix API error codes for /api/v1/labels and /api/v1/series - Changes from 2.39.1: * [BUGFIX] Rules: Fix notifier relabel changing the labels on active alerts - Changes from 2.39.0: * [FEATURE] experimental TSDB: Add support for ingesting out-of-order samples. This is configured via out_of_order_time_window field in the config file; check config file docs for more info * [ENHANCEMENT] API: /-/healthy and /-/ready API calls now also respond to a HEAD request on top of existing GET support. * [ENHANCEMENT] PuppetDB SD: Add __meta_puppetdb_query label. * [ENHANCEMENT] AWS EC2 SD: Add __meta_ec2_region label. * [ENHANCEMENT] AWS Lightsail SD: Add __meta_lightsail_region label. * [ENHANCEMENT] Scrape: Optimise relabeling by re-using memory. * [ENHANCEMENT] TSDB: Improve WAL replay timings. * [ENHANCEMENT] TSDB: Optimise memory by not storing unnecessary data in the memory. * [ENHANCEMENT] TSDB: Allow overlapping blocks by default. --storage.tsdb.allow-overlapping-blocks now has no effect. * [ENHANCEMENT] UI: Click to copy label-value pair from query result to clipboard. * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak. * [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup. * [BUGFIX] PromQL: Properly close file descriptor when logging unfinished queries. * [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired. - Changes from 2.38.0: * [FEATURE]: Web: Add a /api/v1/format_query HTTP API endpoint that allows pretty-formatting PromQL expressions. * [FEATURE]: UI: Add support for formatting PromQL expressions in the UI. * [FEATURE]: DNS SD: Support MX records for discovering targets. * [FEATURE]: Templates: Add toTime() template function that allows converting sample timestamps to Go time.Time values * [ENHANCEMENT]: Kubernetes SD: Add __meta_kubernetes_service_port_number meta label indicating the service port number. __meta_kubernetes_pod_container_image meta label indicating the container image. * [ENHANCEMENT]: PromQL: When a query panics, also log the query itself alongside the panic message. * [ENHANCEMENT]: UI: Tweak colors in the dark theme to improve the contrast ratio. * [ENHANCEMENT]: Web: Speed up calls to /api/v1/rules by avoiding locks and using atomic types instead. * [ENHANCEMENT]: Scrape: Add a no-default-scrape-port feature flag, which omits or removes any default HTTP (:80) or HTTPS (:443) ports in the target's scrape address. * [BUGFIX]: TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar records. * [BUGFIX]: TSDB: Fix race condition around allocating series IDs during chunk snapshot loading. golang-github-QubitProducts-exporter_exporter: - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version. grafana: - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version. prometheus-blackbox_exporter: - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version. prometheus-postgres_exporter: - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version. python-pyvmomi: - Preparing submission to SUSE:SLE-15-SP3:Update as part of ECO PED-3623. spacecmd: - Updated to 4.3.23-1 * Update translation strings supportutils-plugin-susemanager-client: - Updated to 4.3.3-1 * Write configured crypto-policy in supportconfig * Add cloud and Pay-as-you-go checks uyuni-common-libs: - Updated to 4.3.9-1 * Workaround for python3-debian bug about collecting control file (bsc#1211525, bsc#1208692) Important SUSE bug 1204501 SUSE bug 1208046 SUSE bug 1208270 SUSE bug 1208298 SUSE bug 1208692 SUSE bug 1211525 SUSE bug 1213880 CVE-2022-32149 CVE-2022-41723 CVE-2022-46146 CVE-2023-29409 cpe:/o:opensuse:leap:15.4 Security update for grafana (Important) openSUSE Leap 15.4 This update for grafana fixes the following issues: - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version. Important SUSE bug 1213880 CVE-2023-29409 cpe:/o:opensuse:leap:15.4 Security update for iperf (Important) openSUSE Leap 15.4 This update for iperf fixes the following issues: - update to 3.15 (bsc#1215662, ESNET-SECADV-2023-0002): * Several bugs that could allow the iperf3 server to hang waiting for input on the control connection has been fixed (ESnet Software Security Advisory ESNET-SECADV-2023-0002) * A bug that caused garbled output with UDP tests on 32-bit hosts has been fixed (PR #1554, PR #1556). This bug was introduced in iperf-3.14. * A bug in counting UDP messages has been fixed - update to 3.14 (bsc#1213430, CVE-2023-38403): * fixes a memory allocation hazard that allowed a remote user to crash an iperf3 process * see https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc - update to 3.13: * Added missing bind_dev getter and setter. * a fix for A resource leak bug in function iperf_create_pidfile (#1443) * doc: Fix copy-and-paste error leading to wrong error message * Fix crash on rcv-timeout with JSON logfile - update to 3.12: * cJSON has been updated to version 1.7.15 (#1383). * The --bind <host>%<dev> option syntax now works properly (#1360 / * A server-side file descriptor leak with the --logfile option has been fixed (#1369 / #1360 / #1369 / #1389 / #1393). * A bug that caused some large values from TCP_INFO to be misprinted as negative numbers has been fixed (#1372). * Using the -k or -n flags with --reverse no longer leak into future tests (#1363 / #1364). * There are now various debug level options available with the --debug option. These can be used to adjust the amount of debugging output (#1327). * A new --snd-timeout option has been added to set a termination timeout for idle TCP connections (#1215 / #1282). * iperf3 is slightly more robust to out-of-order packets during UDP connection setup in --reverse mode (#914 / #1123 / #1182 / #1212 / * iperf3 will now use different ports for each direction when the --cport and --bdir options are set (#1249 / #1259). * The iperf3 server will now exit if it can't open its log file * Various help message and output fixes have been made (#1299 / * Various compiler warnings have been fixed (#1211 / #1316). * Operation of bootstrap.sh has been fixed and simplified (#1335 / * Flow label support / compatibility under Linux has been improved * Various minor memory leaks have been fixed (#1332 / #1333). * A getter/setter has been added for the bind_port parameter (--cport option). (#1303, #1305) * Various internal documentation improvements (#1265 / #1285 / #1304). - update to 3.11: * Update links to Discussions in documentation * Fix DSCP so that TOS = DSCP * 4 (#1162) * Fix --bind-dev for TCP streams (#1153) * Fix interface specification so doesn't overlap with IPv6 link-local addresses for -c and -B (#1157, #1180) * Add get/set test_unit_format function declaration to iperf_api.h * Auto adjustment of test-end condition for file transfers (-F), if no end condition is set, it will automatically adjust it to file size in bytes * Exit if idle time expires waiting for a connection in one-off mode (#1187, #1197) * Support zerocopy by reverse mode (#1204) * Update help and manpage text for #1157, support bind device * Consistently print target_bandwidth in JSON start section (#1177) * Test bitrate added to JSON output (#1168) * Remove fsync call after every write to receiving --file (#1176, #1159) * Update documentation for -w (#1175) * Fix for #952, different JSON object names for bidir reverse channel - update to 3.10.1: * Fixed a problem with autoconf scripts that made builds fail in some environments (#1154 / #1155). * GNU autoconf 2.71 or newer is now required to regenerate iperf3's configure scripts. - update to 3.10: * Fix a bug where some --reverse tests didn't terminate (#982 / #1054). * Responsiveness of control connections is slightly improved (#1045 / #1046 / #1063). * The allowable clock skew when doing authentication between client and server is now configurable with the new --time-skew-threshold (#1065 / #1070). * Bitrate throttling using the -b option now works when a burst size is specified (#1090). * A bug with calculating CPU utilization has been fixed (#1076 / #1077). * A --bind-dev option to support binding sockets to a given network interface has been added to make iperf3 work better with multi-homed machines and/or VRFs (#817 / #1089 / #1097). * --pidfile now works with --client mode (#1110). * The server is now less likely to get stuck due to network errors (#1101, #1125), controlled by the new --rcv-timeout option. * Fixed a few bugs in termination conditions for byte or block-limited tests (#1113, #1114, #1115). * Added tcp_info.snd_wnd to JSON output (#1148). * Some bugs with garbled JSON output have been fixed (#1086, #1118, #1143 / #1146). * Support for setting the IPv4 don't-fragment (DF) bit has been added with the new --dont-fragment option (#1119). * A failure with not being able to read the congestion control algorithm under WSL1 has been fixed (#1061 / #1126). * Error handling and error messages now make more sense in cases where sockets were not successfully opened (#1129 / #1132 / #1136, #1135 / #1138, #1128 / #1139). * Some buffer overflow hazards were fixed (#1134). * It is now possible to use the API to set/get the congestion control algorithm (#1036 / #1112). - update to 3.9: * A --timestamps flag has been added, which prepends a timestamp to each output line. An optional argument to this flag, which is a format specification to strftime(3), allows for custom timestamp formats (#909, #1028). * A --server-bitrate-limit flag has been added as a server-side command-line argument. It allows a server to enforce a maximum throughput rate; client connections that specify a higher bitrate or exceed this bitrate during a test will be terminated. The bitrate is expressed in bits per second, with an optional trailing slash and integer count that specifies an averaging interval over which to enforce the limit (#999). * A bug that caused increased CPU usage with the --bidir option has been fixed (#1011). * Fixed various minor memory leaks (#1023). - update to 3.8.1 * Minor bugfixes and enhancements - update to 3.7 * Support for simultaneous bidirectional tests with the --bidir flag * Use POSIX standard clock_gettime(3) interface for timekeeping where available * Passwords for authentication can be provided via environment variable * Specifying --repeating-payload and --reverse now works * Failed authentication doesn't count for --one-off * Several memory leaks related to authenticated use were fixed * The delay for tearing down the control connection for the default timed tests has been increased, to more gracefully handle high-delay paths * Various improvements to the libiperf APIs * Fixed build behavior when OpenSSL is absent * Portability fixes - update to 3.6 * A new --extra-data option can be used to fill in a user-defined string field that appears in JSON output. * A new --repeating-payload option makes iperf3 use a payload pattern similar to that used by iperf2, which could help in recreating results that might be affected by payload entropy (for example, compression). * -B now works properly with SCTP tests. * A compile fix for Solaris 10 was added. * Some minor bug fixes for JSON output. In particular, warnings for debug and/or verbose modes with --json output and a fix for JSON output on CentOS 6 * This maintenance release adds a -1 flag to make the iperf3 execute a single test and exit, needed for an upcoming bwctl there is only one stream. Important SUSE bug 1215662 CVE-2023-38403 cpe:/o:opensuse:leap:15.4 Security update for Golang Prometheus (Important) openSUSE Leap 15.4 This update for Golang Prometheus fixes the following issues: golang-github-prometheus-alertmanager: - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version. golang-github-prometheus-node_exporter: - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version. Important SUSE bug 1213880 CVE-2023-29409 cpe:/o:opensuse:leap:15.4 Security update for apr-util (Critical) openSUSE Leap 15.4 This update for apr-util fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866) Critical SUSE bug 1207866 CVE-2022-25147 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.3.0 ESR (MFSA 2023-42, bsc#1215575): Security fixes: - CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1 (bmo#1846683). - CVE-2023-5169: Out-of-bounds write in PathOps (bmo#1846685). - CVE-2023-5171: Use-after-free in Ion Compiler (bmo#1851599). - CVE-2023-5174: Double-free in process spawning on Windows (bmo#1848454). - CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195). Other fixes: - Fix broken build with newer binutils (bsc#1215309) Important SUSE bug 1215309 SUSE bug 1215575 CVE-2023-5168 CVE-2023-5169 CVE-2023-5171 CVE-2023-5174 CVE-2023-5176 cpe:/o:opensuse:leap:15.4 Security update for python (Important) openSUSE Leap 15.4 This update for python fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). Important SUSE bug 1214692 CVE-2023-40217 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 AZURE kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). - CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258). - CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701). The following non-security bugs were fixed: - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: PRM: Check whether EFI runtime is available (git-fixes). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). - ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). - ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - ARM: imx: add missing of_node_put() (git-fixes). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). - Documentation: Remove bogus claim about del_timer_sync() (git-fixes). - HID: betop: check shape of output reports (git-fixes). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes). - HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). - HID: playstation: sanity check DualSense calibration data (git-fixes). - HID: revert CHERRY_MOUSE_000C quirk (git-fixes). - IB/hfi1: Fix expected receive setup error exit issues (git-fixes) - IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) - IB/hfi1: Reject a zero-length user expected buffer (git-fixes) - IB/hfi1: Remove user expected buffer invalidate race (git-fixes) - IB/hfi1: Reserve user expected TIDs (git-fixes) - IB/mad: Do not call to function that might sleep while in atomic context (git-fixes). - KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). - PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - RDMA/core: Fix ib block iterator counter overflow (git-fixes) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - RDMA/rxe: Prevent faulty rkey generation (git-fixes) - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - Revert 'ARM: dts: armada-38x: Fix compatible string for gpios' (git-fixes). - Revert 'ARM: dts: armada-39x: Fix compatible string for gpios' (git-fixes). - Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes). - Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes). - Revert 'arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0' (git-fixes). - Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - USB: gadget: Fix use-after-free during usb config switch (git-fixes). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - USB: serial: option: add Quectel EC200U modem (git-fixes). - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - USB: serial: option: add Quectel EM05CN modem (git-fixes). - VMCI: Use threaded irqs instead of tasklets (git-fixes). - arm64: atomics: format whitespace consistently (git-fixes). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: check minor range in device_add_disk() (git-fixes). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - bnxt_en: add dynamic debug support for HWRM messages (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - bnxt_en: fix the handling of PCIE-AER (git-fixes). - bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). - btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). - btrfs: avoid inode logging during rename and link when possible (bsc#1207263). - btrfs: avoid logging all directory changes during renames (bsc#1207263). - btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363). - btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263). - btrfs: fix assertion failure when logging directory key range item (bsc#1207263). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: join running log transaction when logging new name (bsc#1207263). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). - btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). - btrfs: put initial index value of a directory in a constant (bsc#1207263). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). - btrfs: remove useless path release in the fast fsync path (bsc#1207263). - btrfs: remove write and wait of struct walk_control (bsc#1207263). - btrfs: stop copying old dir items when logging a directory (bsc#1207263). - btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). - btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). - btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes). - cifs: do not query ifaces on smb1 mounts (git-fixes). - cifs: fix double free on failed kerberos auth (git-fixes). - cifs: fix file info setting in cifs_open_file() (git-fixes). - cifs: fix file info setting in cifs_query_path_info() (git-fixes). - cifs: fix potential memory leaks in session setup (bsc#1193629). - cifs: fix race in assemble_neg_contexts() (bsc#1193629). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). - cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). - cifs: remove redundant assignment to the variable match (bsc#1193629). - comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). - config: arm64: Fix Freescale LPUART dependency (boo#1204063). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: lgm: Move DT parsing after initialization (git-fixes). - dmaengine: tegra210-adma: fix global intr clear (git-fixes). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). - docs: Fix the docs build with Sphinx 6.0 (git-fixes). - driver core: Fix test_async_probe_init saves device in wrong array (git-fixes). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/gt: Reset twice (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes). - dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). - ext4: Fixup pages without buffers (bsc#1205495). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fs: remove __sync_filesystem (git-fixes). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - git_sort: add usb-linus branch for gregkh/usb - gsmi: fix null-deref in gsmi_get_variable (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes). - i40e: Fix error handling in i40e_init_module() (git-fixes). - i40e: Fix not setting default xps_cpus after reset (git-fixes). - igb: Allocate MSI-X vector when testing (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes). - ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes). - jbd2: use the correct print format (git-fixes). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kabi/severities: add mlx5 internal symbols - l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes). - memory: tegra: Remove clients SID override programming (git-fixes). - misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes). - misc: fastrpc: Fix use-after-free race condition for maps (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010). - mm: compaction: support triggering of proactive compaction by user (bsc#1207010). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes). - net: ena: Fix error handling in ena_init() (git-fixes). - net: liquidio: release resources when liquidio driver open failed (git-fixes). - net: liquidio: simplify if expression (git-fixes). - net: macvlan: Use built-in RCU list checking (git-fixes). - net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes). - net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes). - net: nfc: Fix use-after-free in local_cleanup() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: tun: Fix memory leaks of napi_get_frags (git-fixes). - net: tun: Fix use-after-free in tun_detach() (git-fixes). - net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: sr9700: Handle negative len (git-fixes). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682). - octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes). - octeontx2-pf: Add check for devm_kcalloc (git-fixes). - octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682). - phy: Revert 'phy: qualcomm: usb28nm: Add MDM9607 init sequence' (git-fixes). - phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (git-fixes). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes). - phy: ti: fix Kconfig warning and operator precedence (git-fixes). - pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes). - pinctrl: rockchip: fix mux route data for rk3568 (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - regulator: da9211: Use irq handler when ready (git-fixes). - s390/qeth: fix various format strings (git-fixes). - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: efct: Fix possible memleak in efct_device_init() (git-fixes). - scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: atmel: fix incorrect baudrate setup (git-fixes). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes). - sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: vchiq_arm: fix enum vchiq_status return types (git-fixes). - swim3: add missing major.h include (git-fixes). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes). - thunderbolt: Do not report errors if on-board retimers are found (git-fixes). - thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation. - tick/sched: Fix non-kernel-doc comment (git-fixes). - tomoyo: fix broken dependency on *.conf.default (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: fotg210-udc: Fix ages old endianness issues (git-fixes). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes). - usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes). - usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes). - usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes). - usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes). - usb: host: ehci-fsl: Fix module alias (git-fixes). - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: correctly enable callback during start_xmit (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - w1: fix WARNING after calling w1_process() (git-fixes). - w1: fix deadloop in __w1_remove_master_device() (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes). - wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: initialize the check_owner object fully (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - zram: Delete patch for regression addressed (bsc#1207933). - zram: do not lookup algorithm in backends table (git-fixes). Important SUSE bug 1185861 SUSE bug 1185863 SUSE bug 1186449 SUSE bug 1191256 SUSE bug 1192868 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1195175 SUSE bug 1195655 SUSE bug 1196058 SUSE bug 1199701 SUSE bug 1204063 SUSE bug 1204356 SUSE bug 1204662 SUSE bug 1205495 SUSE bug 1206006 SUSE bug 1206036 SUSE bug 1206056 SUSE bug 1206057 SUSE bug 1206258 SUSE bug 1206363 SUSE bug 1206459 SUSE bug 1206616 SUSE bug 1206677 SUSE bug 1206784 SUSE bug 1207010 SUSE bug 1207034 SUSE bug 1207134 SUSE bug 1207149 SUSE bug 1207158 SUSE bug 1207184 SUSE bug 1207186 SUSE bug 1207190 SUSE bug 1207237 SUSE bug 1207263 SUSE bug 1207269 SUSE bug 1207497 SUSE bug 1207500 SUSE bug 1207501 SUSE bug 1207506 SUSE bug 1207507 SUSE bug 1207734 SUSE bug 1207769 SUSE bug 1207842 SUSE bug 1207878 SUSE bug 1207933 CVE-2020-24588 CVE-2022-4382 CVE-2022-47929 CVE-2023-0179 CVE-2023-0266 cpe:/o:opensuse:leap:15.4 Security update for python311 (Important) openSUSE Leap 15.4 This update for python311 fixes the following issues: Update to 3.11.5. - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). - CVE-2023-41105: Fixed input truncation on null bytes in os.path.normpath (bsc#1214693). Important SUSE bug 1214692 SUSE bug 1214693 CVE-2023-40217 CVE-2023-41105 cpe:/o:opensuse:leap:15.4 Security update for libqb (Moderate) openSUSE Leap 15.4 This update for libqb fixes the following issues: - CVE-2023-39976: Fixed potential bufferoverflow with long log messages (bsc#1214066). Moderate SUSE bug 1214066 CVE-2023-39976 cpe:/o:opensuse:leap:15.4 Security update for postfix (Moderate) openSUSE Leap 15.4 This update for postfix fixes the following issues: Security fixes: - CVE-2023-32182: Fixed config_postfix SUSE specific script using potentially bad /tmp file (bsc#1211196). Other fixes: - postfix: config.postfix causes too tight permission on main.cf (bsc#1215372). Moderate SUSE bug 1211196 SUSE bug 1215372 CVE-2023-32182 cpe:/o:opensuse:leap:15.4 Security update for libvpx (Important) openSUSE Leap 15.4 This update for libvpx fixes the following issues: - CVE-2023-5217: Fixed a heap buffer overflow (bsc#1215778). Important SUSE bug 1215778 CVE-2023-5217 cpe:/o:opensuse:leap:15.4 Security update for poppler (Moderate) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622). - CVE-2022-37051: Fixed abort in main() in pdfunite.cc (bsc#1214621). - CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618). Moderate SUSE bug 1214618 SUSE bug 1214621 SUSE bug 1214622 CVE-2022-37050 CVE-2022-37051 CVE-2022-38349 cpe:/o:opensuse:leap:15.4 Security update for libvpx (Important) openSUSE Leap 15.4 This update for libvpx fixes the following issues: - CVE-2023-5217: Fixed a heap buffer overflow (bsc#1215778). Important SUSE bug 1215778 CVE-2023-5217 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 115.3.1 ESR, fixing a security issue: MFSA 2023-44 (bsc#1215814) * CVE-2023-5217: Fixed a heap buffer overflow in libvpx Important SUSE bug 1215814 CVE-2023-5217 cpe:/o:opensuse:leap:15.4 Security update for runc (Important) openSUSE Leap 15.4 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.1.8>. - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:opensuse:leap:15.4 Security update for mdadm (Moderate) openSUSE Leap 15.4 This update for mdadm fixes the following issues: - CVE-2023-28736: Fixed a buffer overflow (bsc#1214244). - CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245). Moderate SUSE bug 1214244 SUSE bug 1214245 CVE-2023-28736 CVE-2023-28938 cpe:/o:opensuse:leap:15.4 Security update for libeconf (Important) openSUSE Leap 15.4 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) Important SUSE bug 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 cpe:/o:opensuse:leap:15.4 Security update for vim (Important) openSUSE Leap 15.4 This update for vim fixes the following issues: Security fixes: - CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). - CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). - CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). - CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). - CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). - CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: - Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 - Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources Important SUSE bug 1214922 SUSE bug 1214924 SUSE bug 1214925 SUSE bug 1215004 SUSE bug 1215006 SUSE bug 1215033 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4752 CVE-2023-4781 cpe:/o:opensuse:leap:15.4 Security update for rubygem-puma (Important) openSUSE Leap 15.4 This update for rubygem-puma fixes the following issues: - CVE-2023-40175: Fixed HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers (bsc#1214425). Important SUSE bug 1214425 CVE-2023-40175 cpe:/o:opensuse:leap:15.4 Security update for libX11 (Moderate) openSUSE Leap 15.4 This update for libX11 fixes the following issues: - CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684). - CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685). - CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683). Moderate SUSE bug 1215683 SUSE bug 1215684 SUSE bug 1215685 CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: - Drop amdgpu patch causing spamming (bsc#1215523) - acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes). - acpi: processor: perflib: use the 'no limit' frequency qos (git-fixes). - acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes). - alsa: ac97: fix possible error value of *rac97 (git-fixes). - alsa: hda/cs8409: support new dell dolphin variants (git-fixes). - alsa: hda/realtek - remodified 3k pull low procedure (git-fixes). - alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes). - alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes). - alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes). - alsa: hda/realtek: switch dell oasis models to use spi (git-fixes). - alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes). - alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes). - alsa: usb-audio: fix init call orders for uac1 (git-fixes). - alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes). - arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes). - arm: dts: imx6sll: fixup of operating points (git-fixes). - arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). - asoc: lower 'no backend dais enabled for ... port' log severity (git-fixes). - asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - asoc: rt5665: add missed regulator_bulk_disable (git-fixes). - asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes). - asoc: stac9766: fix build errors with regmap_ac97 (git-fixes). - asoc: tegra: fix sfc conversion for few rates (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: compare against struct fb_info.device (git-fixes). - batman-adv: do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: do not increase mtu when set by user (git-fixes). - batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: fix tt global entry leak when client roamed back (git-fixes). - batman-adv: hold rtnl lock during mtu update via netlink (git-fixes). - batman-adv: trigger events for auto adjusted mtu (git-fixes). - bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes). - bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - bluetooth: fix potential use-after-free when clear keys (git-fixes). - bluetooth: l2cap: fix use-after-free (git-fixes). - bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes). - bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - bluetooth: remove unused declaration amp_read_loc_info() (git-fixes). - bnx2x: fix page fault following eeh recovery (bsc#1214299). - bpf: disable preemption in bpf_event_output (git-fixes). - bus: ti-sysc: fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: fix cast to enum warning (git-fixes). - bus: ti-sysc: flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on mds stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). - config_nvme_verbose_errors=y gone with a82baa8083b - config_printk_safe_log_buf_shift=13 gone with 7e152d55123 - cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659). - cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004). - cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel. - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - properly handle pm_runtime_get failing (git-fixes). - dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: fix docs syntax (git-fixes). - dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: return dma_paused when transaction is paused (git-fixes). - dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes). - docs/process/howto: replace c89 with c11 (bsc#1214756). - docs: kernel-parameters: refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: fix hex printing of signed values (git-fixes). - documentation: devices.txt: fix minors for ttycpm* (git-fixes). - documentation: devices.txt: remove ttyioc* (git-fixes). - documentation: devices.txt: remove ttysioc* (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes). - drm/amd/display: check tg is non-null before checking if enabled (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes). - drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: fix dram init on ast2200 (git-fixes). - drm/atomic-helper: update reference to drm_crtc_force_disable_all() (git-fixes). - drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: fix -wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active mmu context (git-fixes). - drm/mediatek: fix dereference before null check (git-fixes). - drm/mediatek: fix potential memory leak if vmap() fail (git-fixes). - drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes). - drm/msm/mdp5: do not leak some plane state (git-fixes). - drm/msm: update dev core dump to not print backwards (git-fixes). - drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes). - drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes). - drm/qxl: fix uaf on handle creation (git-fixes). - drm/radeon: use rmw accessors for changing lnkctl (git-fixes). - drm/rockchip: do not spam logs in atomic check (git-fixes). - drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned bos for eviction&swap (git-fixes). - drm/vmwgfx: fix shader stage validation (git-fixes). - drm: adv7511: fix low refresh rate register for adv7533/5 (git-fixes). - drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes). - drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: fix typos in comments (jsc#ped-5738). - e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738). - e1000: switch to napi_build_skb() (jsc#ped-5738). - e1000: switch to napi_consume_skb() (jsc#ped-5738). - enable analog devices industrial ethernet phy driver (jsc#ped-4759) - exfat: fix unexpected eof while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes). - fbdev: fix potential oob read in fast_imageblit() (git-fixes). - fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: improve performance of sys_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes). - firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes). - fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). - ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: mvebu: make use of devm_pwmchip_add (git-fixes). - gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes). - hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes). - hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes). - hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes). - hid: wacom: remove the battery when the ekr is off (git-fixes). - hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes). - hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes). - hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes). - hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: delete error messages for failed memory allocations (git-fixes). - i2c: designware: correct length byte validation logic (git-fixes). - i2c: designware: handle invalid smbus block data response length value (git-fixes). - i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes). - i2c: improve size determinations (git-fixes). - i2c: nomadik: remove a useless call in the remove function (git-fixes). - i2c: nomadik: remove unnecessary goto label (git-fixes). - i2c: nomadik: use devm_clk_get_enabled() (git-fixes). - i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for fdir filters (git-fixes). - ib/hfi1: fix possible panic during hotplug remove (git-fixes) - ib/uverbs: fix an potential error pointer dereference (git-fixes) - ice: fix crash by keep old cfg when update tcs more than queues (git-fixes). - ice: fix max_rate check while configuring tx rate limits (git-fixes). - ice: fix memory management in ice_ethtool_fdir.c (git-fixes). - ice: fix rdma vsi removal during queue rebuild (git-fixes). - iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes). - iio: adc: stx104: implement and utilize register structures (git-fixes). - iio: adc: stx104: utilize iomap interface (git-fixes). - iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes). - input: exc3000 - properly stop timer on shutdown (git-fixes). - intel/e1000:fix repeated words in comments (jsc#ped-5738). - intel: remove unused macros (jsc#ped-5738). - iommu/amd: add pci segment support for ivrs_ commands (git-fixes). - iommu/amd: fix compile warning in init code (git-fixes). - iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: initialize dart_streams_enable (git-fixes). - iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes). - iommu/iova: fix module config properly (git-fixes). - iommu/omap: fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/sun50i: consider all fault sources for reset (git-fixes). - iommu/sun50i: fix flush size (git-fixes). - iommu/sun50i: fix r/w permission check (git-fixes). - iommu/sun50i: fix reset release (git-fixes). - iommu/sun50i: implement .iotlb_sync_map (git-fixes). - iommu/sun50i: remove iommu_domain_identity (git-fixes). - iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes). - iommu/vt-d: check correct capability for sagaw determination (git-fixes). - iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes). - iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes). - iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes). - ipmi:ssif: add check for kstrdup (git-fixes). - ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: ignore newly added srso mitigation functions - kabi: allow extra bugsints (bsc#1213927). - kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756). - kbuild: move to -std=gnu11 (bsc#1214756). - kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12. - kunit: make kunit_test_timeout compatible with comment (git-fixes). - kvm: s390: fix sthyi error handling (git-fixes bsc#1214370). - leds: fix bug_on check for led_color_id_multi that is always false (git-fixes). - leds: multicolor: use rounded division when calculating color components (git-fixes). - leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order max_order (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: fix potential division by zero (git-fixes). - media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: remove redundant if statement (git-fixes). - media: i2c: ccs: check rules is non-null (git-fixes). - media: i2c: rdacm21: fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: add ov2680_fill_format() helper function (git-fixes). - media: ov2680: do not take the lock for try_fmt calls (git-fixes). - media: ov2680: fix ov2680_bayer_order() (git-fixes). - media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes). - media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: fix vflip / hflip set functions (git-fixes). - media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes). - media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for h.264 (git-fixes). - media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes). - media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes). - misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes). - mkspec: allow unsupported kmps (bsc#1214386) - mlxsw: pci: add shutdown method in pci driver (git-fixes). - mmc: block: fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - move upstreamed powerpc patches into sorted section - mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: check bus width while setting qe bit (git-fixes). - mtd: spinand: toshiba: fix ecc_get_status (git-fixes). - n_tty: rename tail to old_tail in n_tty_read() (git-fixes). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: stop leaking skb's (git-fixes). - net: mana: fix mana vf unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes). - net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes). - net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: fix srso mess (git-fixes). - objtool/x86: fixup frame-pointer vs rethunk (git-fixes). - objtool: union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported. - pci/aspm: avoid link retraining race (git-fixes). - pci/aspm: factor out pcie_wait_for_retrain() (git-fixes). - pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes). - pci: acpiphp: reassign resources on bridge if necessary (git-fixes). - pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - pci: mark nvidia t4 gpus to avoid bus reset (git-fixes). - pci: meson: remove cast between incompatible function type (git-fixes). - pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes). - pci: microchip: remove cast between incompatible function type (git-fixes). - pci: pciehp: use rmw accessors for changing lnkctl (git-fixes). - pci: rockchip: remove writes to unused registers (git-fixes). - pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes). - pci: tegra194: fix possible array out of bounds access (git-fixes). - pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/x86: dell-sysman: fix reference leak (git-fixes). - pm / devfreq: fix leak in devfreq_dev_release() (git-fixes). - powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106). - powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106). - powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files. - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: check start of empty przs during init (git-fixes). - pwm: add a stub for devm_pwmchip_add() (git-fixes). - pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes). - pwm: meson: simplify duplicated per-channel tracking (git-fixes). - qed: fix scheduling in a tasklet while getting stats (git-fixes). - rdma/bnxt_re: fix error handling in probe failure path (git-fixes) - rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes) - rdma/efa: fix wrong resources deallocation order (git-fixes) - rdma/hns: fix cq and qp cache affinity (git-fixes) - rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes) - rdma/hns: fix port active speed (git-fixes) - rdma/irdma: prevent zero-length stag registration (git-fixes) - rdma/irdma: replace one-element array with flexible-array member (git-fixes) - rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes) - rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes) - rdma/siw: balance the reference of cep->kref in the error path (git-fixes) - rdma/siw: correct wrong debug message (git-fixes) - rdma/umem: set iova in odp flow (git-fixes) - readme.branch: add miroslav franc as a sle15-sp4 co-maintainer. - regmap: rbtree: use alloc_flags for memory allocations (git-fixes). - revert 'ib/isert: fix incorrect release of isert connection' (git-fixes) - revert 'tracing: add '(fault)' name injection to kernel probes' (git-fixes). - ring-buffer: do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). - rpmsg: glink: add check for kstrdup (git-fixes). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799). - scsi: bsg: increase number of devices (bsc#1210048). - scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: rdma/srp: fix residual handling (git-fixes) - scsi: sg: increase number of devices (bsc#1210048). - scsi: storvsc: always set no_report_opcodes (git-fixes). - scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). - scsi: storvsc: handle srb status value 0x30 (git-fixes). - scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes). - scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371). - selftests/futex: order calls to futex_lock_pi (git-fixes). - selftests/harness: actually report skip for signal tests (git-fixes). - selftests/resctrl: close perf value read fd on errors (git-fixes). - selftests/resctrl: do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: ethtool: skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes). - selftests: forwarding: skip test when no interfaces are specified (git-fixes). - selftests: forwarding: switch off timeout (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes). - selftests: forwarding: tc_flower: relax success criterion (git-fixes). - selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes). - serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: fix dma buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while nic is resetting (git-fixes). - smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes). - smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629). - smb: client: fix -wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: add shutdown mechanism to the internal functions (bsc#1213970). - timers: provide timer_shutdown[_sync]() (bsc#1213970). - timers: rename del_timer() to timer_delete() (bsc#1213970). - timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: replace bug_on()s (bsc#1213970). - timers: silently ignore timers with a null function (bsc#1213970). - timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: update kernel-doc for various functions (bsc#1213970). - timers: use del_timer_sync() even on up (bsc#1213970). - tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: fix not to count error code to total length (git-fixes). - tracing/probes: fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing/probes: fix to update dynamic data counter if fetcharg uses it (git-fixes). - tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: fix memleak due to race between current_tracer and trace (git-fixes). - tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: fix warning in trace_buffered_event_disable() (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes). - tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes). - ubifs: fix memleak when insert_old_idx() failed (git-fixes). - update patches.suse/cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes). - usb: chipidea: imx: do not request qos for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes). - usb: dwc3: fix typos in gadget.c (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: dwc3: properly handle processing of pending events (git-fixes). - usb: gadget: f_mass_storage: fix unused variable warning (git-fixes). - usb: gadget: fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for focusrite scarlett (git-fixes). - usb: serial: option: add quectel ec200a module support (git-fixes). - usb: serial: option: support quectel em060k_128 (git-fixes). - usb: serial: simple: add kaufmann rks+can vcp (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpm: fix response to vsafe0v event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). - watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes). - wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes). - wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes). - wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: mwifiex: fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - x86/alternative: make custom return thunk unconditional (git-fixes). - x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). - x86/cpu/kvm: provide untrain_ret_vm (git-fixes). - x86/cpu: clean up srso return thunk mess (git-fixes). - x86/cpu: cleanup the untrain mess (git-fixes). - x86/cpu: fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: rename original retbleed methods (git-fixes). - x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/mce: make sure logged mces are processed after sysfs update (git-fixes). - x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). - x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). - x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/speculation: add cpu_show_gds() prototype (git-fixes). - x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). - x86/srso: correct the mitigation status when smt is disabled (git-fixes). - x86/srso: disable the mitigation on unaffected configurations (git-fixes). - x86/srso: explain the untraining sequences a bit more (git-fixes). - x86/srso: fix build breakage with the llvm linker (git-fixes). - x86/srso: fix return thunks in generated code (git-fixes). - x86/static_call: fix __static_call_fixup() (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214661). Important SUSE bug 1023051 SUSE bug 1120059 SUSE bug 1177719 SUSE bug 1188885 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1205462 SUSE bug 1208902 SUSE bug 1208949 SUSE bug 1209284 SUSE bug 1209799 SUSE bug 1210048 SUSE bug 1210448 SUSE bug 1212091 SUSE bug 1212142 SUSE bug 1212526 SUSE bug 1212857 SUSE bug 1212873 SUSE bug 1213026 SUSE bug 1213123 SUSE bug 1213546 SUSE bug 1213580 SUSE bug 1213601 SUSE bug 1213666 SUSE bug 1213757 SUSE bug 1213759 SUSE bug 1213916 SUSE bug 1213921 SUSE bug 1213927 SUSE bug 1213946 SUSE bug 1213968 SUSE bug 1213970 SUSE bug 1213971 SUSE bug 1214000 SUSE bug 1214019 SUSE bug 1214120 SUSE bug 1214149 SUSE bug 1214180 SUSE bug 1214238 SUSE bug 1214285 SUSE bug 1214297 SUSE bug 1214299 SUSE bug 1214350 SUSE bug 1214368 SUSE bug 1214370 SUSE bug 1214371 SUSE bug 1214372 SUSE bug 1214380 SUSE bug 1214386 SUSE bug 1214392 SUSE bug 1214393 SUSE bug 1214397 SUSE bug 1214428 SUSE bug 1214451 SUSE bug 1214635 SUSE bug 1214659 SUSE bug 1214661 SUSE bug 1214729 SUSE bug 1214742 SUSE bug 1214743 SUSE bug 1214756 SUSE bug 1215522 SUSE bug 1215523 SUSE bug 1215552 SUSE bug 1215553 CVE-2023-2007 CVE-2023-20588 CVE-2023-34319 CVE-2023-3610 CVE-2023-37453 CVE-2023-3772 CVE-2023-3863 CVE-2023-4128 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4194 CVE-2023-4273 CVE-2023-4387 CVE-2023-4459 CVE-2023-4569 cpe:/o:opensuse:leap:15.4 Security update for libXpm (Moderate) openSUSE Leap 15.4 This update for libXpm fixes the following issues: - CVE-2023-43788: Fixed an out of bounds read when creating an image (bsc#1215686). - CVE-2023-43789: Fixed an out of bounds read when parsing an XPM file with a corrupted colormap (bsc#1215687). Moderate SUSE bug 1215686 SUSE bug 1215687 CVE-2023-43788 CVE-2023-43789 cpe:/o:opensuse:leap:15.4 Security update for libraw (Moderate) openSUSE Leap 15.4 This update for libraw fixes the following issues: - CVE-2020-22628: Fixed buffer overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. (bsc#1215308) Moderate SUSE bug 1215308 CVE-2020-22628 cpe:/o:opensuse:leap:15.4 Security update for libraw (Moderate) openSUSE Leap 15.4 This update for libraw fixes the following issues: - CVE-2020-22628: Fixed buffer overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. (bsc#1215308) Moderate SUSE bug 1215308 CVE-2020-22628 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: - Drop amdgpu patch causing spamming (bsc#1215523) - acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes). - acpi: processor: perflib: use the 'no limit' frequency qos (git-fixes). - acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes). - alsa: ac97: fix possible error value of *rac97 (git-fixes). - alsa: hda/cs8409: support new dell dolphin variants (git-fixes). - alsa: hda/realtek - remodified 3k pull low procedure (git-fixes). - alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes). - alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes). - alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes). - alsa: hda/realtek: switch dell oasis models to use spi (git-fixes). - alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes). - alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes). - alsa: usb-audio: fix init call orders for uac1 (git-fixes). - alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes). - arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes). - arm: dts: imx6sll: fixup of operating points (git-fixes). - arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). - asoc: lower 'no backend dais enabled for ... port' log severity (git-fixes). - asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - asoc: rt5665: add missed regulator_bulk_disable (git-fixes). - asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes). - asoc: stac9766: fix build errors with regmap_ac97 (git-fixes). - asoc: tegra: fix sfc conversion for few rates (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: compare against struct fb_info.device (git-fixes). - batman-adv: do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: do not increase mtu when set by user (git-fixes). - batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: fix tt global entry leak when client roamed back (git-fixes). - batman-adv: trigger events for auto adjusted mtu (git-fixes). - bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes). - bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - bluetooth: fix potential use-after-free when clear keys (git-fixes). - bluetooth: l2cap: fix use-after-free (git-fixes). - bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes). - bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - bluetooth: remove unused declaration amp_read_loc_info() (git-fixes). - bnx2x: fix page fault following eeh recovery (bsc#1214299). - bpf: disable preemption in bpf_event_output (git-fixes). - bus: ti-sysc: fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: fix cast to enum warning (git-fixes). - bus: ti-sysc: flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on mds stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). - config_nvme_verbose_errors=y gone with a82baa8083b - config_printk_safe_log_buf_shift=13 gone with 7e152d55123 - cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659). - cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004). - cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel. - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - properly handle pm_runtime_get failing (git-fixes). - dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: fix docs syntax (git-fixes). - dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: return dma_paused when transaction is paused (git-fixes). - dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes). - docs/process/howto: replace c89 with c11 (bsc#1214756). - docs: kernel-parameters: refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: fix hex printing of signed values (git-fixes). - documentation: devices.txt: fix minors for ttycpm* (git-fixes). - documentation: devices.txt: remove ttyioc* (git-fixes). - documentation: devices.txt: remove ttysioc* (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes). - drm/amd/display: check tg is non-null before checking if enabled (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes). - drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: fix dram init on ast2200 (git-fixes). - drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: fix -wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active mmu context (git-fixes). - drm/mediatek: fix dereference before null check (git-fixes). - drm/mediatek: fix potential memory leak if vmap() fail (git-fixes). - drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes). - drm/msm/mdp5: do not leak some plane state (git-fixes). - drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes). - drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes). - drm/qxl: fix uaf on handle creation (git-fixes). - drm/radeon: use rmw accessors for changing lnkctl (git-fixes). - drm/rockchip: do not spam logs in atomic check (git-fixes). - drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned bos for eviction&swap (git-fixes). - drm/vmwgfx: fix shader stage validation (git-fixes). - drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes). - drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: fix typos in comments (jsc#ped-5738). - e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738). - e1000: switch to napi_build_skb() (jsc#ped-5738). - e1000: switch to napi_consume_skb() (jsc#ped-5738). - enable analog devices industrial ethernet phy driver (jsc#ped-4759) - exfat: fix unexpected eof while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes). - fbdev: fix potential oob read in fast_imageblit() (git-fixes). - fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: improve performance of sys_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes). - firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes). - fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). - ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: mvebu: make use of devm_pwmchip_add (git-fixes). - gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes). - hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes). - hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes). - hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes). - hid: wacom: remove the battery when the ekr is off (git-fixes). - hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes). - hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes). - hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes). - hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: designware: correct length byte validation logic (git-fixes). - i2c: designware: handle invalid smbus block data response length value (git-fixes). - i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes). - i2c: improve size determinations (git-fixes). - i2c: nomadik: remove a useless call in the remove function (git-fixes). - i2c: nomadik: remove unnecessary goto label (git-fixes). - i2c: nomadik: use devm_clk_get_enabled() (git-fixes). - i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for fdir filters (git-fixes). - ib/hfi1: fix possible panic during hotplug remove (git-fixes) - ib/uverbs: fix an potential error pointer dereference (git-fixes) - ice: fix max_rate check while configuring tx rate limits (git-fixes). - ice: fix memory management in ice_ethtool_fdir.c (git-fixes). - ice: fix rdma vsi removal during queue rebuild (git-fixes). - iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes). - iio: adc: stx104: implement and utilize register structures (git-fixes). - iio: adc: stx104: utilize iomap interface (git-fixes). - iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes). - input: exc3000 - properly stop timer on shutdown (git-fixes). - intel/e1000:fix repeated words in comments (jsc#ped-5738). - intel: remove unused macros (jsc#ped-5738). - iommu/amd: add pci segment support for ivrs_ commands (git-fixes). - iommu/amd: fix compile warning in init code (git-fixes). - iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: initialize dart_streams_enable (git-fixes). - iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes). - iommu/iova: fix module config properly (git-fixes). - iommu/omap: fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/sun50i: consider all fault sources for reset (git-fixes). - iommu/sun50i: fix flush size (git-fixes). - iommu/sun50i: fix r/w permission check (git-fixes). - iommu/sun50i: fix reset release (git-fixes). - iommu/sun50i: implement .iotlb_sync_map (git-fixes). - iommu/sun50i: remove iommu_domain_identity (git-fixes). - iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes). - iommu/vt-d: check correct capability for sagaw determination (git-fixes). - iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes). - iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes). - iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes). - ipmi:ssif: add check for kstrdup (git-fixes). - ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: ignore newly added srso mitigation functions - kabi: allow extra bugsints (bsc#1213927). - kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756). - kbuild: move to -std=gnu11 (bsc#1214756). - kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12. - kunit: make kunit_test_timeout compatible with comment (git-fixes). - kvm: s390: fix sthyi error handling (git-fixes bsc#1214370). - leds: fix bug_on check for led_color_id_multi that is always false (git-fixes). - leds: multicolor: use rounded division when calculating color components (git-fixes). - leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order max_order (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: fix potential division by zero (git-fixes). - media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: remove redundant if statement (git-fixes). - media: i2c: ccs: check rules is non-null (git-fixes). - media: i2c: rdacm21: fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: add ov2680_fill_format() helper function (git-fixes). - media: ov2680: do not take the lock for try_fmt calls (git-fixes). - media: ov2680: fix ov2680_bayer_order() (git-fixes). - media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes). - media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: fix vflip / hflip set functions (git-fixes). - media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes). - media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for h.264 (git-fixes). - media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes). - media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes). - misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes). - mkspec: allow unsupported kmps (bsc#1214386) - mlxsw: pci: add shutdown method in pci driver (git-fixes). - mmc: block: fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - move upstreamed hid patch into sorted section - move upstreamed powerpc patches into sorted section - mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: check bus width while setting qe bit (git-fixes). - mtd: spinand: toshiba: fix ecc_get_status (git-fixes). - n_tty: rename tail to old_tail in n_tty_read() (git-fixes). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: stop leaking skb's (git-fixes). - net: mana: fix mana vf unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes). - net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes). - net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: fix srso mess (git-fixes). - objtool/x86: fixup frame-pointer vs rethunk (git-fixes). - objtool: union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported. - pci/aspm: avoid link retraining race (git-fixes). - pci/aspm: factor out pcie_wait_for_retrain() (git-fixes). - pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes). - pci: acpiphp: reassign resources on bridge if necessary (git-fixes). - pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - pci: mark nvidia t4 gpus to avoid bus reset (git-fixes). - pci: meson: remove cast between incompatible function type (git-fixes). - pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes). - pci: microchip: remove cast between incompatible function type (git-fixes). - pci: pciehp: use rmw accessors for changing lnkctl (git-fixes). - pci: rockchip: remove writes to unused registers (git-fixes). - pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes). - pci: tegra194: fix possible array out of bounds access (git-fixes). - pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/x86: dell-sysman: fix reference leak (git-fixes). - pm / devfreq: fix leak in devfreq_dev_release() (git-fixes). - powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106). - powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106). - powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files. - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: check start of empty przs during init (git-fixes). - pwm: add a stub for devm_pwmchip_add() (git-fixes). - pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes). - pwm: meson: simplify duplicated per-channel tracking (git-fixes). - qed: fix scheduling in a tasklet while getting stats (git-fixes). - rdma/bnxt_re: fix error handling in probe failure path (git-fixes) - rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes) - rdma/efa: fix wrong resources deallocation order (git-fixes) - rdma/hns: fix cq and qp cache affinity (git-fixes) - rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes) - rdma/hns: fix port active speed (git-fixes) - rdma/irdma: prevent zero-length stag registration (git-fixes) - rdma/irdma: replace one-element array with flexible-array member (git-fixes) - rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes) - rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes) - rdma/siw: balance the reference of cep->kref in the error path (git-fixes) - rdma/siw: correct wrong debug message (git-fixes) - rdma/umem: set iova in odp flow (git-fixes) - readme.branch: add miroslav franc as a sle15-sp4 co-maintainer. - regmap: rbtree: use alloc_flags for memory allocations (git-fixes). - revert 'ib/isert: fix incorrect release of isert connection' (git-fixes) - revert 'tracing: add '(fault)' name injection to kernel probes' (git-fixes). - ring-buffer: do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). - rpmsg: glink: add check for kstrdup (git-fixes). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799). - scsi: bsg: increase number of devices (bsc#1210048). - scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: rdma/srp: fix residual handling (git-fixes) - scsi: sg: increase number of devices (bsc#1210048). - scsi: storvsc: always set no_report_opcodes (git-fixes). - scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). - scsi: storvsc: handle srb status value 0x30 (git-fixes). - scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes). - scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371). - selftests/futex: order calls to futex_lock_pi (git-fixes). - selftests/harness: actually report skip for signal tests (git-fixes). - selftests/resctrl: close perf value read fd on errors (git-fixes). - selftests/resctrl: do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: ethtool: skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes). - selftests: forwarding: skip test when no interfaces are specified (git-fixes). - selftests: forwarding: switch off timeout (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes). - selftests: forwarding: tc_flower: relax success criterion (git-fixes). - selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes). - serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: fix dma buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while nic is resetting (git-fixes). - smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes). - smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629). - smb: client: fix -wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: add shutdown mechanism to the internal functions (bsc#1213970). - timers: provide timer_shutdown[_sync]() (bsc#1213970). - timers: rename del_timer() to timer_delete() (bsc#1213970). - timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: replace bug_on()s (bsc#1213970). - timers: silently ignore timers with a null function (bsc#1213970). - timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: update kernel-doc for various functions (bsc#1213970). - timers: use del_timer_sync() even on up (bsc#1213970). - tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: fix not to count error code to total length (git-fixes). - tracing/probes: fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: fix memleak due to race between current_tracer and trace (git-fixes). - tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: fix warning in trace_buffered_event_disable() (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes). - tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes). - ubifs: fix memleak when insert_old_idx() failed (git-fixes). - update cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes). - usb: chipidea: imx: do not request qos for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes). - usb: dwc3: fix typos in gadget.c (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: dwc3: properly handle processing of pending events (git-fixes). - usb: gadget: f_mass_storage: fix unused variable warning (git-fixes). - usb: gadget: fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for focusrite scarlett (git-fixes). - usb: serial: option: add quectel ec200a module support (git-fixes). - usb: serial: option: support quectel em060k_128 (git-fixes). - usb: serial: simple: add kaufmann rks+can vcp (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpm: fix response to vsafe0v event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). - watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes). - wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes). - wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes). - wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: mwifiex: fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - x86/alternative: make custom return thunk unconditional (git-fixes). - x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). - x86/cpu/kvm: provide untrain_ret_vm (git-fixes). - x86/cpu: clean up srso return thunk mess (git-fixes). - x86/cpu: cleanup the untrain mess (git-fixes). - x86/cpu: fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: rename original retbleed methods (git-fixes). - x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/mce: make sure logged mces are processed after sysfs update (git-fixes). - x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). - x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). - x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/speculation: add cpu_show_gds() prototype (git-fixes). - x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). - x86/srso: correct the mitigation status when smt is disabled (git-fixes). - x86/srso: disable the mitigation on unaffected configurations (git-fixes). - x86/srso: explain the untraining sequences a bit more (git-fixes). - x86/srso: fix build breakage with the llvm linker (git-fixes). - x86/srso: fix return thunks in generated code (git-fixes). - x86/static_call: fix __static_call_fixup() (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214661). Important SUSE bug 1023051 SUSE bug 1120059 SUSE bug 1177719 SUSE bug 1188885 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1205462 SUSE bug 1208902 SUSE bug 1208949 SUSE bug 1209284 SUSE bug 1209799 SUSE bug 1210048 SUSE bug 1210448 SUSE bug 1212091 SUSE bug 1212142 SUSE bug 1212526 SUSE bug 1212857 SUSE bug 1212873 SUSE bug 1213026 SUSE bug 1213123 SUSE bug 1213546 SUSE bug 1213580 SUSE bug 1213601 SUSE bug 1213666 SUSE bug 1213757 SUSE bug 1213759 SUSE bug 1213916 SUSE bug 1213921 SUSE bug 1213927 SUSE bug 1213946 SUSE bug 1213968 SUSE bug 1213970 SUSE bug 1213971 SUSE bug 1214000 SUSE bug 1214019 SUSE bug 1214120 SUSE bug 1214149 SUSE bug 1214180 SUSE bug 1214238 SUSE bug 1214285 SUSE bug 1214297 SUSE bug 1214299 SUSE bug 1214350 SUSE bug 1214368 SUSE bug 1214370 SUSE bug 1214371 SUSE bug 1214372 SUSE bug 1214380 SUSE bug 1214386 SUSE bug 1214392 SUSE bug 1214393 SUSE bug 1214397 SUSE bug 1214428 SUSE bug 1214451 SUSE bug 1214635 SUSE bug 1214659 SUSE bug 1214661 SUSE bug 1214729 SUSE bug 1214742 SUSE bug 1214743 SUSE bug 1214756 SUSE bug 1215522 SUSE bug 1215523 SUSE bug 1215552 SUSE bug 1215553 CVE-2023-2007 CVE-2023-20588 CVE-2023-34319 CVE-2023-3610 CVE-2023-37453 CVE-2023-3772 CVE-2023-3863 CVE-2023-4128 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4194 CVE-2023-4273 CVE-2023-4387 CVE-2023-4459 CVE-2023-4569 cpe:/o:opensuse:leap:15.4 Security update for python-reportlab (Important) openSUSE Leap 15.4 This update for python-reportlab fixes the following issues: - CVE-2019-19450: Fixed an issue which allowed remote code execution via start_unichar in paraparser.py evaluating untrusted user input. (bsc#1215560) Important SUSE bug 1215560 CVE-2019-19450 cpe:/o:opensuse:leap:15.4 Security update for poppler (Important) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops (bsc#1215422). - CVE-2020-36024: Fixed NULL Pointer Deference in `FoFiType1C:convertToType1` (bsc#1214257). - CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622). - CVE-2022-37051: Fixed abort in main() in pdfunite.cc (bsc#1214621). - CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618). Important SUSE bug 1214257 SUSE bug 1214618 SUSE bug 1214621 SUSE bug 1214622 SUSE bug 1215422 CVE-2020-23804 CVE-2020-36024 CVE-2022-37050 CVE-2022-37051 CVE-2022-38349 cpe:/o:opensuse:leap:15.4 Security update for ghostscript (Important) openSUSE Leap 15.4 This update for ghostscript fixes the following issues: - CVE-2023-43115: Fixed remote code execution via crafted PostScript documents in gdevijs.c (bsc#1215466). Important SUSE bug 1215466 CVE-2023-43115 cpe:/o:opensuse:leap:15.4 Security update for freerdp (Moderate) openSUSE Leap 15.4 This update for freerdp fixes the following issues: - CVE-2022-39316: Fixed out of bound read in zgfx decoder (bsc#1205512). - CVE-2022-39317: Fixed undefined behaviour in zgfx decoder (bsc#1205512). - CVE-2022-39320: Fixed heap buffer overflow in urbdrc channel (bsc#1205512). - CVE-2022-39347: Fixed missing path sanitation with drive channel (bsc#1205512). - CVE-2022-41877: Fixed missing input length validation in drive channel (bsc#1205512). Moderate SUSE bug 1205512 CVE-2022-39316 CVE-2022-39317 CVE-2022-39320 CVE-2022-39347 CVE-2022-41877 cpe:/o:opensuse:leap:15.4 Security update for nghttp2 (Important) openSUSE Leap 15.4 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). Important SUSE bug 1215713 CVE-2023-35945 cpe:/o:opensuse:leap:15.4 Security update for poppler (Important) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops (bsc#1215422). - CVE-2020-36024: Fixed NULL Pointer Deference in `FoFiType1C:convertToType1` (bsc#1214257). - CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622). - CVE-2022-37051: Fixed abort in main() in pdfunite.cc (bsc#1214621). - CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618). Important SUSE bug 1214257 SUSE bug 1214618 SUSE bug 1214621 SUSE bug 1214622 SUSE bug 1215422 CVE-2020-23804 CVE-2020-36024 CVE-2022-37050 CVE-2022-37051 CVE-2022-38349 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Moderate) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2023-5341: Fixed a heap use-after-free in coders/bmp.c. (bsc#1215939) Moderate SUSE bug 1215939 CVE-2023-5341 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Critical) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Security fixes: - CVE-2023-5217: Fixed a heap buffer overflow in libvpx. (bsc#1215814) - CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1. (bsc#1215575) - CVE-2023-5169: Out-of-bounds write in PathOps. (bsc#1215575) - CVE-2023-5171: Use-after-free in Ion Compiler. (bsc#1215575) - CVE-2023-5174: Double-free in process spawning on Windows. (bsc#1215575) - CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. (bsc#1215575) Other fixes: - Mozilla Thunderbird 115.3.1 * fixed: In Unified Folders view, some folders had incorrect unified folder parent (bmo#1852525) * fixed: 'Edit message as new' did not restore encrypted subject from selected message (bmo#1788534) * fixed: Importing some CalDAV calendars with yearly recurrence events caused Thunderbird to freeze (bmo#1850732) * fixed: Security fixes MFSA 2023-44 (bsc#1215814) * CVE-2023-5217 (bmo#1855550) Heap buffer overflow in libvpx - Mozilla Thunderbird 115.3 * fixed: Thunderbird could not import profiles with hostname ending in dot ('.') (bmo#1825374) * fixed: Message header was occasionally missing in message preview (bmo#1840943) * fixed: Setting an existing folder's type flag did not add descendant folders to the Unified Folders view (bmo#1848904) * fixed: Thunderbird did not always delete all temporary mail files, sometimes preventing messages from being sent (bmo#673703) * fixed: Status bar in Message Compose window could not be hidden (bmo#1806860) * fixed: Message header was intermittently missing from message preview (bmo#1840943) * fixed: OAuth2 did not work on some profiles created in Thunderbird 102.6.1 or earlier (bmo#1814823) * fixed: In Vertical View, decrypted subject lines were displayed as ellipsis ('...') in message list (bmo#1831764) * fixed: Condensed address preference (mail.showCondensedAddresses) did not show condensed addresses in message list (bmo#1831280) * fixed: Spam folder could not be assigned non-ASCII names with IMAP UTF-8 enabled (bmo#1816332) * fixed: Message header was not displayed until images finished loading, causing noticeable delay for messages containing large images (bmo#1851871) * fixed: Large SVG favicons did not display on RSS feeds (bmo#1853895) * fixed: Context menu items did not display a hover background color (bmo#1852732) * fixed: Security fixes MFSA 2023-43 (bsc#1215575) * CVE-2023-5168 (bmo#1846683) Out-of-bounds write in FilterNodeD2D1 * CVE-2023-5169 (bmo#1846685) Out-of-bounds write in PathOps * CVE-2023-5171 (bmo#1851599) Use-after-free in Ion Compiler * CVE-2023-5174 (bmo#1848454) Double-free in process spawning on Windows * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195) Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 - Add patch mozilla-fix-broken-ffmpeg.patch to fix broken build with newer binutils (bsc#1215309) - Fix i586 build by reducing debug info to -g1. (bsc#1210168) - Mozilla Thunderbird 115.2.3 * changed: Card view and vertical layout are now default for new profiles (bmo#1849000) * fixed: Go - Folder menu was disabled (bmo#1849919) * fixed: 'Tools' menu was blank when opened from compose window on macOS (bmo#1848155) * fixed: Deleting an attachment from a message on an IMAP server corrupted the local copy when configured with 'mark as deleted' (bmo#1135434) * fixed: Manually entered passwords were not remembered for OAuth-authenticated accounts such as Yahoo mail (bmo#1673446) * fixed: Quick Filter's 'Keep filters applied' did not persist after restarting Thunderbird (bmo#1846880,bmo#1849221) * fixed: Top-level Quick Filter settings did not persist after restart (bmo#1849249) * fixed: Notifications for new messages with non-ASCII characters in the subject were garbled (bmo#1842384) * fixed: 'Mark Thread As Read' did not work when some messages in thread were already read (bmo#1850850) * fixed: New Groups tab in NNTP subscribe dialog id not work as expected (bmo#1848366) * fixed: Negative values were allowed in 'Share for files larger than' field (bmo#1850281) * fixed: Thunderbird sometimes crashed when deleting a parent folder with subfolders (bmo#1851293) * fixed: 'Send Message Error' appeared intermittently while Thunderbird was idle (bmo#1801668) * fixed: Focused but not selected messages were missing visual indication of focus in card view (bmo#1844263) * fixed: Notification dot did not disappear from taskbar icon on Windows after messages had already been read (bmo#1824889) * fixed: Multiple selected messages could not be opened simultaneously if selection included more than 19 messages (bmo#1851563) * fixed: Email replies received via BCC incorrectly populated From field with default identity (bmo#1851512) * fixed: User was not always notified of message send failures in outbox (bmo#1851542) * fixed: Tag dialog did not close properly after editing tag (bmo#1852414) * fixed: Newsgroup field in compose window did not autocomplete with suggested newsgroup names (bmo#1670457) * fixed: Canceling newsgroup messages did not check if sender matched user's own identity (bmo#1823274) * fixed: Event dialog with several invitees expanded beyond screen height (bmo#1848261) * fixed: Message check boxes were partially obstructed in message list (bmo#1850760) * unresolved: Some folders missing from Unified Folders () Critical SUSE bug 1210168 SUSE bug 1215309 SUSE bug 1215575 SUSE bug 1215814 CVE-2023-5168 CVE-2023-5169 CVE-2023-5171 CVE-2023-5174 CVE-2023-5176 CVE-2023-5217 cpe:/o:opensuse:leap:15.4 Security update for go1.21 (Important) openSUSE Leap 15.4 This update for go1.21 fixes the following issues: - Updated to version 1.21.2 (bsc#1212475): - CVE-2023-39323: Fixed an arbitrary execution issue during build time due to path directive bypass (bsc#1215985). Important SUSE bug 1212475 SUSE bug 1215985 CVE-2023-39323 cpe:/o:opensuse:leap:15.4 Security update for go1.20 (Important) openSUSE Leap 15.4 This update for go1.20 fixes the following issues: - Updated to version 1.20.9 (bsc#1206346): - CVE-2023-39323: Fixed an arbitrary execution issue during build time due to path directive bypass (bsc#1215985). Important SUSE bug 1206346 SUSE bug 1215985 CVE-2023-39323 cpe:/o:opensuse:leap:15.4 Security update for shadow (Low) openSUSE Leap 15.4 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). Low SUSE bug 1214806 CVE-2023-4641 cpe:/o:opensuse:leap:15.4 Security update for php-composer2 (Moderate) openSUSE Leap 15.4 This update for php-composer2 fixes the following issues: - CVE-2023-43655: Fixed a remote code execution issue that could be triggered if users published a web-accessible composer.phar file (bsc#1215859). Moderate SUSE bug 1215859 CVE-2023-43655 cpe:/o:opensuse:leap:15.4 Security update for conmon (Important) openSUSE Leap 15.4 This update for conmon fixes the following issues: conmon was rebuilt using go1.21 (bsc#1215806) Important SUSE bug 1215806 cpe:/o:opensuse:leap:15.4 Security update for curl (Important) openSUSE Leap 15.4 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) Important SUSE bug 1215888 SUSE bug 1215889 CVE-2023-38545 CVE-2023-38546 cpe:/o:opensuse:leap:15.4 Security update for libbpf (Important) openSUSE Leap 15.4 This update for libbpf fixes the following issues: - CVE-2022-3534: Fixed use-after-free in btf_dump_name_dups (bsc#1204391). - CVE-2022-3606: Fixed null pointer dereference in find_prog_by_sec_insn() (bsc#1204502). Important SUSE bug 1204391 SUSE bug 1204502 CVE-2022-3534 CVE-2022-3606 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Moderate) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2023-5341: Fixed a heap use-after-free in coders/bmp.c. (bsc#1215939) Moderate SUSE bug 1215939 CVE-2023-5341 cpe:/o:opensuse:leap:15.4 Security update for xen (Important) openSUSE Leap 15.4 This update for xen fixes the following issues: - CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744) - CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746) - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747) - CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748) - CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748) Important SUSE bug 1215744 SUSE bug 1215746 SUSE bug 1215747 SUSE bug 1215748 CVE-2023-34323 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 cpe:/o:opensuse:leap:15.4 Security update for qemu (Important) openSUSE Leap 15.4 This update for qemu fixes the following issues: - CVE-2023-3180: Fixed a buffer overflow in the virtio-crypto device (bsc#1213925). - CVE-2021-3750: Fixed a DMA reentrancy in the USB EHCI device that could lead to use-after-free (bsc#1190011). - CVE-2021-3638: Fixed a buffer overflow in the ati-vga device (bsc#1188609). - CVE-2023-3354: Fixed an issue when performing a TLS handshake that could lead to remote denial of service via VNC connection (bsc#1212850). - CVE-2023-0330: Fixed a DMA reentrancy issue in the lsi53c895a device that could lead to a stack overflow (bsc#1207205). Non-security fixes: - Fixed a potential build issue in the librm subcomponent (bsc#1215311). - Fixed a potential crash during VM migration (bsc#1213663). - Fixed potential issues during installation on a Xen host (bsc#1179993, bsc#1181740). Important SUSE bug 1179993 SUSE bug 1181740 SUSE bug 1188609 SUSE bug 1190011 SUSE bug 1207205 SUSE bug 1212850 SUSE bug 1213663 SUSE bug 1213925 SUSE bug 1215311 CVE-2021-3638 CVE-2021-3750 CVE-2023-0330 CVE-2023-3180 CVE-2023-3354 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727) - CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) - CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) - CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) - CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - bpf: Clear the probe_addr for uprobe (git-fixes). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kabi/severities: ignore mlx4 internal symbols - kconfig: fix possible buffer overflow (git-fixes). - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - module: Expose module_init_layout_section() (git-fixes) - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - nfs/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - PCI: Free released resource after coalescing (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/purgatory: remove PGO flags (git-fixes). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). Important SUSE bug 1202845 SUSE bug 1213772 SUSE bug 1213808 SUSE bug 1214928 SUSE bug 1214943 SUSE bug 1214944 SUSE bug 1214950 SUSE bug 1214951 SUSE bug 1214954 SUSE bug 1214957 SUSE bug 1214986 SUSE bug 1214988 SUSE bug 1214992 SUSE bug 1214993 SUSE bug 1215322 SUSE bug 1215523 SUSE bug 1215877 SUSE bug 1215894 SUSE bug 1215895 SUSE bug 1215896 SUSE bug 1215911 SUSE bug 1215915 SUSE bug 1215916 CVE-2023-1192 CVE-2023-1206 CVE-2023-1859 CVE-2023-2177 CVE-2023-37453 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-4155 CVE-2023-42753 CVE-2023-42754 CVE-2023-4389 CVE-2023-4563 CVE-2023-4622 CVE-2023-4623 CVE-2023-4881 CVE-2023-4921 CVE-2023-5345 cpe:/o:opensuse:leap:15.4 Security update for samba (Important) openSUSE Leap 15.4 This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908) Important SUSE bug 1213940 SUSE bug 1215904 SUSE bug 1215905 SUSE bug 1215908 CVE-2023-4091 CVE-2023-4154 CVE-2023-42669 cpe:/o:opensuse:leap:15.4 Security update for go1.20 (Important) openSUSE Leap 15.4 This update for go1.20 fixes the following issues: - Update to go1.20.10 (bsc#1206346) - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1216109) Important SUSE bug 1206346 SUSE bug 1216109 CVE-2023-39325 CVE-2023-44487 cpe:/o:opensuse:leap:15.4 Security update for go1.21 (Important) openSUSE Leap 15.4 This update for go1.21 fixes the following issues: - Update to go1.21.3 (bsc#1212475) - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1216109) Important SUSE bug 1212475 SUSE bug 1216109 CVE-2023-39325 CVE-2023-44487 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727) - CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) - CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) - CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) - CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - bpf: Clear the probe_addr for uprobe (git-fixes). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kabi/severities: ignore mlx4 internal symbols - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - module: Expose module_init_layout_section() (git-fixes) - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - NFS/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pNFS: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - PCI: Free released resource after coalescing (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/purgatory: remove PGO flags (git-fixes). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). Important SUSE bug 1202845 SUSE bug 1213808 SUSE bug 1214928 SUSE bug 1214940 SUSE bug 1214941 SUSE bug 1214942 SUSE bug 1214943 SUSE bug 1214944 SUSE bug 1214950 SUSE bug 1214951 SUSE bug 1214954 SUSE bug 1214957 SUSE bug 1214986 SUSE bug 1214988 SUSE bug 1214992 SUSE bug 1214993 SUSE bug 1215322 SUSE bug 1215877 SUSE bug 1215894 SUSE bug 1215895 SUSE bug 1215896 SUSE bug 1215911 SUSE bug 1215915 SUSE bug 1215916 CVE-2023-1192 CVE-2023-1206 CVE-2023-1859 CVE-2023-2177 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-4155 CVE-2023-42753 CVE-2023-42754 CVE-2023-4389 CVE-2023-4563 CVE-2023-4622 CVE-2023-4623 CVE-2023-4881 CVE-2023-4921 CVE-2023-5345 cpe:/o:opensuse:leap:15.4 Security update for wireshark (Low) openSUSE Leap 15.4 This update for wireshark fixes the following issues: Updated to version 3.6.17: - CVE-2023-5371: Fixed a memory leak issue in the RTPS dissector (bsc#1215959). Low SUSE bug 1215959 CVE-2023-5371 cpe:/o:opensuse:leap:15.4 Security update for opensc (Important) openSUSE Leap 15.4 This update for opensc fixes the following issues: - CVE-2023-40660: Fixed a PIN bypass that could be triggered when cards tracked their own login state (bsc#1215762). - CVE-2023-40661: Fixed several memory safety issues that could happen during the card enrollment process using pkcs15-init (bsc#1215761). Important SUSE bug 1215761 SUSE bug 1215762 CVE-2023-40660 CVE-2023-40661 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bnc#1204502). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). The following non-security bugs were fixed: - KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - blktrace: ensure our debugfs dir exists (git-fixes). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: fix flush with external metadata device (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm integrity: select CRYPTO_SKCIPHER (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm space maps: do not reset space map allocation cursor when committing (git-fixes). - dm table: Remove BUG_ON(in_interrupt()) (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm verity: fix require_signatures module_param permissions (git-fixes). - dm verity: skip verity work if I/O error when system is shutting down (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - kabi/severities: add mlx5 internal symbols - loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix max value for 'first_minor' (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - nbd: make the config put is called before the notifying the waiter (git-fixes). - nbd: restore default timeout when setting it to zero (git-fixes). - net/mlx5: Allocate individual capability (bsc#1195175). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/mlx5: Fix flow counters SF bulk query len (bsc#1195175). - net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#1195175). - net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#1195175). - net/mlx5: Use order-0 allocations for EQs (bsc#1195175). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - rbd: work around -Wuninitialized warning (git-fixes). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes). - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes). - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes). - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). - scsi: core: Do not start concurrent async scan on same host (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: core: Fix capacity set to zero after offlinining device (git-fixes). - scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: core: free sgtables in case command setup fails (git-fixes). - scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes). - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes). - scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes). - scsi: fnic: fix use after free (git-fixes). - scsi: hisi_sas: Check sas_port before using it (git-fixes). - scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes). - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes). - scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes). - scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes). - scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). - scsi: iscsi: Do not send data to unbound connection (git-fixes). - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). - scsi: iscsi: Fix shost->max_id use (git-fixes). - scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix a format specifier (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). - scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes). - scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes). - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add check to synchronize abort and flush (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes). - scsi: qedi: Fix failed disconnect handling (git-fixes). - scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). - scsi: qedi: Fix null ref during abort handling (git-fixes). - scsi: qedi: Protect active command list to avoid list corruption (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). - scsi: scsi_dh_alua: Check for negative result value (git-fixes). - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes). - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). - scsi: scsi_transport_spi: Fix function pointer check (git-fixes). - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes). - scsi: sd: Free scsi_disk device via put_device() (git-fixes). - scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes). - scsi: ses: Fix unsigned comparison with less than zero (git-fixes). - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). - scsi: sr: Return appropriate error code when disk is ejected (git-fixes). - scsi: sr: Return correct event when media event code is 3 (git-fixes). - scsi: st: Fix a use after free in st_open() (git-fixes). - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). - scsi: ufs: Clean up completed request without interrupt notification (git-fixes). - scsi: ufs: Fix a race condition in the tracing code (git-fixes). - scsi: ufs: Fix error handing during hibern8 enter (git-fixes). - scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes). - scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes). - scsi: ufs: Fix irq return code (git-fixes). - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). - scsi: ufs: Fix tm request when non-fatal error happens (git-fixes). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes). - scsi: ufs: Fix up auto hibern8 enablement (git-fixes). - scsi: ufs: Fix wrong print message in dev_err() (git-fixes). - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). - scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes). - scsi: ufs: fix potential bug which ends in system hang (git-fixes). - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). - scsi: virtio_scsi: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: vmw_pvscsi: Set correct residual data length (git-fixes). - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). Important SUSE bug 1195175 SUSE bug 1204502 SUSE bug 1206677 SUSE bug 1207034 SUSE bug 1207497 SUSE bug 1207508 SUSE bug 1207769 SUSE bug 1207878 CVE-2022-3606 CVE-2023-0179 cpe:/o:opensuse:leap:15.4 Security update for libcue (Important) openSUSE Leap 15.4 This update for libcue fixes the following issues: - CVE-2023-43641: Fixed a buffer overflow while parsing a malicious file (bsc#1215728). Important SUSE bug 1215728 CVE-2023-43641 cpe:/o:opensuse:leap:15.4 Security update for python-gevent (Important) openSUSE Leap 15.4 This update for python-gevent fixes the following issues: - CVE-2023-41419: Fixed a http request smuggling (bsc#1215469). Important SUSE bug 1215469 CVE-2023-41419 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727) - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - bpf: Clear the probe_addr for uprobe (git-fixes). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kabi/severities: ignore mlx4 internal symbols - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - NFS/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - PCI: Free released resource after coalescing (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - pNFS: Fix assignment of xprtdata.cred (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/purgatory: remove PGO flags (git-fixes). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). Important SUSE bug 1202845 SUSE bug 1213808 SUSE bug 1214928 SUSE bug 1214940 SUSE bug 1214941 SUSE bug 1214942 SUSE bug 1214943 SUSE bug 1214944 SUSE bug 1214950 SUSE bug 1214951 SUSE bug 1214954 SUSE bug 1214957 SUSE bug 1214986 SUSE bug 1214988 SUSE bug 1214992 SUSE bug 1214993 SUSE bug 1215322 SUSE bug 1215877 SUSE bug 1215894 SUSE bug 1215895 SUSE bug 1215896 SUSE bug 1215911 SUSE bug 1215915 SUSE bug 1215916 CVE-2023-1192 CVE-2023-1206 CVE-2023-1859 CVE-2023-2177 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-4155 CVE-2023-42753 CVE-2023-42754 CVE-2023-4389 CVE-2023-4563 CVE-2023-4622 CVE-2023-4623 CVE-2023-4881 CVE-2023-4921 CVE-2023-5345 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges on the system. (bsc#1215150) - CVE-2023-4389: Fixed a a double decrement of the reference count flaw in the btrfs filesystem a double decrement of the reference count, which may have allowed a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. (bsc#1214351) - CVE-2023-4921: Fixed a use-after-free vulnerability in the sch_qfq component which could be exploited to achieve local privilege escalation. (bsc#1215275) - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). - CVE-2023-4622: Fixed a use-after-free vulnerability in the af_unix component which could be exploited to achieve local privilege escalation. (bsc#1215117) - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2020-36766: Fixed an issue in drivers/media/cec/core/cec-api.c which could leaks one byte of kernel memory on specific hardware to unprivileged users. (bsc#1215299) - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. (bsc#1210169) - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system or potentially cause a denial of service. (bsc#1210643) - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - locking/rwsem: Disable reader optimistic spinning (bnc#1176588). - mkspec: Allow unsupported KMPs (bsc#1214386) - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - x86/pkeys: Revert a5eff7259790 ('x86/pkeys: Add PKRU value to init_fpstate') (bsc#1215356). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). Important SUSE bug 1176588 SUSE bug 1202845 SUSE bug 1207036 SUSE bug 1207270 SUSE bug 1208995 SUSE bug 1210169 SUSE bug 1210643 SUSE bug 1210658 SUSE bug 1212703 SUSE bug 1213812 SUSE bug 1214233 SUSE bug 1214351 SUSE bug 1214380 SUSE bug 1214386 SUSE bug 1215115 SUSE bug 1215117 SUSE bug 1215150 SUSE bug 1215221 SUSE bug 1215275 SUSE bug 1215299 SUSE bug 1215322 SUSE bug 1215356 CVE-2020-36766 CVE-2023-1192 CVE-2023-1206 CVE-2023-1859 CVE-2023-2177 CVE-2023-23454 CVE-2023-4004 CVE-2023-40283 CVE-2023-42753 CVE-2023-4389 CVE-2023-4622 CVE-2023-4623 CVE-2023-4881 CVE-2023-4921 cpe:/o:opensuse:leap:15.4 Security update for buildah (Important) openSUSE Leap 15.4 This update of buildah fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 SUSE bug 1216005 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3107: Fixed missing check of return value of kvmalloc_array() (bnc#1206395). - CVE-2022-3108: Fixed missing check of return value of kmemdup() (bnc#1206389). - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073). - CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664). - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). The following non-security bugs were fixed: - Added support for enabling livepatching related packages on -RT (jsc#PED-1706). - Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes, bsc#1207186). - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - Reverted 'constraints: increase disk space for all architectures' (bsc#1203693) - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). Important SUSE bug 1203693 SUSE bug 1205149 SUSE bug 1206073 SUSE bug 1206389 SUSE bug 1206395 SUSE bug 1206664 SUSE bug 1206677 SUSE bug 1206784 SUSE bug 1207036 SUSE bug 1207186 SUSE bug 1207237 CVE-2022-3107 CVE-2022-3108 CVE-2022-3564 CVE-2022-4662 CVE-2022-47929 CVE-2023-23454 cpe:/o:opensuse:leap:15.4 Security update for python-urllib3 (Moderate) openSUSE Leap 15.4 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). Moderate SUSE bug 1215968 CVE-2023-43804 cpe:/o:opensuse:leap:15.4 Security update for erlang (Critical) openSUSE Leap 15.4 This update for erlang fixes the following issues: - Updated to version 23.3.4.19 (jsc#PED-6209): - CVE-2022-37026: Complete a previous insufficient fix for an authentication bypass (bsc#1205318). Critical SUSE bug 1205318 CVE-2022-37026 cpe:/o:opensuse:leap:15.4 Security update for haproxy (Critical) openSUSE Leap 15.4 This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser (bsc#1208132). - Fixed an issue where sensitive data might leak to the backend. Critical SUSE bug 1208132 CVE-2023-25725 cpe:/o:opensuse:leap:15.4 Security update for glibc (Important) openSUSE Leap 15.4 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) Important SUSE bug 1215286 SUSE bug 1215891 CVE-2023-4813 cpe:/o:opensuse:leap:15.4 Security update for slurm (Important) openSUSE Leap 15.4 This update for slurm fixes the following issues: - CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) Important SUSE bug 1208810 SUSE bug 1216207 CVE-2023-41914 cpe:/o:opensuse:leap:15.4 Security update for slurm (Important) openSUSE Leap 15.4 This update for slurm fixes the following issues: - CVE-2023-41914: Fixed several filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file (bsc#1216207). Non-security fixes: - Fixed dependency issues that could arise during an upgrade (bsc#1208810). Important SUSE bug 1208810 SUSE bug 1216207 CVE-2023-41914 cpe:/o:opensuse:leap:15.4 Security update for slurm (Important) openSUSE Leap 15.4 This update for slurm fixes the following issues: - CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) Important SUSE bug 1208810 SUSE bug 1216207 CVE-2023-41914 cpe:/o:opensuse:leap:15.4 Security update for slurm (Important) openSUSE Leap 15.4 This update for slurm fixes the following issues: - CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) Important SUSE bug 1208810 SUSE bug 1216207 CVE-2023-41914 cpe:/o:opensuse:leap:15.4 Security update for helm (Important) openSUSE Leap 15.4 This update for helm fixes the following issues: helm was updated to version 3.13.1: * Fixing precedence issue with the import of values. * Add missing with clause to release gh action * FIX Default ServiceAccount yaml * fix(registry): unswallow error * remove useless print during prepareUpgrade * fix(registry): address anonymous pull issue * Fix missing run statement on release action * Write latest version to get.helm.sh bucket * Increased release information key name max length. helm was updated to version 3.13.0 (bsc#1215588): * Fix leaking goroutines in Install * Update Helm to use k8s 1.28.2 libraries * make the dependabot k8s.io group explicit * use dependabot's group support for k8s.io dependencies * doc:Executing helm rollback release 0 will roll back to the previous release * Use labels instead of selectorLabels for pod labels * fix(helm): fix GetPodLogs, the hooks should be sorted before get the logs of each hook * chore: HTTPGetter add default timeout * Avoid nil dereference if passing a nil resolver * Add required changes after merge * Fix #3352, add support for --ignore-not-found just like kubectl delete * Fix helm may identify achieve of the application/x-gzip as application/vnd.ms-fontobject * Restore `helm get metadata` command * Revert 'Add `helm get metadata` command' * test: replace `ensure.TempDir` with `t.TempDir` * use json api url + report curl/wget error on fail * Added error in case try to supply custom label with name of system label during install/upgrade * fix(main): fix basic auth for helm pull or push * cmd: support generating index in JSON format * repo: detect JSON and unmarshal efficiently * Tweaking new dry-run internal handling * bump kubernetes modules to v0.27.3 * Remove warning for template directory not found. * Added tests for created OCI annotation time format * Add created OCI annotation * Fix multiple bugs in values handling * chore: fix a typo in `manager.go` * add GetRegistryClient method * oci: add tests for plain HTTP and insecure HTTPS registries * oci: Add flag `--plain-http` to enable working with HTTP registries * docs: add an example for using the upgrade command with existing values * Replace `fmt.Fprintf` with `fmt.Fprint` in get_metadata.go * Replace `fmt.Fprintln` with `fmt.Fprintf` in get_metadata.go * update kubernetes dependencies from v0.27.0 to v0.27.1 * Add ClientOptResolver to test util file * Check that missing keys are still handled in tpl * tests: change crd golden file to match after #11870 * Adding details on the Factory interface * update autoscaling/v2beta1 to autoscaling/v2 in skeleton chart * feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster to be able to render lookup functions. Closes #8137 * bugfix:(#11391) helm lint infinite loop when malformed template object * pkg/engine: fix nil-dereference * pkg/chartutil: fix nil-dereference * pkg/action: fix nil-dereference * full source path when output-dir is not provided * added Contributing.md section and ref link in the README * feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster if the value is 'server' to be able to render lookup functions. Closes #8137 * feat(helm): add ability for --dry-run to do lookup functions * Add `CHART`, `VERSION` and `APP_VERSION` fields to `get all` command output * Adjust `get` command description to account metadata * add volumes and volumeMounts in chartutil * Seed a default switch to control `automountServiceAccountToken` * Avoid confusing error when passing in '--version X.Y.Z' * Add `helm get metadata` command * Use wrapped error so that ErrNoObjectsVisited can be compared after return. * Add exact version test. * strict file permissions of repository.yaml * Check redefinition of define and include in tpl * Check that `.Template` is passed through `tpl` * Make sure empty `tpl` values render empty. * Pick the test improvement out of PR#8371 * #11369 Use the correct index repo cache directory in the `parallelRepoUpdate` method as well * #11369 Add a test case to prove the bug and its resolution * ref(helm): export DescriptorPullSummary fields * feat(helm): add 'ClientOptResolver' ClientOption * Fix flaky TestSQLCreate test by making sqlmock ignore order of sql requests * Fixing tests after adding labels to release fixture * Make default release fixture contain custom labels to make tests check that labels are not lost * Added support for storing custom labels in SQL storage driver * Adding support merging new custom labels with original release labels during upgrade * Added note to install/upgrade commands that original release labels wouldn't be persisted in upgraded release * Added unit tests for implemented install/upgrade labels logic * Remove redudant types from util_test.go * Added tests for newly introduced util.go functions * Fix broken tests for SQL storage driver * Fix broken tests for configmap and secret storage drivers * Make superseded releases keep labels * Support configmap storage driver for install/upgrade actions --labels argument * Added upgrade --install labels argument support * Add labels support for install action with secret storage backend * test: added tests to load plugin from home dir with space * fix: plugin does not load when helm base dir contains space * Add priority class to kind sorter * Fixes #10566 * test(search): add mixedCase test case * fix(search): print repo search result in original case * Adjust error message wrongly claiming that there is a resource conflict * Throw an error from jobReady() if the job exceeds its BackoffLimit * github: add Asset Transparency action for GitHub releases Update to version 3.12.3: * bump kubernetes modules to v0.27.3 * Add priority class to kind sorter Update to version 3.12.2: * add GetRegistryClient method Update to version 3.12.1: * bugfix:(#11391) helm lint infinite loop when malformed template object * update autoscaling/v2beta1 to autoscaling/v2 in skeleton chart * test(search): add mixedCase test case * fix(search): print repo search result in original case * strict file permissions of repository.yaml * update kubernetes dependencies from v0.27.0 to v0.27.1 Update to version 3.12.0: * Attach annotations to OCI artifacts * Fix goroutine leak in action install * fix quiet lint does not fail on non-linting errors * create failing test for quietly linting a chart that doesn't exist * Fixes Readiness Check for statefulsets using partitioned rolling update. (#11774) * fix: failed testcase on windows * Fix 32bit-x86 typo in testsuite * Handle failed DNS case for Go 1.20+ * Updating the Go version in go.mod * Fix goroutine leak in perform * Properly invalidate client after CRD install * Provide a helper to set the registryClient in cmd * Reimplemented change in httpgetter for insecure TLS option * Added insecure option to login subcommand * Added support for insecure OCI registries * Enable custom certificates option for OCI * Add testing to default and release branches * Remove job dependency. Should have done when I moved job to new file * Remove check to run only in helm org * Add why comments * Convert remaining CircleCI config to GitHub Actions * Changed how the setup-go action sets go version * chore:Use http constants as http.request parameters * update k8s registry domain * don't mark issues as stale where a PR is in progress * Update to func handling * Add option to support cascade deletion options * the linter varcheck and deadcode are deprecated (since v1.49.0) * Check status code before retrying request * Fix improper use of Table request/response to k8s API * fix template --output-dir issue * Add protection for stack-overflows for nested keys * feature(helm): add --set-literal flag for literal string interpretation Update to version 3.11.3: * Fix goroutine leak in perform * Fix goroutine leak in action install * Fix 32bit-x86 typo in testsuite * Fixes Readiness Check for statefulsets using partitioned rolling update. (#11774) - avoid CGO to workaround missing gold dependency (bsc#1183043) Important SUSE bug 1183043 SUSE bug 1215588 SUSE bug 1215711 CVE-2022-41723 CVE-2023-25173 cpe:/o:opensuse:leap:15.4 Security update for cni (Important) openSUSE Leap 15.4 This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 SUSE bug 1216006 cpe:/o:opensuse:leap:15.4 Security update for cni-plugins (Important) openSUSE Leap 15.4 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 SUSE bug 1216006 cpe:/o:opensuse:leap:15.4 Security update for tomcat (Important) openSUSE Leap 15.4 This update for tomcat fixes the following issues: Tomcat was updated to version 9.0.82 (jsc#PED-6376, jsc#PED-6377): - Security issues fixed: * CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. (bsc#1214666) * CVE-2023-44487: Fix HTTP/2 Rapid Reset Attack. (bsc#1216182) - Update to Tomcat 9.0.82: * Catalina + Add: 65770: Provide a lifecycle listener that will automatically reload TLS configurations a set time before the certificate is due to expire. This is intended to be used with third-party tools that regularly renew TLS certificates. + Fix: Fix handling of an error reading a context descriptor on deployment. + Fix: Fix rewrite rule qsd (query string discard) being ignored if qsa was also use, while it should instead take precedence. + Fix: 67472: Send fewer CORS-related headers when CORS is not actually being engaged. + Add: Improve handling of failures within recycle() methods. * Coyote + Fix: 67670: Fix regression with HTTP compression after code refactoring. + Fix: 67198: Ensure that the AJP connector attribute tomcatAuthorization takes precedence over the tomcatAuthentication attribute when processing an auth_type attribute received from a proxy server. + Fix: 67235: Fix a NullPointerException when an AsyncListener handles an error with a dispatch rather than a complete. + Fix: When an error occurs during asynchronous processing, ensure that the error handling process is only triggered once per asynchronous cycle. + Fix: Fix logic issue trying to match no argument method in IntropectionUtil. + Fix: Improve thread safety around readNotify and writeNotify in the NIO2 endpoint. + Fix: Avoid rare thread safety issue accessing message digest map. + Fix: Improve statistics collection for upgraded connections under load. + Fix: Align validation of HTTP trailer fields with standard fields. + Fix: Improvements to HTTP/2 overhead protection (bsc#1216182, CVE-2023-44487) * jdbc-pool + Fix: 67664: Correct a regression in the clean-up of unnecessary use of fully qualified class names in 9.0.81 that broke the jdbc-pool. * Jasper + Fix: 67080: Improve performance of EL expressions in JSPs that use implicit objects - Update to Tomcat 9.0.80 (jsc#PED-6376, jsc#PED-6377): * Catalina: + Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks + Move the management of the utility executor from the init()/destroy() methods of components to the start()/stop() methods. + Add org.apache.catalina.core.StandardVirtualThreadExecutor, a virtual thread based executor that may be used with one or more Connectors to process requests received by those Connectors using virtual threads. This Executor requires a minimum Java version of Java 21. + Add a per session Semaphore to the PersistentValve that ensures that, within a single Tomcat instance, there is no more than one concurrent request per session. Also expand the debug logging to include whether a request bypasses the Valve and the reason if a request fails to obtain the per session Semaphore. + Ensure that the default servlet correctly escapes file names in directory listings when using XML output. + Add a numeric last modified field to the XML directory listings produced by the default servlet to enable sorting in the XSLT. + Attempts to lock a collection with WebDAV may incorrectly fail if a child collection has an expired lock. + Deprecate the xssProtectionEnabled setting from the HttpHeaderSecurityFilter and change the default value to false as support for the associated HTTP header has been removed from all major browsers. + Add org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information environment entries. + Add org.apache.catalina.core.PropertiesRoleMappingListener, a listener which populates the context's role mapping from a properties file. + Fix an edge case where intra-web application symlinks would be followed if the web applications were deliberately crafted to allow it even when allowLinking was set to false. + Add utility config file resource lookup on Context to allow looking up resources from the webapp (prefixed with webapp:) and make the resource lookup API more visible. + Fix potential database connection leaks in DataSourceUserDatabase identified by Coverity Scan. + Make parsing of ExtendedAccessLogValve patterns more robust. + Fix failure trying to persist configuration for an internal credential handler. + When serializing a session during the session presistence process, do not log a warning that null Principals are not serializable. + Catch NamingException in JNDIRealm#getPrincipal. It is used in Java up to 17 to signal closed connections. + Use the same naming format in log messages for Connector instances as the associated ProtocolHandler instance. + The parts count should also lower the actual maxParameterCount used for parsing parameters if parts are parsed first. + If an application or library sets both a non-500 error code and the javax.servlet.error.exception request attribute, use the provided error code during error page processing rather than assuming an error code of 500. + Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. * Coyote: + Update the HTTP/2 implementation to use the prioritization scheme defined in RFC 9218 rather than the one defined in RFC 7540. + Fix not sending WINDOW_UPDATE when dataLength is ZERO on call SwallowedDataFramePayload. + Restore the documented behaviour of MessageBytes.getType() that it returns the type of the original content rather than reflecting the most recent conversion. + Correct certificate logging on start-up so it differentiates between keystore based keys/certificates: PEM file based keys/certificates and logs the relevant information for each. + Refactor blocking reads and writes for the NIO connector to remove code paths that could allow a notification from the Poller to be missed resuting in a timeout rather than the expected read or write. + Refactor waiting for an HTTP/2 stream or connection window update to handle spurious wake-ups during the wait. + Correct a regression introduced in 9.0.78 and use the correct constant when constructing the default value for the certificateKeystoreFile attribute of an SSLHostConfigCertificate instance. + Refactor HTTP/2 implementation to reduce pinning when using virtual threads. + Pass through ciphers referring to an OpenSSL profile, such as PROFILE=SYSTEM instead of producing an error trying to parse it. + Ensure that AsyncListener.onError() is called after an error during asynchronous processing with HTTP/2. + When using asynchronous I/O (the default for NIO and NIO2), include DATA frames when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. + Correct a race condition that could cause spurious RST messages to be sent after the response had been written to an HTTP/2 stream. * WebSocket: + Expand the validation of the value of the Sec-Websocket-Key header in the HTTP upgrade request that initiates a WebSocket connection. The value is not decoded but it is checked for the correct length and that only valid characters from the base64 alphabet are used. + Improve handling of error conditions for the WebSocket server, particularly during Tomcat shutdown. + Correct a regression in the fix for 66574 that meant the WebSocket session could return false for onOpen() before the onClose() event had been completed. + Fix a NullPointerException when flushing batched messages with compression enabled using permessage-deflate. * Web applications: + Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks attribute in the configuration section for the Digest authentication value. + Documentation: Expand the security guidance to cover the embedded use case and add notes on the uses made of the java.io.tmpdir system property. + Documentation: Fix a typo in the name of the algorithms + Documentation: Update documentation to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. * jdbc-pool: + Fix the releaseIdleCounter does not increment when testAllIdle releases them. + Fix the ConnectionState state will be inconsistent with actual state on the connection when an exception occurs while writing. * Other: + Update to Commons Daemon 1.3.4. + Improvements to French translations. + Update Checkstyle to 10.12.0. + Update the packaged version of the Apache Tomcat Native Library to 1.2.37 to pick up the Windows binaries built with with OpenSSL 1.1.1u. + Include the Windows specific binary distributions in the files uploaded to Maven Central. + Improvements to French translations. + Improvements to Japanese translations. + Update UnboundID to 6.0.9. + Update Checkstyle to 10.12.1. + Update BND to 6.4.1.66665: + Update JSign to 5.0. + Correct properties for JSign dependency. + Align documentation for maxParameterCount to match hard-coded defaults. + Update NSIS to 3.0.9. + Update Checkstyle to 10.12.2. + Improvements to French translations. + Improvements to Japanese translations. + Fix quoting so users can use the _RUNJAVA environment variable as intended on Windows when the path to the Java executable contains spaces. + Update Tomcat Native to 1.2.38 to pick up Windows binaries built with OpenSSL 1.1.1v. + Improvements to Chinese translations. + Improvements to French translations. + Improvements to Japanese translations Important SUSE bug 1214666 SUSE bug 1216182 CVE-2023-41080 CVE-2023-44487 cpe:/o:opensuse:leap:15.4 Security update for nodejs18 (Important) openSUSE Leap 15.4 This update for nodejs18 fixes the following issues: - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) - CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) - CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) - CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) Important SUSE bug 1216190 SUSE bug 1216205 SUSE bug 1216272 SUSE bug 1216273 CVE-2023-38552 CVE-2023-39333 CVE-2023-44487 CVE-2023-45143 cpe:/o:opensuse:leap:15.4 Security update for suse-module-tools (Important) openSUSE Leap 15.4 This update for suse-module-tools fixes the following issues: - Updated to version 15.4.18: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). Important SUSE bug 1205767 SUSE bug 1210335 CVE-2023-1829 CVE-2023-23559 cpe:/o:opensuse:leap:15.4 Security update for grub2 (Important) openSUSE Leap 15.4 This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: - Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) Important SUSE bug 1201300 SUSE bug 1215935 SUSE bug 1215936 CVE-2023-4692 CVE-2023-4693 cpe:/o:opensuse:leap:15.4 Security update for nodejs18 (Important) openSUSE Leap 15.4 This update for nodejs18 fixes the following issues: - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) - CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) - CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) - CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) Important SUSE bug 1216190 SUSE bug 1216205 SUSE bug 1216272 SUSE bug 1216273 CVE-2023-38552 CVE-2023-39333 CVE-2023-44487 CVE-2023-45143 cpe:/o:opensuse:leap:15.4 Security update for gcc13 (Important) openSUSE Leap 15.4 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. Important SUSE bug 1206480 SUSE bug 1206684 SUSE bug 1210557 SUSE bug 1211427 SUSE bug 1212101 SUSE bug 1213915 SUSE bug 1214052 SUSE bug 1214460 CVE-2023-4039 cpe:/o:opensuse:leap:15.4 Security update for netty, netty-tcnative (Important) openSUSE Leap 15.4 This update for netty, netty-tcnative fixes the following issues: - Updated netty to version 4.1.100: - CVE-2023-44487: Fixed a potential denial of service scenario via RST frame floods (bsc#1216169). - Updated netty-tcnative to version 2.0.62 Final. Important SUSE bug 1216169 CVE-2023-44487 cpe:/o:opensuse:leap:15.4 Security update for ruby2.5 (Important) openSUSE Leap 15.4 This update for ruby2.5 fixes the following issues: - CVE-2023-28755: Fixed a ReDoS vulnerability in URI. (bsc#1209891) - CVE-2023-28756: Fixed an expensive regexp in the RFC2822 time parser. (bsc#1209967) - CVE-2021-41817: Fixed a Regular Expression Denial of Service Vulnerability of Date Parsing Methods. (bsc#1193035) - CVE-2021-33621: Fixed a HTTP response splitting vulnerability in CGI gem. (bsc#1205726) Important SUSE bug 1193035 SUSE bug 1205726 SUSE bug 1209891 SUSE bug 1209967 CVE-2021-33621 CVE-2021-41817 CVE-2023-28755 CVE-2023-28756 cpe:/o:opensuse:leap:15.4 Security update for poppler (Moderate) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2019-13287: Fixed an out-of-bounds read vulnerability in the function SplashXPath:strokeAdjust. (bsc#1140745) - CVE-2018-18456: Fixed a stack-based buffer over-read via a crafted pdf file. (bsc#1112428) - CVE-2018-18454: Fixed heap-based buffer over-read) via a crafted pdf file. (bsc#1112424) - CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph. (bsc#1214256) Moderate SUSE bug 1112424 SUSE bug 1112428 SUSE bug 1140745 SUSE bug 1214256 CVE-2018-18454 CVE-2018-18456 CVE-2019-13287 CVE-2020-36023 cpe:/o:opensuse:leap:15.4 Security update for openssl-3 (Important) openSUSE Leap 15.4 This update for openssl-3 fixes the following issues: - CVE-2023-5363: Incorrect cipher key and IV length processing. (bsc#1216163) - CVE-2023-3817: Add test of DH_check() with q = p + 1. (bsc#1213853) Important SUSE bug 1213853 SUSE bug 1216163 CVE-2023-3817 CVE-2023-5363 cpe:/o:opensuse:leap:15.4 Security update for nodejs18 (Moderate) openSUSE Leap 15.4 This update for nodejs18 fixes the following issues: This update ships nodejs18 (jsc#PED-2097) Update to NodejJS 18.13.0 LTS: * build: disable v8 snapshot compression by default * crypto: update root certificates * deps: update ICU to 72.1 * doc: + add doc-only deprecation for headers/trailers setters + add Rafael to the tsc + deprecate use of invalid ports in url.parse + deprecate url.parse() * lib: drop fetch experimental warning * net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options * src: + add uvwasi version + add initial shadow realm support * test_runner: + add t.after() hook + don't use a symbol for runHook() * tls: + add 'ca' property to certificate object * util: + add fast path for utf8 encoding + improve textdecoder decode performance + add MIME utilities - Fixes compatibility with ICU 72.1 (bsc#1205236) - Fix migration to openssl-3 (bsc#1205042) Update to NodeJS 18.12.1 LTS: * inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548) Update to NodeJS 18.12.0 LTS: * Running in 'watch' mode using node --watch restarts the process when an imported file is changed. * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * util: add default value option to parsearg Update to NodeJS 18.11.0: * added experimental watch mode -- running in 'watch' mode using node --watch restarts the process when an imported file is changed * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * lib: refactor transferable AbortSignal * src: add detailed embedder process initialization API * util: add default value option to parsearg Update to NodeJS 18.10.0: * deps: upgrade npm to 8.19.2 * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() Update to Nodejs 18.9.1: * deps: llhttp updated to 6.0.10 + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + Incorrect Parsing of Multi-line Transfer-Encoding (CVE-2022-32215, bsc#1201327) + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832) * crypto: fix weak randomness in WebCrypto keygen (CVE-2022-35255, bsc#1203831) Update to Nodejs 18.9.0: * lib - add diagnostics channel for process and worker * os - add machine method * report - expose report public native apis * src - expose environment RequestInterrupt api * vm - include vm context in the embedded snapshot Changes in 18.8.0: * bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob. See * crypto: + allow zero-length IKM in HKDF and in webcrypto PBKDF2 + allow zero-length secret KeyObject * deps: upgrade npm to 8.18.0 * http: make idle http parser count configurable * net: add local family * src: print source map error source on demand * tls: pass a valid socket on tlsClientError Update to Nodejs 18.7.0: * events: add CustomEvent * http: add drop request event for http server * lib: improved diagnostics_channel subscribe/unsubscribe * util: add tokens to parseArgs - enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303) Update to Nodejs 18.6.0: * Experimental ESM Loader Hooks API. For details see, https://nodejs.org/api/esm.html * dns: export error code constants from dns/promises * esm: add chaining to loaders * http: add diagnostics channel for http client * http: add perf_hooks detail for http request and client * module: add isBuiltIn method * net: add drop event for net server * test_runner: expose describe and it * v8: add v8.startupSnapshot utils For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.6.0 Update to Nodejs 18.5.0: * http: stricter Transfer-Encoding and header separator parsing (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) * src: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212) For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.5.0 Update to Nodejs 18.4.0. For detailed changes see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.4.0 Initial packaging of Nodejs 18.2.0. For detailed changes since previous versions, see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.2.0 Moderate SUSE bug 1200303 SUSE bug 1201325 SUSE bug 1201326 SUSE bug 1201327 SUSE bug 1201328 SUSE bug 1203831 SUSE bug 1203832 SUSE bug 1205042 SUSE bug 1205119 SUSE bug 1205236 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548 cpe:/o:opensuse:leap:15.4 Security update for java-11-openjdk (Important) openSUSE Leap 15.4 This update for java-11-openjdk fixes the following issues: - Upgraded to JDK 11.0.21+9 (October 2023 CPU): - CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS (bsc#1216374). Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/11all-relnotes.html Important SUSE bug 1214790 SUSE bug 1216374 CVE-2023-22081 cpe:/o:opensuse:leap:15.4 Security update for nghttp2 (Important) openSUSE Leap 15.4 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) Important SUSE bug 1216123 SUSE bug 1216174 CVE-2023-44487 cpe:/o:opensuse:leap:15.4 Security update for jetty-minimal (Important) openSUSE Leap 15.4 This update for jetty-minimal fixes the following issues: - Updated to version 9.4.53.v20231009: - CVE-2023-44487: Fixed a potential denial of service scenario via RST frame floods (bsc#1216169). - CVE-2023-36478: Fixed an integer overflow in the HTTP/2 HPACK decoder (bsc#1216162). - CVE-2023-40167: Fixed a permissive HTTP header parsing issue that could potentially lead to HTTP smuggling attacks (bsc#1215417). - CVE-2023-36479: Fixed an incorrect command execution when sending requests with certain characters in requested filenames (bsc#1215415). - CVE-2023-41900: Fixed an issue where an invalidated session would be allowed to perform a single request (bsc#1215416). Important SUSE bug 1215415 SUSE bug 1215416 SUSE bug 1215417 SUSE bug 1216162 SUSE bug 1216169 CVE-2023-36478 CVE-2023-36479 CVE-2023-40167 CVE-2023-41900 CVE-2023-44487 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: - Updated to version 115.4.0 ESR (bsc#1216338): - CVE-2023-5721: Fixed a potential clickjack via queued up rendering. - CVE-2023-5722: Fixed a cross-Origin size and header leakage. - CVE-2023-5723: Fixed unexpected errors when handling invalid cookie characters. - CVE-2023-5724: Fixed a crash due to a large WebGL draw. - CVE-2023-5725: Fixed an issue where WebExtensions could open arbitrary URLs. - CVE-2023-5726: Fixed an issue where fullscreen notifications would be obscured by file the open dialog on macOS. - CVE-2023-5727: Fixed a download protection bypass on on Windows. - CVE-2023-5728: Fixed a crash caused by improper object tracking during GC in the JavaScript engine. - CVE-2023-5729: Fixed an issue where fullscreen notifications would be obscured by WebAuthn prompts. - CVE-2023-5730: Fixed multiple memory safety issues. - CVE-2023-5731: Fixed multiple memory safety issues. Important SUSE bug 1216338 CVE-2023-5721 CVE-2023-5722 CVE-2023-5723 CVE-2023-5724 CVE-2023-5725 CVE-2023-5726 CVE-2023-5727 CVE-2023-5728 CVE-2023-5729 CVE-2023-5730 CVE-2023-5731 cpe:/o:opensuse:leap:15.4 Security update for zlib (Moderate) openSUSE Leap 15.4 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). Moderate SUSE bug 1216378 CVE-2023-45853 cpe:/o:opensuse:leap:15.4 Security update for python (Moderate) openSUSE Leap 15.4 This update for python fixes the following issues: - CVE-2022-48566: Fixed a potential timing side channel due to inadequate checking during HMAC comparison (bsc#1214691). Moderate SUSE bug 1210638 SUSE bug 1214685 SUSE bug 1214691 CVE-2022-48565 CVE-2022-48566 CVE-2023-27043 cpe:/o:opensuse:leap:15.4 Security update for libnbd (Moderate) openSUSE Leap 15.4 This update for libnbd fixes the following issues: - Updated to version 1.18.1 - Updated to version 1.18.0: - CVE-2023-5215: Fixed an issue where an NBD server returning an unexpected block size might crash an application (bsc#1215799). Moderate SUSE bug 1215799 CVE-2023-5215 cpe:/o:opensuse:leap:15.4 Security update for zchunk (Important) openSUSE Leap 15.4 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) Important SUSE bug 1216268 CVE-2023-46228 cpe:/o:opensuse:leap:15.4 Security update for open-vm-tools (Important) openSUSE Leap 15.4 This update for open-vm-tools fixes the following issues: - CVE-2023-34058: Fixed a SAML token signature bypass issue (bsc#1216432). - CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid-wrapper (bsc#1216433). Important SUSE bug 1216432 SUSE bug 1216433 CVE-2023-34058 CVE-2023-34059 cpe:/o:opensuse:leap:15.4 Security update for aws-efs-utils (Moderate) openSUSE Leap 15.4 This update for aws-efs-utils fixes the following issues: - Updated to version 1.34.5: - CVE-2022-46174: Fixed a race condition when mounting filesystems using TLS, which could result in various failures (bsc#1206737). Moderate SUSE bug 1191055 SUSE bug 1206737 CVE-2022-46174 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Important) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982). - CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983). Important SUSE bug 1207982 SUSE bug 1207983 CVE-2022-44267 CVE-2022-44268 cpe:/o:opensuse:leap:15.4 Security update for vorbis-tools (Important) openSUSE Leap 15.4 This update for vorbis-tools fixes the following issues: - CVE-2023-43361: Fixed a buffer overflow vulnerability during the conversion of wav files to ogg files. (bsc#1215942) Important SUSE bug 1215942 CVE-2023-43361 cpe:/o:opensuse:leap:15.4 Security update for bind (Important) openSUSE Leap 15.4 This update for bind fixes the following issues: - CVE-2022-3094: Fixed memory exhaustion due to UPDATE message flooding (bsc#1207471). Important SUSE bug 1207471 CVE-2022-3094 cpe:/o:opensuse:leap:15.4 Security update for poppler (Moderate) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2019-9545: Fixed an uncontrolled recursion issue that could cause a crash (bsc#1128114). - CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726). Moderate SUSE bug 1128114 SUSE bug 1214726 CVE-2019-9545 CVE-2022-37052 cpe:/o:opensuse:leap:15.4 Security update for ImageMagick (Important) openSUSE Leap 15.4 This update for ImageMagick fixes the following issues: - CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982). - CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983). Important SUSE bug 1207982 SUSE bug 1207983 CVE-2022-44267 CVE-2022-44268 cpe:/o:opensuse:leap:15.4 Security update for python-Werkzeug (Important) openSUSE Leap 15.4 This update for python-Werkzeug fixes the following issues: - CVE-2023-46136: Fixed a potential denial of service via large multipart file uploads (bsc#1216581). Important SUSE bug 1216581 CVE-2023-46136 cpe:/o:opensuse:leap:15.4 Security update for java-17-openjdk (Important) openSUSE Leap 15.4 This update for java-17-openjdk fixes the following issues: - Updated to JDK 17.0.9+9 (October 2023 CPU): - CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS (bsc#1216374). - CVE-2023-22025: Fixed a memory corruption issue in applications using AVX-512 (bsc#1216339). Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/17all-relnotes.html Important SUSE bug 1214790 SUSE bug 1216339 SUSE bug 1216374 CVE-2023-22025 CVE-2023-22081 cpe:/o:opensuse:leap:15.4 Security update for curl (Important) openSUSE Leap 15.4 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). Important SUSE bug 1207990 SUSE bug 1207991 SUSE bug 1207992 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 cpe:/o:opensuse:leap:15.4 Security update for redis (Important) openSUSE Leap 15.4 This update for redis fixes the following issues: - CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation (bsc#1216376). Important SUSE bug 1216376 CVE-2023-45145 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261). - CVE-2023-5380: Fixed a memory safety issue that could be triggered when using multiple protocol screens (bsc#1216133). - CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135). Important SUSE bug 1216133 SUSE bug 1216135 SUSE bug 1216261 CVE-2023-5367 CVE-2023-5380 CVE-2023-5574 cpe:/o:opensuse:leap:15.4 Security update for xwayland (Important) openSUSE Leap 15.4 This update for xwayland fixes the following issues: - CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261). - CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135). Important SUSE bug 1216135 SUSE bug 1216261 CVE-2023-5367 CVE-2023-5574 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 ships missing Lang packages to SUSE Linux Enterprise 15 SP4 and SP5. Security fixes: - CVE-2023-41993: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215661). - CVE-2023-39928: Fixed a use-after-free that could be exploited to execute arbitrary code when visiting a malicious webpage (bsc#1215868). - CVE-2023-41074: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215870). Other fixes: - Fixed missing package dependencies (bsc#1215072). Important SUSE bug 1214093 SUSE bug 1214640 SUSE bug 1214835 SUSE bug 1215072 SUSE bug 1215661 SUSE bug 1215866 SUSE bug 1215867 SUSE bug 1215868 SUSE bug 1215869 SUSE bug 1215870 SUSE bug 1216483 CVE-2023-35074 CVE-2023-39434 CVE-2023-39928 CVE-2023-40451 CVE-2023-41074 CVE-2023-41993 cpe:/o:opensuse:leap:15.4 Security update for nodejs10 (Important) openSUSE Leap 15.4 This update for nodejs10 fixes the following issues: - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) Important SUSE bug 1216190 CVE-2023-44487 cpe:/o:opensuse:leap:15.4 Security update for git (Important) openSUSE Leap 15.4 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). Important SUSE bug 1208027 SUSE bug 1208028 CVE-2023-22490 CVE-2023-23946 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: - Updated to version 115.4.1: - CVE-2023-5721: Fixed a potential clickjack via queued up rendering. - CVE-2023-5732: Fixed an address bar spoofing via bidirectional characters - CVE-2023-5724: Fixed a crash due to a large WebGL draw. - CVE-2023-5725: Fixed an issue where WebExtensions could open arbitrary URLs. - CVE-2023-5726: Fixed an issue where fullscreen notifications would be obscured by file the open dialog on macOS. - CVE-2023-5727: Fixed a download protection bypass on on Windows. - CVE-2023-5728: Fixed a crash caused by improper object tracking during GC in the JavaScript engine. - CVE-2023-5730: Fixed multiple memory safety issues. Important SUSE bug 1216338 CVE-2023-5721 CVE-2023-5724 CVE-2023-5725 CVE-2023-5726 CVE-2023-5727 CVE-2023-5728 CVE-2023-5730 CVE-2023-5732 cpe:/o:opensuse:leap:15.4 Security update for apache2-mod_security2 (Important) openSUSE Leap 15.4 This update for apache2-mod_security2 fixes the following issues: - CVE-2023-24021: Fixed FILES_TMP_CONTENT missing complete content (bsc#1207379). Important SUSE bug 1207379 CVE-2023-24021 cpe:/o:opensuse:leap:15.4 Security update for slurm (Important) openSUSE Leap 15.4 This update for slurm fixes the following issues: - CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) Important SUSE bug 1208810 SUSE bug 1216207 CVE-2023-41914 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050). - CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258). - CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701). The following non-security bugs were fixed: - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: PRM: Check whether EFI runtime is available (git-fixes). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). - ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). - ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - ARM: imx: add missing of_node_put() (git-fixes). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). - Documentation: Remove bogus claim about del_timer_sync() (git-fixes). - HID: betop: check shape of output reports (git-fixes). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes). - HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). - HID: playstation: sanity check DualSense calibration data (git-fixes). - HID: revert CHERRY_MOUSE_000C quirk (git-fixes). - IB/hfi1: Fix expected receive setup error exit issues (git-fixes) - IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) - IB/hfi1: Reject a zero-length user expected buffer (git-fixes) - IB/hfi1: Remove user expected buffer invalidate race (git-fixes) - IB/hfi1: Reserve user expected TIDs (git-fixes) - IB/mad: Do not call to function that might sleep while in atomic context (git-fixes). - KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). - PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - RDMA/core: Fix ib block iterator counter overflow (git-fixes) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - RDMA/rxe: Prevent faulty rkey generation (git-fixes) - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - Revert 'ARM: dts: armada-38x: Fix compatible string for gpios' (git-fixes). - Revert 'ARM: dts: armada-39x: Fix compatible string for gpios' (git-fixes). - Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes). - Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes). - Revert 'arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0' (git-fixes). - Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - USB: gadget: Fix use-after-free during usb config switch (git-fixes). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - USB: serial: option: add Quectel EC200U modem (git-fixes). - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - USB: serial: option: add Quectel EM05CN modem (git-fixes). - VMCI: Use threaded irqs instead of tasklets (git-fixes). - arm64: atomics: format whitespace consistently (git-fixes). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: check minor range in device_add_disk() (git-fixes). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - bnxt_en: add dynamic debug support for HWRM messages (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - bnxt_en: fix the handling of PCIE-AER (git-fixes). - bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). - btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). - btrfs: avoid inode logging during rename and link when possible (bsc#1207263). - btrfs: avoid logging all directory changes during renames (bsc#1207263). - btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363). - btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263). - btrfs: fix assertion failure when logging directory key range item (bsc#1207263). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: join running log transaction when logging new name (bsc#1207263). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). - btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). - btrfs: put initial index value of a directory in a constant (bsc#1207263). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). - btrfs: remove useless path release in the fast fsync path (bsc#1207263). - btrfs: remove write and wait of struct walk_control (bsc#1207263). - btrfs: stop copying old dir items when logging a directory (bsc#1207263). - btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). - btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). - btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not query ifaces on smb1 mounts (git-fixes). - cifs: don't take exclusive lock for updating target hints (bsc#1193629). - cifs: fix double free on failed kerberos auth (git-fixes). - cifs: fix file info setting in cifs_open_file() (git-fixes). - cifs: fix file info setting in cifs_query_path_info() (git-fixes). - cifs: fix potential deadlock in cache_refresh_path() (git-fixes). - cifs: fix potential memory leaks in session setup (bsc#1193629). - cifs: fix race in assemble_neg_contexts() (bsc#1193629). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). - cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove redundant assignment to the variable match (bsc#1193629). - cifs: remove unused function (bsc#1193629). - comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). - config: arm64: Fix Freescale LPUART dependency (boo#1204063). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: lgm: Move DT parsing after initialization (git-fixes). - dmaengine: tegra210-adma: fix global intr clear (git-fixes). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). - docs: Fix the docs build with Sphinx 6.0 (git-fixes). - driver core: Fix test_async_probe_init saves device in wrong array (git-fixes). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/gt: Reset twice (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes). - dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). - ext4: Fixup pages without buffers (bsc#1205495). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fs: remove __sync_filesystem (git-fixes). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - git_sort: add usb-linus branch for gregkh/usb - gsmi: fix null-deref in gsmi_get_variable (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes). - i40e: Fix error handling in i40e_init_module() (git-fixes). - i40e: Fix not setting default xps_cpus after reset (git-fixes). - igb: Allocate MSI-X vector when testing (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes). - ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes). - jbd2: use the correct print format (git-fixes). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kabi/severities: add mlx5 internal symbols - l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes). - memory: tegra: Remove clients SID override programming (git-fixes). - misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes). - misc: fastrpc: Fix use-after-free race condition for maps (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010). - mm: compaction: support triggering of proactive compaction by user (bsc#1207010). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes). - net: ena: Fix error handling in ena_init() (git-fixes). - net: liquidio: release resources when liquidio driver open failed (git-fixes). - net: liquidio: simplify if expression (git-fixes). - net: macvlan: Use built-in RCU list checking (git-fixes). - net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes). - net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes). - net: nfc: Fix use-after-free in local_cleanup() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: tun: Fix memory leaks of napi_get_frags (git-fixes). - net: tun: Fix use-after-free in tun_detach() (git-fixes). - net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: sr9700: Handle negative len (git-fixes). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682). - octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes). - octeontx2-pf: Add check for devm_kcalloc (git-fixes). - octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - phy: Revert 'phy: qualcomm: usb28nm: Add MDM9607 init sequence' (git-fixes). - phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (git-fixes). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes). - phy: ti: fix Kconfig warning and operator precedence (git-fixes). - pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes). - pinctrl: rockchip: fix mux route data for rk3568 (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - regulator: da9211: Use irq handler when ready (git-fixes). - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - s390/qeth: fix various format strings (git-fixes). - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: efct: Fix possible memleak in efct_device_init() (git-fixes). - scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: atmel: fix incorrect baudrate setup (git-fixes). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes). - sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: vchiq_arm: fix enum vchiq_status return types (git-fixes). - swim3: add missing major.h include (git-fixes). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes). - thunderbolt: Do not report errors if on-board retimers are found (git-fixes). - thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation. - tick/sched: Fix non-kernel-doc comment (git-fixes). - tomoyo: fix broken dependency on *.conf.default (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: fotg210-udc: Fix ages old endianness issues (git-fixes). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes). - usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes). - usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes). - usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes). - usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes). - usb: host: ehci-fsl: Fix module alias (git-fixes). - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: correctly enable callback during start_xmit (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - w1: fix WARNING after calling w1_process() (git-fixes). - w1: fix deadloop in __w1_remove_master_device() (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes). - wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: initialize the check_owner object fully (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - zram: Delete patch for regression addressed (bsc#1207933). - zram: do not lookup algorithm in backends table (git-fixes). Important SUSE bug 1065729 SUSE bug 1185861 SUSE bug 1185863 SUSE bug 1186449 SUSE bug 1191256 SUSE bug 1192868 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1195175 SUSE bug 1195655 SUSE bug 1196058 SUSE bug 1199701 SUSE bug 1204063 SUSE bug 1204356 SUSE bug 1204662 SUSE bug 1205495 SUSE bug 1206006 SUSE bug 1206036 SUSE bug 1206056 SUSE bug 1206057 SUSE bug 1206258 SUSE bug 1206363 SUSE bug 1206459 SUSE bug 1206616 SUSE bug 1206677 SUSE bug 1206784 SUSE bug 1207010 SUSE bug 1207034 SUSE bug 1207036 SUSE bug 1207050 SUSE bug 1207125 SUSE bug 1207134 SUSE bug 1207149 SUSE bug 1207158 SUSE bug 1207184 SUSE bug 1207186 SUSE bug 1207190 SUSE bug 1207237 SUSE bug 1207263 SUSE bug 1207269 SUSE bug 1207497 SUSE bug 1207500 SUSE bug 1207501 SUSE bug 1207506 SUSE bug 1207507 SUSE bug 1207734 SUSE bug 1207769 SUSE bug 1207795 SUSE bug 1207842 SUSE bug 1207878 SUSE bug 1207933 CVE-2020-24588 CVE-2022-4382 CVE-2022-47929 CVE-2023-0122 CVE-2023-0179 CVE-2023-0266 CVE-2023-0590 CVE-2023-23454 CVE-2023-23455 cpe:/o:opensuse:leap:15.4 Security update for libsndfile (Important) openSUSE Leap 15.4 This update for libsndfile fixes the following issues: - CVE-2022-33065: Fixed an integer overflow that could cause memory safety issues when reading a MAT4 file (bsc#1213451). Important SUSE bug 1213451 CVE-2022-33065 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261). - CVE-2023-5380: Fixed a memory safety issue that could be triggered when using multiple protocol screens (bsc#1216133). - CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135). Important SUSE bug 1216133 SUSE bug 1216135 SUSE bug 1216261 CVE-2023-5367 CVE-2023-5380 CVE-2023-5574 cpe:/o:opensuse:leap:15.4 Security update for mozilla-nss (Important) openSUSE Leap 15.4 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. Important SUSE bug 1208138 CVE-2023-0767 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-46813: Fixed an incorrect access checking in the VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses that could lead to arbitrary write access to kernel memory. (bsc#1212649) - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - quota: Fix slow quotaoff (bsc#1216621). - r8152: check budget for r8152_poll() (git-fixes). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past 'commit' (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update 'shortest_full' in polling (git-fixes). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the 'HWVers' register address (git-fixes). - usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - xen-netback: use default TX queue size for vifs (git-fixes). Important SUSE bug 1208788 SUSE bug 1210778 SUSE bug 1211307 SUSE bug 1212423 SUSE bug 1212649 SUSE bug 1213705 SUSE bug 1214842 SUSE bug 1215095 SUSE bug 1215104 SUSE bug 1215518 SUSE bug 1215745 SUSE bug 1215768 SUSE bug 1215860 SUSE bug 1215955 SUSE bug 1215986 SUSE bug 1216046 SUSE bug 1216051 SUSE bug 1216062 SUSE bug 1216345 SUSE bug 1216510 SUSE bug 1216511 SUSE bug 1216512 SUSE bug 1216621 CVE-2023-2163 CVE-2023-31085 CVE-2023-34324 CVE-2023-3777 CVE-2023-39189 CVE-2023-39193 CVE-2023-45862 CVE-2023-46813 CVE-2023-5178 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. - mkspec: Allow unsupported KMPs (bsc#1214386) - old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. Important SUSE bug 1208995 SUSE bug 1210169 SUSE bug 1210778 SUSE bug 1212703 SUSE bug 1214233 SUSE bug 1214380 SUSE bug 1214386 SUSE bug 1215115 SUSE bug 1215117 SUSE bug 1215221 SUSE bug 1215275 SUSE bug 1215299 SUSE bug 1215467 SUSE bug 1215745 SUSE bug 1215858 SUSE bug 1215860 SUSE bug 1215861 SUSE bug 1216046 SUSE bug 1216051 CVE-2020-36766 CVE-2023-1192 CVE-2023-1206 CVE-2023-1859 CVE-2023-31085 CVE-2023-34324 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-40283 CVE-2023-42754 CVE-2023-45862 CVE-2023-4622 CVE-2023-4623 CVE-2023-4881 CVE-2023-4921 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). The following non-security bugs were fixed: - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). Important SUSE bug 1210778 SUSE bug 1210853 SUSE bug 1212051 SUSE bug 1214842 SUSE bug 1215095 SUSE bug 1215467 SUSE bug 1215518 SUSE bug 1215745 SUSE bug 1215858 SUSE bug 1215860 SUSE bug 1215861 SUSE bug 1216046 SUSE bug 1216051 SUSE bug 1216134 CVE-2023-2163 CVE-2023-31085 CVE-2023-3111 CVE-2023-34324 CVE-2023-3777 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-42754 CVE-2023-45862 cpe:/o:opensuse:leap:15.4 Security update for java-17-openjdk (Moderate) openSUSE Leap 15.4 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.6.0+10: - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). Bugfixes: - Avoid calling C_GetInfo() too early, before cryptoki is initialized (bsc#1205916). Moderate SUSE bug 1205916 SUSE bug 1207246 SUSE bug 1207248 CVE-2023-21835 CVE-2023-21843 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649). - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) - CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - Fix metadata references - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (git-fixes). - Revert 'tty: n_gsm: fix UAF in gsm_cleanup_mux' (git-fixes). - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - quota: Fix slow quotaoff (bsc#1216621). - r8152: check budget for r8152_poll() (git-fixes). - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past 'commit' (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update 'shortest_full' in polling (git-fixes). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the 'HWVers' register address (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - xen-netback: use default TX queue size for vifs (git-fixes). Important SUSE bug 1211307 SUSE bug 1212423 SUSE bug 1213772 SUSE bug 1215955 SUSE bug 1216062 SUSE bug 1216512 CVE-2023-2163 CVE-2023-31085 CVE-2023-34324 CVE-2023-3777 CVE-2023-39189 CVE-2023-45862 CVE-2023-46813 CVE-2023-5178 cpe:/o:opensuse:leap:15.4 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important) openSUSE Leap 15.4 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: kubevirt is rebuilt against the current GO security release. - Set cache mode on hotplugged disks - Delete VMI prior to NFS server pod in tests Important cpe:/o:opensuse:leap:15.4 Security update for poppler (Moderate) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726). - CVE-2023-34872: Fixed a remote denial-of-service in Outline.cc (bsc#1213888). Moderate SUSE bug 1213888 SUSE bug 1214726 CVE-2022-37052 CVE-2023-34872 cpe:/o:opensuse:leap:15.4 Security update for apache-ivy (Important) openSUSE Leap 15.4 This update for apache-ivy fixes the following issues: - Upgrade to version 2.5.2 (bsc#1214422) - CVE-2022-46751: Fixed an XML External Entity Injections that could be exploited to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. (bsc#1214422) Important SUSE bug 1214422 CVE-2022-46751 cpe:/o:opensuse:leap:15.4 Security update for tiff (Moderate) openSUSE Leap 15.4 This update for tiff fixes the following issues: - CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589). - CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590). - CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273). - CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574). - CVE-2023-26966: Fixed an out of bounds read when transforming a little-endian file to a big-endian output (bsc#1212881) - CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files (bsc#1213274). - CVE-2023-2908: Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer (bsc#1212888). - CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an inaccessible path (bsc#1212535). - CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883). Moderate SUSE bug 1212535 SUSE bug 1212881 SUSE bug 1212883 SUSE bug 1212888 SUSE bug 1213273 SUSE bug 1213274 SUSE bug 1213589 SUSE bug 1213590 SUSE bug 1214574 CVE-2020-18768 CVE-2023-25433 CVE-2023-26966 CVE-2023-2908 CVE-2023-3316 CVE-2023-3576 CVE-2023-3618 CVE-2023-38288 CVE-2023-38289 cpe:/o:opensuse:leap:15.4 Security update for nodejs12 (Important) openSUSE Leap 15.4 This update for nodejs12 fixes the following issues: - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) - CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) Important SUSE bug 1216190 SUSE bug 1216272 CVE-2023-38552 CVE-2023-44487 cpe:/o:opensuse:leap:15.4 Security update for nodejs12 (Important) openSUSE Leap 15.4 This update for nodejs12 fixes the following issues: - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) - CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) Important SUSE bug 1216190 SUSE bug 1216272 CVE-2023-38552 CVE-2023-44487 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - r8152: check budget for r8152_poll() (git-fixes). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past 'commit' (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update 'shortest_full' in polling (git-fixes). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the 'HWVers' register address (git-fixes). - usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - xen-netback: use default TX queue size for vifs (git-fixes). Important SUSE bug 1208788 SUSE bug 1210778 SUSE bug 1211307 SUSE bug 1212423 SUSE bug 1212649 SUSE bug 1213705 SUSE bug 1213772 SUSE bug 1214842 SUSE bug 1215095 SUSE bug 1215104 SUSE bug 1215518 SUSE bug 1215955 SUSE bug 1215956 SUSE bug 1215957 SUSE bug 1215986 SUSE bug 1216062 SUSE bug 1216345 SUSE bug 1216510 SUSE bug 1216511 SUSE bug 1216512 SUSE bug 1216621 CVE-2023-2163 CVE-2023-31085 CVE-2023-34324 CVE-2023-3777 CVE-2023-39189 CVE-2023-39193 CVE-2023-5178 cpe:/o:opensuse:leap:15.4 Security update for squid (Important) openSUSE Leap 15.4 This update for squid fixes the following issues: - CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500). - CVE-2023-46847: Denial of Service in HTTP Digest Authentication (bsc#1216495). - CVE-2023-46724: Fix validation of certificates with CN=* (bsc#1216803). - CVE-2023-46848: Denial of Service in FTP (bsc#1216498). Important SUSE bug 1216495 SUSE bug 1216498 SUSE bug 1216500 SUSE bug 1216803 CVE-2023-46724 CVE-2023-46846 CVE-2023-46847 CVE-2023-46848 cpe:/o:opensuse:leap:15.4 Security update for salt (Important) openSUSE Leap 15.4 This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: - Fix optimization_order opt to prevent testsuite fails - Improve salt.utils.json.find_json to avoid fails (bsc#1213293) - Use salt-call from salt bundle with transactional_update - Only call native_str on curl_debug message in tornado when needed - Implement the calling for batch async from the salt CLI - Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) - Rename salt-tests to python3-salt-testsuite - Allow all primitive grain types for autosign_grains (bsc#1214477) Important SUSE bug 1213293 SUSE bug 1213518 SUSE bug 1214477 SUSE bug 1215157 CVE-2023-34049 cpe:/o:opensuse:leap:15.4 Security update for salt (Important) openSUSE Leap 15.4 This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: - Fix optimization_order opt to prevent testsuite fails - Improve salt.utils.json.find_json to avoid fails (bsc#1213293) - Use salt-call from salt bundle with transactional_update - Only call native_str on curl_debug message in tornado when needed - Implement the calling for batch async from the salt CLI - Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) - Rename salt-tests to python3-salt-testsuite - Allow all primitive grain types for autosign_grains (bsc#1214477) Important SUSE bug 1213293 SUSE bug 1213518 SUSE bug 1214477 SUSE bug 1215157 CVE-2023-34049 cpe:/o:opensuse:leap:15.4 Security update for clamav (Important) openSUSE Leap 15.4 This update for clamav fixes the following issues: - Updated to version 0.103.11: - CVE-2023-40477: Updated libclamunrar dependency to version 6.2.12 (bsc#1216625). Important SUSE bug 1216625 CVE-2023-40477 cpe:/o:opensuse:leap:15.4 Security update for containerized-data-importer (Important) openSUSE Leap 15.4 This update for containerized-data-importer fixes the following issue: - rebuild with current go compiler Important cpe:/o:opensuse:leap:15.4 Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Moderate) openSUSE Leap 15.4 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Security issues fixed: - CVE-2023-31022: Fixed NULL ptr deref in kernel module layer Changes in kernel-firmware-nvidia-gspx-G06: - update firmware to version 535.129.03 Changes in nvidia-open-driver-G06-signed: - Update to version 535.129.03 Moderate SUSE bug 1216826 CVE-2023-31022 cpe:/o:opensuse:leap:15.4 Security update for apache2 (Important) openSUSE Leap 15.4 This update for apache2 fixes the following issues: - CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: - Fixed the content type handling in mod_proxy_http2 (bsc#1214357). - Fixed a floating point exception crash (bsc#1207399). Important SUSE bug 1207399 SUSE bug 1214357 SUSE bug 1216424 CVE-2023-31122 cpe:/o:opensuse:leap:15.4 Security update for xterm (Low) openSUSE Leap 15.4 This update for xterm fixes the following issues: - CVE-2023-40359: Fixed reporting characterset names in ReGiS graphics mode. (bsc#1214282) Low SUSE bug 1214282 CVE-2023-40359 cpe:/o:opensuse:leap:15.4 Security update for w3m (Moderate) openSUSE Leap 15.4 This update for w3m fixes the following issues: - Update to version 0.5.3+git20230121 - CVE-2023-38252: Fixed an out-of-bounds write in function Strnew_size that allows attackers to cause a denial of service via a crafted HTML file. (bsc#1213324) - CVE-2023-38253: Fixed an out-of-bounds write in function growbuf_to_Str that allows attackers to cause a denial of service via a crafted HTML file. (bsc#1213323) Moderate SUSE bug 1213323 SUSE bug 1213324 CVE-2023-38252 CVE-2023-38253 cpe:/o:opensuse:leap:15.4 Security update for rubygem-actionpack-5_1 (Important) openSUSE Leap 15.4 This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2023-22795: Fixed ReDoS in Action Dispatch cache (bsc#1207451). - CVE-2023-22792: Fixed ReDoS in Action Dispatch cookies (bnc#1207455). Important SUSE bug 1207451 SUSE bug 1207455 CVE-2023-22792 CVE-2023-22795 cpe:/o:opensuse:leap:15.4 Security update for ucode-intel (Important) openSUSE Leap 15.4 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278) - CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) Important SUSE bug 1215278 CVE-2023-23583 cpe:/o:opensuse:leap:15.4 Security update for exfatprogs (Moderate) openSUSE Leap 15.4 This update for exfatprogs fixes the following issues: - CVE-2023-45897: Fixed out-of-bound memory issues in fsck (bsc#1216701). Moderate SUSE bug 1216701 CVE-2023-45897 cpe:/o:opensuse:leap:15.4 Security update for postgresql12 (Important) openSUSE Leap 15.4 This update for postgresql12 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) - Updated to 12.17: https://www.postgresql.org/docs/12/release-12-17.html - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Important SUSE bug 1216022 SUSE bug 1216734 SUSE bug 1216960 SUSE bug 1216961 SUSE bug 1216962 CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 cpe:/o:opensuse:leap:15.4 Security update for postgresql13 (Important) openSUSE Leap 15.4 This update for postgresql13 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) - Updated to 13.13: https://www.postgresql.org/docs/13/release-13-13.html - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Important SUSE bug 1216022 SUSE bug 1216734 SUSE bug 1216960 SUSE bug 1216961 SUSE bug 1216962 CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 cpe:/o:opensuse:leap:15.4 Security update for gcc13 (Important) openSUSE Leap 15.4 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. Important SUSE bug 1206480 SUSE bug 1206684 SUSE bug 1210557 SUSE bug 1211427 SUSE bug 1212101 SUSE bug 1213915 SUSE bug 1214052 SUSE bug 1214460 SUSE bug 1215427 SUSE bug 1216664 CVE-2023-4039 cpe:/o:opensuse:leap:15.4 Security update for libnbd (Moderate) openSUSE Leap 15.4 This update for libnbd fixes the following issues: - CVE-2023-5871: Fixed an assertion problem in ext-mode BLOCK_STATUS (bsc#1216769). Moderate SUSE bug 1216769 CVE-2023-5871 cpe:/o:opensuse:leap:15.4 Security update for libxml2 (Moderate) openSUSE Leap 15.4 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). Moderate SUSE bug 1216129 CVE-2023-45322 cpe:/o:opensuse:leap:15.4 Security update for python-Pillow (Important) openSUSE Leap 15.4 This update for python-Pillow fixes the following issues: - CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894). Important SUSE bug 1216894 CVE-2023-44271 cpe:/o:opensuse:leap:15.4 Security update for python-urllib3 (Moderate) openSUSE Leap 15.4 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). Moderate SUSE bug 1216377 CVE-2023-45803 cpe:/o:opensuse:leap:15.4 Security update for go1.21-openssl (Moderate) openSUSE Leap 15.4 This update for go1.21-openssl fixes the following issues: Update to version 1.21.4.1 cut from the go1.21-openssl-fips branch at the revision tagged go1.21.4-1-openssl-fips. * Update to go1.21.4 go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * spec: update unification rules * cmd/compile: internal compiler error: expected struct value to have type struct * cmd/link: split text sections for arm 32-bit * runtime: MADV_COLLAPSE causes production performance issues on Linux * go/types, x/tools/go/ssa: panic: type param without replacement encountered * cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64 * net/http: http2 page fails on firefox/safari if pushing resources Initial package go1.21-openssl version 1.21.3.1 cut from the go1.21-openssl-fips branch at the revision tagged go1.21.3-1-openssl-fips. (jsc#SLE-18320) * Go upstream merged branch dev.boringcrypto in go1.19+. * In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto. * In go1.x-openssl enable FIPS mode (or boring mode as the package is named) either via an environment variable GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode. * When the operating system is operating in FIPS mode, Go applications which import crypto/tls/fipsonly limit operations to the FIPS ciphersuite. * go1.x-openssl is delivered as two large patches to go1.x applying necessary modifications from the golang-fips/go GitHub project for the Go crypto library to use OpenSSL as the external cryptographic library in a FIPS compliant way. * go1.x-openssl modifies the crypto/* packages to use OpenSSL for cryptographic operations. * go1.x-openssl uses dlopen() to call into OpenSSL. * SUSE RPM packaging introduces a fourth version digit go1.x.y.z corresponding to the golang-fips/go patchset tagged revision. * Patchset improvements can be updated independently of upstream Go maintenance releases. Moderate SUSE bug 1212475 SUSE bug 1212667 SUSE bug 1212669 SUSE bug 1215084 SUSE bug 1215085 SUSE bug 1215086 SUSE bug 1215087 SUSE bug 1215090 SUSE bug 1215985 SUSE bug 1216109 SUSE bug 1216943 SUSE bug 1216944 CVE-2023-39318 CVE-2023-39319 CVE-2023-39320 CVE-2023-39321 CVE-2023-39322 CVE-2023-39323 CVE-2023-39325 CVE-2023-44487 CVE-2023-45283 CVE-2023-45284 cpe:/o:opensuse:leap:15.4 Security update for go1.20 (Moderate) openSUSE Leap 15.4 This update for go1.20 fixes the following issues: go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * cmd/link: split text sections for arm 32-bit * net/http: http2 page fails on firefox/safari if pushing resources Moderate SUSE bug 1206346 SUSE bug 1216943 SUSE bug 1216944 CVE-2023-45283 CVE-2023-45284 cpe:/o:opensuse:leap:15.4 Security update for go1.21 (Moderate) openSUSE Leap 15.4 This update for go1.21 fixes the following issues: go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * spec: update unification rules * cmd/compile: internal compiler error: expected struct value to have type struct * cmd/link: split text sections for arm 32-bit * runtime: MADV_COLLAPSE causes production performance issues on Linux * go/types, x/tools/go/ssa: panic: type param without replacement encountered * cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64 * net/http: http2 page fails on firefox/safari if pushing resources Moderate SUSE bug 1212475 SUSE bug 1216943 SUSE bug 1216944 CVE-2023-45283 CVE-2023-45284 cpe:/o:opensuse:leap:15.4 Security update for go1.20-openssl (Important) openSUSE Leap 15.4 This update for go1.20-openssl fixes the following issues: Update to version 1.20.11.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.11-1-openssl-fips. * Update to go1.20.11 go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * cmd/link: split text sections for arm 32-bit * net/http: http2 page fails on firefox/safari if pushing resources Update to version 1.20.10.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.10-1-openssl-fips. * Update to go1.20.10 go1.20.10 (released 2023-10-10) includes a security fix to the net/http package. * security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work (bsc#1216109) go1.20.9 (released 2023-10-05) includes one security fixes to the cmd/go package, as well as bug fixes to the go command and the linker. * security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build (bsc#1215985) * cmd/link: issues with Apple's new linker in Xcode 15 beta Important SUSE bug 1206346 SUSE bug 1215985 SUSE bug 1216109 SUSE bug 1216943 SUSE bug 1216944 CVE-2023-39323 CVE-2023-39325 CVE-2023-44487 CVE-2023-45283 CVE-2023-45284 cpe:/o:opensuse:leap:15.4 Security update for xen (Important) openSUSE Leap 15.4 This update for xen fixes the following issues: - CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). - CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). - CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). - Upstream bug fixes (bsc#1027519) Important SUSE bug 1027519 SUSE bug 1215145 SUSE bug 1215474 SUSE bug 1215746 SUSE bug 1215747 SUSE bug 1215748 SUSE bug 1216654 SUSE bug 1216807 CVE-2023-20588 CVE-2023-34322 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-46835 CVE-2023-46836 cpe:/o:opensuse:leap:15.4 Security update for postgresql14 (Important) openSUSE Leap 15.4 This update for postgresql14 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) - update to 14.10: https://www.postgresql.org/docs/14/release-14-10.html - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Important SUSE bug 1216022 SUSE bug 1216734 SUSE bug 1216960 SUSE bug 1216961 SUSE bug 1216962 CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 cpe:/o:opensuse:leap:15.4 Security update for frr (Moderate) openSUSE Leap 15.4 This update for frr fixes the following issues: - CVE-2023-46752: Fixed denial of service caused by mishandling malformed MP_REACH_NLRI data (bsc#1216627). - CVE-2023-46753: Fixed denial of service caused by crafted BGP UPDATE messages (bsc#1216626). Moderate SUSE bug 1216626 SUSE bug 1216627 CVE-2023-46752 CVE-2023-46753 cpe:/o:opensuse:leap:15.4 Security update for postgresql, postgresql15, postgresql16 (Important) openSUSE Leap 15.4 This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) Changes in postgresql16: - Upgrade to 16.1: * https://www.postgresql.org/about/news/2715 * https://www.postgresql.org/docs/16/release-16.html * https://www.postgresql.org/docs/16/release-16-1.html - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Changes in postgresql15: - Update to 15.5 https://www.postgresql.org/docs/15/release-15-5.html - The libs and mini package are now provided by postgresql16. - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Changes in postgresql: - Interlock version and release of all noarch packages except for the postgresql-docs. - bsc#1122892: Add a sysconfig variable for initdb. - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - bsc#1179231: Add an explanation for the /tmp -> /run/postgresql move and permission change. - Add postgresql-README as a separate source file. - bsc#1209208: Drop hard dependency on systemd - bsc#1206796: Refine the distinction of where to use sysusers and use bcond to have the expression only in one place. Important SUSE bug 1122892 SUSE bug 1179231 SUSE bug 1206796 SUSE bug 1209208 SUSE bug 1216022 SUSE bug 1216734 SUSE bug 1216960 SUSE bug 1216961 SUSE bug 1216962 CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 cpe:/o:opensuse:leap:15.4 Security update for libreoffice (Moderate) openSUSE Leap 15.4 This update for fixes the following issues: libreoffice was updated rom 7.5.4.1 to 7.6.2.1 (jsc#PED-6799, jsc#PED-6800): - For the highlights of changes of version 7.6 please consult the official release notes: * https://wiki.documentfoundation.org/ReleaseNotes/7.6 - You can check for each minor release notes here: * https://wiki.documentfoundation.org/Releases/7.6.2/RC1 * https://wiki.documentfoundation.org/Releases/7.6.1/RC2 * https://wiki.documentfoundation.org/Releases/7.6.1/RC1 * https://wiki.documentfoundation.org/Releases/7.6.0/RC3 * https://wiki.documentfoundation.org/Releases/7.6.0/RC2 * https://wiki.documentfoundation.org/Releases/7.6.0/RC1 - Security issues fixed: * CVE-2023-1183: Fixed arbitrary file write in LibreOffice Base (bsc#1212444, bsc#1209243) - Updated bundled dependencies: * boost version update from 1_80_0 to 1_82_0 * curl version update from 8.0.1 to 8.2.1 * icu4c-data version update from 72_1 to 73_2 * icu4c version update from 72_1 to 73_2 * pdfium version update from 5408 to 5778 * poppler version update from 22.12.0 to 23.06.0 * poppler-data version update from 0.4.11 to 0.4.12 * skia version from m103-b301ff025004c9cd82816c86c547588e6c24b466 to skia-m111-a31e897fb3dcbc96b2b40999751611d029bf5404 - New bundled dependencies: * graphite2-minimal-1.3.14.tgz * harfbuzz-8.0.0.tar.xz - New build dependencies: * frozen-devel * liborcus-0_18-0 * libixion * mdds-2_1 - New runtime dependencies: * `libreoffice-draw` requires `libreoffice-impress` (bsc#1215595) frozen was implemented: - New Libreoffice package dependency libixion was updated to version 0.18.1: - Updated to 0.18.1: * Fixed a 32-bit Linux build issue as discovered on Debian, due to a clash on two 32-bit unsigned integer types being used with std::variant. - Updated to 0.18.0: * Removed the formula_model_access interface from model_context, and switched to using model_context directly everywhere. * Revised formula_tokens_t type to remove use of std::unique_ptr for each formula_token instance. This should improve memory locality when iterating through an array of formula token values. A similar change has also been made to lexer_tokens_t and lexer_token types. * Added 41 built-in functions * Added support for multi-sheet references in Excel A1 and Excel R1C1 grammers. liborcus was updated to version 0.18.1: - Updated to 0.18.1: * sax parser: + added support for optionally skipping multiple BOM's in the beginning of XML stream. This affects all XML-based file format filters such as xls-xml (aka Excel 2003 XML). * xml-map: + fixed a bug where an XML document consisting of simple single-column records were not properly converted to sheet data * xls-xml: + fixed a bug where the filter would always pass border color even when it was not set * buildsystem: + added new configure switches --without-benchmark and --without-doc-example to optinally skip building of these two directories mdds-2_1 was implemented: - New Libreoffice package dependency Moderate SUSE bug 1209243 SUSE bug 1212444 SUSE bug 1215595 CVE-2023-1183 cpe:/o:opensuse:leap:15.4 Security update for postgresql12 (Important) openSUSE Leap 15.4 This update for postgresql12 fixes the following issues: Update to 12.14: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). Important SUSE bug 1208102 CVE-2022-41862 cpe:/o:opensuse:leap:15.4 Security update for ucode-intel (Important) openSUSE Leap 15.4 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20231114 release. (bsc#1215278) - CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) Important SUSE bug 1215278 CVE-2023-23583 cpe:/o:opensuse:leap:15.4 Security update for avahi (Moderate) openSUSE Leap 15.4 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). Moderate SUSE bug 1215947 SUSE bug 1216419 CVE-2023-38470 CVE-2023-38473 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-openjdk (Moderate) openSUSE Leap 15.4 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u392 (icedtea-3.29.0) October 2023 CPU: - CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379). - CVE-2023-22081: Fixed certificate path validation issue during client authentication (bsc#1216374). - CVE-2015-4000: Fixed Logjam issue in SLES12SP5 (bsc#1211968). Moderate SUSE bug 1211968 SUSE bug 1216374 SUSE bug 1216379 CVE-2015-4000 CVE-2023-22067 CVE-2023-22081 cpe:/o:opensuse:leap:15.4 Security update for apache2-mod_jk (Important) openSUSE Leap 15.4 This update for apache2-mod_jk fixes the following issues: Update to version 1.2.49: Apache * Retrieve default request id from mod_unique_id. It can also be taken from an arbitrary environment variable by configuring 'JkRequestIdIndicator'. * Don't delegate the generatation of the response body to httpd when the status code represents an error if the request used the HEAD method. * Only export the main module symbol. Visibility of module internal symbols led to crashes when conflicting with library symbols. Based on a patch provided by Josef Čejka. * Remove support for implicit mapping of requests to workers. All mappings must now be explicit. IIS * Set default request id as a GUID. It can also be taken from an arbitrary request header by configuring 'request_id_header'. * Fix non-empty check for the Translate header. Common * Fix compiler warning when initializing and copying fixed length strings. * Add a request id to mod_jk log lines. * Enable configure to find the correct sizes for pid_t and pthread_t when building on MacOS. * Fix Clang 15/16 compatability. Pull request #6 provided by Sam James. * Improve XSS hardening in status worker. * Add additional bounds and error checking when reading AJP messages. Docs * Remove support for the Netscape / Sun ONE / Oracle iPlanet Web Server as the product has been retired. * Remove links to the old JK2 documentation. The JK2 documentation is still available, it is just no longer linked from the current JK documentation. * Restructure subsections in changelog starting with version 1.2.45. Changes for 1.2.47 and 1.2.48 updates: * Add: Apache: Extend trace level logging of method entry/exit to aid debugging of request mapping issues. * Fix: Apache: Fix a bug in the normalization checks that prevented file based requests, such as SSI file includes, from being processed. * Fix: Apache: When using JkAutoAlias, ensure that files that include spaces in their name are accessible. * Update: Common: Update the documentation to reflect that the source code for the Apache Tomcat Connectors has moved from Subversion to Git. * Fix: Common: When using set_session_cookie, ensure that an updated session cookie is issued if the load-balancer has to failover to a different worker. * Update: Common: Update config.guess and config.sub from https://git.savannah.gnu.org/git/config.git. * Update: Common: Update release script for migration to git. Update to version 1.2.46 Fixes: * Apache: Fix regression in 1.2.44 which resulted in socket_connect_timeout to be interpreted in units of seconds instead of milliseconds on platforms that provide poll(). (rjung) * Security: CVE-2018-11759 Connector path traversal [bsc#1114612] Update to version 1.2.45 Fixes: * Correct regression in 1.2.44 that broke request handling for OPTIONS * requests. (rjung) * Improve path parameter parsing so that the session ID specified by the session_path worker property for load-balanced workers can be extracted from a path parameter in any segment of the URI, rather than only from the final segment. (markt) * Apache: Improve path parameter handling so that JkStripSession can remove session IDs that are specified on path parameters in any segment of the URI rather than only the final segment. (markt) * IIS: Improve path parameter handling so that strip_session can remove session IDs that are specified on path parameters in any segment of the URI rather than only the final segment. (markt) Updates: * Apache: Update the documentation to note additional limitations of the JkAutoAlias directive. (markt) Code: * Common: Optimize path parameter handling. (rjung) Update to version 1.2.44 Updates: * Remove the Novell Netware make files and Netware specific source code since there has not been a supported version of Netware available for over five years. (markt) * Apache: Update the documentation to use httpd 2.4.x style access control directives. (markt) * Update PCRE bundled with the ISAPI redirector to 8.42. (rjung) * Update config.guess and config.sub from https://git.savannah.gnu.org/git/config.git. (rjung) Fixes: * Common: Use Local, rather than Global, mutexs on Windows to better support multi-user environments. (markt) * Apache: Use poll rather than select to avoid the limitations of select triggering an httpd crash. Patch provided by Koen Wilde. (markt) * ISAPI: Remove the check that rejects requests that contain path segments that match WEB-INF or META-INF as it duplicates a check that Tomcat performs and, because ISAPI does not have visibility of the current context path, it is impossible to implement this check without valid requests being rejected. (markt) * Refactor normalisation of request URIs to a common location and align the normalisation implementation for mod_jk with that implemented by Tomcat. (markt) Add: * Clarify the behvaiour of lb workers when all ajp13 workers fail with particular reference to the role of the retries attribute. (markt) * Add the new load-balancer worker property lb_retries to improve the control over the number of retries. Based on a patch provided by Frederik Nosi. (markt) * Add a note to the documentation that the CollapseSlashes options are now effectively hard-coded to CollpaseSlashesAll due to the changes made to align normalization with that implemented in Tomcat. (markt) Important SUSE bug 1114612 CVE-2018-11759 cpe:/o:opensuse:leap:15.4 Security update for strongswan (Important) openSUSE Leap 15.4 This update for strongswan fixes the following issues: - CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). Important SUSE bug 1216901 CVE-2023-41913 cpe:/o:opensuse:leap:15.4 Security update for python3-setuptools (Moderate) openSUSE Leap 15.4 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). Moderate SUSE bug 1206667 CVE-2022-40897 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_0_0 (Important) openSUSE Leap 15.4 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). Important SUSE bug 1216922 CVE-2023-5678 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_1 (Important) openSUSE Leap 15.4 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). Important SUSE bug 1216922 CVE-2023-5678 cpe:/o:opensuse:leap:15.4 Security update for maven, maven-resolver, sbt, xmvn (Moderate) openSUSE Leap 15.4 This update for maven, maven-resolver, sbt, xmvn fixes the following issues: - CVE-2023-46122: Fixed an arbitrary file write when extracting a crafted zip file with sbt (bsc#1216529). - Upgraded maven to version 3.9.4 - Upgraded maven-resolver to version 1.9.15. Moderate SUSE bug 1162112 SUSE bug 1216529 CVE-2023-46122 cpe:/o:opensuse:leap:15.4 Security update for python-Pillow (Important) openSUSE Leap 15.4 This update for python-Pillow fixes the following issues: - CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894). Important SUSE bug 1216894 CVE-2023-44271 cpe:/o:opensuse:leap:15.4 Security update for libxml2 (Moderate) openSUSE Leap 15.4 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). Moderate SUSE bug 1216129 CVE-2023-45322 cpe:/o:opensuse:leap:15.4 Security update for squid (Important) openSUSE Leap 15.4 This update for squid fixes the following issues: - CVE-2023-46728: Remove gopher support (bsc#1216926). - Fixed overread in HTTP request header parsing (bsc#1217274). Important SUSE bug 1216926 SUSE bug 1217274 CVE-2023-46728 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry (bsc#1217230) * Fixed: Various security fixes and other quality improvements. MFSA 2023-46 (bsc#1216338) * CVE-2023-5721: Queued up rendering could have allowed websites to clickjack * CVE-2023-5732: Address bar spoofing via bidirectional characters * CVE-2023-5724: Large WebGL draw could have led to a crash * CVE-2023-5725: WebExtensions could open arbitrary URLs * CVE-2023-5726: Full screen notification obscured by file open dialog on macOS * CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 Important SUSE bug 1216338 SUSE bug 1217230 CVE-2023-5721 CVE-2023-5724 CVE-2023-5725 CVE-2023-5726 CVE-2023-5727 CVE-2023-5728 CVE-2023-5730 CVE-2023-5732 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.42.2 (bsc#1217210): - CVE-2023-41983: Processing web content may lead to a denial-of-service. - CVE-2023-42852: Processing web content may lead to arbitrary code execution. Already previously fixed: - CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing (fixed already in 2.38.4). - CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode (fixed already in 2.38.0). - CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). - CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). - CVE-2023-32359: A user’s password may be read aloud by a text-to-speech accessibility feature (fixed already in 2.42.0). Important SUSE bug 1217210 CVE-2022-32919 CVE-2022-32933 CVE-2022-46705 CVE-2022-46725 CVE-2023-32359 CVE-2023-41983 CVE-2023-42852 cpe:/o:opensuse:leap:15.4 Security update for poppler (Moderate) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2019-9545: Fixed an uncontrolled recursion issue that could cause a crash (bsc#1128114). - CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726). - CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph (bsc#1214256). Moderate SUSE bug 1128114 SUSE bug 1214256 SUSE bug 1214726 CVE-2019-9545 CVE-2020-36023 CVE-2022-37052 cpe:/o:opensuse:leap:15.4 Security update for slurm_23_02 (Important) openSUSE Leap 15.4 This update for slurm_23_02 fixes the following issues: - CVE-2023-41914: Fixed a filesystem handling race conditions that could have led to an attacker taking control of an arbitrary file, or removing entire directoy contents (bsc#1216207). Bug fixes: - Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). Important SUSE bug 1216207 SUSE bug 1216869 CVE-2023-41914 cpe:/o:opensuse:leap:15.4 Security update for openvswitch (Important) openSUSE Leap 15.4 This update for openvswitch fixes the following issues: - CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). Important SUSE bug 1216002 CVE-2023-5366 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.4 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 Fix Pack 15: * Oracle October 17 2023 CPU [bsc#1216640] Security fixes: - CVE-2023-22081: Fixed enhanced TLS connections (bsc#1216374) - CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379) - CVE-2023-22025: Fixed memory corruption issue on x86_64 with AVX-512 (bsc#1216339) - CVE-2023-5676: Fixed receiving a signal before initialization may lead to an infinite loop or unexpected crash (bsc#1217214) Bug fixes: - IBM Java idlj compiler switch definition because IBM java idlj seems to confuse char and wchar for typedef types (bsc#1204264). Important SUSE bug 1204264 SUSE bug 1216339 SUSE bug 1216374 SUSE bug 1216379 SUSE bug 1216640 SUSE bug 1217214 CVE-2023-22025 CVE-2023-22067 CVE-2023-22081 CVE-2023-5676 cpe:/o:opensuse:leap:15.4 Security update for openvswitch (Important) openSUSE Leap 15.4 This update for openvswitch fixes the following issues: - CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). Important SUSE bug 1216002 CVE-2023-5366 cpe:/o:opensuse:leap:15.4 Security update for xrdp (Moderate) openSUSE Leap 15.4 This update for xrdp fixes the following issues: - CVE-2023-42822: Fixed unchecked access to font glyph info (bsc#1215803). Moderate SUSE bug 1215803 CVE-2023-42822 cpe:/o:opensuse:leap:15.4 Security update for slurm_22_05 (Important) openSUSE Leap 15.4 This update for slurm_22_05 fixes the following issues: - CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents (bsc#1216207). Bug fixes: - Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). - Add missing Provides:, Conflicts: and Obsoletes: to slurm-cray, slurm-hdf5 and slurm-testsuite to avoid package conflicts (bsc#1208810). Important SUSE bug 1208810 SUSE bug 1216207 SUSE bug 1216869 CVE-2023-41914 cpe:/o:opensuse:leap:15.4 Security update for xerces-c (Important) openSUSE Leap 15.4 This update for xerces-c fixes the following issues: - CVE-2023-37536: Fixed an integer overflow that could have led to a out-of-bounds memory accesses (bsc#1216156). Important SUSE bug 1216156 CVE-2023-37536 cpe:/o:opensuse:leap:15.4 Security update for vim (Important) openSUSE Leap 15.4 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) Important SUSE bug 1215940 SUSE bug 1216001 SUSE bug 1216167 SUSE bug 1216696 CVE-2023-46246 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 115.5.0 MFSA 2023-52 (bsc#1217230) * CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205: Use-after-free in MessagePort::Entangled * CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208: Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209: Incorrect parsing of relative URLs starting with '///' * CVE-2023-6212: Memory safety bugs Important SUSE bug 1217230 CVE-2023-6204 CVE-2023-6205 CVE-2023-6206 CVE-2023-6207 CVE-2023-6208 CVE-2023-6209 CVE-2023-6212 cpe:/o:opensuse:leap:15.4 Security update for squashfs (Important) openSUSE Leap 15.4 This update for squashfs fixes the following issues: - CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380) - CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936) - CVE-2021-41072: Fixed an issue where an attacker might have been able to write a file outside the destination directory via a symlink (bsc#1190531). update to 4.6.1: * Race condition which can cause corruption of the 'fragment table' fixed. This is a regression introduced in August 2022, and it has been seen when tailend packing is used (-tailends option). * Fix build failure when the tools are being built without extended attribute (XATTRs) support. * Fix XATTR error message when an unrecognised prefix is found * Fix incorrect free of pointer when an unrecognised XATTR prefix is found. * Major improvements in extended attribute handling, pseudo file handling, and miscellaneous new options and improvements * Extended attribute handling improved in Mksquashfs and Sqfstar * New Pseudo file xattr definition to add extended attributes to files. * New xattrs-add Action to add extended attributes to files * Extended attribute handling improved in Unsquashfs * Other major improvements * Unsquashfs can now output Pseudo files to standard out. * Mksquashfs can now input Pseudo files from standard in. * Squashfs filesystems can now be converted (different block size compression etc) without unpacking to an intermediate filesystem or mounting, by piping the output of Unsquashfs to Mksquashfs. * Pseudo files are now supported by Sqfstar. * 'Non-anchored' excludes are now supported by Unsquashfs. update to 4.5.1 (bsc#1190531, CVE-2021-41072): * This release adds Manpages for Mksquashfs(1), Unsquashfs(1), Sqfstar(1) and Sqfscat(1). * The -help text output from the utilities has been improved and extended as well (but the Manpages are now more comprehensive). * CVE-2021-41072 which is a writing outside of destination exploit, has been fixed. * The number of hard-links in the filesystem is now also displayed by Mksquashfs in the output summary. * The number of hard-links written by Unsquashfs is now also displayed in the output summary. * Unsquashfs will now write to a pre-existing destination directory, rather than aborting. * Unsquashfs now allows '.' to used as the destination, to extract to the current directory. * The Unsquashfs progress bar now tracks empty files and hardlinks, in addition to data blocks. * -no-hardlinks option has been implemented for Sqfstar. * More sanity checking for 'corrupted' filesystems, including checks for multiply linked directories and directory loops. * Options that may cause filesystems to be unmountable have been moved into a new 'experts' category in the Mksquashfs help text (and Manpage). * Maximum cpiostyle filename limited to PATH_MAX. This prevents attempts to overflow the stack, or cause system calls to fail with a too long pathname. * Don't always use 'max open file limit' when calculating length of queues, as a very large file limit can cause Unsquashfs to abort. Instead use the smaller of max open file limit and cache size. * Fix Mksquashfs silently ignoring Pseudo file definitions when appending. * Don't abort if no XATTR support has been built in, and there's XATTRs in the filesystem. This is a regression introduced in 2019 in Version 4.4. * Fix duplicate check when the last file block is sparse. update to 4.5: * Mksquashfs now supports 'Actions'. * New sqfstar command which will create a Squashfs image from a tar archive. * Tar style handling of source pathnames in Mksquashfs. * Cpio style handling of source pathnames in Mksquashfs. * New option to throttle the amount of CPU and I/O. * Mksquashfs now allows no source directory to be specified. * New Pseudo file 'R' definition which allows a Regular file o be created with data stored within the Pseudo file. * Symbolic links are now followed in extract files * Unsquashfs now supports 'exclude' files. * Max depth traversal option added. * Unsquashfs can now output a 'Pseudo file' representing the input Squashfs filesystem. * New -one-file-system option in Mksquashfs. * New -no-hardlinks option in Mksquashfs. * Exit code in Unsquashfs changed to distinguish between non-fatal errors (exit 2), and fatal errors (exit 1). * Xattr id count added in Unsquashfs '-stat' output. * Unsquashfs 'write outside directory' exploit fixed. * Error handling in Unsquashfs writer thread fixed. * Fix failure to truncate destination if appending aborted. * Prevent Mksquashfs reading the destination file. Important SUSE bug 1189936 SUSE bug 1190531 SUSE bug 935380 CVE-2015-4645 CVE-2015-4646 CVE-2021-40153 CVE-2021-41072 cpe:/o:opensuse:leap:15.4 Security update for python3-Twisted (Moderate) openSUSE Leap 15.4 This update for python3-Twisted fixes the following issues: - CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. (bsc#1216588) Moderate SUSE bug 1216588 CVE-2023-46137 cpe:/o:opensuse:leap:15.4 Security update for python-Twisted (Moderate) openSUSE Leap 15.4 This update for python-Twisted fixes the following issues: - CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. (bsc#1216588) Moderate SUSE bug 1216588 CVE-2023-46137 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR (bsc#1208144): - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. - CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. - CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus. - CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS. - CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey. - CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry. - CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers. - CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. - CVE-2023-25729: Fixed extensions opening external schemes without user knowledge. - CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream. - CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads. - CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey. - CVE-2023-25744: Fixed Memory safety bugs. - CVE-2023-25746: Fixed Memory safety bugs. Important SUSE bug 1208138 SUSE bug 1208144 CVE-2023-0767 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25734 CVE-2023-25735 CVE-2023-25737 CVE-2023-25738 CVE-2023-25739 CVE-2023-25742 CVE-2023-25743 CVE-2023-25744 CVE-2023-25746 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-openj9 (Moderate) openSUSE Leap 15.4 This update for java-1_8_0-openj9 fixes the following issues: Update to OpenJDK 8u392 build 08 with OpenJ9 0.41.0 virtual machine - CVE-2023-22067: Fixed an IOR deserialization issue in CORBA (bsc#1216379). - CVE-2023-22081: Fixed a certificate path validation issue during client authentication (bsc#1216374). - CVE-2023-5676: Fixed receiving a signal before initialization may lead to an infinite loop or unexpected crash (bsc#1217214). Moderate SUSE bug 1216374 SUSE bug 1216379 SUSE bug 1217214 CVE-2023-22067 CVE-2023-22081 CVE-2023-5676 cpe:/o:opensuse:leap:15.4 Security update for sqlite3 (Important) openSUSE Leap 15.4 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). Important SUSE bug 1210660 CVE-2023-2137 cpe:/o:opensuse:leap:15.4 Security update for traceroute (Moderate) openSUSE Leap 15.4 This update for traceroute fixes the following issues: - CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591). Moderate SUSE bug 1216591 CVE-2023-46316 cpe:/o:opensuse:leap:15.4 Security update for tar (Moderate) openSUSE Leap 15.4 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). Moderate SUSE bug 1202436 SUSE bug 1207753 CVE-2022-48303 cpe:/o:opensuse:leap:15.4 Security update for haproxy (Moderate) openSUSE Leap 15.4 This update for haproxy fixes the following issues: - CVE-2023-45539: Fixed misinterpretation of a path_end rule with # as part of the URI component (bsc#1217653). Moderate SUSE bug 1217653 CVE-2023-45539 cpe:/o:opensuse:leap:15.4 Security update for openssl-3 (Important) openSUSE Leap 15.4 This update for openssl-3 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). Bug fixes: - The default /etc/ssl/openssl3.cnf file will include any configuration files that other packages might place into /etc/ssl/engines3.d/ and /etc/ssl/engdef3.d/. - Create the two new necessary directores for the above. [bsc#1194187, bsc#1207472] Important SUSE bug 1194187 SUSE bug 1207472 SUSE bug 1216922 CVE-2023-5678 cpe:/o:opensuse:leap:15.4 Security update for prometheus-ha_cluster_exporter (Important) openSUSE Leap 15.4 This update for prometheus-ha_cluster_exporter fixes the following issues: Updated to version 1.3.1: - CVE-2022-46146: Fixed authentication bypass via cache poisoning in prometheus/exporter-toolkit (bsc#1208046, bsc#1208047). Important SUSE bug 1208046 SUSE bug 1208047 CVE-2022-46146 cpe:/o:opensuse:leap:15.4 Security update for curl (Moderate) openSUSE Leap 15.4 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). Moderate SUSE bug 1217573 SUSE bug 1217574 CVE-2023-46218 CVE-2023-46219 cpe:/o:opensuse:leap:15.4 Security update for openvswitch (Important) openSUSE Leap 15.4 This update for openvswitch fixes the following issues: - CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). Important SUSE bug 1216002 CVE-2023-5366 cpe:/o:opensuse:leap:15.4 Security update for kernel-firmware (Important) openSUSE Leap 15.4 This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 (bsc#1215831): - CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. - CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation. - CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service. 0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. - CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. - CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. - CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. - CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. - CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. - CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. - CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823). Important SUSE bug 1215823 SUSE bug 1215831 CVE-2021-26345 CVE-2021-46766 CVE-2021-46774 CVE-2022-23820 CVE-2022-23830 CVE-2023-20519 CVE-2023-20521 CVE-2023-20526 CVE-2023-20533 CVE-2023-20566 CVE-2023-20592 cpe:/o:opensuse:leap:15.4 Security update for openvswitch (Important) openSUSE Leap 15.4 This update for openvswitch fixes the following issues: - CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). Important SUSE bug 1216002 CVE-2023-5366 cpe:/o:opensuse:leap:15.4 Security update for suse-build-key (Important) openSUSE Leap 15.4 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Important SUSE bug 1216410 SUSE bug 1217215 cpe:/o:opensuse:leap:15.4 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important) openSUSE Leap 15.4 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: This update rebuilds containerized-data-importer and its containers against updated GO and updated base images. Important cpe:/o:opensuse:leap:15.4 Security update for poppler (Moderate) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2018-20662: PDFDoc setup in PDFDoc.cc allows attackers to cause DOS because of a wrong return value from PDFDoc:setup (bsc#1120956). Moderate SUSE bug 1120956 CVE-2018-20662 cpe:/o:opensuse:leap:15.4 Security update for gimp (Important) openSUSE Leap 15.4 This update for gimp fixes the following issues: - CVE-2023-44441: Fixed Heap-based Buffer Overflow in DDS (bsc#1217160). - CVE-2023-44442: Fixed Heap-based Buffer Overflow in PSD (bsc#1217161). - CVE-2023-44443: Fixed Integer Overflow in PSP (bsc#1217162). - CVE-2023-44444: Fixed Off-By-One om PSP (bsc#1217163). Important SUSE bug 1217160 SUSE bug 1217161 SUSE bug 1217162 SUSE bug 1217163 CVE-2023-44441 CVE-2023-44442 CVE-2023-44443 CVE-2023-44444 cpe:/o:opensuse:leap:15.4 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important) openSUSE Leap 15.4 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: Kubevirt is rebuilt against updated dependencies to fix security issues. Important cpe:/o:opensuse:leap:15.4 Security update for squid (Important) openSUSE Leap 15.4 This update for squid fixes the following issues: - CVE-2023-49285: Fixed buffer over read bug on HTTP Message processing flow (bsc#1217813) - CVE-2023-49286: Fixed Denial of Service vulnerability in helper process management (bsc#1217815) - Fix X-Forwarded-For Stack Overflow (bsc#1217654) Important SUSE bug 1217654 SUSE bug 1217813 SUSE bug 1217815 CVE-2023-49285 CVE-2023-49286 cpe:/o:opensuse:leap:15.4 Security update for clamav (Critical) openSUSE Leap 15.4 This update for clamav fixes the following issues: - CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363). - CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365). Critical SUSE bug 1208363 SUSE bug 1208365 CVE-2023-20032 CVE-2023-20052 cpe:/o:opensuse:leap:15.4 Security update for go1.20 (Important) openSUSE Leap 15.4 This update for go1.20 fixes the following issues: Update to go1.20.12: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). - CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). - cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents - cmd/go: TestScript/mod_get_direct fails with 'Filename too long' on Windows Important SUSE bug 1206346 SUSE bug 1216943 SUSE bug 1217833 SUSE bug 1217834 CVE-2023-39326 CVE-2023-45284 CVE-2023-45285 cpe:/o:opensuse:leap:15.4 Security update for go1.21 (Important) openSUSE Leap 15.4 This update for go1.21 fixes the following issues: Update to go1.21.5: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). - CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). - cmd/go: go mod download needs to support toolchain upgrades - cmd/compile: invalid pointer found on stack when compiled with -race - os: NTFS deduped file changed from regular to irregular - net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1 - cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents - syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms - runtime: self-deadlock on mheap_.lock - crypto/rand: Legacy RtlGenRandom use on Windows Important SUSE bug 1212475 SUSE bug 1216943 SUSE bug 1217833 SUSE bug 1217834 CVE-2023-39326 CVE-2023-45284 CVE-2023-45285 cpe:/o:opensuse:leap:15.4 Security update for hplip (Moderate) openSUSE Leap 15.4 This update for hplip fixes the following issues: - Fixed insecure /tmp file paths inside hppsfilter booklet printing (bsc#1214399) Moderate SUSE bug 1214399 cpe:/o:opensuse:leap:15.4 Security update for xerces-c (Important) openSUSE Leap 15.4 This update for xerces-c fixes the following issues: - CVE-2023-37536: Fixed an integer overflow that could have led to a out-of-bounds memory accesses (bsc#1216156). Important SUSE bug 1216156 CVE-2023-37536 cpe:/o:opensuse:leap:15.4 Security update for catatonit, containerd, runc (Important) openSUSE Leap 15.4 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 Important SUSE bug 1200528 CVE-2022-1996 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). - CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). The following non-security bugs were fixed: - ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes). - ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes). - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes). - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes). - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes). - ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes). - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes). - ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes). - ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes). - ALSA: info: Fix potential deadlock at disconnection (git-fixes). - ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes). - ASoC: ams-delta.c: use component after check (git-fixes). - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). - ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes). - ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes). - ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes). - ASoC: hdmi-codec: register hpd callback on component probe (git-fixes). - ASoC: rt5650: fix the wrong result of key button (git-fixes). - ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes). - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes). - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes). - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes). - Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes). - Disable Loongson drivers Loongson is a mips architecture, it does not make sense to build Loongson drivers on other architectures. - Documentation: networking: correct possessive 'its' (bsc#1215458). - Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes). - Ensure ia32_emulation is always enabled for kernel-obs-build If ia32_emulation is disabled by default, ensure it is enabled back for OBS kernel to allow building 32bit binaries (jsc#PED-3184) [ms: Always pass the parameter, no need to grep through the config which may not be very reliable] - Fix termination state for idr_for_each_entry_ul() (git-fixes). - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes). - HID: hyperv: Replace one-element array with flexible-array member (git-fixes). - HID: hyperv: avoid struct memcpy overrun warning (git-fixes). - HID: hyperv: remove unused struct synthhid_msg (git-fixes). - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). - HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes). - HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). - HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes). - HID: logitech-hidpp: Revert 'Do not restart communication if not necessary' (git-fixes). - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes). - Input: xpad - add VID for Turtle Beach controllers (git-fixes). - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes). - PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes). - PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458). - PCI: Extract ATS disabling to a helper function (bsc#1215458). - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes). - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes). - PCI: Use FIELD_GET() to extract Link Width (git-fixes). - PCI: exynos: Do not discard .remove() callback (git-fixes). - PCI: keystone: Do not discard .probe() callback (git-fixes). - PCI: keystone: Do not discard .remove() callback (git-fixes). - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes). - PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes). - PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes). - USB: dwc2: write HCINT with INTMASK applied (bsc#1214286). - USB: dwc3: qcom: fix ACPI platform device leak (git-fixes). - USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). - USB: dwc3: qcom: fix software node leak on probe errors (git-fixes). - USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes). - USB: serial: option: add Fibocom L7xx modules (git-fixes). - USB: serial: option: add Luat Air72*U series products (git-fixes). - USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes). - USB: serial: option: fix FM101R-GL defines (git-fixes). - USB: usbip: fix stub_dev hub disconnect (git-fixes). - arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). - arm64: Add Cortex-A520 CPU part definition (git-fixes) - arm64: allow kprobes on EL0 handlers (git-fixes) - arm64: armv8_deprecated move emulation functions (git-fixes) - arm64: armv8_deprecated: fix unused-function error (git-fixes) - arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) - arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) - arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) - arm64: consistently pass ESR_ELx to die() (git-fixes) - arm64: die(): pass 'err' as long (git-fixes) - arm64: factor insn read out of call_undef_hook() (git-fixes) - arm64: factor out EL1 SSBS emulation hook (git-fixes) - arm64: report EL1 UNDEFs better (git-fixes) - arm64: rework BTI exception handling (git-fixes) - arm64: rework EL0 MRS emulation (git-fixes) - arm64: rework FPAC exception handling (git-fixes) - arm64: split EL0/EL1 UNDEF handlers (git-fixes) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes). - atl1c: Work around the DMA RX overflow issue (git-fixes). - atm: iphase: Do PCI error checks on own line (git-fixes). - blk-mq: Do not clear driver tags own mapping (bsc#1217366). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). - bluetooth: Add device 0bda:887b to device tables (git-fixes). - bluetooth: Add device 13d3:3571 to device tables (git-fixes). - can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). - can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes). - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). - can: isotp: add local echo tx processing for consecutive frames (git-fixes). - can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes). - can: isotp: fix tx state handling for echo tx processing (git-fixes). - can: isotp: handle wait_event_interruptible() return values (git-fixes). - can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes). - can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes). - can: isotp: remove re-binding of bound socket (git-fixes). - can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes). - can: isotp: set max PDU size to 64 kByte (git-fixes). - can: isotp: split tx timer into transmission and timeout (git-fixes). - can: sja1000: Fix comment (git-fixes). - clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes). - clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes). - clk: imx: imx8mq: correct error handling path (git-fixes). - clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes). - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes). - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes). - clk: npcm7xx: Fix incorrect kfree (git-fixes). - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes). - clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes). - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes). - clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes). - clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes). - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). - clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes). - clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes). - clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes). - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes). - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes). - dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). - docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). - docs: net: reformat driver.rst from a list to sections (bsc#1215458). - docs: net: use C syntax highlight in driver.rst (bsc#1215458). - drm/amd/display: Avoid NULL dereference of timing generator (git-fixes). - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes). - drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). - drm/amd/display: use full update for clip size increase of large plane source (git-fixes). - drm/amd/pm: Handle non-terminated overdrive commands (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes). - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes). - drm/amdgpu: Fix potential null pointer derefernce (git-fixes). - drm/amdgpu: do not use ATRM for external devices (git-fixes). - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). - drm/amdgpu: fix software pci_unplug on some chips (git-fixes). - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes). - drm/amdkfd: Fix shift out-of-bounds issue (git-fixes). - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). - drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). - drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes). - drm/bridge: lt8912b: Fix bridge_detach (git-fixes). - drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes). - drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes). - drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). - drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes). - drm/bridge: tc358768: Fix bit updates (git-fixes). - drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes). - drm/gud: Use size_add() in call to struct_size() (git-fixes). - drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes). - drm/i915: Fix potential spectre vulnerability (git-fixes). - drm/komeda: drop all currently held locks if deadlock happens (git-fixes). - drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes). - drm/mediatek: Fix iommu fault during crtc enabling (git-fixes). - drm/mipi-dsi: Create devm device attachment (git-fixes). - drm/mipi-dsi: Create devm device registration (git-fixes). - drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes). - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes). - drm/panel: fix a possible null pointer dereference (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes). - drm/panel: st7703: Pick different reset sequence (git-fixes). - drm/qxl: prevent memory leak (git-fixes). - drm/radeon: possible buffer overflow (git-fixes). - drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes). - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes). - drm/rockchip: vop: Fix call to crtc reset helper (git-fixes). - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes). - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes). - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes). - drm/vc4: fix typo (git-fixes). - drm: vmwgfx_surface.c: copy user-array safely (git-fixes). - dt-bindings: usb: hcd: add missing phy name to example (git-fixes). - dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). - fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). - fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes). - fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes). - fbdev: imsttfb: fix a resource leak in probe (git-fixes). - fbdev: imsttfb: fix double free in probe() (git-fixes). - fbdev: omapfb: Drop unused remove function (git-fixes). - firewire: core: fix possible memory leak in create_units() (git-fixes). - firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes). - gpio: mockup: fix kerneldoc (git-fixes). - gpio: mockup: remove unused field (git-fixes). - hid: cp2112: Fix duplicate workqueue initialization (git-fixes). - hv: simplify sysctl registration (git-fixes). - hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes). - hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes). - hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). - hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes). - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes). - i2c: aspeed: Fix i2c bus hang in slave read (git-fixes). - i2c: core: Run atomic i2c xfer when !preemptible (git-fixes). - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes). - i2c: dev: copy userspace array safely (git-fixes). - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes). - i2c: iproc: handle invalid slave state (git-fixes). - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes). - i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes). - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes). - i3c: master: cdns: Fix reading status register (git-fixes). - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes). - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes). - i3c: master: svc: fix check wrong status register in irq handler (git-fixes). - i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). - i3c: master: svc: fix race condition in ibi work thread (git-fixes). - i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes). - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes). - i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes). - idpf: add RX splitq napi poll support (bsc#1215458). - idpf: add SRIOV support and other ndo_ops (bsc#1215458). - idpf: add TX splitq napi poll support (bsc#1215458). - idpf: add controlq init and reset checks (bsc#1215458). - idpf: add core init and interrupt request (bsc#1215458). - idpf: add create vport and netdev configuration (bsc#1215458). - idpf: add ethtool callbacks (bsc#1215458). - idpf: add module register and probe functionality (bsc#1215458). - idpf: add ptypes and MAC filter support (bsc#1215458). - idpf: add singleq start_xmit and napi poll (bsc#1215458). - idpf: add splitq start_xmit (bsc#1215458). - idpf: cancel mailbox work in error path (bsc#1215458). - idpf: configure resources for RX queues (bsc#1215458). - idpf: configure resources for TX queues (bsc#1215458). - idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). - idpf: initialize interrupts and enable vport (bsc#1215458). - idpf: set scheduling mode for completion queue (bsc#1215458). - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes). - iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes). - iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). - irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes). - kabi/severities: ignore kabi in rxrpc (bsc#1210447) The rxrpc module is built since SLE15-SP3 but it is not shipped as part of any SLE product, only in Leap (in kernel-*-optional). - kernel-binary: suse-module-tools is also required when installed Requires(pre) adds dependency for the specific sciptlet. However, suse-module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. Add plain Requires as well. - kernel-source: Move provides after sources - kernel/fork: beware of __put_task_struct() calling context (bsc#1189998 (PREEMPT_RT prerequisite backports)). - kernel/fork: beware of __put_task_struct() calling context (bsc#1216761). - leds: pwm: Do not disable the PWM when the LED should be off (git-fixes). - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes). - leds: turris-omnia: Do not use SMBUS calls (git-fixes). - lsm: fix default return value for inode_getsecctx (git-fixes). - lsm: fix default return value for vm_enough_memory (git-fixes). - media: bttv: fix use after free error due to btv->timeout timer (git-fixes). - media: ccs: Correctly initialise try compose rectangle (git-fixes). - media: ccs: Fix driver quirk struct documentation (git-fixes). - media: cedrus: Fix clock/reset sequence (git-fixes). - media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes). - media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). - media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes). - media: imon: fix access to invalid resource for the second interface (git-fixes). - media: lirc: drop trailing space from scancode transmit (git-fixes). - media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes). - media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes). - media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes). - media: qcom: camss: Fix vfe_get() error jump (git-fixes). - media: sharp: fix sharp encoding (git-fixes). - media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes). - media: venus: hfi: add checks to handle capabilities from firmware (git-fixes). - media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes). - media: venus: hfi: fix the check to handle session buffer requirement (git-fixes). - media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes). - media: vidtv: mux: Add check and kfree for kstrdup (git-fixes). - media: vidtv: psi: Add check for kstrdup (git-fixes). - media: vivid: avoid integer overflow (git-fixes). - mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes). - mfd: core: Ensure disabled devices are skipped without aborting (git-fixes). - mfd: dln2: Fix double put in dln2_probe (git-fixes). - misc: fastrpc: Clean buffers on remote invocation failures (git-fixes). - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes). - mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes). - mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes). - mmc: block: Do not lose cache flush during CQE error recovery (git-fixes). - mmc: block: Retry commands in CQE error recovery (git-fixes). - mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes). - mmc: cqhci: Increase recovery halt timeout (git-fixes). - mmc: cqhci: Warn of halt or task clear failure (git-fixes). - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes). - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes). - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes). - mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes). - mmc: vub300: fix an error code (git-fixes). - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes). - mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). - mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes). - mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes). - net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). - net: Avoid address overwrite in kernel_connect (bsc#1216861). - net: add macro netif_subqueue_completed_wake (bsc#1215458). - net: fix use-after-free in tw_timer_handler (bsc#1217195). - net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes). - net: mana: Fix return type of mana_start_xmit() (git-fixes). - net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). - net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). - net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes). - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes). - nvme: update firmware version after commit (bsc#1215292). - pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). - pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). - pinctrl: avoid reload of p state in list iteration (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes). - platform/x86: wmi: Fix opening of char device (git-fixes). - platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes). - platform/x86: wmi: remove unnecessary initializations (git-fixes). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). - pwm: Fix double shift bug (git-fixes). - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes). - pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes). - r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). - r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). - r8152: Check for unplug in rtl_phy_patch_request() (git-fixes). - r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). - r8152: Release firmware if we have an error in probe (git-fixes). - r8152: Run the unload routine if we have errors during probe (git-fixes). - regmap: Ensure range selector registers are updated after cache sync (git-fixes). - regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes). - regmap: prevent noinc writes from clobbering cache (git-fixes). - s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687). - s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). - s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086). - s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086). - s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086). - s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). - s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). - s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086). - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086). - s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599). - sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731). - scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731). - scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). - scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731). - scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). - scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731). - scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124). - scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731). - scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124). - scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). - scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). - scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731). - scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124). - scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). - scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes). - selftests/efivarfs: create-read: fix a resource leak (git-fixes). - selftests/pidfd: Fix ksft print formats (git-fixes). - selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes). - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes). - selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes). - seq_buf: fix a misleading comment (git-fixes). - serial: exar: Revert 'serial: exar: Add support for Sealevel 7xxxC serial cards' (git-fixes). - serial: meson: Use platform_get_irq() to get the interrupt (git-fixes). - soc: qcom: llcc: Handle a second device without data corruption (git-fixes). - spi: nxp-fspi: use the correct ioremap function (git-fixes). - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). - spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes). - staging: media: ipu3: remove ftrace-like logging (git-fixes). - string.h: add array-wrappers for (v)memdup_user() (git-fixes). - supported.conf: marked idpf supported - thermal: core: prevent potential string overflow (git-fixes). - treewide: Spelling fix in comment (git-fixes). - tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). - tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes). - tty: 8250: Add support for Brainboxes UP cards (git-fixes). - tty: 8250: Add support for Intashield IS-100 (git-fixes). - tty: 8250: Add support for Intashield IX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes PX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes UC cards (git-fixes). - tty: 8250: Fix port count of PX-257 (git-fixes). - tty: 8250: Fix up PX-803/PX-857 (git-fixes). - tty: 8250: Remove UC-257 and UC-431 (git-fixes). - tty: Fix uninit-value access in ppp_sync_receive() (git-fixes). - tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). - tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes). - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). - tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes). - usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes). - usb: chipidea: Fix DMA overwrite for Tegra (git-fixes). - usb: chipidea: Simplify Tegra DMA alignment code (git-fixes). - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes). - usb: dwc3: Fix default mode initialization (git-fixes). - usb: dwc3: set the dma max_seg_size (git-fixes). - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes). - usb: raw-gadget: properly handle interrupted requests (git-fixes). - usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (git-fixes). - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes). - usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes). - virtchnl: add virtchnl version 2 ops (bsc#1215458). - wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes). - wifi: ath10k: fix clang-specific fortify warning (git-fixes). - wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes). - wifi: ath11k: fix dfs radar event locking (git-fixes). - wifi: ath11k: fix htt pktlog locking (git-fixes). - wifi: ath11k: fix temperature event locking (git-fixes). - wifi: ath9k: fix clang-specific fortify warnings (git-fixes). - wifi: iwlwifi: Use FW rate for non-data frames (git-fixes). - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes). - wifi: iwlwifi: empty overflow queue during flush (git-fixes). - wifi: iwlwifi: honor the enable_ini value (git-fixes). - wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes). - wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes). - wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes). - wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). - wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes). - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes). - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes). - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes). - x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes). - x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes). - x86/hyperv: Make hv_get_nmi_reason public (git-fixes). - x86/hyperv: fix a warning in mshyperv.h (git-fixes). - x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes). - x86/sev: Fix calculation of end address based on number of pages (git-fixes). - x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: add attr state machine tracepoints (git-fixes). - xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). - xfs: constify btree function parameters that are not modified (git-fixes). - xfs: convert AGF log flags to unsigned (git-fixes). - xfs: convert AGI log flags to unsigned (git-fixes). - xfs: convert attr type flags to unsigned (git-fixes). - xfs: convert bmap extent type flags to unsigned (git-fixes). - xfs: convert bmapi flags to unsigned (git-fixes). - xfs: convert btree buffer log flags to unsigned (git-fixes). - xfs: convert buffer flags to unsigned (git-fixes). - xfs: convert buffer log item flags to unsigned (git-fixes). - xfs: convert da btree operations flags to unsigned (git-fixes). - xfs: convert dquot flags to unsigned (git-fixes). - xfs: convert inode lock flags to unsigned (git-fixes). - xfs: convert log item tracepoint flags to unsigned (git-fixes). - xfs: convert log ticket and iclog flags to unsigned (git-fixes). - xfs: convert quota options flags to unsigned (git-fixes). - xfs: convert scrub type flags to unsigned (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes). - xfs: make the key parameters to all btree key comparison functions const (git-fixes). - xfs: make the key parameters to all btree query range functions const (git-fixes). - xfs: make the keys and records passed to btree inorder functions const (git-fixes). - xfs: make the pointer passed to btree set_root functions const (git-fixes). - xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). - xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). - xfs: mark the record passed into btree init_key functions as const (git-fixes). - xfs: mark the record passed into xchk_btree functions as const (git-fixes). - xfs: remove xfs_btree_cur_t typedef (git-fixes). - xfs: rename i_disk_size fields in ftrace output (git-fixes). - xfs: resolve fork names in trace output (git-fixes). - xfs: standardize AG block number formatting in ftrace output (git-fixes). - xfs: standardize AG number formatting in ftrace output (git-fixes). - xfs: standardize daddr formatting in ftrace output (git-fixes). - xfs: standardize inode generation formatting in ftrace output (git-fixes). - xfs: standardize inode number formatting in ftrace output (git-fixes). - xfs: standardize remaining xfs_buf length tracepoints (git-fixes). - xfs: standardize rmap owner number formatting in ftrace output (git-fixes). - xhci: Enable RPM on controllers that support low-power states (git-fixes). - xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). Important SUSE bug 1084909 SUSE bug 1189998 SUSE bug 1210447 SUSE bug 1214286 SUSE bug 1214976 SUSE bug 1215124 SUSE bug 1215292 SUSE bug 1215420 SUSE bug 1215458 SUSE bug 1215710 SUSE bug 1216058 SUSE bug 1216105 SUSE bug 1216259 SUSE bug 1216584 SUSE bug 1216693 SUSE bug 1216759 SUSE bug 1216761 SUSE bug 1216844 SUSE bug 1216861 SUSE bug 1216909 SUSE bug 1216959 SUSE bug 1216965 SUSE bug 1216976 SUSE bug 1217036 SUSE bug 1217068 SUSE bug 1217086 SUSE bug 1217124 SUSE bug 1217140 SUSE bug 1217195 SUSE bug 1217200 SUSE bug 1217205 SUSE bug 1217332 SUSE bug 1217366 SUSE bug 1217515 SUSE bug 1217598 SUSE bug 1217599 SUSE bug 1217609 SUSE bug 1217687 SUSE bug 1217731 SUSE bug 1217780 CVE-2023-2006 CVE-2023-25775 CVE-2023-39197 CVE-2023-39198 CVE-2023-4244 CVE-2023-45863 CVE-2023-45871 CVE-2023-46862 CVE-2023-5158 CVE-2023-5717 CVE-2023-6039 CVE-2023-6176 cpe:/o:opensuse:leap:15.4 Security update for gnutls (Moderate) openSUSE Leap 15.4 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). - FIPS: Make the jitterentropy calls thread-safe (bsc#1208146). - FIPS: GnuTLS DH/ECDH PCT public key regeneration (bsc#1207183). Moderate SUSE bug 1207183 SUSE bug 1208143 SUSE bug 1208146 CVE-2023-0361 cpe:/o:opensuse:leap:15.4 Security update for php7 (Important) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958). - CVE-2023-0568: Fixed NULL byte off-by-one in php_check_specific_open_basedir (bnc#1208366). - CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body (bnc#1208367). - CVE-2023-0567: Fixed vulnerability where BCrypt hashes erroneously validate if the salt is cut short by `$` (bsc#1208388). Important SUSE bug 1206958 SUSE bug 1208366 SUSE bug 1208367 SUSE bug 1208388 CVE-2022-31631 CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). - CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). - CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). - CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). The following non-security bugs were fixed: - acpi: fpdt: properly handle invalid fpdt subtables (git-fixes). - acpi: resource: do irq override on tongfang gmxxgxx (git-fixes). - acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes). - acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes). - alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes). - alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes). - alsa: hda/realtek: add quirks for hp laptops (git-fixes). - alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes). - alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes). - alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes). - alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes). - alsa: hda: disable power-save on kontron singlepc (bsc#1217140). - alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes). - alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes). - alsa: info: fix potential deadlock at disconnection (git-fixes). - arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). - arm64: add cortex-a520 cpu part definition (git-fixes) - arm64: allow kprobes on el0 handlers (git-fixes) - arm64: armv8_deprecated move emulation functions (git-fixes) - arm64: armv8_deprecated: fix unused-function error (git-fixes) - arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) - arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) - arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) - arm64: consistently pass esr_elx to die() (git-fixes) - arm64: die(): pass 'err' as long (git-fixes) - arm64: factor insn read out of call_undef_hook() (git-fixes) - arm64: factor out el1 ssbs emulation hook (git-fixes) - arm64: report el1 undefs better (git-fixes) - arm64: rework bti exception handling (git-fixes) - arm64: rework el0 mrs emulation (git-fixes) - arm64: rework fpac exception handling (git-fixes) - arm64: split el0/el1 undef handlers (git-fixes) - arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). - asoc: ams-delta.c: use component after check (git-fixes). - asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). - asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes). - asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes). - asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes). - asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not described (git-fixes). - asoc: hdmi-codec: register hpd callback on component probe (git-fixes). - asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes). - asoc: rt5650: fix the wrong result of key button (git-fixes). - asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes). - asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes). - ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes). - atl1c: work around the dma rx overflow issue (git-fixes). - atm: iphase: do pci error checks on own line (git-fixes). - blk-mq: do not clear driver tags own mapping (bsc#1217366). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). - bluetooth: add device 0bda:887b to device tables (git-fixes). - bluetooth: add device 13d3:3571 to device tables (git-fixes). - bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes). - bluetooth: btusb: add date->evt_skb is null check (git-fixes). - bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git-fixes). - bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git-fixes). - can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). - can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes). - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). - can: isotp: add local echo tx processing for consecutive frames (git-fixes). - can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes). - can: isotp: fix tx state handling for echo tx processing (git-fixes). - can: isotp: handle wait_event_interruptible() return values (git-fixes). - can: isotp: isotp_bind(): return -einval on incorrect can id formatting (git-fixes). - can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git-fixes). - can: isotp: remove re-binding of bound socket (git-fixes). - can: isotp: sanitize can id checks in isotp_bind() (git-fixes). - can: isotp: set max pdu size to 64 kbyte (git-fixes). - can: isotp: split tx timer into transmission and timeout (git-fixes). - can: sja1000: fix comment (git-fixes). - clk: imx: imx8mq: correct error handling path (git-fixes). - clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes). - clk: imx: select mxc_clk for clk_imx8qxp (git-fixes). - clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes). - clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes). - clk: npcm7xx: fix incorrect kfree (git-fixes). - clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies (git-fixes). - clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes). - clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git-fixes). - clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git-fixes). - clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes). - clk: sanitize possible_parent_show to handle return value of of_clk_get_parent_name (git-fixes). - clk: scmi: free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). - clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes). - clk: ti: change ti_clk_register[_omap_hw]() api (git-fixes). - clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). - clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes). - crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes). - crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes). - crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes). - disable loongson drivers loongson is a mips architecture, it does not make sense to build loongson drivers on other architectures. - dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git-fixes). - dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git-fixes). - dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). - docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). - docs: net: reformat driver.rst from a list to sections (bsc#1215458). - docs: net: use c syntax highlight in driver.rst (bsc#1215458). - documentation: networking: correct possessive 'its' (bsc#1215458). - drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git-fixes). - drm/amd/display: avoid null dereference of timing generator (git-fixes). - drm/amd/display: change the dmcub mailbox memory location from fb to inbox (git-fixes). - drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). - drm/amd/display: use full update for clip size increase of large plane source (git-fixes). - drm/amd/pm: handle non-terminated overdrive commands (git-fixes). - drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git-fixes). - drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes). - drm/amdgpu: do not use atrm for external devices (git-fixes). - drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null (git-fixes). - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). - drm/amdgpu: fix potential null pointer derefernce (git-fixes). - drm/amdgpu: fix software pci_unplug on some chips (git-fixes). - drm/amdkfd: fix a race condition of vram buffer unref in svm code (git-fixes). - drm/amdkfd: fix shift out-of-bounds issue (git-fixes). - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). - drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). - drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes). - drm/bridge: lt8912b: fix bridge_detach (git-fixes). - drm/bridge: lt8912b: fix crash on bridge detach (git-fixes). - drm/bridge: lt8912b: manually disable hpd only if it was enabled (git-fixes). - drm/bridge: lt8912b: register and attach our dsi device at probe (git-fixes). - drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes). - drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). - drm/bridge: lt9611uxc: register and attach our dsi device at probe (git-fixes). - drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes). - drm/bridge: tc358768: disable non-continuous clock mode (git-fixes). - drm/bridge: tc358768: fix bit updates (git-fixes). - drm/bridge: tc358768: fix use of uninitialized variable (git-fixes). - drm/gud: use size_add() in call to struct_size() (git-fixes). - drm/i915/pmu: check if pmu is closed before stopping event (git-fixes). - drm/i915: fix potential spectre vulnerability (git-fixes). - drm/komeda: drop all currently held locks if deadlock happens (git-fixes). - drm/mediatek: fix iommu fault by swapping fbs after updating plane state (git-fixes). - drm/mediatek: fix iommu fault during crtc enabling (git-fixes). - drm/mipi-dsi: create devm device attachment (git-fixes). - drm/mipi-dsi: create devm device registration (git-fixes). - drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes). - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes). - drm/panel: fix a possible null pointer dereference (git-fixes). - drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes). - drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes). - drm/panel: st7703: pick different reset sequence (git-fixes). - drm/qxl: prevent memory leak (git-fixes). - drm/radeon: possible buffer overflow (git-fixes). - drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git-fixes). - drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git-fixes). - drm/rockchip: vop: fix call to crtc reset helper (git-fixes). - drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git-fixes). - drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git-fixes). - drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes). - drm/vc4: fix typo (git-fixes). - drm: vmwgfx_surface.c: copy user-array safely (git-fixes). - dt-bindings: usb: hcd: add missing phy name to example (git-fixes). - dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). - ensure ia32_emulation is always enabled for kernel-obs-build if ia32_emulation is disabled by default, ensure it is enabled back for obs kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the parameter, no need to grep through the config which may not be very reliable] - fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). - fbdev: imsttfb: fix a resource leak in probe (git-fixes). - fbdev: imsttfb: fix double free in probe() (git-fixes). - fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes). - fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git-fixes). - fbdev: omapfb: drop unused remove function (git-fixes). - firewire: core: fix possible memory leak in create_units() (git-fixes). - firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git-fixes). - fix termination state for idr_for_each_entry_ul() (git-fixes). - gpio: mockup: fix kerneldoc (git-fixes). - gpio: mockup: remove unused field (git-fixes). - hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes). - hid: cp2112: fix duplicate workqueue initialization (git-fixes). - hid: hyperv: avoid struct memcpy overrun warning (git-fixes). - hid: hyperv: remove unused struct synthhid_msg (git-fixes). - hid: hyperv: replace one-element array with flexible-array member (git-fixes). - hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). - hid: logitech-hidpp: do not restart io, instead defer hid_connect() only (git-fixes). - hid: logitech-hidpp: move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). - hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes). - hid: logitech-hidpp: revert 'do not restart communication if not necessary' (git-fixes). - hv: simplify sysctl registration (git-fixes). - hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). - hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes). - hv_netvsc: fix race of register_netdevice_notifier and vf register (git-fixes). - hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes). - hwmon: (coretemp) fix potentially truncated sysfs attribute name (git-fixes). - i2c: aspeed: fix i2c bus hang in slave read (git-fixes). - i2c: core: run atomic i2c xfer when !preemptible (git-fixes). - i2c: designware: disable tx_empty irq while waiting for block length byte (git-fixes). - i2c: dev: copy userspace array safely (git-fixes). - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes). - i2c: iproc: handle invalid slave state (git-fixes). - i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes). - i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes). - i2c: sun6i-p2wi: prevent potential division by zero (git-fixes). - i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes). - i3c: master: cdns: fix reading status register (git-fixes). - i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git-fixes). - i3c: master: svc: fix check wrong status register in irq handler (git-fixes). - i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). - i3c: master: svc: fix race condition in ibi work thread (git-fixes). - i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git-fixes). - i3c: master: svc: fix wrong data return when ibi happen during start frame (git-fixes). - i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git-fixes). - i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes). - idpf: add controlq init and reset checks (bsc#1215458). - idpf: add core init and interrupt request (bsc#1215458). - idpf: add create vport and netdev configuration (bsc#1215458). - idpf: add ethtool callbacks (bsc#1215458). - idpf: add module register and probe functionality (bsc#1215458). - idpf: add ptypes and mac filter support (bsc#1215458). - idpf: add rx splitq napi poll support (bsc#1215458). - idpf: add singleq start_xmit and napi poll (bsc#1215458). - idpf: add splitq start_xmit (bsc#1215458). - idpf: add sriov support and other ndo_ops (bsc#1215458). - idpf: add tx splitq napi poll support (bsc#1215458). - idpf: cancel mailbox work in error path (bsc#1215458). - idpf: configure resources for rx queues (bsc#1215458). - idpf: configure resources for tx queues (bsc#1215458). - idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). - idpf: initialize interrupts and enable vport (bsc#1215458). - idpf: set scheduling mode for completion queue (bsc#1215458). - iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git-fixes). - iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds (git-fixes). - iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). - input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). - input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git-fixes). - input: xpad - add vid for turtle beach controllers (git-fixes). - irqchip/stm32-exti: add missing dt irq flag translation (git-fixes). - kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is built since sle15-sp3 but it is not shipped as part of any sle product, only in leap (in kernel-*-optional). - kernel-binary: suse-module-tools is also required when installed requires(pre) adds dependency for the specific sciptlet. however, suse-module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. add plain requires as well. - kernel-source: move provides after sources - leds: pwm: do not disable the pwm when the led should be off (git-fixes). - leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu' (git-fixes). - leds: turris-omnia: do not use smbus calls (git-fixes). - lsm: fix default return value for inode_getsecctx (git-fixes). - lsm: fix default return value for vm_enough_memory (git-fixes). - media: bttv: fix use after free error due to btv->timeout timer (git-fixes). - media: ccs: correctly initialise try compose rectangle (git-fixes). - media: ccs: fix driver quirk struct documentation (git-fixes). - media: cedrus: fix clock/reset sequence (git-fixes). - media: cobalt: use field_get() to extract link width (git-fixes). - media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). - media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes). - media: imon: fix access to invalid resource for the second interface (git-fixes). - media: lirc: drop trailing space from scancode transmit (git-fixes). - media: qcom: camss: fix missing vfe_lite clocks check (git-fixes). - media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes). - media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes). - media: qcom: camss: fix vfe_get() error jump (git-fixes). - media: sharp: fix sharp encoding (git-fixes). - media: siano: drop unnecessary error check for debugfs_create_dir/file() (git-fixes). - media: venus: hfi: add checks to handle capabilities from firmware (git-fixes). - media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes). - media: venus: hfi: fix the check to handle session buffer requirement (git-fixes). - media: venus: hfi_parser: add check to keep the number of codecs within range (git-fixes). - media: vidtv: mux: add check and kfree for kstrdup (git-fixes). - media: vidtv: psi: add check for kstrdup (git-fixes). - media: vivid: avoid integer overflow (git-fixes). - mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git-fixes). - mfd: core: ensure disabled devices are skipped without aborting (git-fixes). - mfd: dln2: fix double put in dln2_probe (git-fixes). - misc: fastrpc: clean buffers on remote invocation failures (git-fixes). - misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git-fixes). - mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237, git-fixes). - mmc: block: be sure to wait while busy in cqe error recovery (git-fixes). - mmc: block: do not lose cache flush during cqe error recovery (git-fixes). - mmc: block: retry commands in cqe error recovery (git-fixes). - mmc: cqhci: fix task clearing in cqe error recovery (git-fixes). - mmc: cqhci: increase recovery halt timeout (git-fixes). - mmc: cqhci: warn of halt or task clear failure (git-fixes). - mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes). - mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git-fixes). - mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git-fixes). - mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes). - mmc: vub300: fix an error code (git-fixes). - modpost: fix tee module_device_table built on big-endian host (git-fixes). - mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). - mtd: cfi_cmdset_0001: byte swap otp info (git-fixes). - mtd: rawnand: arasan: include ecc syndrome along with in-band data while checking for ecc failure (git-fixes). - net-memcg: fix scope of sockmem pressure indicators (bsc#1216759). - net: add macro netif_subqueue_completed_wake (bsc#1215458). - net: avoid address overwrite in kernel_connect (bsc#1216861). - net: fix use-after-free in tw_timer_handler (bsc#1217195). - net: ieee802154: adf7242: fix some potential buffer overflow in adf7242_stats_show() (git-fixes). - net: mana: fix return type of mana_start_xmit() (git-fixes). - net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). - net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). - net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes). - net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git-fixes). - nvme: update firmware version after commit (bsc#1215292). - pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes). - pci/sysfs: protect driver's d3cold preference from user space (git-fixes). - pci: disable ats for specific intel ipu e2000 devices (bsc#1215458). - pci: extract ats disabling to a helper function (bsc#1215458). - pci: exynos: do not discard .remove() callback (git-fixes). - pci: keystone: do not discard .probe() callback (git-fixes). - pci: keystone: do not discard .remove() callback (git-fixes). - pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git-fixes). - pci: tegra194: use field_get()/field_prep() with link width fields (git-fixes). - pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes). - pci: use field_get() to extract link width (git-fixes). - pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). - pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). - pinctrl: avoid reload of p state in list iteration (git-fixes). - platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git-fixes). - platform/x86: wmi: fix opening of char device (git-fixes). - platform/x86: wmi: fix probe failure when failing to register wmi devices (git-fixes). - platform/x86: wmi: remove unnecessary initializations (git-fixes). - pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes). - pm: hibernate: use __get_safe_page() rather than touching the list (git-fixes). - powerpc: do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). - pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes). - pwm: fix double shift bug (git-fixes). - pwm: sti: reduce number of allocations and drop usage of chip_data (git-fixes). - r8152: cancel hw_phy_work if we have an error in probe (git-fixes). - r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). - r8152: check for unplug in rtl_phy_patch_request() (git-fixes). - r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes). - r8152: release firmware if we have an error in probe (git-fixes). - r8152: run the unload routine if we have errors during probe (git-fixes). - regmap: debugfs: fix a erroneous check after snprintf() (git-fixes). - regmap: ensure range selector registers are updated after cache sync (git-fixes). - regmap: prevent noinc writes from clobbering cache (git-fixes). - revert 'i2c: pxa: move to generic gpio recovery' (git-fixes). - revert 'mmc: core: capture correct oemid-bits for emmc cards' (git-fixes). - rpm/check-for-config-changes: add as_wruss to ignored_configs_re add as_wruss as an ignored_configs_re entry in check-for-config-changes to fix build on x86_32. there was a fix submitted to upstream but it was not accepted: https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma@fat_crate.local/ so carry this in ignored_configs_re instead. - rpm/check-for-config-changes: add have_shadow_call_stack to ignored_configs_re not supported by our compiler. - rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage - s390/ap: fix ap bus crash on early config change callback invocation (git-fixes bsc#1217687). - s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). - s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086). - s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997 bsc#1217086). - s390/cmma: fix initial kernel address space page table walk (ltc#203997 bsc#1217086). - s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205). - s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629 bsc#1215124). - s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). - s390/dasd: use correct number of retries for erp requests (git-fixes bsc#1217598). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). - s390/mm: add missing arch_set_page_dat() call to gmap allocations (ltc#203997 bsc#1217086). - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (ltc#203997 bsc#1217086). - s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). - s390/ptrace: fix ptrace_get_last_break error handling (git-fixes bsc#1217599). - sbsa_gwdt: calculate timeout with 64-bit math (git-fixes). - scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731). - scsi: lpfc: correct maximum pci function value for ras fw logging (bsc#1217731). - scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). - scsi: lpfc: enhance driver logging for selected discovery events (bsc#1217731). - scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). - scsi: lpfc: fix possible file string name overflow when updating firmware (bsc#1217731). - scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124). - scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731). - scsi: lpfc: reject received prlis with only initiator fcn role for npiv ports (bsc#1217124). - scsi: lpfc: remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). - scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). - scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci offline (bsc#1217124). - scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124). - scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731). - scsi: lpfc: validate els ls_acc completion payload (bsc#1217124). - scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes). - scsi: qla2xxx: use field_get() to extract pcie capability fields (git-fixes). - selftests/efivarfs: create-read: fix a resource leak (git-fixes). - selftests/pidfd: fix ksft print formats (git-fixes). - selftests/resctrl: ensure the benchmark commands fits to its array (git-fixes). - selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git-fixes). - selftests/resctrl: remove duplicate feature check from cmt test (git-fixes). - seq_buf: fix a misleading comment (git-fixes). - serial: exar: revert 'serial: exar: add support for sealevel 7xxxc serial cards' (git-fixes). - serial: meson: use platform_get_irq() to get the interrupt (git-fixes). - soc: qcom: llcc: handle a second device without data corruption (git-fixes). - spi: nxp-fspi: use the correct ioremap function (git-fixes). - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). - spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes). - staging: media: ipu3: remove ftrace-like logging (git-fixes). - string.h: add array-wrappers for (v)memdup_user() (git-fixes). - supported.conf: marked idpf supported - thermal: core: prevent potential string overflow (git-fixes). - treewide: spelling fix in comment (git-fixes). - tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). - tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes). - tty: 8250: add support for additional brainboxes px cards (git-fixes). - tty: 8250: add support for additional brainboxes uc cards (git-fixes). - tty: 8250: add support for brainboxes up cards (git-fixes). - tty: 8250: add support for intashield is-100 (git-fixes). - tty: 8250: add support for intashield ix cards (git-fixes). - tty: 8250: fix port count of px-257 (git-fixes). - tty: 8250: fix up px-803/px-857 (git-fixes). - tty: 8250: remove uc-257 and uc-431 (git-fixes). - tty: fix uninit-value access in ppp_sync_receive() (git-fixes). - tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). - tty: serial: meson: fix hard lockup on crtscts mode (git-fixes). - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). - tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes). - usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes). - usb: chipidea: fix dma overwrite for tegra (git-fixes). - usb: chipidea: simplify tegra dma alignment code (git-fixes). - usb: dwc2: fix possible null pointer dereference caused by driver concurrency (git-fixes). - usb: dwc2: write hcint with intmask applied (bsc#1214286). - usb: dwc3: fix default mode initialization (git-fixes). - usb: dwc3: qcom: fix acpi platform device leak (git-fixes). - usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). - usb: dwc3: qcom: fix software node leak on probe errors (git-fixes). - usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes). - usb: dwc3: set the dma max_seg_size (git-fixes). - usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes). - usb: raw-gadget: properly handle interrupted requests (git-fixes). - usb: serial: option: add fibocom l7xx modules (git-fixes). - usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes). - usb: serial: option: fix fm101r-gl defines (git-fixes). - usb: storage: set 1.50 as the lower bcddevice for older 'super top' compatibility (git-fixes). - usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git-fixes). - usb: typec: tcpm: skip hard reset when in error recovery (git-fixes). - usb: usbip: fix stub_dev hub disconnect (git-fixes). - virtchnl: add virtchnl version 2 ops (bsc#1215458). - wifi: ath10k: do not touch the ce interrupt registers after power up (git-fixes). - wifi: ath10k: fix clang-specific fortify warning (git-fixes). - wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes). - wifi: ath11k: fix dfs radar event locking (git-fixes). - wifi: ath11k: fix htt pktlog locking (git-fixes). - wifi: ath11k: fix temperature event locking (git-fixes). - wifi: ath9k: fix clang-specific fortify warnings (git-fixes). - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes). - wifi: iwlwifi: empty overflow queue during flush (git-fixes). - wifi: iwlwifi: honor the enable_ini value (git-fixes). - wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes). - wifi: iwlwifi: use fw rate for non-data frames (git-fixes). - wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes). - wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes). - wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). - wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes). - wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file() (git-fixes). - x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes). - x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes). - x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git-fixes). - x86/hyperv: add hv_expose_invariant_tsc define (git-fixes). - x86/hyperv: fix a warning in mshyperv.h (git-fixes). - x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes). - x86/hyperv: make hv_get_nmi_reason public (git-fixes). - x86/sev: do not try to parse for the cc blob on non-amd hardware (git-fixes). - x86/sev: fix calculation of end address based on number of pages (git-fixes). - x86/sev: use the ghcb protocol when available for snp cpuid requests (git-fixes). - x86: move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: add attr state machine tracepoints (git-fixes). - xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). - xfs: constify btree function parameters that are not modified (git-fixes). - xfs: convert agf log flags to unsigned (git-fixes). - xfs: convert agi log flags to unsigned (git-fixes). - xfs: convert attr type flags to unsigned (git-fixes). - xfs: convert bmap extent type flags to unsigned (git-fixes). - xfs: convert bmapi flags to unsigned (git-fixes). - xfs: convert btree buffer log flags to unsigned (git-fixes). - xfs: convert buffer flags to unsigned (git-fixes). - xfs: convert buffer log item flags to unsigned (git-fixes). - xfs: convert da btree operations flags to unsigned (git-fixes). - xfs: convert dquot flags to unsigned (git-fixes). - xfs: convert inode lock flags to unsigned (git-fixes). - xfs: convert log item tracepoint flags to unsigned (git-fixes). - xfs: convert log ticket and iclog flags to unsigned (git-fixes). - xfs: convert quota options flags to unsigned (git-fixes). - xfs: convert scrub type flags to unsigned (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes). - xfs: make the key parameters to all btree key comparison functions const (git-fixes). - xfs: make the key parameters to all btree query range functions const (git-fixes). - xfs: make the keys and records passed to btree inorder functions const (git-fixes). - xfs: make the pointer passed to btree set_root functions const (git-fixes). - xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). - xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). - xfs: mark the record passed into btree init_key functions as const (git-fixes). - xfs: mark the record passed into xchk_btree functions as const (git-fixes). - xfs: remove xfs_btree_cur_t typedef (git-fixes). - xfs: rename i_disk_size fields in ftrace output (git-fixes). - xfs: resolve fork names in trace output (git-fixes). - xfs: standardize ag block number formatting in ftrace output (git-fixes). - xfs: standardize ag number formatting in ftrace output (git-fixes). - xfs: standardize daddr formatting in ftrace output (git-fixes). - xfs: standardize inode generation formatting in ftrace output (git-fixes). - xfs: standardize inode number formatting in ftrace output (git-fixes). - xfs: standardize remaining xfs_buf length tracepoints (git-fixes). - xfs: standardize rmap owner number formatting in ftrace output (git-fixes). - xhci: enable rpm on controllers that support low-power states (git-fixes). - xhci: loosen rpm as default policy to cover for amd xhc 1.1 (git-fixes). Important SUSE bug 1210447 SUSE bug 1214286 SUSE bug 1214976 SUSE bug 1215124 SUSE bug 1215292 SUSE bug 1215420 SUSE bug 1215458 SUSE bug 1215710 SUSE bug 1216058 SUSE bug 1216105 SUSE bug 1216259 SUSE bug 1216584 SUSE bug 1216693 SUSE bug 1216759 SUSE bug 1216844 SUSE bug 1216861 SUSE bug 1216909 SUSE bug 1216959 SUSE bug 1216965 SUSE bug 1216976 SUSE bug 1217036 SUSE bug 1217068 SUSE bug 1217086 SUSE bug 1217124 SUSE bug 1217140 SUSE bug 1217195 SUSE bug 1217200 SUSE bug 1217205 SUSE bug 1217332 SUSE bug 1217366 SUSE bug 1217515 SUSE bug 1217598 SUSE bug 1217599 SUSE bug 1217609 SUSE bug 1217687 SUSE bug 1217731 SUSE bug 1217780 CVE-2023-2006 CVE-2023-25775 CVE-2023-39197 CVE-2023-39198 CVE-2023-4244 CVE-2023-45863 CVE-2023-45871 CVE-2023-46862 CVE-2023-5158 CVE-2023-5717 CVE-2023-6039 CVE-2023-6176 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2023-6377: Fixed Out-of-bounds memory write in XKB button actions(bsc#1217765). - CVE-2023-6478: Fixed Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (bsc#1217766). Important SUSE bug 1217765 SUSE bug 1217766 CVE-2023-6377 CVE-2023-6478 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). - CVE-2023-6478: Fixed out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (bsc#1217766). Important SUSE bug 1217765 SUSE bug 1217766 CVE-2023-6377 CVE-2023-6478 cpe:/o:opensuse:leap:15.4 Security update for xwayland (Important) openSUSE Leap 15.4 This update for xwayland fixes the following issues: - CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). - CVE-2023-6478: Fixed out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (bsc#1217766). Important SUSE bug 1217765 SUSE bug 1217766 CVE-2023-6377 CVE-2023-6478 cpe:/o:opensuse:leap:15.4 Security update for poppler (Important) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692). - CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool (bsc#1140877). Important SUSE bug 1140877 SUSE bug 1202692 CVE-2019-13283 CVE-2022-38784 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). - CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). The following non-security bugs were fixed: - ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes). - ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes). - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes). - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes). - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes). - ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes). - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes). - ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes). - ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes). - ALSA: info: Fix potential deadlock at disconnection (git-fixes). - ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes). - ASoC: ams-delta.c: use component after check (git-fixes). - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). - ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes). - ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes). - ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes). - ASoC: hdmi-codec: register hpd callback on component probe (git-fixes). - ASoC: rt5650: fix the wrong result of key button (git-fixes). - ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes). - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes). - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes). - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes). - Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes). - Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes). - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes). - HID: hyperv: Replace one-element array with flexible-array member (git-fixes). - HID: hyperv: avoid struct memcpy overrun warning (git-fixes). - HID: hyperv: remove unused struct synthhid_msg (git-fixes). - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). - HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes). - HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). - HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes). - HID: logitech-hidpp: Revert 'Do not restart communication if not necessary' (git-fixes). - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes). - Input: xpad - add VID for Turtle Beach controllers (git-fixes). - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes). - PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes). - PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458). - PCI: Extract ATS disabling to a helper function (bsc#1215458). - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes). - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes). - PCI: Use FIELD_GET() to extract Link Width (git-fixes). - PCI: exynos: Do not discard .remove() callback (git-fixes). - PCI: keystone: Do not discard .probe() callback (git-fixes). - PCI: keystone: Do not discard .remove() callback (git-fixes). - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes). - PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes). - PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes). - USB: dwc2: write HCINT with INTMASK applied (bsc#1214286). - USB: dwc3: qcom: fix ACPI platform device leak (git-fixes). - USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). - USB: dwc3: qcom: fix software node leak on probe errors (git-fixes). - USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes). - USB: serial: option: add Fibocom L7xx modules (git-fixes). - USB: serial: option: add Luat Air72*U series products (git-fixes). - USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes). - USB: serial: option: fix FM101R-GL defines (git-fixes). - USB: usbip: fix stub_dev hub disconnect (git-fixes). - arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). - arm64: Add Cortex-A520 CPU part definition (git-fixes) - arm64: allow kprobes on EL0 handlers (git-fixes) - arm64: armv8_deprecated move emulation functions (git-fixes) - arm64: armv8_deprecated: fix unused-function error (git-fixes) - arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) - arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) - arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) - arm64: consistently pass ESR_ELx to die() (git-fixes) - arm64: die(): pass 'err' as long (git-fixes) - arm64: factor insn read out of call_undef_hook() (git-fixes) - arm64: factor out EL1 SSBS emulation hook (git-fixes) - arm64: report EL1 UNDEFs better (git-fixes) - arm64: rework BTI exception handling (git-fixes) - arm64: rework EL0 MRS emulation (git-fixes) - arm64: rework FPAC exception handling (git-fixes) - arm64: split EL0/EL1 UNDEF handlers (git-fixes) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes). - atl1c: Work around the DMA RX overflow issue (git-fixes). - atm: iphase: Do PCI error checks on own line (git-fixes). - blk-mq: Do not clear driver tags own mapping (bsc#1217366). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). - bluetooth: Add device 0bda:887b to device tables (git-fixes). - bluetooth: Add device 13d3:3571 to device tables (git-fixes). - can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). - can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes). - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). - can: isotp: add local echo tx processing for consecutive frames (git-fixes). - can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes). - can: isotp: fix tx state handling for echo tx processing (git-fixes). - can: isotp: handle wait_event_interruptible() return values (git-fixes). - can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes). - can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes). - can: isotp: remove re-binding of bound socket (git-fixes). - can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes). - can: isotp: set max PDU size to 64 kByte (git-fixes). - can: isotp: split tx timer into transmission and timeout (git-fixes). - can: sja1000: Fix comment (git-fixes). - clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes). - clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes). - clk: imx: imx8mq: correct error handling path (git-fixes). - clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes). - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes). - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes). - clk: npcm7xx: Fix incorrect kfree (git-fixes). - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes). - clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes). - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes). - clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes). - clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes). - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). - clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes). - clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes). - clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes). - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes). - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes). - dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). - docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). - docs: net: reformat driver.rst from a list to sections (bsc#1215458). - docs: net: use C syntax highlight in driver.rst (bsc#1215458). - drm/amd/display: Avoid NULL dereference of timing generator (git-fixes). - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes). - drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). - drm/amd/display: use full update for clip size increase of large plane source (git-fixes). - drm/amd/pm: Handle non-terminated overdrive commands (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes). - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes). - drm/amdgpu: Fix potential null pointer derefernce (git-fixes). - drm/amdgpu: do not use ATRM for external devices (git-fixes). - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). - drm/amdgpu: fix software pci_unplug on some chips (git-fixes). - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes). - drm/amdkfd: Fix shift out-of-bounds issue (git-fixes). - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). - drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). - drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes). - drm/bridge: lt8912b: Fix bridge_detach (git-fixes). - drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes). - drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes). - drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). - drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes). - drm/bridge: tc358768: Fix bit updates (git-fixes). - drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes). - drm/gud: Use size_add() in call to struct_size() (git-fixes). - drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes). - drm/i915: Fix potential spectre vulnerability (git-fixes). - drm/komeda: drop all currently held locks if deadlock happens (git-fixes). - drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes). - drm/mediatek: Fix iommu fault during crtc enabling (git-fixes). - drm/mipi-dsi: Create devm device attachment (git-fixes). - drm/mipi-dsi: Create devm device registration (git-fixes). - drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes). - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes). - drm/panel: fix a possible null pointer dereference (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes). - drm/panel: st7703: Pick different reset sequence (git-fixes). - drm/qxl: prevent memory leak (git-fixes). - drm/radeon: possible buffer overflow (git-fixes). - drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes). - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes). - drm/rockchip: vop: Fix call to crtc reset helper (git-fixes). - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes). - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes). - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes). - drm/vc4: fix typo (git-fixes). - drm: vmwgfx_surface.c: copy user-array safely (git-fixes). - dt-bindings: usb: hcd: add missing phy name to example (git-fixes). - dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). - fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). - fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes). - fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes). - fbdev: imsttfb: fix a resource leak in probe (git-fixes). - fbdev: imsttfb: fix double free in probe() (git-fixes). - fbdev: omapfb: Drop unused remove function (git-fixes). - firewire: core: fix possible memory leak in create_units() (git-fixes). - firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes). - gpio: mockup: fix kerneldoc (git-fixes). - gpio: mockup: remove unused field (git-fixes). - hid: cp2112: Fix duplicate workqueue initialization (git-fixes). - hv: simplify sysctl registration (git-fixes). - hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes). - hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes). - hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). - hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes). - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes). - i2c: aspeed: Fix i2c bus hang in slave read (git-fixes). - i2c: core: Run atomic i2c xfer when !preemptible (git-fixes). - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes). - i2c: dev: copy userspace array safely (git-fixes). - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes). - i2c: iproc: handle invalid slave state (git-fixes). - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes). - i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes). - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes). - i3c: master: cdns: Fix reading status register (git-fixes). - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes). - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes). - i3c: master: svc: fix check wrong status register in irq handler (git-fixes). - i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). - i3c: master: svc: fix race condition in ibi work thread (git-fixes). - i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes). - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes). - i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes). - idpf: add RX splitq napi poll support (bsc#1215458). - idpf: add SRIOV support and other ndo_ops (bsc#1215458). - idpf: add TX splitq napi poll support (bsc#1215458). - idpf: add controlq init and reset checks (bsc#1215458). - idpf: add core init and interrupt request (bsc#1215458). - idpf: add create vport and netdev configuration (bsc#1215458). - idpf: add ethtool callbacks (bsc#1215458). - idpf: add module register and probe functionality (bsc#1215458). - idpf: add ptypes and MAC filter support (bsc#1215458). - idpf: add singleq start_xmit and napi poll (bsc#1215458). - idpf: add splitq start_xmit (bsc#1215458). - idpf: cancel mailbox work in error path (bsc#1215458). - idpf: configure resources for RX queues (bsc#1215458). - idpf: configure resources for TX queues (bsc#1215458). - idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). - idpf: initialize interrupts and enable vport (bsc#1215458). - idpf: set scheduling mode for completion queue (bsc#1215458). - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes). - iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes). - iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). - irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes). - leds: pwm: Do not disable the PWM when the LED should be off (git-fixes). - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes). - leds: turris-omnia: Do not use SMBUS calls (git-fixes). - lsm: fix default return value for inode_getsecctx (git-fixes). - lsm: fix default return value for vm_enough_memory (git-fixes). - media: bttv: fix use after free error due to btv->timeout timer (git-fixes). - media: ccs: Correctly initialise try compose rectangle (git-fixes). - media: ccs: Fix driver quirk struct documentation (git-fixes). - media: cedrus: Fix clock/reset sequence (git-fixes). - media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes). - media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). - media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes). - media: imon: fix access to invalid resource for the second interface (git-fixes). - media: lirc: drop trailing space from scancode transmit (git-fixes). - media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes). - media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes). - media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes). - media: qcom: camss: Fix vfe_get() error jump (git-fixes). - media: sharp: fix sharp encoding (git-fixes). - media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes). - media: venus: hfi: add checks to handle capabilities from firmware (git-fixes). - media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes). - media: venus: hfi: fix the check to handle session buffer requirement (git-fixes). - media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes). - media: vidtv: mux: Add check and kfree for kstrdup (git-fixes). - media: vidtv: psi: Add check for kstrdup (git-fixes). - media: vivid: avoid integer overflow (git-fixes). - mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes). - mfd: core: Ensure disabled devices are skipped without aborting (git-fixes). - mfd: dln2: Fix double put in dln2_probe (git-fixes). - misc: fastrpc: Clean buffers on remote invocation failures (git-fixes). - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes). - mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes). - mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes). - mmc: block: Do not lose cache flush during CQE error recovery (git-fixes). - mmc: block: Retry commands in CQE error recovery (git-fixes). - mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes). - mmc: cqhci: Increase recovery halt timeout (git-fixes). - mmc: cqhci: Warn of halt or task clear failure (git-fixes). - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes). - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes). - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes). - mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes). - mmc: vub300: fix an error code (git-fixes). - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes). - mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). - mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes). - mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes). - net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). - net: Avoid address overwrite in kernel_connect (bsc#1216861). - net: add macro netif_subqueue_completed_wake (bsc#1215458). - net: fix use-after-free in tw_timer_handler (bsc#1217195). - net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes). - net: mana: Fix return type of mana_start_xmit() (git-fixes). - net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). - net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). - net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes). - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes). - nvme: update firmware version after commit (bsc#1215292). - pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). - pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). - pinctrl: avoid reload of p state in list iteration (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes). - platform/x86: wmi: Fix opening of char device (git-fixes). - platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes). - platform/x86: wmi: remove unnecessary initializations (git-fixes). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). - pwm: Fix double shift bug (git-fixes). - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes). - pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes). - r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). - r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). - r8152: Check for unplug in rtl_phy_patch_request() (git-fixes). - r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). - r8152: Release firmware if we have an error in probe (git-fixes). - r8152: Run the unload routine if we have errors during probe (git-fixes). - regmap: Ensure range selector registers are updated after cache sync (git-fixes). - regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes). - regmap: prevent noinc writes from clobbering cache (git-fixes). - s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687). - s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). - s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086). - s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086). - s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086). - s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). - s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). - s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086). - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086). - s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599). - sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731). - scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731). - scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). - scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731). - scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). - scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731). - scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124). - scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731). - scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124). - scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). - scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). - scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731). - scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124). - scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). - scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes). - selftests/efivarfs: create-read: fix a resource leak (git-fixes). - selftests/pidfd: Fix ksft print formats (git-fixes). - selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes). - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes). - selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes). - seq_buf: fix a misleading comment (git-fixes). - serial: exar: Revert 'serial: exar: Add support for Sealevel 7xxxC serial cards' (git-fixes). - serial: meson: Use platform_get_irq() to get the interrupt (git-fixes). - soc: qcom: llcc: Handle a second device without data corruption (git-fixes). - spi: nxp-fspi: use the correct ioremap function (git-fixes). - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). - spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes). - staging: media: ipu3: remove ftrace-like logging (git-fixes). - string.h: add array-wrappers for (v)memdup_user() (git-fixes). - supported.conf: marked idpf supported - thermal: core: prevent potential string overflow (git-fixes). - treewide: Spelling fix in comment (git-fixes). - tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). - tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes). - tty: 8250: Add support for Brainboxes UP cards (git-fixes). - tty: 8250: Add support for Intashield IS-100 (git-fixes). - tty: 8250: Add support for Intashield IX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes PX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes UC cards (git-fixes). - tty: 8250: Fix port count of PX-257 (git-fixes). - tty: 8250: Fix up PX-803/PX-857 (git-fixes). - tty: 8250: Remove UC-257 and UC-431 (git-fixes). - tty: Fix uninit-value access in ppp_sync_receive() (git-fixes). - tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). - tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes). - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). - tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes). - usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes). - usb: chipidea: Fix DMA overwrite for Tegra (git-fixes). - usb: chipidea: Simplify Tegra DMA alignment code (git-fixes). - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes). - usb: dwc3: Fix default mode initialization (git-fixes). - usb: dwc3: set the dma max_seg_size (git-fixes). - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes). - usb: raw-gadget: properly handle interrupted requests (git-fixes). - usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (git-fixes). - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes). - usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes). - virtchnl: add virtchnl version 2 ops (bsc#1215458). - wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes). - wifi: ath10k: fix clang-specific fortify warning (git-fixes). - wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes). - wifi: ath11k: fix dfs radar event locking (git-fixes). - wifi: ath11k: fix htt pktlog locking (git-fixes). - wifi: ath11k: fix temperature event locking (git-fixes). - wifi: ath9k: fix clang-specific fortify warnings (git-fixes). - wifi: iwlwifi: Use FW rate for non-data frames (git-fixes). - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes). - wifi: iwlwifi: empty overflow queue during flush (git-fixes). - wifi: iwlwifi: honor the enable_ini value (git-fixes). - wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes). - wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes). - wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes). - wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). - wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes). - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes). - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes). - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes). - x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes). - x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes). - x86/hyperv: Make hv_get_nmi_reason public (git-fixes). - x86/hyperv: fix a warning in mshyperv.h (git-fixes). - x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes). - x86/sev: Fix calculation of end address based on number of pages (git-fixes). - x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: add attr state machine tracepoints (git-fixes). - xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). - xfs: constify btree function parameters that are not modified (git-fixes). - xfs: convert AGF log flags to unsigned (git-fixes). - xfs: convert AGI log flags to unsigned (git-fixes). - xfs: convert attr type flags to unsigned (git-fixes). - xfs: convert bmap extent type flags to unsigned (git-fixes). - xfs: convert bmapi flags to unsigned (git-fixes). - xfs: convert btree buffer log flags to unsigned (git-fixes). - xfs: convert buffer flags to unsigned (git-fixes). - xfs: convert buffer log item flags to unsigned (git-fixes). - xfs: convert da btree operations flags to unsigned (git-fixes). - xfs: convert dquot flags to unsigned (git-fixes). - xfs: convert inode lock flags to unsigned (git-fixes). - xfs: convert log item tracepoint flags to unsigned (git-fixes). - xfs: convert log ticket and iclog flags to unsigned (git-fixes). - xfs: convert quota options flags to unsigned (git-fixes). - xfs: convert scrub type flags to unsigned (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes). - xfs: make the key parameters to all btree key comparison functions const (git-fixes). - xfs: make the key parameters to all btree query range functions const (git-fixes). - xfs: make the keys and records passed to btree inorder functions const (git-fixes). - xfs: make the pointer passed to btree set_root functions const (git-fixes). - xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). - xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). - xfs: mark the record passed into btree init_key functions as const (git-fixes). - xfs: mark the record passed into xchk_btree functions as const (git-fixes). - xfs: remove xfs_btree_cur_t typedef (git-fixes). - xfs: rename i_disk_size fields in ftrace output (git-fixes). - xfs: resolve fork names in trace output (git-fixes). - xfs: standardize AG block number formatting in ftrace output (git-fixes). - xfs: standardize AG number formatting in ftrace output (git-fixes). - xfs: standardize daddr formatting in ftrace output (git-fixes). - xfs: standardize inode generation formatting in ftrace output (git-fixes). - xfs: standardize inode number formatting in ftrace output (git-fixes). - xfs: standardize remaining xfs_buf length tracepoints (git-fixes). - xfs: standardize rmap owner number formatting in ftrace output (git-fixes). - xhci: Enable RPM on controllers that support low-power states (git-fixes). - xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). Important SUSE bug 1084909 SUSE bug 1210447 SUSE bug 1214286 SUSE bug 1214976 SUSE bug 1215124 SUSE bug 1215292 SUSE bug 1215420 SUSE bug 1215458 SUSE bug 1215710 SUSE bug 1216058 SUSE bug 1216105 SUSE bug 1216259 SUSE bug 1216584 SUSE bug 1216693 SUSE bug 1216759 SUSE bug 1216844 SUSE bug 1216861 SUSE bug 1216909 SUSE bug 1216959 SUSE bug 1216965 SUSE bug 1216976 SUSE bug 1217036 SUSE bug 1217068 SUSE bug 1217086 SUSE bug 1217124 SUSE bug 1217140 SUSE bug 1217195 SUSE bug 1217200 SUSE bug 1217205 SUSE bug 1217332 SUSE bug 1217366 SUSE bug 1217515 SUSE bug 1217598 SUSE bug 1217599 SUSE bug 1217609 SUSE bug 1217687 SUSE bug 1217731 SUSE bug 1217780 CVE-2023-2006 CVE-2023-25775 CVE-2023-39197 CVE-2023-39198 CVE-2023-4244 CVE-2023-45863 CVE-2023-45871 CVE-2023-46862 CVE-2023-5158 CVE-2023-5717 CVE-2023-6039 CVE-2023-6176 cpe:/o:opensuse:leap:15.4 Security update for openssl-1_1-livepatches (Important) openSUSE Leap 15.4 This update for openssl-1_1-livepatches fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GeneralName via livepatch (bsc#1207533). Important SUSE bug 1207533 CVE-2023-0286 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.42.3 (bsc#1217844): - Fix flickering while playing videos with DMA-BUF sink. - Fix color picker being triggered in the inspector when typing 'tan'. - Do not special case the 'sans' font family name. - Fix build failure with libxml2 version 2.12.0 due to an API change. - Fix several crashes and rendering issues. - Security fixes: CVE-2023-42916, CVE-2023-42917. Important SUSE bug 1217844 CVE-2023-42916 CVE-2023-42917 cpe:/o:opensuse:leap:15.4 Security update for pesign (Important) openSUSE Leap 15.4 This update for pesign fixes the following issues: - CVE-2022-3560: Fixed pesign-authorize ExecStartPost script allowing privilege escalation from pesign to root (bsc#1202933). Important SUSE bug 1202933 CVE-2022-3560 cpe:/o:opensuse:leap:15.4 Security update for python-cryptography (Moderate) openSUSE Leap 15.4 This update for python-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). Moderate SUSE bug 1217592 CVE-2023-49083 cpe:/o:opensuse:leap:15.4 Security update for python3-cryptography (Moderate) openSUSE Leap 15.4 This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). Moderate SUSE bug 1217592 CVE-2023-49083 cpe:/o:opensuse:leap:15.4 Security update for c-ares (Important) openSUSE Leap 15.4 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). Important SUSE bug 1208067 CVE-2022-4904 cpe:/o:opensuse:leap:15.4 Security update for tracker-miners (Important) openSUSE Leap 15.4 This update for tracker-miners fixes the following issues: - CVE-2023-5557: Fixed a sandbox escape by adding seccomp rules and applying it to the whole process (bsc#1216199) - rebuild against current ICU 73. Important SUSE bug 1216199 CVE-2023-5557 cpe:/o:opensuse:leap:15.4 Security update for tiff (Important) openSUSE Leap 15.4 This update for tiff fixes the following issues: - CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478). - CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231). - CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398). - CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680). Important SUSE bug 1199483 SUSE bug 1210231 SUSE bug 1211478 SUSE bug 1212398 SUSE bug 1214680 CVE-2022-1622 CVE-2022-40090 CVE-2023-1916 CVE-2023-26965 CVE-2023-2731 cpe:/o:opensuse:leap:15.4 Security update for cosign (Moderate) openSUSE Leap 15.4 This update for cosign fixes the following issues: Updated to 2.2.1 (jsc#SLE-23879) - Enhancements: * CVE-2023-46737: Possible endless data attack from attacker-controlled registry (bsc#1216933) * feat: Support basic auth and bearer auth login to registry (#3310) * add support for ignoring certificates with pkcs11 (#3334) * Support ReplaceOp in Signatures (#3315) * feat: added ability to get image digest back via triangulate (#3255) * feat: add `--only` flag in `cosign copy` to copy sign, att & sbom (#3247) * feat: add support attaching a Rekor bundle to a container (#3246) * feat: add support outputting rekor response on signing (#3248) * feat: improve dockerfile verify subcommand (#3264) * Add guard flag for experimental OCI 1.1 verify. (#3272) * Deprecate SBOM attachments (#3256) * feat: dedent line in cosign copy doc (#3244) * feat: add platform flag to cosign copy command (#3234) * Add SLSA 1.0 attestation support to cosign. Closes #2860 (#3219) * attest: pass OCI remote opts to att resolver. (#3225) - Bug Fixes: * Merge pull request from GHSA-vfp6-jrw2-99g9 * fix: allow cosign download sbom when image is absent (#3245) * ci: add a OCI registry test for referrers support (#3253) * Fix ReplaceSignatures (#3292) * Stop using deprecated in_toto.ProvenanceStatement (#3243) * Fixes #3236, disable SCT checking for a cosign verification when using .. (#3237) * fix: update error in `SignedEntity` to be more descriptive (#3233) * Fail timestamp verification if no root is provided (#3224) - Documentation: * Add some docs about verifying in an air-gapped environment (#3321) * Update CONTRIBUTING.md (#3268) * docs: improves the Contribution guidelines (#3257) * Remove security policy (#3230) - Others: * Set go to min 1.21 and update dependencies (#3327) * Update contact for code of conduct (#3266) * Update .ko.yaml (#3240) Updated to 2.2.0 (jsc#SLE-23879) - Enhancements * switch to uploading DSSE types to rekor instead of intoto (#3113) * add 'cosign sign' command-line parameters for mTLS (#3052) * improve error messages around bundle != payload hash (#3146) * make VerifyImageAttestation function public (#3156) * Switch to cryptoutils function for SANS (#3185) * Handle HTTP_1_1_REQUIRED errors in github provider (#3172) - Bug Fixes * Fix nondeterminsitic timestamps (#3121) - Documentation * doc: Add example of sign-blob with key in env var (#3152) * add deprecation notice for cosign-releases GCS bucket (#3148) * update doc links (#3186) Updated to 2.1.1 (jsc#SLE-23879) - Bug Fixes * wait for the workers become available again to continue the execution (#3084) * fix help text when in a container (#3082) Updated to 2.1.0 (jsc#SLE-23879) - Breaking Change: The predicate is now a required flag in the attest commands, set via the --type flag. - Enhancements * Verify sigs and attestations in parallel (#3066) * Deep inspect attestations when filtering download (#3031) * refactor bundle validation code, add support for DSSE rekor type (#3016) * Allow overriding remote options (#3049) * feat: adds no cert found on sig exit code (#3038) * Make predicate a required flag in attest commands (#3033) * Added support for attaching Time stamp authority Response in attach command (#3001) * Add sign --sign-container-identity CLI (#2984) * Feature: Allow cosign to sign digests before they are uploaded. (#2959) * accepts attachment-tag-prefix for cosign copy (#3014) * Feature: adds '--allow-insecure-registry' for cosign load (#3000) * download attestation: support --platform flag (#2980) * Cleanup: Add Digest to the SignedEntity interface. (#2960) * verify command: support keyless verification using only a provided certificate chain with non-fulcio roots (#2845) * verify: use workers to limit the paralellism when verifying images with --max-workers flag (#3069) - Bug Fixes * Fix pkg/cosign/errors (#3050) * Fix: update doc to refer to github-actions oidc provider (#3040) * Fix: prefer GitHub OIDC provider if enabled (#3044) * Fix --sig-only in cosign copy (#3074) - Documentation * Fix links to sigstore/docs in markdown files (#3064) Update to 2.0.2 (jsc#SLE-23879) - Enhancements * Update sigstore/sigstore to v1.6.2 to pick up TUF CDN change (#2891) * feat: Make cosign copy faster (#2901) * remove sget (#2885) * Require a payload to be provided with a signature (#2785) - Bug Fixes * cmd: Change error message from KeyParseError to PubKeyParseError for verify-blob. (#2876) * Use SOURCE_DATE_EPOCH for OCI CreatedAt times (#2878) - Documentation * Remove experimental warning from Fulcio flags (#2923) * add missing oidc provider (#2922) * Add zot as a supported registry (#2920) * deprecates kms_support docs (#2900) * chore(docs) deprecate note for usage docs (#2906) * adds note of deprecation for examples.md docs (#2899) Moderate SUSE bug 1216933 CVE-2023-46737 cpe:/o:opensuse:leap:15.4 Security update for the Linux-RT Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36280: Fixed an out-of-bounds memory access vulnerability that was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c (bnc#1203332). - CVE-2023-0045: Fixed flush IBP in ib_prctl_set() (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258). - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). The following non-security bugs were fixed: - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). - ACPI: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). - ACPI: PRM: Check whether EFI runtime is available (git-fixes). - ACPI: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). - ACPI: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). - ACPI: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). - ACPI: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). - ACPI: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). - ACPI: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). - ACPI: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). - ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). - ACPI: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). - ACPI: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). - ACPI: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). - ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - ALSA: hda/realtek: Add Positivo N14KP6-TG (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - ALSA: pci: lx6464es: fix a debug loop (git-fixes). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). - ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). - ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - ARM: imx: add missing of_node_put() (git-fixes). - ASoC: Intel: boards: fix spelling in comments (git-fixes). - ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcht_es8316: move comment to the right place (git-fixes). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - ASoC: topology: Return -ENOMEM on memory allocation failure (git-fixes). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - HID: betop: check shape of output reports (git-fixes). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). - HID: playstation: sanity check DualSense calibration data (git-fixes). - HID: revert CHERRY_MOUSE_000C quirk (git-fixes). - IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes) - IB/hfi1: Fix expected receive setup error exit issues (git-fixes) - IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) - IB/hfi1: Reject a zero-length user expected buffer (git-fixes) - IB/hfi1: Remove user expected buffer invalidate race (git-fixes) - IB/hfi1: Reserve user expected TIDs (git-fixes) - IB/hfi1: Restore allocated resources on failed copyout (git-fixes) - IB/mad: Do not call to function that might sleep while in atomic context (git-fixes). - KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). - Move upstreamed net patch into sorted section - PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - RDMA/core: Fix ib block iterator counter overflow (git-fixes) - RDMA/irdma: Fix potential NULL-ptr-dereference (git-fixes) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - RDMA/rxe: Prevent faulty rkey generation (git-fixes) - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - RDMA/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) - Remove duplicate Git-commit tag in patch file - Revert 'ARM: dts: armada-38x: Fix compatible string for gpios' (git-fixes). - Revert 'ARM: dts: armada-39x: Fix compatible string for gpios' (git-fixes). - Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes). - Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes). - Revert 'arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0' (git-fixes). - Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - USB: gadget: Fix use-after-free during usb config switch (git-fixes). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - USB: serial: option: add Quectel EC200U modem (git-fixes). - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - USB: serial: option: add Quectel EM05CN modem (git-fixes). - arm64: Fix Freescale LPUART dependency (boo#1204063). - arm64: atomics: format whitespace consistently (git-fixes). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). - blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: check minor range in device_add_disk() (git-fixes). - block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes). - block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix and cleanup bio_check_ro (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - bnxt_en: add dynamic debug support for HWRM messages (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - bnxt_en: fix the handling of PCIE-AER (git-fixes). - bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes). - bpf: Skip task with pid=1 in send_signal_common() (git-fixes). - btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). - btrfs: avoid inode logging during rename and link when possible (bsc#1207263). - btrfs: avoid logging all directory changes during renames (bsc#1207263). - btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363). - btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263). - btrfs: fix assertion failure when logging directory key range item (bsc#1207263). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: join running log transaction when logging new name (bsc#1207263). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). - btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). - btrfs: put initial index value of a directory in a constant (bsc#1207263). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). - btrfs: remove useless path release in the fast fsync path (bsc#1207263). - btrfs: remove write and wait of struct walk_control (bsc#1207263). - btrfs: stop copying old dir items when logging a directory (bsc#1207263). - btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). - btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). - btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - ceph: flush cap releases when the session is flushed (bsc#1208428). - cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not query ifaces on smb1 mounts (git-fixes). - cifs: do not take exclusive lock for updating target hints (bsc#1193629). - cifs: fix double free on failed kerberos auth (git-fixes). - cifs: fix file info setting in cifs_open_file() (git-fixes). - cifs: fix file info setting in cifs_query_path_info() (git-fixes). - cifs: fix potential memory leaks in session setup (bsc#1193629). - cifs: fix race in assemble_neg_contexts() (bsc#1193629). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). - cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove redundant assignment to the variable match (bsc#1193629). - cifs: remove unused function (bsc#1193629). - comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: lgm: Move DT parsing after initialization (git-fixes). - dmaengine: tegra210-adma: fix global intr clear (git-fixes). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). - docs: Fix the docs build with Sphinx 6.0 (git-fixes). - driver core: Fix test_async_probe_init saves device in wrong array (git-fixes). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). - drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/gt: Reset twice (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915: Fix VBT DSI DVO port handling (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: Initialize the obj flags for shmem objects (git-fixes). - drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - efi: Accept version 2 of memory attributes table (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). - exit: Add and use make_task_dead (bsc#1207328). - exit: Allow oops_limit to be disabled (bsc#1207328). - exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). - exit: Move force_uaccess back into do_exit (bsc#1207328). - exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). - exit: Put an upper limit on how often we can oops (bsc#1207328). - exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). - ext4,f2fs: fix readahead of verity data (bsc#1207648). - ext4: Fixup pages without buffers (bsc#1205495). - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: add helper to check quota inums (bsc#1207618). - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - ext4: add missing validation of fast-commit record lengths (bsc#1207626). - ext4: allocate extended attribute value in vmalloc area (bsc#1207635). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: disable fast-commit of encrypted dir operations (bsc#1207623). - ext4: do not allow journal inode to have encrypt flag (bsc#1207621). - ext4: do not increase iversion counter for ea_inodes (bsc#1207605). - ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). - ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). - ext4: drop ineligible txn start stop APIs (bsc#1207588). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). - ext4: factor out ext4_fc_get_tl() (bsc#1207615). - ext4: fast commit may miss file actions (bsc#1207591). - ext4: fast commit may not fallback for ineligible commit (bsc#1207590). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: goto right label 'failed_mount3a' (bsc#1207610). - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: place buffer head allocation before handle start (bsc#1207607). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: simplify updating of fast commit stats (bsc#1207589). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). - fs: remove __sync_filesystem (git-fixes). - fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - git_sort: add usb-linus branch for gregkh/usb - gsmi: fix null-deref in gsmi_get_variable (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i2c: mxs: suppress probe-deferral error message (git-fixes). - i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). - i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes). - i40e: Fix error handling in i40e_init_module() (git-fixes). - i40e: Fix not setting default xps_cpus after reset (git-fixes). - igb: Allocate MSI-X vector when testing (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes). - ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes). - jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). - jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). - jbd2: fix potential buffer head reference count leak (bsc#1207644). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). - jbd2: use the correct print format (git-fixes). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kabi/severities: add mlx5 internal symbols - kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). - l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). - md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: fix a crash in mempool_free (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes). - memory: tegra: Remove clients SID override programming (git-fixes). - misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes). - misc: fastrpc: Fix use-after-free race condition for maps (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010). - mm: compaction: support triggering of proactive compaction by user (bsc#1207010). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). - net/x25: Fix to not accept on connected socket (git-fixes). - net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes). - net: ena: Fix error handling in ena_init() (git-fixes). - net: liquidio: release resources when liquidio driver open failed (git-fixes). - net: liquidio: simplify if expression (git-fixes). - net: macvlan: Use built-in RCU list checking (git-fixes). - net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes). - net: nfc: Fix use-after-free in local_cleanup() (git-fixes). - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes). - net: tun: Fix memory leaks of napi_get_frags (git-fixes). - net: tun: Fix use-after-free in tun_detach() (git-fixes). - net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: sr9700: Handle negative len (git-fixes). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - nvdimm: disable namespace on error (bsc#1166486). - objtool: Add a missing comma to avoid string concatenation (bsc#1207328). - ocfs2: clear dinode links count in case of error (bsc#1207650). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). - ocfs2: fix crash when mount with quota enabled (bsc#1207640). - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). - ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). - ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). - ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682). - octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes). - octeontx2-pf: Add check for devm_kcalloc (git-fixes). - octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). - panic: Introduce warn_limit (bsc#1207328). - panic: unset panic_on_warn inside panic() (bsc#1207328). - phy: Revert 'phy: qualcomm: usb28nm: Add MDM9607 init sequence' (git-fixes). - phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (git-fixes). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes). - phy: ti: fix Kconfig warning and operator precedence (git-fixes). - pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes). - pinctrl: aspeed: Fix confusing types in return value (git-fixes). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes). - pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes). - pinctrl: rockchip: fix mux route data for rk3568 (git-fixes). - pinctrl: single: fix potential NULL dereference (git-fixes). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - regulator: da9211: Use irq handler when ready (git-fixes). - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - s390/qeth: fix various format strings (git-fixes). - sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: efct: Fix possible memleak in efct_device_init() (git-fixes). - scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - selftests: forwarding: lib: quote the sysctl values (git-fixes). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: atmel: fix incorrect baudrate setup (git-fixes). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes). - sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes). - signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes). - spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: vchiq_arm: fix enum vchiq_status return types (git-fixes). - swim3: add missing major.h include (git-fixes). - sysctl: add a new register_sysctl_init() interface (bsc#1207328). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes). - thunderbolt: Do not report errors if on-board retimers are found (git-fixes). - thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation. - tick/sched: Fix non-kernel-doc comment (git-fixes). - tomoyo: fix broken dependency on *.conf.default (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - trace_events_hist: add check for return value of 'create_hist_field' (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes). - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: fotg210-udc: Fix ages old endianness issues (git-fixes). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes). - usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes). - usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes). - usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes). - usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes). - usb: host: ehci-fsl: Fix module alias (git-fixes). - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: correctly enable callback during start_xmit (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - w1: fix WARNING after calling w1_process() (git-fixes). - w1: fix deadloop in __w1_remove_master_device() (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watchdog-diag288_wdt-fix-__diag288-inline-assembly.patch - watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes). - wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes). - writeback: avoid use-after-free after removing device (bsc#1207638). - x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). - x86/asm: Fix an assembler warning with current binutils (git-fixes). - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes). - x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). - x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes). - x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: estimate post-merge refcounts correctly (bsc#1208183). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: hoist refcount record merge predicates (bsc#1208183). - xfs: initialize the check_owner object fully (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - zram: Delete patch for regression addressed (bsc#1207933). - zram: do not lookup algorithm in backends table (git-fixes). Important SUSE bug 1166486 SUSE bug 1185861 SUSE bug 1185863 SUSE bug 1186449 SUSE bug 1191256 SUSE bug 1192868 SUSE bug 1193629 SUSE bug 1194869 SUSE bug 1195175 SUSE bug 1195655 SUSE bug 1196058 SUSE bug 1199701 SUSE bug 1203332 SUSE bug 1204063 SUSE bug 1204356 SUSE bug 1204662 SUSE bug 1205495 SUSE bug 1206006 SUSE bug 1206036 SUSE bug 1206056 SUSE bug 1206057 SUSE bug 1206224 SUSE bug 1206258 SUSE bug 1206363 SUSE bug 1206459 SUSE bug 1206616 SUSE bug 1206640 SUSE bug 1206677 SUSE bug 1206784 SUSE bug 1206876 SUSE bug 1206877 SUSE bug 1206878 SUSE bug 1206880 SUSE bug 1206881 SUSE bug 1206882 SUSE bug 1206883 SUSE bug 1206884 SUSE bug 1206885 SUSE bug 1206886 SUSE bug 1206887 SUSE bug 1206888 SUSE bug 1206889 SUSE bug 1206890 SUSE bug 1206893 SUSE bug 1206894 SUSE bug 1207010 SUSE bug 1207034 SUSE bug 1207036 SUSE bug 1207050 SUSE bug 1207125 SUSE bug 1207134 SUSE bug 1207149 SUSE bug 1207158 SUSE bug 1207184 SUSE bug 1207186 SUSE bug 1207188 SUSE bug 1207189 SUSE bug 1207190 SUSE bug 1207237 SUSE bug 1207263 SUSE bug 1207269 SUSE bug 1207328 SUSE bug 1207497 SUSE bug 1207500 SUSE bug 1207501 SUSE bug 1207506 SUSE bug 1207507 SUSE bug 1207588 SUSE bug 1207589 SUSE bug 1207590 SUSE bug 1207591 SUSE bug 1207592 SUSE bug 1207593 SUSE bug 1207594 SUSE bug 1207602 SUSE bug 1207603 SUSE bug 1207605 SUSE bug 1207606 SUSE bug 1207607 SUSE bug 1207608 SUSE bug 1207609 SUSE bug 1207610 SUSE bug 1207611 SUSE bug 1207612 SUSE bug 1207613 SUSE bug 1207614 SUSE bug 1207615 SUSE bug 1207616 SUSE bug 1207617 SUSE bug 1207618 SUSE bug 1207619 SUSE bug 1207620 SUSE bug 1207621 SUSE bug 1207622 SUSE bug 1207623 SUSE bug 1207624 SUSE bug 1207625 SUSE bug 1207626 SUSE bug 1207627 SUSE bug 1207628 SUSE bug 1207629 SUSE bug 1207630 SUSE bug 1207631 SUSE bug 1207632 SUSE bug 1207633 SUSE bug 1207634 SUSE bug 1207635 SUSE bug 1207636 SUSE bug 1207637 SUSE bug 1207638 SUSE bug 1207639 SUSE bug 1207640 SUSE bug 1207641 SUSE bug 1207642 SUSE bug 1207643 SUSE bug 1207644 SUSE bug 1207645 SUSE bug 1207646 SUSE bug 1207647 SUSE bug 1207648 SUSE bug 1207649 SUSE bug 1207650 SUSE bug 1207651 SUSE bug 1207652 SUSE bug 1207653 SUSE bug 1207734 SUSE bug 1207768 SUSE bug 1207769 SUSE bug 1207770 SUSE bug 1207771 SUSE bug 1207773 SUSE bug 1207795 SUSE bug 1207842 SUSE bug 1207875 SUSE bug 1207878 SUSE bug 1207933 SUSE bug 1208030 SUSE bug 1208044 SUSE bug 1208085 SUSE bug 1208149 SUSE bug 1208153 SUSE bug 1208183 SUSE bug 1208428 SUSE bug 1208429 CVE-2020-24588 CVE-2022-36280 CVE-2022-4382 CVE-2022-47929 CVE-2023-0045 CVE-2023-0122 CVE-2023-0179 CVE-2023-0266 CVE-2023-0590 CVE-2023-23454 CVE-2023-23455 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). Important SUSE bug 1084909 SUSE bug 1208787 SUSE bug 1210780 SUSE bug 1216058 SUSE bug 1216259 SUSE bug 1216584 SUSE bug 1216965 SUSE bug 1216976 CVE-2023-0461 CVE-2023-31083 CVE-2023-39197 CVE-2023-39198 CVE-2023-45863 CVE-2023-45871 CVE-2023-5717 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.5 (boo#1208328): - CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content. Update to version 2.38.4 (boo#1207997): - CVE-2023-23517: Fixed web content processing that could have led to arbitrary code execution. - CVE-2023-23518: Fixed web content processing that could have led to arbitrary code execution. - CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management. New CVE and bug references where added for already released updates: Update to version 2.38.3 (boo#1206750): - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. - CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. - CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. - CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. - CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. - CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Update to version 2.38.1: - CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Update to version 2.38.0: - CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Important SUSE bug 1206750 SUSE bug 1207997 SUSE bug 1208328 CVE-2022-42826 CVE-2022-42852 CVE-2022-42863 CVE-2022-42867 CVE-2022-46691 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 CVE-2023-23517 CVE-2023-23518 CVE-2023-23529 cpe:/o:opensuse:leap:15.4 Security update for ncurses (Moderate) openSUSE Leap 15.4 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) Moderate SUSE bug 1201384 SUSE bug 1218014 CVE-2023-50495 cpe:/o:opensuse:leap:15.4 Security update for freerdp (Moderate) openSUSE Leap 15.4 This update for freerdp fixes the following issues: - CVE-2023-39350: Fixed incorrect offset calculation leading to DoS (bsc#1214856). - CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX (bsc#1214857). - CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound Write (bsc#1214858). - CVE-2023-39353: Fixed Missing offset validation leading to Out Of Bound Read (bsc#1214859). - CVE-2023-39354: Fixed Out-Of-Bounds Read in nsc_rle_decompress_data (bsc#1214860). - CVE-2023-39356: Fixed Missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (bsc#1214862). - CVE-2023-40181: Fixed Integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (bsc#1214863). - CVE-2023-40186: Fixed IntegerOverflow leading to Out-Of-Bound Write Vulnerability in gdi_CreateSurface (bsc#1214864). - CVE-2023-40188: Fixed Out-Of-Bounds Read in general_LumaToYUV444 (bsc#1214866). - CVE-2023-40567: Fixed Out-Of-Bounds Write in clear_decompress_bands_data (bsc#1214867). - CVE-2023-40569: Fixed Out-Of-Bounds Write in progressive_decompress (bsc#1214868). - CVE-2023-40574: Fixed Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214869). - CVE-2023-40575: Fixed Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214870). - CVE-2023-40576: Fixed Out-Of-Bounds Read in RleDecompress (bsc#1214871). - CVE-2023-40589: Fixed Global-Buffer-Overflow in ncrush_decompress (bsc#1214872). Moderate SUSE bug 1214856 SUSE bug 1214857 SUSE bug 1214858 SUSE bug 1214859 SUSE bug 1214860 SUSE bug 1214862 SUSE bug 1214863 SUSE bug 1214864 SUSE bug 1214866 SUSE bug 1214867 SUSE bug 1214868 SUSE bug 1214869 SUSE bug 1214870 SUSE bug 1214871 SUSE bug 1214872 CVE-2023-39350 CVE-2023-39351 CVE-2023-39352 CVE-2023-39353 CVE-2023-39354 CVE-2023-39356 CVE-2023-40181 CVE-2023-40186 CVE-2023-40188 CVE-2023-40567 CVE-2023-40569 CVE-2023-40574 CVE-2023-40575 CVE-2023-40576 CVE-2023-40589 cpe:/o:opensuse:leap:15.4 Security update for libsass (Moderate) openSUSE Leap 15.4 This update for libsass fixes the following issues: - CVE-2022-26592: Fixed Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector:has_real_parent_ref function (bsc#1214576) - CVE-2022-43358: Fixed Stack overflow vulnerability in ast_selectors.cpp (bsc#1214575). - CVE-2022-43357: Fixed Stack overflow vulnerability in ast_selectors.cpp (bsc#1214573). Moderate SUSE bug 1214573 SUSE bug 1214575 SUSE bug 1214576 CVE-2022-26592 CVE-2022-43357 CVE-2022-43358 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.5 (boo#1208328): - CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content. Update to version 2.38.4 (boo#1207997): - CVE-2023-23517: Fixed web content processing that could have led to arbitrary code execution. - CVE-2023-23518: Fixed web content processing that could have led to arbitrary code execution. - CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management. New CVE and bug references where added for already released updates: Update to version 2.38.3 (boo#1206750): - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. - CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. - CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. - CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. - CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. - CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Update to version 2.38.1: - CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Update to version 2.38.0: - CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Important SUSE bug 1206750 SUSE bug 1207997 SUSE bug 1208328 CVE-2022-42826 CVE-2022-42852 CVE-2022-42863 CVE-2022-42867 CVE-2022-46691 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 CVE-2023-23517 CVE-2023-23518 CVE-2023-23529 cpe:/o:opensuse:leap:15.4 Security update for avahi (Moderate) openSUSE Leap 15.4 This update for avahi fixes the following issues: - CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853). Moderate SUSE bug 1216853 CVE-2023-38472 cpe:/o:opensuse:leap:15.4 Security update for openssh (Important) openSUSE Leap 15.4 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump Important SUSE bug 1214788 SUSE bug 1217950 CVE-2023-48795 cpe:/o:opensuse:leap:15.4 Security update for python-aiohttp (Moderate) openSUSE Leap 15.4 This update for python-aiohttp fixes the following issues: - CVE-2023-47641: Fixed inconsistent interpretation of the http protocol, if content-length and transport-encoding are in the same header with transport-encoding value of 'chunked*' (bsc#1217174) Moderate SUSE bug 1217174 CVE-2023-47641 cpe:/o:opensuse:leap:15.4 Security update for avahi (Moderate) openSUSE Leap 15.4 This update for avahi fixes the following issues: - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). - CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). Moderate SUSE bug 1215947 SUSE bug 1216419 CVE-2023-38470 CVE-2023-38473 cpe:/o:opensuse:leap:15.4 Security update for rubygem-activerecord-5_1 (Moderate) openSUSE Leap 15.4 This update for rubygem-activerecord-5_1 fixes the following issues: - CVE-2022-44566: Fixed possible denial of service vulnerability in ActiveRecord's PostgreSQL adapter (bsc#1207450). Moderate SUSE bug 1207450 CVE-2022-44566 cpe:/o:opensuse:leap:15.4 Security update for ghostscript (Important) openSUSE Leap 15.4 This update for ghostscript fixes the following issues: - CVE-2023-46751: Fixed dangling pointer in gdev_prn_open_printer_seekable() (bsc#1217871). Important SUSE bug 1217871 CVE-2023-46751 cpe:/o:opensuse:leap:15.4 Security update for xwayland (Important) openSUSE Leap 15.4 This update for xwayland fixes the following issues: - CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). Important SUSE bug 1217765 CVE-2023-6377 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974). * CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (bmo#1843782). * CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (bmo#1796023). * CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791). * CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144). * CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (bmo#1854669). * CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (bmo#1864118). * CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042). * CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901). * CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. * CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream (bmo#1864123). * CVE-2023-6867: Clickjacking permission prompts using the popup transition (bmo#1863863). - Fixed: Various security fixes and other quality improvements MFSA 2023-50 (bsc#1217230) * CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled * CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with '///' * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 Important SUSE bug 1217230 SUSE bug 1217974 CVE-2023-6204 CVE-2023-6205 CVE-2023-6206 CVE-2023-6207 CVE-2023-6208 CVE-2023-6209 CVE-2023-6212 CVE-2023-6856 CVE-2023-6857 CVE-2023-6858 CVE-2023-6859 CVE-2023-6860 CVE-2023-6861 CVE-2023-6862 CVE-2023-6863 CVE-2023-6864 CVE-2023-6865 CVE-2023-6867 cpe:/o:opensuse:leap:15.4 Security update for go1.20-openssl (Important) openSUSE Leap 15.4 This update for go1.20-openssl fixes the following issues: Update to version 1.20.12.1: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). - CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). - cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents - cmd/go: TestScript/mod_get_direct fails with 'Filename too long' on Windows Important SUSE bug 1206346 SUSE bug 1216943 SUSE bug 1217833 SUSE bug 1217834 CVE-2023-39326 CVE-2023-45284 CVE-2023-45285 cpe:/o:opensuse:leap:15.4 Security update for go1.21-openssl (Important) openSUSE Leap 15.4 This update for go1.21-openssl fixes the following issues: Update to version 1.21.5.1: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). - CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). - cmd/go: go mod download needs to support toolchain upgrades - cmd/compile: invalid pointer found on stack when compiled with -race - os: NTFS deduped file changed from regular to irregular - net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1 - cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents - syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms - runtime: self-deadlock on mheap_.lock - crypto/rand: Legacy RtlGenRandom use on Windows Important SUSE bug 1212475 SUSE bug 1216943 SUSE bug 1217833 SUSE bug 1217834 CVE-2023-39326 CVE-2023-45284 CVE-2023-45285 cpe:/o:opensuse:leap:15.4 Security update for libreoffice (Important) openSUSE Leap 15.4 This update for libreoffice fixes the following issues: - CVE-2023-6186: Fixed link targets allow arbitrary script execution (bsc#1217578). - CVE-2023-6185: Fixed Improper input validation enabling arbitrary Gstreamer pipeline injection (bsc#1217577). Important SUSE bug 1217577 SUSE bug 1217578 CVE-2023-6185 CVE-2023-6186 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). Important SUSE bug 1217765 CVE-2023-6377 cpe:/o:opensuse:leap:15.4 Security update for docker, rootlesskit (Important) openSUSE Leap 15.4 This update for docker, rootlesskit fixes the following issues: docker: - Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513 * Deny containers access to /sys/devices/virtual/powercap by default. - CVE-2020-8694 bsc#1170415 - CVE-2020-8695 bsc#1170446 - CVE-2020-12912 bsc#1178760 - Update to Docker 24.0.6-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323 - Add a docker.socket unit file, but with socket activation effectively disabled to ensure that Docker will always run even if you start the socket individually. Users should probably just ignore this unit file. bsc#1210141 - Update to Docker 24.0.5-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229 This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180) rootlesskit: - new package, for docker rootless support. (jsc#PED-6180) Important SUSE bug 1170415 SUSE bug 1170446 SUSE bug 1178760 SUSE bug 1210141 SUSE bug 1213229 SUSE bug 1213500 SUSE bug 1215323 SUSE bug 1217513 CVE-2020-12912 CVE-2020-8694 CVE-2020-8695 cpe:/o:opensuse:leap:15.4 Security update for wireshark (Moderate) openSUSE Leap 15.4 This update for wireshark fixes the following issues: Update to 3.6.19: - CVE-2023-6175: NetScreen file parser crash (bsc#1217272). Moderate SUSE bug 1217272 CVE-2023-6175 cpe:/o:opensuse:leap:15.4 Security update for rabbitmq-server (Moderate) openSUSE Leap 15.4 This update for rabbitmq-server fixes the following issues: - CVE-2023-46118: Introduce HTTP request body limit for definition uploads (bsc#1216582). Moderate SUSE bug 1216582 CVE-2023-46118 cpe:/o:opensuse:leap:15.4 Security update for zbar (Moderate) openSUSE Leap 15.4 This update for zbar fixes the following issues: - CVE-2023-40889: Fixed heap-based buffer overflow in the qr_reader_match_centers function (bsc#1214770). - CVE-2023-40890: Fixed stack-based buffer overflow in the lookup_sequence function (bsc#1214771). Moderate SUSE bug 1214770 SUSE bug 1214771 CVE-2023-40889 CVE-2023-40890 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). Important SUSE bug 1217765 CVE-2023-6377 cpe:/o:opensuse:leap:15.4 Security update for poppler (Important) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692). Important SUSE bug 1202692 CVE-2022-38784 cpe:/o:opensuse:leap:15.4 Security update for libqt5-qtbase (Moderate) openSUSE Leap 15.4 This update for libqt5-qtbase fixes the following issues: - CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader (bsc#1214327). - libq5-qtbase was rebuild against icu 73. jsc#PED-6193 Moderate SUSE bug 1214327 CVE-2023-37369 cpe:/o:opensuse:leap:15.4 Security update for libcryptopp (Moderate) openSUSE Leap 15.4 This update for libcryptopp fixes the following issues: - CVE-2023-50980: Fixed DoS via malformed DER public key file (bsc#1218219). Moderate SUSE bug 1218219 CVE-2023-50980 cpe:/o:opensuse:leap:15.4 Security update for tinyxml (Moderate) openSUSE Leap 15.4 This update for tinyxml fixes the following issues: - CVE-2023-34194: Fixed reachable assertion may lead to denial of service (bsc#1218040). Moderate SUSE bug 1218040 CVE-2023-34194 cpe:/o:opensuse:leap:15.4 Security update for ppp (Moderate) openSUSE Leap 15.4 This update for ppp fixes the following issues: - CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251). Moderate SUSE bug 1218251 CVE-2022-4603 cpe:/o:opensuse:leap:15.4 Security update for jbigkit (Low) openSUSE Leap 15.4 This update for jbigkit fixes the following issues: - CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146). Low SUSE bug 1198146 CVE-2022-1210 cpe:/o:opensuse:leap:15.4 Security update for distribution (Moderate) openSUSE Leap 15.4 This update for distribution fixes the following issues: distribution was updated to 2.8.3 (bsc#1216491): * Pass `BUILDTAGS` argument to `go build` * Enable Go build tags * `reference`: replace deprecated function `SplitHostname` * Dont parse errors as JSON unless Content-Type is set to JSON * update to go 1.20.8 * Set `Content-Type` header in registry client `ReadFrom` * deprecate reference package, migrate to github.com/distribution/reference * `digestset`: deprecate package in favor of `go-digest/digestset` * Do not close HTTP request body in HTTP handler Moderate SUSE bug 1216491 cpe:/o:opensuse:leap:15.4 Security update for gnutls (Moderate) openSUSE Leap 15.4 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). Moderate SUSE bug 1217277 CVE-2023-5981 cpe:/o:opensuse:leap:15.4 Security update for python-pip (Low) openSUSE Leap 15.4 This update for python-pip fixes the following issues: - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter (bsc#1217353). Low SUSE bug 1217353 CVE-2023-5752 cpe:/o:opensuse:leap:15.4 Security update for libraw (Moderate) openSUSE Leap 15.4 This update for libraw fixes the following issues: - CVE-2021-32142: Fixed buffer overflow in the LibRaw_buffer_datastream:gets function (bsc#1208470). Moderate SUSE bug 1208470 CVE-2021-32142 cpe:/o:opensuse:leap:15.4 Security update for libraw (Moderate) openSUSE Leap 15.4 This update for libraw fixes the following issues: - CVE-2021-32142: Fixed buffer overflow in the LibRaw_buffer_datastream:gets function (bsc#1208470). Moderate SUSE bug 1208470 CVE-2021-32142 cpe:/o:opensuse:leap:15.4 Security update for php7 (Important) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2023-0568: Fixed NULL byte off-by-one in php_check_specific_open_basedir (bnc#1208366). - CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body (bnc#1208367). - CVE-2023-0567: Fixed vulnerability where BCrypt hashes erroneously validate if the salt is cut short by `$` (bsc#1208388). Important SUSE bug 1208366 SUSE bug 1208367 SUSE bug 1208388 CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 cpe:/o:opensuse:leap:15.4 Security update for php7 (Important) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2023-0568: Fixed NULL byte off-by-one in php_check_specific_open_basedir (bnc#1208366). - CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body (bnc#1208367). - CVE-2023-0567: Fixed vulnerability where BCrypt hashes erroneously validate if the salt is cut short by `$` (bsc#1208388). Important SUSE bug 1208366 SUSE bug 1208367 SUSE bug 1208388 CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 cpe:/o:opensuse:leap:15.4 Security update for tpm2-0-tss (Moderate) openSUSE Leap 15.4 This update for tpm2-0-tss fixes the following issues: - CVE-2023-22745: Fixed a memory safety issue that could be exploited by local attackers with TPM access (bsc#1207325). Moderate SUSE bug 1207325 CVE-2023-22745 cpe:/o:opensuse:leap:15.4 Security update for php8 (Important) openSUSE Leap 15.4 This update for php8 fixes the following issues: php8 was updated to version 8.0.28: - CVE-2023-0568: Fixed NULL byte off-by-one in php_check_specific_open_basedir (bnc#1208366). - CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body (bnc#1208367). Important SUSE bug 1208366 SUSE bug 1208367 CVE-2023-0568 CVE-2023-0662 cpe:/o:opensuse:leap:15.4 Security update for python3 (Moderate) openSUSE Leap 15.4 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). Moderate SUSE bug 1205244 SUSE bug 1208443 CVE-2022-45061 cpe:/o:opensuse:leap:15.4 Security update for libxslt (Important) openSUSE Leap 15.4 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). Important SUSE bug 1208574 CVE-2021-30560 cpe:/o:opensuse:leap:15.4 Security update for libksba (Moderate) openSUSE Leap 15.4 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). Moderate SUSE bug 1206579 CVE-2022-47629 cpe:/o:opensuse:leap:15.4 Security update for ucode-intel (Important) openSUSE Leap 15.4 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20230214 release. Security issues fixed: - CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275) - CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276) - CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277) - New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13 - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable Important SUSE bug 1208275 SUSE bug 1208276 SUSE bug 1208277 CVE-2022-21216 CVE-2022-33196 CVE-2022-38090 cpe:/o:opensuse:leap:15.4 Security update for postgresql15 (Important) openSUSE Leap 15.4 This update for postgresql15 fixes the following issues: Update to 15.2: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). Important SUSE bug 1208102 CVE-2022-41862 cpe:/o:opensuse:leap:15.4 Security update for postgresql13 (Important) openSUSE Leap 15.4 This update for postgresql13 fixes the following issues: Update to 13.10: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). Important SUSE bug 1208102 CVE-2022-41862 cpe:/o:opensuse:leap:15.4 Security update for emacs (Important) openSUSE Leap 15.4 This update for emacs fixes the following issues: - CVE-2022-48337: Fixed etags local command injection vulnerability (bsc#1208515). - CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability (bsc#1208512). - CVE-2022-48338: Fixed ruby-mode.el local command injection vulnerability (bsc#1208514). Important SUSE bug 1208512 SUSE bug 1208514 SUSE bug 1208515 CVE-2022-48337 CVE-2022-48338 CVE-2022-48339 cpe:/o:opensuse:leap:15.4 Security update for MozillaThunderbird (Important) openSUSE Leap 15.4 This update for MozillaThunderbird fixes the following issues: Updated Mozilla Thunderbird to version 102.8.0 (bsc#1208144): - CVE-2023-0616: Fixed User Interface lockup via messages combining S/MIME and OpenPGP. - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. - CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. - CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS. - CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey. - CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry. - CVE-2023-25738: Fixed printing on Windows could potentially crash Thunderbird with some device drivers. - CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. - CVE-2023-25729: Fixed vulnerability where extensions could have opened external schemes without user knowledge. - CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream. - CVE-2023-25734: Fixed issue where opening local .url files could cause unexpected network loads. - CVE-2023-25742: Fixed tab crashing caused by Web Crypto ImportKey. - CVE-2023-25746: Fixed memory safety bugs. Important SUSE bug 1208144 CVE-2023-0616 CVE-2023-0767 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25734 CVE-2023-25735 CVE-2023-25737 CVE-2023-25738 CVE-2023-25739 CVE-2023-25742 CVE-2023-25746 cpe:/o:opensuse:leap:15.4 Security update for nautilus (Moderate) openSUSE Leap 15.4 This update for nautilus fixes the following issues: - CVE-2022-37290: Fixed a denial of service caused by pasted ZIP archives (bsc#1205418). Moderate SUSE bug 1205418 CVE-2022-37290 cpe:/o:opensuse:leap:15.4 Security update for google-guest-agent (Important) openSUSE Leap 15.4 This update for google-guest-agent fixes the following issues: Updated to version 20230222.00 and bumped go API version to 1.18 to address the following (bsc#1208723): - CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468). - CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838). Bugfixes: - Avoid bashism in post-install scripts (bsc#1195391). Important SUSE bug 1191468 SUSE bug 1195391 SUSE bug 1195838 SUSE bug 1208723 CVE-2021-38297 CVE-2022-23806 cpe:/o:opensuse:leap:15.4 Security update for google-osconfig-agent (Important) openSUSE Leap 15.4 This update for google-osconfig-agent fixes the following issues: Updated to version 20230222.00 and bumped go API version to 1.18 to address the following (bsc#1208723): - CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468). - CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838). Important SUSE bug 1191468 SUSE bug 1195838 SUSE bug 1208723 CVE-2021-38297 CVE-2022-23806 cpe:/o:opensuse:leap:15.4 Security update for nodejs10 (Important) openSUSE Leap 15.4 This update for nodejs10 fixes the following issues: - CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). Important SUSE bug 1208487 CVE-2023-23920 cpe:/o:opensuse:leap:15.4 Security update for nodejs16 (Important) openSUSE Leap 15.4 This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481). - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483). - CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). - CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485). - CVE-2023-24807: Fixed possible Regular Expression Denial of Service (ReDoS) via Headers.set() and Headers.append() methods (bsc#1208413). Bug fixes: - Workaround for failing openssl-nodejs test (bsc#1205568). Important SUSE bug 1205568 SUSE bug 1208413 SUSE bug 1208481 SUSE bug 1208483 SUSE bug 1208485 SUSE bug 1208487 CVE-2023-23918 CVE-2023-23919 CVE-2023-23920 CVE-2023-23936 CVE-2023-24807 cpe:/o:opensuse:leap:15.4 Security update for pkgconf (Moderate) openSUSE Leap 15.4 This update for pkgconf fixes the following issues: - CVE-2023-24056: Fixed unbounded string expansion due to incorrect checks in libpkgconf/tuple.c (bsc#1207394). Moderate SUSE bug 1207394 CVE-2023-24056 cpe:/o:opensuse:leap:15.4 Security update for tpm2-0-tss (Moderate) openSUSE Leap 15.4 This update for tpm2-0-tss fixes the following issues: - CVE-2023-22745: Fixed a memory safety issue that could be exploited by local attackers with TPM access (bsc#1207325). Moderate SUSE bug 1207325 CVE-2023-22745 cpe:/o:opensuse:leap:15.4 Security update for w3m (Moderate) openSUSE Leap 15.4 This update for w3m fixes the following issues: - CVE-2022-38223: Fixed a memory safety issue when dumping crafted input to standard out (bsc#1202684). Moderate SUSE bug 1202684 CVE-2022-38223 cpe:/o:opensuse:leap:15.4 Security update for xwayland (Important) openSUSE Leap 15.4 This update for xwayland fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). Important SUSE bug 1205874 CVE-2022-46340 cpe:/o:opensuse:leap:15.4 Security update for libX11 (Moderate) openSUSE Leap 15.4 This update for libX11 fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) Moderate SUSE bug 1204425 SUSE bug 1208881 CVE-2022-3555 cpe:/o:opensuse:leap:15.4 Security update for qemu (Important) openSUSE Leap 15.4 This update for qemu fixes the following issues: - CVE-2022-4144: Fixed qxl_phys2virt unsafe address translation that can lead to out-of-bounds read (bsc#1205808). - CVE-2022-3165: Fixed integer underflow in vnc_client_cut_text_ext() (bsc#1203788). - CVE-2022-1050: Fixed use-after-free issue in pvrdma_exec_cmd() (bsc#1197653). Bugfixes: - Fixed deviation of guest clock (bsc#1206527). - Fixed broken 'block limits' VPD emulation (bsc#1202364). Important SUSE bug 1197653 SUSE bug 1202364 SUSE bug 1203788 SUSE bug 1205808 SUSE bug 1206527 CVE-2022-1050 CVE-2022-3165 CVE-2022-4144 cpe:/o:opensuse:leap:15.4 Security update for nodejs14 (Important) openSUSE Leap 15.4 This update for nodejs14 fixes the following issues: Update to 14.21.3: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481). - CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). Important SUSE bug 1208481 SUSE bug 1208487 CVE-2023-23918 CVE-2023-23920 cpe:/o:opensuse:leap:15.4 Security update for poppler (Important) openSUSE Leap 15.4 This update for poppler fixes the following issues: - CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692). Bugfixes: - Fixed issue where some PDF generators generate PDF with some wrong numbers in entry table, but the content is still valid (bsc#1181551). Important SUSE bug 1181551 SUSE bug 1202692 CVE-2022-38784 cpe:/o:opensuse:leap:15.4 Security update for libxslt (Important) openSUSE Leap 15.4 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). Important SUSE bug 1208574 CVE-2021-30560 cpe:/o:opensuse:leap:15.4 Security update for nodejs12 (Important) openSUSE Leap 15.4 This update for nodejs12 fixes the following issues: - CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). Important SUSE bug 1208487 CVE-2023-23920 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). Important SUSE bug 1205874 CVE-2022-46340 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-openj9 (Moderate) openSUSE Leap 15.4 This update for java-1_8_0-openj9 fixes the following issues: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). Moderate SUSE bug 1207248 SUSE bug 1207249 CVE-2023-21830 CVE-2023-21843 cpe:/o:opensuse:leap:15.4 Security update for SDL2 (Moderate) openSUSE Leap 15.4 This update for SDL2 fixes the following issues: - CVE-2022-4743: Fixed a potential memory leak when creating a texture for an OpenGL ES image (bsc#1206727). Moderate SUSE bug 1206727 CVE-2022-4743 cpe:/o:opensuse:leap:15.4 Security update for xen (Moderate) openSUSE Leap 15.4 This update for xen fixes the following issues: - CVE-2022-27672: Fixed speculative execution vulnerability due to RAS being dynamically partitioned between non-idle threads (bsc#1208286). Bugfixes: - Fixed launch-xenstore error (bsc#1205792) - Fixed issues in VMX (bsc#1027519). Moderate SUSE bug 1027519 SUSE bug 1205792 SUSE bug 1208286 CVE-2022-27672 cpe:/o:opensuse:leap:15.4 Security update for redis (Important) openSUSE Leap 15.4 This update for redis fixes the following issues: - CVE-2022-36021: Fixed integer overflow in RANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands (bsc#1208790). - CVE-2023-25155: Fixed integer Overflow in RAND commands can lead to assertion (bsc#1208793). The following non-security bug was fixed: - Fixed redis-sentinel not starting due to the hardening in the systemd service (bsc#1208235). Important SUSE bug 1208235 SUSE bug 1208790 SUSE bug 1208793 CVE-2022-36021 CVE-2023-25155 cpe:/o:opensuse:leap:15.4 Security update for ffmpeg (Moderate) openSUSE Leap 15.4 This update for ffmpeg fixes the following issues: - CVE-2022-3109: Fixed null pointer dereference in vp3_decode_frame() (bsc#1206442). Moderate SUSE bug 1206442 CVE-2022-3109 cpe:/o:opensuse:leap:15.4 Security update for postgresql14 (Important) openSUSE Leap 15.4 This update for postgresql14 fixes the following issues: Update to 14.7: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). Important SUSE bug 1208102 CVE-2022-41862 cpe:/o:opensuse:leap:15.4 Security update for python39 (Important) openSUSE Leap 15.4 This update for python39 fixes the following issues: - CVE-2023-24329: Fixed blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). Update to 3.9.16: - python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log. This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printing. - Avoid publishing list of active per-interpreter audit hooks via the gc module - The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name (CVE-2015-20107). - Update bundled libexpat to 2.5.0 - Port XKCP’s fix for the buffer overflows in SHA-3 (CVE-2022-37454). - On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. Only code that chooses to use the “forkserver” start method is affected. Abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. This was a potential privilege escalation. Filesystem based socket permissions restrict this to the forkserver process user as was the default in Python 3.8 and earlier. This prevents Linux CVE-2022-42919. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). Important SUSE bug 1208471 CVE-2015-20107 CVE-2022-37454 CVE-2022-42919 CVE-2022-45061 CVE-2023-24329 cpe:/o:opensuse:leap:15.4 Security update for java-1_8_0-openjdk (Moderate) openSUSE Leap 15.4 This update for java-1_8_0-openjdk fixes the following issues: Updated to version jdk8u362 (icedtea-3.26.0): - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). Moderate SUSE bug 1207248 SUSE bug 1207249 CVE-2023-21830 CVE-2023-21843 cpe:/o:opensuse:leap:15.4 Security update for python-cryptography (Moderate) openSUSE Leap 15.4 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036). Moderate SUSE bug 1208036 CVE-2023-23931 cpe:/o:opensuse:leap:15.4 Security update for python (Important) openSUSE Leap 15.4 This update for python fixes the following issues: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). The following non-security bug was fixed: - Making compileall.py compliant with year 2038 (bsc#1202666, gh#python/cpython#79171). Important SUSE bug 1202666 SUSE bug 1205244 SUSE bug 1208471 CVE-2022-45061 CVE-2023-24329 cpe:/o:opensuse:leap:15.4 Security update for rubygem-rack (Important) openSUSE Leap 15.4 This update for rubygem-rack fixes the following issues: - CVE-2023-27530: Fixed denial of service in Multipart MIME parsing (bsc#1209095). Important SUSE bug 1209095 CVE-2023-27530 cpe:/o:opensuse:leap:15.4 Security update for php7 (Important) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958). Important SUSE bug 1206958 CVE-2022-31631 cpe:/o:opensuse:leap:15.4 Security update for jakarta-commons-fileupload (Important) openSUSE Leap 15.4 This update for jakarta-commons-fileupload fixes the following issues: - CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359). - CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513). Important SUSE bug 1208513 SUSE bug 986359 CVE-2016-3092 CVE-2023-24998 cpe:/o:opensuse:leap:15.4 Security update for xorg-x11-server (Important) openSUSE Leap 15.4 This update for xorg-x11-server fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). Important SUSE bug 1205874 CVE-2022-46340 cpe:/o:opensuse:leap:15.4 Security update for go1.19 (Important) openSUSE Leap 15.4 This update for go1.19 fixes the following issues: - CVE-2022-41722: Fixed path traversal in filepath.Clean on Windows (bsc#1208269). - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270). - CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271). - CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272). - CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030). Update to go1.19.7 * go#58441 runtime: some linkname signatures do not match * go#58502 cmd/link: relocation truncated to fit: R_ARM_CALL against `runtime.duffcopy' * go#58535 runtime: long latency of sweep assists * go#58716 net: TestTCPSelfConnect failures due to unexpected connections * go#58773 syscall: Environ uses an invalid unsafe.Pointer conversion on Windows * go#58810 crypto/x509: TestSystemVerify consistently failing Update to go1.19.6: * go#56154 net/http: bad handling of HEAD requests with a body * go#57635 crypto/x509: TestBoringAllowCert failures * go#57812 runtime: performance regression due to bad instruction used in morestack_noctxt for ppc64 in CL 425396 * go#58118 time: update zoneinfo_abbrs on Windows * go#58223 cmd/link: .go.buildinfo is gc'ed by --gc-sections * go#58449 cmd/go/internal/modfetch: TestCodeRepo/gopkg.in_natefinch_lumberjack.v2/latest failing Update to go1.19.5 (bsc#1200441): * go#57706 Misc/cgo: backport needed for dlltool fix * go#57556 crypto/x509: re-allow duplicate attributes in CSRs * go#57444 cmd/link: need to handle new-style LoongArch relocs * go#57427 crypto/x509: Verify on macOS does not return typed errors * go#57345 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its 'old' argument. * go#57339 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices * go#57214 os: TestLstat failure on Linux Aarch64 * go#57212 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length * go#57124 sync/atomic: allow linked lists of atomic.Pointer * go#57100 cmd/compile: non-retpoline-compatible errors * go#57058 cmd/go: remove test dependency on gopkg.in service * go#57055 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders * go#56983 runtime: failure in TestRaiseException on windows-amd64-2012 * go#56834 cmd/link/internal/ppc64: too-far trampoline is reused * go#56770 cmd/compile: walkConvInterface produces broken IR * go#56744 cmd/compile: internal compiler error: missing typecheck * go#56712 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target * go#56154 net/http: bad handling of HEAD requests with a body Important SUSE bug 1200441 SUSE bug 1208269 SUSE bug 1208270 SUSE bug 1208271 SUSE bug 1208272 SUSE bug 1209030 CVE-2022-41722 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2023-24532 cpe:/o:opensuse:leap:15.4 Security update for go1.20 (Important) openSUSE Leap 15.4 This update for go1.20 fixes the following issues: - Improvements to go1.x packaging spec: * On Tumbleweed bootstrap with current default gcc13 and gccgo118 * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap using go1.x package (%bcond_without gccgo). This is no longer needed on current SLE-12:Update and removing will consolidate the build configurations used. * Change source URLs to go.dev as per Go upstream * On x86_64 export GOAMD64=v1 as per the current baseline. At this time forgo GOAMD64=v3 option for x86_64_v3 support. * On x86_64 %define go_amd64=v1 as current instruction baseline * In %check on x86_64 use value %go_amd64=v1 as GOAMD64=v1 to grep correct TSAN version is checked out from LLVM with new spelling for internal/amd64v1/race_linux.syso go1.20.2 (released 2023-03-07) includes a security fix to the crypto/elliptic package, as well as bug fixes to the compiler, the covdata command, the linker, the runtime, and the crypto/ecdh, crypto/rsa, crypto/x509, os, and syscall packages. (boo#1206346) * CVE-2023-24532: crypto/elliptic: Fixed that specific unreduced P-256 scalars produce incorrect results (boo#1209030) * cmd/covdata: short read on string table when merging coverage counters * runtime: some linkname signatures do not match * cmd/compile: inline static init cause compile time error * cmd/compile: internal compiler error: '(*Tree[go.shape.int]).RemoveParent.func1': value .dict (nil) incorrectly live at entry * crypto/ecdh: ECDH method doesn't check curve * cmd/link: relocation truncated to fit: R_ARM_CALL against `runtime.duffcopy' * crypto/internal/bigmod: flag amd64 assembly as noescape * runtime: endless traceback when panic in generics funtion * runtime: long latency of sweep assists * syscall.Faccessat and os.LookPath regression in Go 1.20 * os: cmd/go gets error 'copy_file_range: function not implemented' * net: TestTCPSelfConnect failures due to unexpected connections * syscall: Environ uses an invalid unsafe.Pointer conversion on Windows * cmd/compile: ICE on method value involving imported anonymous interface * crypto/x509: Incorrect documentation for ParsePKCS8PrivateKey * crypto/x509: TestSystemVerify consistently failing go1.20.1 (released 2023-02-14) includes security fixes to the crypto/tls, mime/multipart, net/http, and path/filepath packages, as well as bug fixes to the compiler, the go command, the linker, the runtime, and the time package. (bsc#1206346) - CVE-2022-41722 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 * bsc#1208269 security: fix CVE-2022-41722 path/filepath: path traversal in filepath.Clean on Windows * bsc#1208270 security: fix CVE-2022-41723 net/http: avoid quadratic complexity in HPACK decoding * bsc#1208271 security: fix CVE-2022-41724 crypto/tls: large handshake records may cause panics * bsc#1208272 security: fix CVE-2022-41725 net/http, mime/multipart: denial of service from excessive resource consumption * time: update zoneinfo_abbrs on Windows * cmd/link: .go.buildinfo is gc'ed by --gc-sections * cmd/compile/internal/pgo: Detect sample value position instead of hard-coding * cmd/compile: constant overflows when assigned to package level var (Go 1.20 regression) * cmd/compile: internal compiler error: panic: interface conversion: ir.Node is *ir.CompLitExpr, not *ir.Name * cmd/compile: internal compiler error: Type.Elem UNION * runtime: GOOS=ios fails Apple's app validation due to use of private API * cmd/go/internal/test: stale flagdefs.go not detected by tests * all: test failures with ETXTBSY * cmd/go/internal/modfetch: TestCodeRepo/gopkg.in_natefinch_lumberjack.v2/latest failing - go1.20 (released 2023-02-01) is a major release of Go. go1.20.x minor releases will be provided through February 2024. https://github.com/golang/go/wiki/Go-Release-Cycle go1.20 arrives six months after go1.19. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. ( bsc#1206346 jsc#PED-1962 ) * Go 1.20 includes four changes to the language * Language change: Go 1.17 added conversions from slice to an array pointer. Go 1.20 extends this to allow conversions from a slice to an array * Language change: The unsafe package defines three new functions SliceData, String, and StringData. Along with Go 1.17's Slice, these functions now provide the complete ability to construct and deconstruct slice and string values, without depending on their exact representation. * Language change: The specification now defines that struct values are compared one field at a time, considering fields in the order they appear in the struct type definition, and stopping at the first mismatch. The specification could previously have been read as if all fields needed to be compared beyond the first mismatch. Similarly, the specification now defines that array values are compared one element at a time, in increasing index order. In both cases, the difference affects whether certain comparisons must panic. Existing programs are unchanged: the new spec wording describes what the implementations have always done. * Language change: Comparable types (such as ordinary interfaces) may now satisfy comparable constraints, even if the type arguments are not strictly comparable (comparison may panic at runtime). This makes it possible to instantiate a type parameter constrained by comparable (e.g., a type parameter for a user-defined generic map key) with a non-strictly comparable type argument such as an interface type, or a composite type containing an interface type. * go command: The directory $GOROOT/pkg no longer stores pre-compiled package archives for the standard library: go install no longer writes them, the go build no longer checks for them, and the Go distribution no longer ships them. Instead, packages in the standard library are built as needed and cached in the build cache, just like packages outside GOROOT. This change reduces the size of the Go distribution and also avoids C toolchain skew for packages that use cgo. Refs jsc#PED-1962 * go command: The implementation of go test -json has been improved to make it more robust. Programs that run go test -json do not need any updates. Programs that invoke go tool test2json directly should now run the test binary with -v=test2json (for example, go test -v=test2json or ./pkg.test -test.v=test2json) instead of plain -v. * go command: A related change to go test -json is the addition of an event with Action set to start at the beginning of each test program's execution. When running multiple tests using the go command, these start events are guaranteed to be emitted in the same order as the packages named on the command line. * go command: The go command now defines architecture feature build tags, such as amd64.v2, to allow selecting a package implementation file based on the presence or absence of a particular architecture feature. See go help buildconstraint for details. * go command: The go subcommands now accept -C <dir> to change directory to <dir> before performing the command, which may be useful for scripts that need to execute commands in multiple different modules. * go command: The go build and go test commands no longer accept the -i flag, which has been deprecated since Go 1.16. * go command: The go generate command now accepts -skip <pattern> to skip //go:generate directives matching <pattern>. * go command: The go test command now accepts -skip <pattern> to skip tests, subtests, or examples matching <pattern>. * go command: When the main module is located within GOPATH/src, go install no longer installs libraries for non-main packages to GOPATH/pkg, and go list no longer reports a Target field for such packages. (In module mode, compiled packages are stored in the build cache only, but a bug had caused the GOPATH install targets to unexpectedly remain in effect.) * go command: The go build, go install, and other build-related commands now support a -pgo flag that enables profile-guided optimization, which is described in more detail in the Compiler section below. The -pgo flag specifies the file path of the profile. Specifying -pgo=auto causes the go command to search for a file named default.pgo in the main package's directory and use it if present. This mode currently requires a single main package to be specified on the command line, but we plan to lift this restriction in a future release. Specifying -pgo=off turns off profile-guided optimization. * go command: The go build, go install, and other build-related commands now support a -cover flag that builds the specified target with code coverage instrumentation. This is described in more detail in the Cover section below. * go version: The go version -m command now supports reading more types of Go binaries, most notably, Windows DLLs built with go build -buildmode=c-shared and Linux binaries without execute permission. * Cgo: The go command now disables cgo by default on systems without a C toolchain. More specifically, when the CGO_ENABLED environment variable is unset, the CC environment variable is unset, and the default C compiler (typically clang or gcc) is not found in the path, CGO_ENABLED defaults to 0. As always, you can override the default by setting CGO_ENABLED explicitly. The most important effect of the default change is that when Go is installed on a system without a C compiler, it will now use pure Go builds for packages in the standard library that use cgo, instead of using pre-distributed package archives (which have been removed, as noted above) or attempting to use cgo and failing. This makes Go work better in some minimal container environments as well as on macOS, where pre-distributed package archives have not been used for cgo-based packages since Go 1.16. The packages in the standard library that use cgo are net, os/user, and plugin. On macOS, the net and os/user packages have been rewritten not to use cgo: the same code is now used for cgo and non-cgo builds as well as cross-compiled builds. On Windows, the net and os/user packages have never used cgo. On other systems, builds with cgo disabled will use a pure Go version of these packages. On macOS, the race detector has been rewritten not to use cgo: race-detector-enabled programs can be built and run without Xcode. On Linux and other Unix systems, and on Windows, a host C toolchain is required to use the race detector. * go cover: Go 1.20 supports collecting code coverage profiles for programs (applications and integration tests), as opposed to just unit tests. To collect coverage data for a program, build it with go build's -cover flag, then run the resulting binary with the environment variable GOCOVERDIR set to an output directory for coverage profiles. See the 'coverage for integration tests' landing page for more on how to get started. For details on the design and implementation, see the proposal. * go vet: Improved detection of loop variable capture by nested functions. The vet tool now reports references to loop variables following a call to T.Parallel() within subtest function bodies. Such references may observe the value of the variable from a different iteration (typically causing test cases to be skipped) or an invalid state due to unsynchronized concurrent access. * go vet: The tool also detects reference mistakes in more places. Previously it would only consider the last statement of the loop body, but now it recursively inspects the last statements within if, switch, and select statements. * go vet: New diagnostic for incorrect time formats. The vet tool now reports use of the time format 2006-02-01 (yyyy-dd-mm) with Time.Format and time.Parse. This format does not appear in common date standards, but is frequently used by mistake when attempting to use the ISO 8601 date format (yyyy-mm-dd). * Runtime: Some of the garbage collector's internal data structures were reorganized to be both more space and CPU efficient. This change reduces memory overheads and improves overall CPU performance by up to 2%. * Runtime: The garbage collector behaves less erratically with respect to goroutine assists in some circumstances. * Runtime: Go 1.20 adds a new runtime/coverage package containing APIs for writing coverage profile data at runtime from long-running and/or server programs that do not terminate via os.Exit(). * Compiler: Go 1.20 adds preview support for profile-guided optimization (PGO). PGO enables the toolchain to perform application- and workload-specific optimizations based on run-time profile information. Currently, the compiler supports pprof CPU profiles, which can be collected through usual means, such as the runtime/pprof or net/http/pprof packages. To enable PGO, pass the path of a pprof profile file via the -pgo flag to go build, as mentioned above. Go 1.20 uses PGO to more aggressively inline functions at hot call sites. Benchmarks for a representative set of Go programs show enabling profile-guided inlining optimization improves performance about 3–4%. See the PGO user guide for detailed documentation. We plan to add more profile-guided optimizations in future releases. Note that profile-guided optimization is a preview, so please use it with appropriate caution. * Compiler: The Go 1.20 compiler upgraded its front-end to use a new way of handling the compiler's internal data, which fixes several generic-types issues and enables type declarations within generic functions and methods. * Compiler: The compiler now rejects anonymous interface cycles with a compiler error by default. These arise from tricky uses of embedded interfaces and have always had subtle correctness issues, yet we have no evidence that they're actually used in practice. Assuming no reports from users adversely affected by this change, we plan to update the language specification for Go 1.22 to formally disallow them so tools authors can stop supporting them too. * Compiler: Go 1.18 and 1.19 saw regressions in build speed, largely due to the addition of support for generics and follow-on work. Go 1.20 improves build speeds by up to 10%, bringing it back in line with Go 1.17. Relative to Go 1.19, generated code performance is also generally slightly improved. * Linker: On Linux, the linker now selects the dynamic interpreter for glibc or musl at link time. * Linker: On Windows, the Go linker now supports modern LLVM-based C toolchains. * Linker: Go 1.20 uses go: and type: prefixes for compiler-generated symbols rather than go. and type.. This avoids confusion for user packages whose name starts with go.. The debug/gosym package understands this new naming convention for binaries built with Go 1.20 and newer. * Bootstrap: When building a Go release from source and GOROOT_BOOTSTRAP is not set, previous versions of Go looked for a Go 1.4 or later bootstrap toolchain in the directory $HOME/go1.4 (%HOMEDRIVE%%HOMEPATH%\go1.4 on Windows). Go 1.18 and Go 1.19 looked first for $HOME/go1.17 or $HOME/sdk/go1.17 before falling back to $HOME/go1.4, in anticipation of requiring Go 1.17 for use when bootstrapping Go 1.20. Go 1.20 does require a Go 1.17 release for bootstrapping, but we realized that we should adopt the latest point release of the bootstrap toolchain, so it requires Go 1.17.13. Go 1.20 looks for $HOME/go1.17.13 or $HOME/sdk/go1.17.13 before falling back to $HOME/go1.4 (to support systems that hard-coded the path $HOME/go1.4 but have installed a newer Go toolchain there). In the future, we plan to move the bootstrap toolchain forward approximately once a year, and in particular we expect that Go 1.22 will require the final point release of Go 1.20 for bootstrap. * Library: Go 1.20 adds a new crypto/ecdh package to provide explicit support for Elliptic Curve Diffie-Hellman key exchanges over NIST curves and Curve25519. Programs should use crypto/ecdh instead of the lower-level functionality in crypto/elliptic for ECDH, and third-party modules for more advanced use cases. * Error handling: Go 1.20 expands support for error wrapping to permit an error to wrap multiple other errors. * Error handling: An error e can wrap more than one error by providing an Unwrap method that returns a []error. * Error handling: The errors.Is and errors.As functions have been updated to inspect multiply wrapped errors. * Error handling: The fmt.Errorf function now supports multiple occurrences of the %w format verb, which will cause it to return an error that wraps all of those error operands. * Error handling: The new function errors.Join returns an error wrapping a list of errors. * HTTP ResponseController: The new 'net/http'.ResponseController type provides access to extended per-request functionality not handled by the 'net/http'.ResponseWriter interface. The ResponseController type provides a clearer, more discoverable way to add per-handler controls. Two such controls also added in Go 1.20 are SetReadDeadline and SetWriteDeadline, which allow setting per-request read and write deadlines. * New ReverseProxy Rewrite hook: The httputil.ReverseProxy forwarding proxy includes a new Rewrite hook function, superseding the previous Director hook. * archive/tar: When the GODEBUG=tarinsecurepath=0 environment variable is set, Reader.Next method will now return the error ErrInsecurePath for an entry with a file name that is an absolute path, refers to a location outside the current directory, contains invalid characters, or (on Windows) is a reserved name such as NUL. A future version of Go may disable insecure paths by default. * archive/zip: When the GODEBUG=zipinsecurepath=0 environment variable is set, NewReader will now return the error ErrInsecurePath when opening an archive which contains any file name that is an absolute path, refers to a location outside the current directory, contains invalid characters, or (on Windows) is a reserved names such as NUL. A future version of Go may disable insecure paths by default. * archive/zip: Reading from a directory file that contains file data will now return an error. The zip specification does not permit directory files to contain file data, so this change only affects reading from invalid archives. * bytes: The new CutPrefix and CutSuffix functions are like TrimPrefix and TrimSuffix but also report whether the string was trimmed. * bytes: The new Clone function allocates a copy of a byte slice. * context: The new WithCancelCause function provides a way to cancel a context with a given error. That error can be retrieved by calling the new Cause function. * crypto/ecdsa: When using supported curves, all operations are now implemented in constant time. This led to an increase in CPU time between 5% and 30%, mostly affecting P-384 and P-521. * crypto/ecdsa: The new PrivateKey.ECDH method converts an ecdsa.PrivateKey to an ecdh.PrivateKey. * crypto/ed25519: The PrivateKey.Sign method and the VerifyWithOptions function now support signing pre-hashed messages with Ed25519ph, indicated by an Options.HashFunc that returns crypto.SHA512. They also now support Ed25519ctx and Ed25519ph with context, indicated by setting the new Options.Context field. * crypto/rsa: The new field OAEPOptions.MGFHash allows configuring the MGF1 hash separately for OAEP decryption. * crypto/rsa: crypto/rsa now uses a new, safer, constant-time backend. This causes a CPU runtime increase for decryption operations between approximately 15% (RSA-2048 on amd64) and 45% (RSA-4096 on arm64), and more on 32-bit architectures. Encryption operations are approximately 20x slower than before (but still 5-10x faster than decryption). Performance is expected to improve in future releases. Programs must not modify or manually generate the fields of PrecomputedValues. * crypto/subtle: The new function XORBytes XORs two byte slices together. * crypto/tls: Parsed certificates are now shared across all clients actively using that certificate. The memory savings can be significant in programs that make many concurrent connections to a server or collection of servers sharing any part of their certificate chains. * crypto/tls: For a handshake failure due to a certificate verification failure, the TLS client and server now return an error of the new type CertificateVerificationError, which includes the presented certificates. * crypto/x509: ParsePKCS8PrivateKey and MarshalPKCS8PrivateKey now support keys of type *crypto/ecdh.PrivateKey. ParsePKIXPublicKey and MarshalPKIXPublicKey now support keys of type *crypto/ecdh.PublicKey. Parsing NIST curve keys still returns values of type *ecdsa.PublicKey and *ecdsa.PrivateKey. Use their new ECDH methods to convert to the crypto/ecdh types. * crypto/x509: The new SetFallbackRoots function allows a program to define a set of fallback root certificates in case an operating system verifier or standard platform root bundle is unavailable at runtime. It will most commonly be used with a new package, golang.org/x/crypto/x509roots/fallback, which will provide an up to date root bundle. * debug/elf: Attempts to read from a SHT_NOBITS section using Section.Data or the reader returned by Section.Open now return an error. * debug/elf: Additional R_LARCH_* constants are defined for use with LoongArch systems. * debug/elf: Additional R_PPC64_* constants are defined for use with PPC64 ELFv2 relocations. * debug/elf: The constant value for R_PPC64_SECTOFF_LO_DS is corrected, from 61 to 62. * debug/gosym: Due to a change of Go's symbol naming conventions, tools that process Go binaries should use Go 1.20's debug/gosym package to transparently handle both old and new binaries. * debug/pe: Additional IMAGE_FILE_MACHINE_RISCV* constants are defined for use with RISC-V systems. * encoding/binary: The ReadVarint and ReadUvarint functions will now return io.ErrUnexpectedEOF after reading a partial value, rather than io.EOF. * encoding/xml: The new Encoder.Close method can be used to check for unclosed elements when finished encoding. * encoding/xml: The decoder now rejects element and attribute names with more than one colon, such as <a:b:c>, as well as namespaces that resolve to an empty string, such as xmlns:a=''. * encoding/xml: The decoder now rejects elements that use different namespace prefixes in the opening and closing tag, even if those prefixes both denote the same namespace. * errors: The new Join function returns an error wrapping a list of errors. * fmt: The Errorf function supports multiple occurrences of the %w format verb, returning an error that unwraps to the list of all arguments to %w. * fmt: The new FormatString function recovers the formatting directive corresponding to a State, which can be useful in Formatter. implementations. * go/ast: The new RangeStmt.Range field records the position of the range keyword in a range statement. * go/ast: The new File.FileStart and File.FileEnd fields record the position of the start and end of the entire source file. * go/token: The new FileSet.RemoveFile method removes a file from a FileSet. Long-running programs can use this to release memory associated with files they no longer need. * go/types: The new Satisfies function reports whether a type satisfies a constraint. This change aligns with the new language semantics that distinguish satisfying a constraint from implementing an interface. * io: The new OffsetWriter wraps an underlying WriterAt and provides Seek, Write, and WriteAt methods that adjust their effective file offset position by a fixed amount. * io/fs: The new error SkipAll terminates a WalkDir immediately but successfully. * math/big: The math/big package's wide scope and input-dependent timing make it ill-suited for implementing cryptography. The cryptography packages in the standard library no longer call non-trivial Int methods on attacker-controlled inputs. In the future, the determination of whether a bug in math/big is considered a security vulnerability will depend on its wider impact on the standard library. * math/rand: The math/rand package now automatically seeds the global random number generator (used by top-level functions like Float64 and Int) with a random value, and the top-level Seed function has been deprecated. Programs that need a reproducible sequence of random numbers should prefer to allocate their own random source, using rand.New(rand.NewSource(seed)). * math/rand: Programs that need the earlier consistent global seeding behavior can set GODEBUG=randautoseed=0 in their environment. * math/rand: The top-level Read function has been deprecated. In almost all cases, crypto/rand.Read is more appropriate. * mime: The ParseMediaType function now allows duplicate parameter names, so long as the values of the names are the same. * mime/multipart: Methods of the Reader type now wrap errors returned by the underlying io.Reader. * net: The LookupCNAME function now consistently returns the contents of a CNAME record when one exists. Previously on Unix systems and when using the pure Go resolver, LookupCNAME would return an error if a CNAME record referred to a name that with no A, AAAA, or CNAME record. This change modifies LookupCNAME to match the previous behavior on Windows, allowing LookupCNAME to succeed whenever a CNAME exists. * net: Interface.Flags now includes the new flag FlagRunning, indicating an operationally active interface. An interface which is administratively configured but not active (for example, because the network cable is not connected) will have FlagUp set but not FlagRunning. * net: The new Dialer.ControlContext field contains a callback function similar to the existing Dialer.Control hook, that additionally accepts the dial context as a parameter. Control is ignored when ControlContext is not nil. * net: The Go DNS resolver recognizes the trust-ad resolver option. When options trust-ad is set in resolv.conf, the Go resolver will set the AD bit in DNS queries. The resolver does not make use of the AD bit in responses. * net: DNS resolution will detect changes to /etc/nsswitch.conf and reload the file when it changes. Checks are made at most once every five seconds, matching the previous handling of /etc/hosts and /etc/resolv.conf. * net/http: The ResponseWriter.WriteHeader function now supports sending 1xx status codes. * net/http: The new Server.DisableGeneralOptionsHandler configuration setting allows disabling the default OPTIONS * handler. * net/http: The new Transport.OnProxyConnectResponse hook is called when a Transport receives an HTTP response from a proxy for a CONNECT request. * net/http: The HTTP server now accepts HEAD requests containing a body, rather than rejecting them as invalid. * net/http: HTTP/2 stream errors returned by net/http functions may be converted to a golang.org/x/net/http2.StreamError using errors.As. * net/http: Leading and trailing spaces are trimmed from cookie names, rather than being rejected as invalid. For example, a cookie setting of 'name =value' is now accepted as setting the cookie 'name'. * net/netip: The new IPv6LinkLocalAllRouters and IPv6Loopback functions are the net/netip equivalents of net.IPv6loopback and net.IPv6linklocalallrouters. * os: On Windows, the name NUL is no longer treated as a special case in Mkdir and Stat. * os: On Windows, File.Stat now uses the file handle to retrieve attributes when the file is a directory. Previously it would use the path passed to Open, which may no longer be the file represented by the file handle if the file has been moved or replaced. This change modifies Open to open directories without the FILE_SHARE_DELETE access, which match the behavior of regular files. * os: On Windows, File.Seek now supports seeking to the beginning of a directory. * os/exec: The new Cmd fields Cancel and WaitDelay specify the behavior of the Cmd when its associated Context is canceled or its process exits with I/O pipes still held open by a child process. * path/filepath: The new error SkipAll terminates a Walk immediately but successfully. * path/filepath: The new IsLocal function reports whether a path is lexically local to a directory. For example, if IsLocal(p) is true, then Open(p) will refer to a file that is lexically within the subtree rooted at the current directory. * reflect: The new Value.Comparable and Value.Equal methods can be used to compare two Values for equality. Comparable reports whether Equal is a valid operation for a given Value receiver. * reflect: The new Value.Grow method extends a slice to guarantee space for another n elements. * reflect: The new Value.SetZero method sets a value to be the zero value for its type. * reflect: Go 1.18 introduced Value.SetIterKey and Value.SetIterValue methods. These are optimizations: v.SetIterKey(it) is meant to be equivalent to v.Set(it.Key()). The implementations incorrectly omitted a check for use of unexported fields that was present in the unoptimized forms. Go 1.20 corrects these methods to include the unexported field check. * regexp: Go 1.19.2 and Go 1.18.7 included a security fix to the regular expression parser, making it reject very large expressions that would consume too much memory. Because Go patch releases do not introduce new API, the parser returned syntax.ErrInternalError in this case. Go 1.20 adds a more specific error, syntax.ErrLarge, which the parser now returns instead. * runtime/cgo: Go 1.20 adds new Incomplete marker type. Code generated by cgo will use cgo.Incomplete to mark an incomplete C type. * runtime/metrics: Go 1.20 adds new supported metrics, including the current GOMAXPROCS setting (/sched/gomaxprocs:threads), the number of cgo calls executed (/cgo/go-to-c-calls:calls), total mutex block time (/sync/mutex/wait/total:seconds), and various measures of time spent in garbage collection. * runtime/metrics: Time-based histogram metrics are now less precise, but take up much less memory. * runtime/pprof: Mutex profile samples are now pre-scaled, fixing an issue where old mutex profile samples would be scaled incorrectly if the sampling rate changed during execution. * runtime/pprof: Profiles collected on Windows now include memory mapping information that fixes symbolization issues for position-independent binaries. * runtime/trace: The garbage collector's background sweeper now yields less frequently, resulting in many fewer extraneous events in execution traces. * strings: The new CutPrefix and CutSuffix functions are like TrimPrefix and TrimSuffix but also report whether the string was trimmed. * sync: The new Map methods Swap, CompareAndSwap, and CompareAndDelete allow existing map entries to be updated atomically. * syscall: On FreeBSD, compatibility shims needed for FreeBSD 11 and earlier have been removed. * syscall: On Linux, additional CLONE_* constants are defined for use with the SysProcAttr.Cloneflags field. * syscall: On Linux, the new SysProcAttr.CgroupFD and SysProcAttr.UseCgroupFD fields provide a way to place a child process into a specific cgroup. * testing: The new method B.Elapsed reports the current elapsed time of the benchmark, which may be useful for calculating rates to report with ReportMetric. * time: The new time layout constants DateTime, DateOnly, and TimeOnly provide names for three of the most common layout strings used in a survey of public Go source code. * time: The new Time.Compare method compares two times. * time: Parse now ignores sub-nanosecond precision in its input, instead of reporting those digits as an error. * time: The Time.MarshalJSON method is now more strict about adherence to RFC 3339. * unicode/utf16: The new AppendRune function appends the UTF-16 encoding of a given rune to a uint16 slice, analogous to utf8.AppendRune. Important SUSE bug 1206346 SUSE bug 1208269 SUSE bug 1208270 SUSE bug 1208271 SUSE bug 1208272 SUSE bug 1209030 CVE-2022-41722 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2023-24532 cpe:/o:opensuse:leap:15.4 Security update for nodejs18 (Important) openSUSE Leap 15.4 This update for nodejs18 fixes the following issues: Update to NodeJS 18.14.2 LTS: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481). - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483). - CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). - CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485). - CVE-2023-24807: Fixed possible Regular Expression Denial of Service (ReDoS) via Headers.set() and Headers.append() methods (bsc#1208413). Important SUSE bug 1208413 SUSE bug 1208481 SUSE bug 1208483 SUSE bug 1208485 SUSE bug 1208487 CVE-2023-23918 CVE-2023-23919 CVE-2023-23920 CVE-2023-23936 CVE-2023-24807 cpe:/o:opensuse:leap:15.4 Security update for php8 (Important) openSUSE Leap 15.4 This update for php8 fixes the following issues: - Updated to version 8.0.27: - CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958). Non-security fixes: - Fixed a NULL pointer dereference with -w/-s options. - Fixed a crash in Generator when interrupted during argument evaluation with extra named params. - Fixed a crash in Generator when memory limit was exceeded during initialization. - Fixed a memory leak in Generator when interrupted during argument evaluation. - Fixed an issue in the DateTimeZone constructor where an extra null byte could be added to the input. - Fixed a hang in SaltStack when using php-fpm 8.1.11. - Fixed mysqli_query warnings being shown despite using silenced error mode. - Fixed a NULL pointer dereference when serializing a SOAP response call. Important SUSE bug 1206958 CVE-2022-31631 cpe:/o:opensuse:leap:15.4 Security update for perl-Net-Server (Moderate) openSUSE Leap 15.4 This update for perl-Net-Server fixes the following issues: - CVE-2013-1841: Fixed insufficient hostname access checking (bsc#808830). Moderate SUSE bug 808830 CVE-2013-1841 cpe:/o:opensuse:leap:15.4 Security update for python310 (Important) openSUSE Leap 15.4 This update for python310 fixes the following issues: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). Update to 3.10.10: - Add provides for readline and sqlite3 to the main Python package. - Disable NIS for new products, it's deprecated and gets removed Update to 3.10.9: - python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server lo This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printin - Avoid publishing list of active per-interpreter audit hooks via the gc module - The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name. - Update bundled libexpat to 2.5.0 - Port XKCP’s fix for the buffer overflows in SHA-3 (CVE-2022-37454). - On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. Only code that chooses to use the “forkserver” start method is affected Abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. This was a potential privilege escalation. Filesystem based socket permissions restrict this to the forkserver process user as was the default in Python 3.8 and earlier This prevents Linux CVE-2022-42919 - Fix a reference bug in _imp.create_builtin() after the creation of the first sub-interpreter for modules builtins and sys. Patch by Victor Stinner. - Fixed a bug that was causing a buffer overflow if the tokenizer copies a line missing the newline caracter from a file that is as long as the available tokenizer buffer. Patch by Pablo galindo - Update faulthandler to emit an error message with the proper unexpected signal number. Patch by Dong-hee Na. - Fix subscription of types.GenericAlias instances containing bare generic types: for example tuple[A, T][int], where A is a generic type, and T is a type variable. - Fix detection of MAC addresses for uuid on certain OSs. Patch by Chaim Sanders - Print exception class name instead of its string representation when raising errors from ctypes calls. - Allow pdb to locate source for frozen modules in the standard library. - Raise ValueError instead of SystemError when methods of uninitialized io.IncrementalNewlineDecoder objects are called. Patch by Oren Milman. - Fix a possible assertion failure in io.FileIO when the opener returns an invalid file descriptor. - Also escape s in the http.server BaseHTTPRequestHandler.log_message so that it is technically possible to parse the line and reconstruct what the original data was. Without this a xHH is ambiguious as to if it is a hex replacement we put in or the characters r”x” came through in the original request line. - asyncio.get_event_loop() now only emits a deprecation warning when a new event loop was created implicitly. It no longer emits a deprecation warning if the current event loop was set. - Fix bug when calling trace.CoverageResults with valid infile. - Fix a bug in handling class cleanups in unittest.TestCase. Now addClassCleanup() uses separate lists for different TestCase subclasses, and doClassCleanups() only cleans up the particular class. - Release the GIL when calling termios APIs to avoid blocking threads. - Fix ast.increment_lineno() to also cover ast.TypeIgnore when changing line numbers. - Fixed bug where inspect.signature() reported incorrect arguments for decorated methods. - Fix SystemError in ctypes when exception was not set during __initsubclass__. - Fix statistics.NormalDist pickle with 0 and 1 protocols. - Update the bundled copy of pip to version 22.3.1. - Apply bugfixes from importlib_metadata 4.11.4, namely: In PathDistribution._name_from_stem, avoid including parts of the extension in the result. In PathDistribution._normalized_name, ensure names loaded from the stem of the filename are also normalized, ensuring duplicate entry points by packages varying only by non-normalized name are hidden. - Clean up refleak on failed module initialisation in _zoneinfo - Clean up refleaks on failed module initialisation in in _pickle - Clean up refleak on failed module initialisation in _io. - Fix memory leak in math.dist() when both points don’t have the same dimension. Patch by Kumar Aditya. - Fix argument typechecks in _overlapped.WSAConnect() and _overlapped.Overlapped.WSASendTo() functions. - Fix internal error in the re module which in very rare circumstances prevented compilation of a regular expression containing a conditional expression without the “else” branch. - Fix asyncio.StreamWriter.drain() to call protocol.connection_lost callback only once on Windows. - Add a mutex to unittest.mock.NonCallableMock to protect concurrent access to mock attributes. - Fix hang on Windows in subprocess.wait_closed() in asyncio with ProactorEventLoop. Patch by Kumar Aditya. - Fix infinite loop in unittest when a self-referencing chained exception is raised - tkinter.Text.count() raises now an exception for options starting with “-” instead of silently ignoring them. - On uname_result, restored expectation that _fields and _asdict would include all six properties including processor. - Update the bundled copies of pip and setuptools to versions 22.3 and 65.5.0 respectively. - Fix bug in urllib.parse.urlparse() that causes certain port numbers containing whitespace, underscores, plus and minus signs, or non-ASCII digits to be incorrectly accepted. - Allow venv to pass along PYTHON* variables to ensurepip and pip when they do not impact path resolution - On macOS, fix a crash in syslog.syslog() in multi-threaded applications. On macOS, the libc syslog() function is not thread-safe, so syslog.syslog() no longer releases the GIL to call it. Patch by Victor Stinner. - Allow BUILTINS to be a valid field name for frozen dataclasses. - Make sure patch.dict() can be applied on async functions. - To avoid apparent memory leaks when asyncio.open_connection() raises, break reference cycles generated by local exception and future instances (which has exception instance as its member var). Patch by Dong Uk, Kang. - Prevent error when activating venv in nested fish instances. - Restrict use of sockets instead of pipes for stdin of subprocesses created by asyncio to AIX platform only. - shutil.copytree() now applies the ignore_dangling_symlinks argument recursively. - Fix IndexError in argparse.ArgumentParser when a store_true action is given an explicit argument. - Document that calling variadic functions with ctypes requires special care on macOS/arm64 (and possibly other platforms). - Skip test_normalization() of test_unicodedata if it fails to download NormalizationTest.txt file from pythontest.net. Patch by Victor Stinner. - Some C API tests were moved into the new Lib/test/test_capi/ directory. - Fix -Wimplicit-int, -Wstrict-prototypes, and -Wimplicit-function-declaration compiler warnings in configure checks. - Fix -Wimplicit-int compiler warning in configure check for PTHREAD_SCOPE_SYSTEM. - Specify the full path to the source location for make docclean (needed for cross-builds). - Fix NO_MISALIGNED_ACCESSES being not defined for the SHA3 extension when HAVE_ALIGNED_REQUIRED is set. Allowing builds on hardware that unaligned memory accesses are not allowed. - Fix handling of module docstrings in Tools/i18n/pygettext.py. - Add invalid-json.patch fixing invalid JSON in Doc/howto/logging-cookbook.rst (somehow similar to gh#python/cpython#102582). Important SUSE bug 1208471 SUSE bug 831629 CVE-2015-20107 CVE-2022-37454 CVE-2022-42919 CVE-2022-45061 CVE-2023-24329 cpe:/o:opensuse:leap:15.4 Security update for net-snmp (Moderate) openSUSE Leap 15.4 This update for net-snmp fixes the following issues: - CVE-2022-44793: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance (bsc#1205148). - CVE-2022-44792: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance (bsc#1205150). Other fixes: - Enabled AES-192 and AES-256 privacy protocols (bsc#1206828). - Fixed an incorrect systemd hardening that caused home directory size and allocation to be listed incorrectly (bsc#1206044) Moderate SUSE bug 1205148 SUSE bug 1205150 SUSE bug 1206044 SUSE bug 1206828 CVE-2022-44792 CVE-2022-44793 cpe:/o:opensuse:leap:15.4 Security update for java-11-openjdk (Moderate) openSUSE Leap 15.4 This update for java-11-openjdk fixes the following issues: - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). Bugfixes: - Remove broken accessibility sub-package (bsc#1206549). Moderate SUSE bug 1206549 SUSE bug 1207246 SUSE bug 1207248 CVE-2023-21835 CVE-2023-21843 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). - CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed a lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: - kabi/severities: add l2tp local symbols - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). Important SUSE bug 1186449 SUSE bug 1194535 SUSE bug 1201420 SUSE bug 1203331 SUSE bug 1203332 SUSE bug 1204356 SUSE bug 1204662 SUSE bug 1205711 SUSE bug 1207051 SUSE bug 1207773 SUSE bug 1207795 SUSE bug 1207845 SUSE bug 1207875 SUSE bug 1208700 SUSE bug 1208837 SUSE bug 1209188 CVE-2021-4203 CVE-2022-2991 CVE-2022-36280 CVE-2022-38096 CVE-2022-4129 CVE-2023-0045 CVE-2023-0590 CVE-2023-0597 CVE-2023-1118 CVE-2023-23559 CVE-2023-26545 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. - CVE-2022-3523: Fixed use after free related to device private page handling (bsc#1204363). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bsc#1207050). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed misinterpretatino of the irtio_gpu_object_shmem_init() return value (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function (bsc#1208816). - CVE-2023-23004: Fixed misinterpretatino of the get_sg_table return value in arm/malidp_planes.c (bsc#1208843). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: - acpi / x86: Add support for LPS0 callback handler (git-fixes). - acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). - acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). - acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). - acpi: battery: Fix missing NUL-termination with large strings (git-fixes). - acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). - acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). - acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). - acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). - acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). - acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). - acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). - acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). - acpica: Drop port I/O validation for some regions (git-fixes). - acpica: nsrepair: handle cases without a return value correctly (git-fixes). - alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). - alsa: hda/ca0132: minor fix for allocation size (git-fixes). - alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). - alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). - alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - alsa: hda: Do not unset preset when cleaning up codec (git-fixes). - alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). - alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). - alsa: pci: lx6464es: fix a debug loop (git-fixes). - applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes). - arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). - arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). - arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). - arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). - arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes). - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes). - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes). - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). - arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). - arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). - arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). - arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). - arm: dts: am5748: keep usb4_tm disabled (git-fixes) - arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). - arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes). - arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) - arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). - arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) - arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). - arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes). - arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). - arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) - arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) - arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). - arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). - arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) - arm: omap: remove debug-leds driver (git-fixes) - arm: remove some dead code (git-fixes) - arm: renumber bits related to _TIF_WORK_MASK (git-fixes) - arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). - arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) - arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). - asoc: Intel: boards: fix spelling in comments (git-fixes). - asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). - asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes). - asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes). - asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). - asoc: adau7118: do not disable regulators on device unbind (git-fixes). - asoc: cs42l56: fix DT probe (git-fixes). - asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). - asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). - asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). - asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). - asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). - asoc: rsnd: fixup #endif position (git-fixes). - asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). - asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes). - asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes). - asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). - asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes). - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes). - avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). - backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). - blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). - blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). - block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). - block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes). - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). - block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes). - block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). - block: fix and cleanup bio_check_ro (git-fixes). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). - block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). - bluetooth: L2CAP: Fix potential user-after-free (git-fixes). - bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes). - bpf: Skip task with pid=1 in send_signal_common() (git-fixes). - can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes). - ceph: flush cap releases when the session is flushed (bsc#1208428). - cifs: Check the lease context if we actually got a lease (bsc#1193629). - cifs: Convert struct fealist away from 1-element array (bsc#1193629). - cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). - cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). - cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). - cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). - cifs: Fix warning and UAF when destroy the MR list (git-fixes). - cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). - cifs: Replace remaining 1-element arrays (bsc#1193629). - cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). - cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not take exclusive lock for updating target hints (bsc#1193629). - cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). - cifs: fix mount on old smb servers (boo#1206935). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: get rid of dns resolve worker (bsc#1193629). - cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes). - cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). - cifs: match even the scope id for ipv6 addresses (bsc#1193629). - cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). - cifs: prevent data race in smb2_reconnect() (bsc#1193629). - cifs: print last update time for interface list (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). - cifs: remove unused function (bsc#1193629). - cifs: return a single-use cfid if we did not get a lease (bsc#1193629). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). - cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). - cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). - cifs: use tcon allocation functions even for dummy tcon (git-fixes). - cifs: use the least loaded channel for sending requests (bsc#1193629). - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). - clk: imx: avoid memory leak (git-fixes). - clk: mxl: Add option to override gate clks (git-fixes). - clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). - clk: mxl: Remove redundant spinlocks (git-fixes). - clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes). - clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes). - clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). - clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). - comedi: use menuconfig for main Comedi menu (git-fixes). - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes). - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). - crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). - crypto: essiv - Handle EBUSY correctly (git-fixes). - crypto: qat - fix out-of-bounds read (git-fixes). - crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). - crypto: seqiv - Handle EBUSY correctly (git-fixes). - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - crypto: xts - Handle EBUSY correctly (git-fixes). - dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). - dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). - dmaengine: dw-edma: Drop chancnt initialization (git-fixes). - dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes). - dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). - dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes). - docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). - docs: gdbmacros: print newest record (git-fixes). - documentation: simplify and clarify DCO contribution example language (git-fixes). - driver core: fix potential null-ptr-deref in device_add() (git-fixes). - driver core: fix resource leak in device_add() (git-fixes). - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). - drivers: base: transport_class: fix possible memory leak (git-fixes). - drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). - drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes). - drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). - drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). - drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes). - drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). - drm/bridge: lt8912b: Add hot plug detection (git-fixes). - drm/bridge: lt9611: fix HPD reenablement (git-fixes). - drm/bridge: lt9611: fix clock calculation (git-fixes). - drm/bridge: lt9611: fix polarity programming (git-fixes). - drm/bridge: lt9611: fix programming of video modes (git-fixes). - drm/bridge: lt9611: fix sleep mode setup (git-fixes). - drm/bridge: lt9611: pass a pointer to the of node (git-fixes). - drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes). - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). - drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Fix VBT DSI DVO port handling (git-fixes). - drm/i915: Initialize the obj flags for shmem objects (git-fixes). - drm/mediatek: Clean dangling pointer on bind error path (git-fixes). - drm/mediatek: Drop unbalanced obj unref (git-fixes). - drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes). - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). - drm/msm/dpu: Add check for cstate (git-fixes). - drm/msm/dpu: Add check for pstates (git-fixes). - drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). - drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). - drm/msm/gem: Add check for kmalloc (git-fixes). - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/mdp5: Add check for kzalloc (git-fixes). - drm/msm: clean event_thread->worker in case of an error (git-fixes). - drm/msm: use strscpy instead of strncpy (git-fixes). - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes). - drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). - drm/vc4: hdmi: Correct interlaced timings again (git-fixes). - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). - drm/vc4: hvs: Set AXI panic modes (git-fixes). - drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). - drm/vkms: Fix memory leak in vkms_init() (git-fixes). - drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). - drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes). - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). - drm: tidss: Fix pixel format definition (git-fixes). - dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). - dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). - dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). - dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes). - dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes). - dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). - dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). - eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). - efi: Accept version 2 of memory attributes table (git-fixes). - exit: Add and use make_task_dead (bsc#1207328). - exit: Allow oops_limit to be disabled (bsc#1207328). - exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). - exit: Move force_uaccess back into do_exit (bsc#1207328). - exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). - exit: Put an upper limit on how often we can oops (bsc#1207328). - exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). - ext4,f2fs: fix readahead of verity data (bsc#1207648). - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: add helper to check quota inums (bsc#1207618). - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - ext4: add missing validation of fast-commit record lengths (bsc#1207626). - ext4: allocate extended attribute value in vmalloc area (bsc#1207635). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: disable fast-commit of encrypted dir operations (bsc#1207623). - ext4: do not allow journal inode to have encrypt flag (bsc#1207621). - ext4: do not increase iversion counter for ea_inodes (bsc#1207605). - ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). - ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). - ext4: drop ineligible txn start stop APIs (bsc#1207588). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). - ext4: factor out ext4_fc_get_tl() (bsc#1207615). - ext4: fast commit may miss file actions (bsc#1207591). - ext4: fast commit may not fallback for ineligible commit (bsc#1207590). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: goto right label 'failed_mount3a' (bsc#1207610). - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: place buffer head allocation before handle start (bsc#1207607). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: simplify updating of fast commit stats (bsc#1207589). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). - firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). - fix page corruption caused by racy check in __free_pages (bsc#1208149). - fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). - fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). - fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). - gpio: vf610: connect GPIO label to dev name (git-fixes). - gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). - gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). - hid: asus: use spinlock to protect concurrent accesses (git-fixes). - hid: asus: use spinlock to safely schedule workers (git-fixes). - hid: bigben: use spinlock to protect concurrent accesses (git-fixes). - hid: bigben: use spinlock to safely schedule workers (git-fixes). - hid: bigben_probe(): validate report count (git-fixes). - hid: bigben_worker() remove unneeded check on report_field (git-fixes). - hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). - hid: elecom: add support for TrackBall 056E:011C (git-fixes). - hv: fix comment typo in vmbus_channel/low_latency (git-fixes). - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). - hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). - hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). - hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). - hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). - i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). - i2c: mxs: suppress probe-deferral error message (git-fixes). - i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). - ib/hfi1: Restore allocated resources on failed copyout (git-fixes) - ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes) - iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). - infiniband: READ is 'data destination', not source... (git-fixes) - input: ads7846 - always set last command to PWRDOWN (git-fixes). - input: ads7846 - do not check penirq immediately for 7845 (git-fixes). - input: ads7846 - do not report pressure for ads7845 (git-fixes). - input: iqs269a - configure device with a single block write (git-fixes). - input: iqs269a - drop unused device node references (git-fixes). - input: iqs269a - increase interrupt handler return delay (git-fixes). - input: iqs626a - drop unused device node references (git-fixes). - iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) - jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). - jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). - jbd2: fix potential buffer head reference count leak (bsc#1207644). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). - kabi FIX FOR: NFS: Further optimisations for 'ls -l' (git-fixes). - kabi FIX FOR: NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - kabi FIX FOR: nfsv4.1 query for fs_location attr on a new file system (Never, kabi). - kabi fix for: nfsv3: handle out-of-order write replies (bsc#1205544). - kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). - leds: led-class: Add missing put_device() to led_put() (git-fixes). - leds: led-core: Fix refcount leak in of_led_get() (git-fixes). - lib/mpi: Fix buffer overrun when SG is too long (git-fixes). - lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes). - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). - locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). - locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). - locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). - locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). - locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). - locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). - locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). - locking: Add missing __sched attributes (bsc#1207270). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). - md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). - md: fix a crash in mempool_free (git-fixes). - media: coda: Add check for dcoda_iram_alloc (git-fixes). - media: coda: Add check for kmalloc (git-fixes). - media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). - media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). - media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). - media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). - media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). - media: platform: ti: Add missing check for devm_regulator_get (git-fixes). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). - media: saa7134: Use video_unregister_device for radio_dev (git-fixes). - media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). - media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes). - media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes). - media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). - mfd: cs5535: Do not build on UML (git-fixes). - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes). - misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). - misc: enclosure: Fix doc for enclosure_find() (git-fixes). - mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). - mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). - mmc: sdio: fix possible resource leaks in some error paths (git-fixes). - move upstreamed i915 and media fixes into sorted section - mtd: dataflash: remove duplicate SPI ID table (git-fixes). - mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). - mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). - mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). - mtd: spi-nor: core: fix implicit declaration warning (git-fixes). - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). - net/rose: Fix to not accept on connected socket (git-fixes). - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes). - net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). - net/x25: Fix to not accept on connected socket (git-fixes). - net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes). - nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). - nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). - nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). - nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes). - nfs: Further optimisations for 'ls -l' (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). - nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). - nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). - nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - nfsv3: handle out-of-order write replies (bsc#1205544). - nfsv4 expose nfs_parse_server_name function (git-fixes). - nfsv4 handle port presence in fs_location server string (git-fixes). - nfsv4 only print the label when its queried (git-fixes). - nfsv4 remove zero number of fs_locations entries error check (git-fixes). - nfsv4 store server support for fs_location attribute (git-fixes). - nfsv4.1 query for fs_location attr on a new file system (git-fixes). - nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). - nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). - nvdimm: disable namespace on error (bsc#1166486). - nvme-auth: check chap ctrl_key once constructed (bsc#1202633). - nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). - nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). - nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). - nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). - nvme-auth: do not override ctrl keys before validation (bsc#1202633). - nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). - nvme-auth: do not use NVMe status codes (bsc#1202633). - nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). - nvme-auth: fix smatch warning complaints (bsc#1202633). - nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). - nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). - nvme-auth: mark nvme_auth_wq static (bsc#1202633). - nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). - nvme-auth: remove redundant auth_work flush (bsc#1202633). - nvme-auth: remove redundant buffer deallocations (bsc#1202633). - nvme-auth: remove redundant deallocations (bsc#1202633). - nvme-auth: remove redundant if statement (bsc#1202633). - nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). - nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). - nvme-auth: rename authentication work elements (bsc#1202633). - nvme-auth: use workqueue dedicated to authentication (bsc#1202633). - nvme-fabrics: show well known discovery name (bsc#1200054). - objtool: Add a missing comma to avoid string concatenation (bsc#1207328). - ocfs2: Fix data corruption after failed write (bsc#1208542). - ocfs2: clear dinode links count in case of error (bsc#1207650). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). - ocfs2: fix crash when mount with quota enabled (bsc#1207640). - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). - ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). - ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). - ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). - panic: Introduce warn_limit (bsc#1207328). - panic: unset panic_on_warn inside panic() (bsc#1207328). - pci/ioc: Enlarge virtfn sysfs name buffer (git-fixes). - pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). - pci: Fix dropping valid root bus resources with .end = zero (git-fixes). - pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes). - pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). - phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). - pinctrl: aspeed: Fix confusing types in return value (git-fixes). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes). - pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes). - pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes). - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes). - pinctrl: single: fix potential NULL dereference (git-fixes). - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). - platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). - platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). - printf: fix errname.c list (git-fixes). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). - rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes) - rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) - remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). - revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes). - revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes). - revert 'hid: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes). - revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes). - rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). - rtc: pm8xxx: fix set-alarm race (git-fixes). - rtc: sun6i: Always export the internal oscillator (git-fixes). - s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607). - scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). - scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). - scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). - scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). - scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). - scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). - scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). - scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). - scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). - scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). - scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). - scsi: qla2xxx: Fix erroneous link down (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). - scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). - scsi: qla2xxx: Fix printk() format string (bsc#1208570). - scsi: qla2xxx: Fix stalled login (bsc#1208570). - scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). - scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). - scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (bsc#1208570). - scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). - scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). - scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). - scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). - scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). - scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). - scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). - scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). - scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). - sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes). - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes). - selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). - selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). - selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). - selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). - selftests/powerpc: Move perror closer to its use (bsc#1206232). - selftests: forwarding: lib: quote the sysctl values (git-fixes). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). - signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). - smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). - soundwire: cadence: Do not overflow the command FIFOs (git-fixes). - spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). - spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes). - spi: tegra210-quad: Fix validate combined sequence (git-fixes). - staging: mt7621-dts: change palmbus address to lower case (git-fixes). - struct uvc_device move flush_status new member to end (git-fixes). - sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes). - sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes). - sunrpc: Fix socket waits for write buffer space (git-fixes). - sysctl: add a new register_sysctl_init() interface (bsc#1207328). - thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). - thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). - thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). - thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes). - thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes). - thermal: intel: quark_dts: fix error pointer dereference (git-fixes). - trace_events_hist: add check for return value of 'create_hist_field' (git-fixes). - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). - tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes). - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes). - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes). - tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes). - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). - update internal module version number for cifs.ko (bsc#1193629). - update patches.suse/0001-exit-Put-an-upper-limit-on-how-often-we-can-oops.patch (bsc#1207328, bsc#1208290). - usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - usb: dwc3: core: Host wake up support from system suspend (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). - usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). - usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes). - usb: dwc3: qcom: clean up icc init (git-fixes). - usb: dwc3: qcom: clean up suspend callbacks (git-fixes). - usb: dwc3: qcom: fix gadget-only builds (git-fixes). - usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). - usb: dwc3: qcom: fix wakeup implementation (git-fixes). - usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). - usb: dwc3: qcom: suppress unused-variable warning (git-fixes). - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). - usb: max-3421: Fix setting of I/O pins (git-fixes). - usb: musb: Add and use inline function musb_otg_state_string (git-fixes). - usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). - usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). - usb: musb: remove schedule work called after flush (git-fixes). - usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes). - usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). - vc_screen: do not clobber return value in vcs_read (git-fixes). - vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). - vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). - vfs: filename_create(): fix incorrect intent (bsc#1197534). - virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). - virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). - virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). - virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). - virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). - vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration. - watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). - wifi: ath11k: allow system suspend to survive ath11k (git-fixes). - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes). - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). - wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). - wifi: cfg80211: Fix use after free for wext (git-fixes). - wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). - wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes). - wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes). - wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). - wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). - wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes). - wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). - wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). - wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). - wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). - wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - writeback: avoid use-after-free after removing device (bsc#1207638). - x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). - x86/asm: Fix an assembler warning with current binutils (git-fixes). - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). - x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes). - x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). - x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes). - x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). - x86: acpi: cstate: Optimize C3 entry on AMD CPUs (git-fixes). - xen-netfront: Fix NULL sring after live migration (git-fixes). - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). - xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) - xen/netback: do some code cleanup (git-fixes). - xen/netback: fix build warning (git-fixes). - xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes). - xen/platform-pci: add missing free_irq() in error path (git-fixes). - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes). - xen: fix 'direction' argument of iov_iter_kvec() (git-fixes). - xfs: estimate post-merge refcounts correctly (bsc#1208183). - xfs: hoist refcount record merge predicates (bsc#1208183). Important SUSE bug 1166486 SUSE bug 1177529 SUSE bug 1193629 SUSE bug 1197534 SUSE bug 1198438 SUSE bug 1200054 SUSE bug 1202633 SUSE bug 1203331 SUSE bug 1203332 SUSE bug 1204363 SUSE bug 1204993 SUSE bug 1205544 SUSE bug 1206103 SUSE bug 1206224 SUSE bug 1206232 SUSE bug 1206459 SUSE bug 1206640 SUSE bug 1206877 SUSE bug 1206878 SUSE bug 1206880 SUSE bug 1206881 SUSE bug 1206882 SUSE bug 1206883 SUSE bug 1206884 SUSE bug 1206886 SUSE bug 1206894 SUSE bug 1206935 SUSE bug 1207036 SUSE bug 1207050 SUSE bug 1207051 SUSE bug 1207125 SUSE bug 1207270 SUSE bug 1207328 SUSE bug 1207588 SUSE bug 1207590 SUSE bug 1207591 SUSE bug 1207592 SUSE bug 1207593 SUSE bug 1207594 SUSE bug 1207603 SUSE bug 1207605 SUSE bug 1207606 SUSE bug 1207608 SUSE bug 1207609 SUSE bug 1207613 SUSE bug 1207615 SUSE bug 1207617 SUSE bug 1207618 SUSE bug 1207619 SUSE bug 1207620 SUSE bug 1207621 SUSE bug 1207623 SUSE bug 1207624 SUSE bug 1207625 SUSE bug 1207626 SUSE bug 1207630 SUSE bug 1207631 SUSE bug 1207632 SUSE bug 1207634 SUSE bug 1207635 SUSE bug 1207636 SUSE bug 1207638 SUSE bug 1207639 SUSE bug 1207640 SUSE bug 1207641 SUSE bug 1207642 SUSE bug 1207643 SUSE bug 1207644 SUSE bug 1207645 SUSE bug 1207646 SUSE bug 1207647 SUSE bug 1207648 SUSE bug 1207649 SUSE bug 1207650 SUSE bug 1207651 SUSE bug 1207652 SUSE bug 1207653 SUSE bug 1207768 SUSE bug 1207770 SUSE bug 1207771 SUSE bug 1207773 SUSE bug 1207795 SUSE bug 1207845 SUSE bug 1207875 SUSE bug 1208149 SUSE bug 1208153 SUSE bug 1208183 SUSE bug 1208212 SUSE bug 1208290 SUSE bug 1208420 SUSE bug 1208428 SUSE bug 1208429 SUSE bug 1208449 SUSE bug 1208534 SUSE bug 1208541 SUSE bug 1208542 SUSE bug 1208570 SUSE bug 1208607 SUSE bug 1208628 SUSE bug 1208700 SUSE bug 1208741 SUSE bug 1208759 SUSE bug 1208776 SUSE bug 1208784 SUSE bug 1208787 SUSE bug 1208816 SUSE bug 1208837 SUSE bug 1208843 SUSE bug 1209188 CVE-2022-3523 CVE-2022-36280 CVE-2022-38096 CVE-2023-0045 CVE-2023-0122 CVE-2023-0461 CVE-2023-0590 CVE-2023-0597 CVE-2023-1118 CVE-2023-22995 CVE-2023-22998 CVE-2023-23000 CVE-2023-23004 CVE-2023-23454 CVE-2023-23455 CVE-2023-23559 CVE-2023-26545 cpe:/o:opensuse:leap:15.4 Security update for the Linux Kernel (Important) openSUSE Leap 15.4 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - mm/slub: fix panic in slab_alloc_node() (bsc#1208023). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). The former kABI fix only move the newly added member to scsi_host_template to the end of the struct. But that is usually allocated statically, even by 3rd party modules relying on kABI. Before we use the member we need to signalize that it is to be expected. As we only expect it to be allocated by in-tree modules that we can control, we can use a space in the bitfield to signalize that. - s390/kexec: fix ipl report address for kdump (bsc#1207575). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - update suse/net-mlx5-Allocate-individual-capability (bsc#1195175). - update suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175). - update suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175). - update suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175). - update suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175). - update suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference. - vmxnet3: move rss code block under eop descriptor (bsc#1208212). Important SUSE bug 1186449 SUSE bug 1195175 SUSE bug 1198438 SUSE bug 1203331 SUSE bug 1203332 SUSE bug 1204356 SUSE bug 1204662 SUSE bug 1206103 SUSE bug 1206351 SUSE bug 1207051 SUSE bug 1207575 SUSE bug 1207773 SUSE bug 1207795 SUSE bug 1207845 SUSE bug 1207875 SUSE bug 1208023 SUSE bug 1208153 SUSE bug 1208212 SUSE bug 1208700 SUSE bug 1208741 SUSE bug 1208776 SUSE bug 1208816 SUSE bug 1208837 SUSE bug 1208845 SUSE bug 1208971 CVE-2022-36280 CVE-2022-38096 CVE-2023-0045 CVE-2023-0590 CVE-2023-0597 CVE-2023-1118 CVE-2023-22995 CVE-2023-22998 CVE-2023-23000 CVE-2023-23006 CVE-2023-23559 CVE-2023-26545 cpe:/o:opensuse:leap:15.4 Security update for vim (Important) openSUSE Leap 15.4 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 Important SUSE bug 1207780 SUSE bug 1208828 SUSE bug 1208957 SUSE bug 1208959 CVE-2023-0512 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 cpe:/o:opensuse:leap:15.4 Security update for python-future (Moderate) openSUSE Leap 15.4 This update for python-future fixes the following issues: - CVE-2022-40899: Fixed an issue that could allow attackers to cause an excessive CPU usage via a crafted Set-Cookie header (bsc#1206673). Moderate SUSE bug 1206673 CVE-2022-40899 cpe:/o:opensuse:leap:15.4 Security update for python-PyJWT (Critical) openSUSE Leap 15.4 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats (bsc#1199756). - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to 2.4.0 (bsc#1199756) - Explicit check the key for ECAlgorithm - Don't use implicit optionals - documentation fix: show correct scope - fix: Update copyright information - Don't mutate options dictionary in .decode_complete() - Add support for Python 3.10 - api_jwk: Add PyJWKSet.__getitem__ - Update usage.rst - Docs: mention performance reasons for reusing RSAPrivateKey when encoding - Fixed typo in usage.rst - Add detached payload support for JWS encoding and decoding - Replace various string interpolations with f-strings by Critical SUSE bug 1176785 SUSE bug 1199282 SUSE bug 1199756 CVE-2022-29217 cpe:/o:opensuse:leap:15.4 Security update for docker (Moderate) openSUSE Leap 15.4 This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: - CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) - Fix wrong After: in docker.service, fixes bsc#1188447 - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Allow to install container-selinux instead of apparmor-parser. - Change to using systemd-sysusers Moderate SUSE bug 1205375 SUSE bug 1206065 CVE-2022-36109 cpe:/o:opensuse:leap:15.4 Security update for ffmpeg-4 (Moderate) openSUSE Leap 15.4 This update for ffmpeg-4 fixes the following issues: - CVE-2022-3109: Fixed null pointer dereference in vp3_decode_frame() (bsc#1206442). Moderate SUSE bug 1206442 CVE-2022-3109 cpe:/o:opensuse:leap:15.4 Security update for drbd (Moderate) openSUSE Leap 15.4 This update of drbd fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:opensuse:leap:15.4 Security update for SUSE Manager Client Tools (Important) openSUSE Leap 15.4 This update fixes the following issues: dracut-saltboot: - Update to verion 0.1.1674034019.a93ff61 * Install copied wicked config as client.xml (bsc#1205599) - Update to version 0.1.1673279145.e7616bd grafana: - CVE-2022-46146: Fix basic authentication bypass by updating the exporter toolkit to version 0.7.3 (bsc#1208065,) - CVE-2022-41723: Require Go 1.19 or newer (bsc#1208293) - Update to version 8.5.20: * CVE-2022-23552: Security: SVG: Add dompurify preprocessor step (bsc#1207749) * CVE-2022-39324: Security: Snapshots: Fix originalUrl spoof security issue (bsc#1207750) * Security: Omit error from http response * Bug fix: Email and username trimming and invitation validation spacecmd: - Version 4.3.19-1 * Fix spacecmd not showing any output for softwarechannel_diff and softwarechannel_errata_diff (bsc#1207352) * Prevent string api parameters to be parsed as dates if not in ISO-8601 format (bsc#1205759) spacewalk-client-tools: - Version 4.3.15-1 * Update translation strings supportutils-plugin-salt: - Update to version 1.2.2 * Remove possible passwords from Salt configuration files (bsc#1201059) uyuni-proxy-systemd-services: - Version 4.3.8-1 * Allow using container images from different registry paths Important SUSE bug 1201059 SUSE bug 1205599 SUSE bug 1205759 SUSE bug 1207352 SUSE bug 1207749 SUSE bug 1207750 SUSE bug 1208065 SUSE bug 1208293 CVE-2022-23552 CVE-2022-39324 CVE-2022-41723 CVE-2022-46146 cpe:/o:opensuse:leap:15.4 Security update for grafana (Important) openSUSE Leap 15.4 This update for grafana fixes the following issues: - CVE-2022-23552: Fixed SVG processing by adding a dompurify preprocessor step (bsc#1207749). - CVE-2022-39324: Fixed originalUrl spoof security issue (bsc#1207750). - CVE-2022-41723: Fixed go issue to avoid quadratic complexity in HPACK decoding (bsc#1208293). - CVE-2022-46146: Fixed basic authentication bypass by updating the exporter toolkit (bsc#1208065). - Trim leading and trailing whitespaces from email and username on signup - Fix invitation validation: Check whether the provided email address is the same as where the invitation is sent Important SUSE bug 1207749 SUSE bug 1207750 SUSE bug 1208065 SUSE bug 1208293 CVE-2022-23552 CVE-2022-39324 CVE-2022-41723 CVE-2022-46146 cpe:/o:opensuse:leap:15.4 Security update for MozillaFirefox (Important) openSUSE Leap 15.4 This update for MozillaFirefox fixes the following issues: Update to version 102.9.0 ESR (bsc#1209173): - CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android - CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android - CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt - CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode - CVE-2023-25751: Incorrect code generation during JIT compilation - CVE-2023-28160: Redirect to Web Extension files may have leaked local path - CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation - CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab - CVE-2023-28162: Invalid downcast in Worklets - CVE-2023-25752: Potential out-of-bounds when accessing throttled streams - CVE-2023-28163: Windows Save As dialog resolved environment variables - CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 - CVE-2023-28177: Memory safety bugs fixed in Firefox 111 Important SUSE bug 1208144 CVE-2023-25748 CVE-2023-25749 CVE-2023-25750 CVE-2023-25751 CVE-2023-25752 CVE-2023-28159 CVE-2023-28160 CVE-2023-28161 CVE-2023-28162 CVE-2023-28163 CVE-2023-28164 CVE-2023-28176 CVE-2023-28177 cpe:/o:opensuse:leap:15.4 Security update for dpdk (Moderate) openSUSE Leap 15.4 This update of dpdk fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:opensuse:leap:15.4 Security update for php7 (Important) openSUSE Leap 15.4 This update for php7 fixes the following issues: - CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958). Important SUSE bug 1206958 CVE-2022-31631 cpe:/o:opensuse:leap:15.4 Security update for xen (Important) openSUSE Leap 15.4 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). Important SUSE bug 1209017 SUSE bug 1209018 SUSE bug 1209019 SUSE bug 1209188 CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334 cpe:/o:opensuse:leap:15.4 Security update for oracleasm (Moderate) openSUSE Leap 15.4 This update of oracleasm fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:opensuse:leap:15.4 Security update for python3 (Important) openSUSE Leap 15.4 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). Important SUSE bug 1203355 SUSE bug 1208471 CVE-2023-24329 cpe:/o:opensuse:leap:15.4 Security update for go1.18 (Important) openSUSE Leap 15.4 This update for go1.18 fixes the following issues: - CVE-2022-41723: Fixed a quadratic complexity in HPACK decoding in net/http (bsc#1208270). - CVE-2022-41724: Fixed a denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208271). - CVE-2022-41725: Fixed a panic with large handshake records in crypto/tls (bsc#1208272). The following non-security bug was fixed: - Fixed PTF ref:_00D1igLOd._5005qM0AP4:ref SG#65262 (bsc#1208491). Important SUSE bug 1208270 SUSE bug 1208271 SUSE bug 1208272 SUSE bug 1208491 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 cpe:/o:opensuse:leap:15.4 Security update for qemu (Important) openSUSE Leap 15.4 This update for qemu fixes the following issues: - CVE-2022-4144: Fixed unsafe address translation can lead to out-of-bounds read in qxl_phys2virt (bsc#1205808). - CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000). The following non-security bugs were fixed: - Fix bsc#1202364. - Introduce max_hw_iov for use in scsi-generic (bsc#1190425) Important SUSE bug 1185000 SUSE bug 1190425 SUSE bug 1202364 SUSE bug 1205808 CVE-2021-3507 CVE-2022-4144 cpe:/o:opensuse:leap:15.4 Security update for qemu (Moderate) openSUSE Leap 15.4 This update for qemu fixes the following issues: - CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000). - CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207). Moderate SUSE bug 1180207 SUSE bug 1185000 CVE-2020-14394 CVE-2021-3507 cpe:/o:opensuse:leap:15.4 Security update for python-wheel (Moderate) openSUSE Leap 15.4 This update for python-wheel fixes the following issues: - CVE-2022-40898: Fixed an excessive use of CPU that could be triggered via a crafted regular expression (bsc#1206670). Moderate SUSE bug 1206670 CVE-2022-40898 cpe:/o:opensuse:leap:15.4 Security update for saphanabootstrap-formula (Important) openSUSE Leap 15.4 This update for saphanabootstrap-formula fixes the following issues: - Version bump 0.13.1 * revert changes to spec file to re-enable SLES RPM builds * CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/ha_cluster.sls (bsc#1205990) - Version bump 0.13.0 * pass sid to sudoers in a SLES12 compatible way * add location constraint to gcp_stonith - Version bump 0.12.1 * moved templates dir into hana dir in repository to be gitfs compatible - Version bump 0.12.0 * add SAPHanaSR takeover blocker - Version bump 0.11.0 * use check_cmd instead of tmp sudoers file * make sudoers rules more secure * migrate sudoers to template file - Version bump 0.10.1 * fix hook removal conditions * fix majority_maker code on case grain is empty - Version bump 0.10.0 * allow to disable shared HANA basepath and rework add_hosts code (enables HANA scale-out on AWS) * do not edit global.ini directly (if not needed) - Version bump 0.9.1 * fix majority_maker code on case grain is empty - Version bump 0.9.0 * define vip_mechanism for every provider and reorder resources (same schema for all SAP related formulas) - Version bump 0.8.1 * use multi-target Hook on HANA scale-out - Version bump 0.8.0 * add HANA scale-out support * add idempotence to not affect a running HANA and cluster - Version bump 0.7.2 * add native fencing for microsoft-azure - fixes a not working import of dbapi in SUSE/ha-sap-terraform-deployments#703 - removes the installation and extraction of all hdbcli files in the /hana/shared/srHook directory - fixes execution order of srTakeover/srCostOptMemConfig hook - renames and updates hook srTakeover to srCostOptMemConfig - Changing exporter stickiness to => 0 and adjusting the colocation score from +inf to -inf and changing the colocation from Master to Slave. This change fix the impact of a failed exporter in regards to the HANA DB. - Document extra_parameters in pillar.example (bsc#1185643) - Change hanadb_exporter default timeout value to 30 seconds - Set correct stickiness for the azure-lb resource The azure-lb resource receives an stickiness=0 to not influence on transitions calculations as the HANA resources have more priority Important SUSE bug 1185643 SUSE bug 1205990 CVE-2022-45153 cpe:/o:opensuse:leap:15.4 Security update for python310-setuptools (Moderate) openSUSE Leap 15.4 This update for python310-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). Moderate SUSE bug 1206667 CVE-2022-40897 cpe:/o:opensuse:leap:15.4 Security update for libzypp-plugin-appdata (Important) openSUSE Leap 15.4 This update for libzypp-plugin-appdata fixes the following issues: - CVE-2023-22643: Fixed potential shell injection related to malicious repo names (bsc#1206836). Important SUSE bug 1206836 CVE-2023-22643 cpe:/o:opensuse:leap:15.4 Security update for polkit (Moderate) openSUSE Leap 15.4 This update for polkit fixes the following issues: - Change permissions for rules folders (bsc#1209282) Moderate SUSE bug 1209282 cpe:/o:opensuse:leap:15.4 Security update for rubygem-actionpack-5_1 (Low) openSUSE Leap 15.4 This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2020-8166: Fixed ability to forge per-form CSRF tokens given a global CSRF (bsc#1172182). Low SUSE bug 1172182 SUSE bug 1215707 CVE-2020-8166 cpe:/o:opensuse:leap:15.4 Security update for postfix (Important) openSUSE Leap 15.4 This update for postfix fixes the following issues: - CVE-2023-51764: Fixed SMTP smuggling attack (bsc#1218304). Important SUSE bug 1218304 SUSE bug 1218314 CVE-2023-51764 cpe:/o:opensuse:leap:15.4 Security update for cloud-init (Moderate) openSUSE Leap 15.4 This update for cloud-init contains the following fixes: - Move fdupes call back to %install.(bsc#1214169) - Update to version 23.3. (bsc#1216011) * (bsc#1215794) * (bsc#1215740) * (bsc#1216007) + Bump pycloudlib to 1!5.1.0 for ec2 mantic daily image support (#4390) + Fix cc_keyboard in mantic (LP: #2030788) + ec2: initialize get_instance_userdata return value to bytes (#4387) [Noah Meyerhans] + cc_users_groups: Add doas/opendoas support (#4363) [dermotbradley] + Fix pip-managed ansible + status: treat SubState=running and MainPID=0 as service exited + azure/imds: increase read-timeout to 30s (#4372) [Chris Patterson] + collect-logs fix memory usage (SC-1590) (#4289) [Alec Warren] (LP: #1980150) + cc_mounts: Use fallocate to create swapfile on btrfs (#4369) + Undocument nocloud-net (#4318) + feat(akamai): add akamai to settings.py and apport.py (#4370) + read-version: fallback to get_version when git describe fails (#4366) + apt: fix cloud-init status --wait blocking on systemd v 253 (#4364) + integration tests: Pass username to pycloudlib (#4324) + Bump pycloudlib to 1!5.1.0 (#4353) + cloud.cfg.tmpl: reorganise, minimise/reduce duplication (#4272) [dermotbradley] + analyze: fix (unexpected) timestamp parsing (#4347) [Mina Galić] + cc_growpart: fix tests to run on FreeBSD (#4351) [Mina Galić] + subp: Fix spurious test failure on FreeBSD (#4355) [Mina Galić] + cmd/clean: fix tests on non-Linux platforms (#4352) [Mina Galić] + util: Fix get_proc_ppid() on non-Linux systems (#4348) [Mina Galić] + cc_wireguard: make tests pass on FreeBSD (#4346) [Mina Galić] + unittests: fix breakage in test_read_cfg_paths_fetches_cached_datasource (#4328) [Ani Sinha] + Fix test_tools.py collection (#4315) + cc_keyboard: add Alpine support (#4278) [dermotbradley] + Flake8 fixes (#4340) [Robert Schweikert] + cc_mounts: Fix swapfile not working on btrfs (#4319) [王煎饼] (LP: #1884127) + ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen (#4281) [Wei Zhou] + ec2: Support double encoded userdata (#4275) [Noah Meyerhans] + cc_mounts: xfs is a Linux only FS (#4334) [Mina Galić] + tests/net: fix TestGetInterfaces' mock coverage for get_master (#4336) [Chris Patterson] + change openEuler to openeuler and fix some bugs in openEuler (#4317) [sxt1001] + Replace flake8 with ruff (#4314) + NM renderer: set default IPv6 addr-gen-mode for all interfaces to eui64 (#4291) [Ani Sinha] + cc_ssh_import_id: add Alpine support and add doas support (#4277) [dermotbradley] + sudoers not idempotent (SC-1589) (#4296) [Alec Warren] (LP: #1998539) + Added support for Akamai Connected Cloud (formerly Linode) (#4167) [Will Smith] + Fix reference before assignment (#4292) + Overhaul module reference page (#4237) [Sally] + replaced spaces with commas for setting passenv (#4269) [Alec Warren] + DS VMware: modify a few log level (#4284) [PengpengSun] + tools/read-version refactors and unit tests (#4268) + Ensure get_features() grabs all features (#4285) + Don't always require passlib dependency (#4274) + tests: avoid leaks into host system checking of ovs-vsctl cmd (#4275) + Fix NoCloud kernel commandline key parsing (#4273) + testing: Clear all LRU caches after each test (#4249) + Remove the crypt dependency (#2139) [Gon?ri Le Bouder] + logging: keep current file mode of log file if its stricter than the new mode (#4250) [Ani Sinha] + Remove default membership in redundant groups (#4258) [Dave Jones] (LP: #1923363) + doc: improve datasource_creation.rst (#4262) + Remove duplicate Integration testing button (#4261) [Rishita Shaw] + tools/read-version: fix the tool so that it can handle version parsing errors (#4234) [Ani Sinha] + net/dhcp: add udhcpc support (#4190) [Jean-Fran?ois Roche] + DS VMware: add i386 arch dir to deployPkg plugin search path [PengpengSun] + LXD moved from linuxcontainers.org to Canonical [Simon Deziel] + cc_mounts.py: Add note about issue with creating mounts inside mounts (#4232) [dermotbradley] + lxd: install lxd from snap, not deb if absent in image + landscape: use landscape-config to write configuration + Add deprecation log during init of DataSourceDigitalOcean (#4194) [tyb-truth] + doc: fix typo on apt.primary.arches (#4238) [Dan Bungert] + Inspect systemd state for cloud-init status (#4230) + instance-data: add system-info and features to combined-cloud-config (#4224) + systemd: Block login until config stage completes (#2111) (LP: #2013403) + tests: proposed should invoke apt-get install -t=<release>-proposed (#4235) + cloud.cfg.tmpl: reinstate ca_certs entry (#4236) [dermotbradley] + Remove feature flag override ability (#4228) + tests: drop stray unrelated file presence test (#4227) + Update LXD URL (#4223) [Sally] + schema: add network v1 schema definition and validation functions + tests: daily PPA for devel series is version 99.daily update tests to match (#4225) + instance-data: write /run/cloud-init/combined-cloud-config.json + mount parse: Fix matching non-existent directories (#4222) [Mina Galić] + Specify build-system for pep517 (#4218) + Fix network v2 metric rendering (#4220) + Migrate content out of FAQ page (SD-1187) (#4205) [Sally] + setup: fix generation of init templates (#4209) [Mina Galić] + docs: Correct some bootcmd example wording + fix changelog + tests: reboot client to assert x-shellscript-per-boot is triggered + nocloud: parse_cmdline no longer detects nocloud-net datasource (#4204) (LP: 4203, #2025180) + Add docstring and typing to mergemanydict (#4200) + BSD: add dsidentify to early startup scripts (#4182) [Mina Galić] + handler: report errors on skipped merged cloud-config.txt parts (LP: #1999952) + Add cloud-init summit writeups (#4179) [Sally] + tests: Update test_clean_log for oci (#4187) + gce: improve ephemeral fallback NIC selection (CPC-2578) (#4163) + tests: pin pytest 7.3.1 to avoid adverse testpaths behavior (#4184) + Ephemeral Networking for FreeBSD (#2165) [Mina Galić] + Clarify directory syntax for nocloud local filesystem. (#4178) + Set default renderer as sysconfig for centos/rhel (#4165) [Ani Sinha] + Test static routes and netplan 0.106 + FreeBSD fix parsing of mount and mount options (#2146) [Mina Galić] + test: add tracking bug id (#4164) + tests: can't match MAC for LXD container veth due to netplan 0.106 (#4162) + Add kaiwalyakoparkar as a contributor (#4156) [Kaiwalya Koparkar] + BSD: remove datasource_list from cloud.cfg template (#4159) [Mina Galić] + launching salt-minion in masterless mode (#4110) [Denis Halturin] + tools: fix run-container builds for rockylinux/8 git hash mismatch (#4161) + fix doc lint: spellchecker tripped up (#4160) [Mina Galić] + Support Ephemeral Networking for BSD (#2127) + Added / fixed support for static routes on OpenBSD and FreeBSD (#2157) [Kadir Mueller] + cc_rsyslog: Refactor for better multi-platform support (#4119) [Mina Galić] (LP: #1798055) + tests: fix test_lp1835584 (#4154) + cloud.cfg mod names: docs and rename salt_minion and set_password (#4153) + vultr: remove check_route check (#2151) [Jonas Chevalier] + Update SECURITY.md (#4150) [Indrranil Pawar] + Update CONTRIBUTING.rst (#4149) [Indrranil Pawar] + Update .github-cla-signers (#4151) [Indrranil Pawar] + Standardise module names in cloud.cfg.tmpl to only use underscore (#4128) [dermotbradley] + Modify PR template so autoclose works From 23.2.2 + Fix NoCloud kernel commandline key parsing (#4273) (Fixes: #4271) (LP: #2028562) + Fix reference before assignment (#4292) (Fixes: #4288) (LP: #2028784) From 23.2.1 + nocloud: Fix parse_cmdline detection of nocloud-net datasource (#4204) (Fixes: 4203) (LP: #2025180) From 23.2 + BSD: simplify finding MBR partitions by removing duplicate code [Mina Galić] + tests: bump pycloudlib version for mantic builds + network-manager: Set higher autoconnect priority for nm keyfiles (#3671) [Ani Sinha] + alpine.py: change the locale file used (#4139) [dermotbradley] + cc_ntp: Sync up with current FreeBSD ntp.conf (#4122) [Mina Galić] + config: drop refresh_rmc_and_interface as RHEL 7 no longer supported [Robert Schweikert] + docs: Add feedback button to docs + net/sysconfig: enable sysconfig renderer if network manager has ifcfg-rh plugin (#4132) [Ani Sinha] + For Alpine use os-release PRETTY_NAME (#4138) [dermotbradley] + network_manager: add a method for ipv6 static IP configuration (#4127) [Ani Sinha] + correct misnamed template file host.mariner.tmpl (#4124) [dermotbradley] + nm: generate ipv6 stateful dhcp config at par with sysconfig (#4115) [Ani Sinha] + Add templates for GitHub Issues + Add 'peers' and 'allow' directives in cc_ntp (#3124) [Jacob Salmela] + FreeBSD: Fix user account locking (#4114) [Mina Galić] (GH: #1854594) + FreeBSD: add ResizeGrowFS class to cc_growpart (#2334) [Mina Galić] + Update tests in Azure TestCanDevBeReformatted class (#2771) [Ksenija Stanojevic] + Replace Launchpad references with GitHub Issues + Fix KeyError in iproute pformat (#3287) [Dmitry Zykov] + schema: read_cfg_paths call init.fetch to lookup /v/l/c/instance + azure/errors: introduce reportable errors for imds (#3647) [Chris Patterson] + FreeBSD (and friends): better identify MBR slices (#2168) [Mina Galić] (LP: #2016350) + azure/errors: add host reporting for dhcp errors (#2167) [Chris Patterson] + net: purge blacklist_drivers across net and azure (#2160) [Chris Patterson] + net: refactor hyper-v VF filtering and apply to get_interfaces() (#2153) [Chris Patterson] + tests: avoid leaks to underlying filesystem for /etc/cloud/clean.d (#2251) + net: refactor find_candidate_nics_on_linux() to use get_interfaces() (#2159) [Chris Patterson] + resolv_conf: Allow > 3 nameservers (#2152) [Major Hayden] + Remove mount NTFS error message (#2134) [Ksenija Stanojevic] + integration tests: fix image specification parsing (#2166) + ci: add hypothesis scheduled GH check (#2149) + Move supported distros list to docs (#2162) + Fix logger, use instance rather than module function (#2163) + README: Point to Github Actions build status (#2158) + Revert 'fix linux-specific code on bsd (#2143)' (#2161) + Do not generate dsa and ed25519 key types when crypto FIPS mode is enabled (#2142) [Ani Sinha] (LP: 2017761) + Add documentation label automatically (#2156) + sources/azure: report success to host and introduce kvp module (#2141) [Chris Patterson] + setup.py: use pkg-config for udev/rules path (#2137) [dankm] + openstack/static: honor the DNS servers associated with a network (#2138) [Gon?ri Le Bouder] + fix linux-specific code on bsd (#2143) + cli: schema validation of jinja template user-data (SC-1385) (#2132) (LP: #1881925) + gce: activate network discovery on every boot (#2128) + tests: update integration test to assert 640 across reboots (#2145) + Make user/vendor data sensitive and remove log permissions (#2144) (LP: #2013967) + Update kernel command line docs (SC-1457) (#2133) + docs: update network configuration path links (#2140) [d1r3ct0r] + sources/azure: report failures to host via kvp (#2136) [Chris Patterson] + net: Document use of `ip route append` to add routes (#2130) + dhcp: Add missing mocks (#2135) + azure/imds: retry fetching metadata up to 300 seconds (#2121) [Chris Patterson] + [1/2] DHCP: Refactor dhcp client code (#2122) + azure/errors: treat traceback_base64 as string (#2131) [Chris Patterson] + azure/errors: introduce reportable errors (#2129) [Chris Patterson] + users: schema permit empty list to indicate create no users + azure: introduce identity module (#2116) [Chris Patterson] + Standardize disabling cloud-init on non-systemd (#2112) + Update .github-cla-signers (#2126) [Rob Tongue] + NoCloud: Use seedfrom protocol to determine mode (#2107) + rhel: Remove sysvinit files. (#2114) + tox.ini: set -vvvv --showlocals for pytest (#2104) [Chris Patterson] + Fix NoCloud kernel commandline semi-colon args + run-container: make the container/VM timeout configurable (#2118) [Paride Legovini] + suse: Remove sysvinit files. (#2115) + test: Backport assert_call_count for old requests (#2119) + Add 'licebmi' as contributor (#2113) [Mark Martinez] + Adapt DataSourceScaleway to upcoming IPv6 support (#2033) [Louis Bouchard] + rhel: make sure previous-hostname file ends with a new line (#2108) [Ani Sinha] + Adding contributors for DataSourceAkamai (#2110) [acourdavAkamai] + Cleanup ephemeral IP routes on exception (#2100) [sxt1001] + commit 09a64badfb3f51b1b391fa29be19962381a4bbeb [sxt1001] (LP: #2011291) + Standardize kernel commandline user interface (#2093) + config/cc_resizefs: fix do_resize arguments (#2106) [Chris Patterson] + Fix test_dhclient_exits_with_error (#2105) + net/dhcp: catch dhclient failures and raise NoDHCPLeaseError (#2083) [Chris Patterson] + sources/azure: move pps handling out of _poll_imds() (#2075) [Chris Patterson] + tests: bump pycloudlib version (#2102) + schema: do not manipulate draft4 metaschema for jsonschema 2.6.0 (#2098) + sources/azure/imds: don't count timeout errors as connection errors (#2074) [Chris Patterson] + Fix Python 3.12 unit test failures (#2099) + integration tests: Refactor instance checking (#1989) + ci: migrate remaining jobs from travis to gh (#2085) + missing ending quote in instancedata docs(#2094) [Hong L] + refactor: stop passing log instances to cc_* handlers (#2016) [d1r3ct0r] + tests/vmware: fix test_no_data_access_method failure (#2092) [Chris Patterson] + Don't change permissions of netrules target (#2076) (LP: #2011783) + tests/sources: patch util.get_cmdline() for datasource tests (#2091) [Chris Patterson] + macs: ignore duplicate MAC for devs with driver driver qmi_wwan (#2090) (LP: #2008888) + Fedora: Enable CA handling (#2086) [František Zatloukal] + Send dhcp-client-identifier for InfiniBand ports (#2043) [Waleed Mousa] + cc_ansible: complete the examples and doc (#2082) [Yves] + bddeb: for dev package, derive debhelper-compat from host system + apport: only prompt for cloud_name when instance-data.json is absent + datasource: Optimize datasource detection, fix bugs (#2060) + Handle non existent ca-cert-config situation (#2073) [Shreenidhi Shedi] + sources/azure: add networking check for all source PPS (#2061) [Chris Patterson] + do not attempt dns resolution on ip addresses (#2040) + chore: fix style tip (#2071) + Fix metadata IP in instancedata.rst (#2063) [Brian Haley] + util: Pass deprecation schedule in deprecate_call() (#2064) + config: Update grub-dpkg docs (#2058) + docs: Cosmetic improvements and styling (#2057) [s-makin] + cc_grub_dpkg: Added UEFI support (#2029) [Alexander Birkner] + tests: Write to /var/spool/rsyslog to adhere to apparmor profile (#2059) + oracle-ds: prefer system_cfg over ds network config source (#1998) (LP: #1956788) + Remove dead code (#2038) + source: Force OpenStack when it is only option (#2045) (LP: #2008727) + cc_ubuntu_advantage: improve UA logs discovery + sources/azure: fix regressions in IMDS behavior (#2041) [Chris Patterson] + tests: fix test_schema (#2042) + dhcp: Cleanup unused kwarg (#2037) + sources/vmware/imc: fix-missing-catch-few-negtive-scenarios (#2027) [PengpengSun] + dhclient_hook: remove vestigal dhclient_hook command (#2015) + log: Add standardized deprecation tooling (SC-1312) (#2026) + Enable SUSE based distros for ca handling (#2036) [Robert Schweikert] From 23.1.2 + Make user/vendor data sensitive and remove log permissions (LP: #2013967) (CVE-2023-1786) - Remove six dependency (bsc#1198269) - Update to version 22.4 (bsc#1201010) Moderate SUSE bug 1198269 SUSE bug 1201010 SUSE bug 1214169 SUSE bug 1215740 SUSE bug 1215794 SUSE bug 1216007 SUSE bug 1216011 CVE-2023-1786 cpe:/o:opensuse:leap:15.4 Security update for libcryptopp (Moderate) openSUSE Leap 15.4 This update for libcryptopp fixes the following issues: - CVE-2023-50980: Fixed DoS via malformed DER public key file (bsc#1218219). Moderate SUSE bug 1218219 CVE-2023-50980 cpe:/o:opensuse:leap:15.4 Security update for webkit2gtk3 (Important) openSUSE Leap 15.4 This update for webkit2gtk3 fixes the following issues: - CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution (bsc#1218033). - CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of-service (bsc#1218032). - CVE-2023-41074: Fixed use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (bsc#1215870). - CVE-2023-40451, CVE-2023-41074: Update to version 2.42.4 (bsc#1218032, bsc#1215868). Important SUSE bug 1215868 SUSE bug 1215869 SUSE bug 1215870 SUSE bug 1218032 SUSE bug 1218033 CVE-2023-32359 CVE-2023-39928 CVE-2023-40451 CVE-2023-41074 CVE-2023-42883 CVE-2023-42890 cpe:/o:opensuse:leap:15.4 Security update for eclipse-jgit, jsch (Important) openSUSE Leap 15.4 This update for eclipse-jgit, jsch fixes the following issues: Security fix: - CVE-2023-4759: Fixed an arbitrary file overwrite which might have occurred with a specially crafted git repository and a case-insensitive filesystem. (bsc#1215298) Other fixes: jsch was updated to version 0.2.9: - Added support for various algorithms - Migrated from `com.jcraft:jsch` to `com.github.mwiede:jsch` fork (bsc#1211955): * Alias to the old artifact since the new one is drop-in replacement * Keep the old OSGi bundle symbolic name to avoid extensive patching of eclipse stack - Updated to version 0.2.9: * For the full list of changes please consult the upstream changelogs below for each version updated: + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.9 + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.8 + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.7 + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.6 + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.5 + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.4 + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.3 + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.2 + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.1 + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.0 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.71 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.70 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.69 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.68 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.67 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.66 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.65 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.64 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.63 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.62 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.61 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.60 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.59 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.58 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.57 + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.56 eclipse-jgit: - Craft the jgit script from the real Main class of the jar file instead of using a jar launcher (bsc#1209646) Important SUSE bug 1209646 SUSE bug 1211955 SUSE bug 1215298 CVE-2023-4759 cpe:/o:opensuse:leap:15.4 Security update for libssh2_org (Moderate) openSUSE Leap 15.4 This update for libssh2_org fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127). Moderate SUSE bug 1218127 CVE-2023-48795 cpe:/o:opensuse:leap:15.4 Security update for tar (Low) openSUSE Leap 15.4 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). Low SUSE bug 1217969 CVE-2023-39804 cpe:/o:opensuse:leap:15.4 Security update for hawk2 (Moderate) openSUSE Leap 15.4 This update for hawk2 fixes the following issues: - Fixed HttpOnly secure flag by default (bsc#1216508). - Fixed CSRF in errors_controller.rb protection (bsc#1216571). Update to version 2.6.4+git.1702030539.5fb7d91b: - Fix mime type issue in MS windows (bsc#1215438) - Parametrize CORS Access-Control-Allow-Origin header (bsc#1213454) - Tests: upgrate tests for ruby3.2 (tumbleweed) (bsc#1215976) - Upgrade for ruby3.2 (tumbleweed) (bsc#1215976) - Forbid special symbols in the category (bsc#1206217) - Fix the sass-rails version on ~5.0 (bsc#1208533) - Don't delete the private key if the public key is missing (bsc#1207930) - make-sle155-compatible.patch . No bsc, it's for backwards compatibility. Moderate SUSE bug 1206217 SUSE bug 1207930 SUSE bug 1208533 SUSE bug 1213454 SUSE bug 1215438 SUSE bug 1215976 SUSE bug 1216508 SUSE bug 1216571 cpe:/o:opensuse:leap:15.4 ImageMagick ImageMagick-config-7-SUSE libMagick++-7_Q16HDRI5 libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 openSUSE-release Mesa Mesa-dri Mesa-gallium Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 Mesa-libva libgbm1 libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libxatracker2 MozillaFirefox MozillaFirefox-translations-common MozillaFirefox-translations-other MozillaThunderbird MozillaThunderbird-translations-common MozillaThunderbird-translations-other NetworkManager NetworkManager-lang libnm0 typelib-1_0-NM-1_0 NetworkManager-applet NetworkManager-applet-lang NetworkManager-connection-editor NetworkManager-vpnc NetworkManager-vpnc-gnome NetworkManager-vpnc-lang PackageKit PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module PackageKit-lang libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 WebKit2GTK-4.1-lang WebKit2GTK-5.0-lang libjavascriptcoregtk-4_0-18 libjavascriptcoregtk-4_1-0 libjavascriptcoregtk-5_0-0 libwebkit2gtk-4_0-37 libwebkit2gtk-4_1-0 libwebkit2gtk-5_0-0 typelib-1_0-JavaScriptCore-4_0 typelib-1_0-JavaScriptCore-5_0 typelib-1_0-WebKit2-4_0 typelib-1_0-WebKit2-5_0 webkit2gtk-4_0-injected-bundles webkit2gtk-4_1-injected-bundles webkit2gtk-5_0-injected-bundles accountsservice accountsservice-lang libaccountsservice0 typelib-1_0-AccountsService-1_0 apache2 apache2-doc apache2-example-pages apache2-prefork apache2-utils apache2-mod_php7 php7 php7-cli php7-ctype php7-dom php7-iconv php7-json php7-mysql php7-openssl php7-pdo php7-pgsql php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang libapparmor1 python3-apparmor ark ark-lang libkerfuffle21 augeas augeas-lenses libaugeas0 autofs autoyast2 autoyast2-installation avahi avahi-lang libavahi-client3 libavahi-client3-32bit libavahi-common3 libavahi-common3-32bit libavahi-core7 bash bash-doc bash-lang bash-sh libreadline7 readline-doc bcm43xx-firmware bind bind-utils python3-bind binutils libctf-nobfd0 libctf0 blktrace bluez libbluetooth3 btrfsmaintenance bubblewrap bzip2 libbz2-1 libbz2-1-32bit chromium chrony chrony-pool-openSUSE cifs-utils coreutils coreutils-doc coreutils-lang cpio cpio-lang cpio-mt cpp7 libgfortran4 cracklib libcrack2 libcrack2-32bit cron cronie cryptsetup cryptsetup-lang libcryptsetup12 cups cups-client cups-config libcups2 libcups2-32bit libcupscgi1 libcupsimage2 libcupsmime1 libcupsppdc1 cups-filters cups-pk-helper cups-pk-helper-lang curl libcurl4 libcurl4-32bit cyrus-sasl cyrus-sasl-32bit cyrus-sasl-crammd5 cyrus-sasl-crammd5-32bit cyrus-sasl-digestmd5 cyrus-sasl-digestmd5-32bit cyrus-sasl-gssapi cyrus-sasl-gssapi-32bit cyrus-sasl-plain cyrus-sasl-plain-32bit libsasl2-3 libsasl2-3-32bit dbus-1 dbus-1-x11 libdbus-1-3 libdbus-1-3-32bit dbus-1-glib dbus-1-glib-32bit dbus-1-glib-tool dhcp dhcp-client dirmngr gpg2 gpg2-lang dnsmasq dracut dracut-mkinitrd-deprecated e2fsprogs libcom_err2 libcom_err2-32bit libext2fs2 elfutils elfutils-lang libasm1 libdw1 libdw1-32bit libelf1 libelf1-32bit emacs emacs-info emacs-nox etags eog eog-lang evince evince-lang evince-plugin-pdfdocument libevdocument3-4 libevview3-3 nautilus-evince typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0 evolution evolution-lang evolution-data-server evolution-data-server-lang libcamel-1_2-63 libebackend-1_2-10 libebook-1_2-20 libebook-contacts-1_2-3 libecal-2_0-1 libedata-book-1_2-26 libedata-cal-2_0-1 libedataserver-1_2-26 libedataserverui-1_2-3 expat libexpat1 libexpat1-32bit file file-magic libmagic1 libmagic1-32bit file-roller file-roller-lang firewalld firewalld-lang python3-firewall flatpak libflatpak0 system-user-flatpak freerdp libfreerdp2 libwinpr2 fribidi libfribidi0 fuse libfuse2 fwupd fwupd-lang libfwupd2 libfwupdplugin5 libjcat1 typelib-1_0-Fwupd-2_0 gcab gcab-lang libgcab-1_0-0 gdb gdk-pixbuf-lang gdk-pixbuf-query-loaders gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 gdm gdm-lang gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 gegl-0_4 gegl-0_4-lang libgegl-0_4-0 ghostscript ghostscript-x11 gimp gimp-lang gimp-plugin-aa libgimp-2_0-0 libgimpui-2_0-0 glib-networking glib-networking-lang glib2-lang glib2-tools libgio-2_0-0 libgio-2_0-0-32bit libglib-2_0-0 libglib-2_0-0-32bit libgmodule-2_0-0 libgmodule-2_0-0-32bit libgobject-2_0-0 libgobject-2_0-0-32bit libgthread-2_0-0 glibc glibc-32bit glibc-extra glibc-lang glibc-locale glibc-locale-base glibc-locale-base-32bit nscd glibc-locale-32bit gnome-desktop-lang gnome-version libgnome-desktop-3-19 libgnome-desktop-3_0-common typelib-1_0-GnomeDesktop-3_0 gnome-extensions gnome-shell gnome-shell-calendar gnome-shell-lang gnome-photos gnome-photos-lang gnome-shell-search-provider-gnome-photos gtk2-data gtk2-immodule-amharic gtk2-immodule-inuktitut gtk2-immodule-thai gtk2-immodule-tigrigna gtk2-immodule-vietnamese gtk2-immodule-xim gtk2-lang gtk2-tools libgtk-2_0-0 gnome-settings-daemon gnome-settings-daemon-lang gnome-shell-search-provider-nautilus libnautilus-extension1 nautilus nautilus-lang gnuchess gnutls libgnutls30 libgnutls30-32bit gptfdisk graphviz graphviz-gd graphviz-gnome graphviz-plugins-core libgraphviz6 grep grep-lang grilo-lang libgrilo-0_3-0 libgrlnet-0_3-0 libgrlpls-0_3-0 typelib-1_0-Grl-0_3 groff groff-full gxditview grub2 grub2-arm64-efi grub2-i386-pc grub2-powerpc-ieee1275 grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi gstreamer gstreamer-lang gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 gstreamer-plugins-bad gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 gstreamer-plugins-base gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 gstreamer-plugins-good gstreamer-plugins-good-gtk gstreamer-plugins-good-lang gstreamer-plugins-ugly gstreamer-plugins-ugly-lang gtk-vnc-lang libgtk-vnc-2_0-0 libgvnc-1_0-0 typelib-1_0-GVnc-1_0 typelib-1_0-GtkVnc-2_0 gvfs gvfs-backend-afc gvfs-backend-samba gvfs-backends gvfs-fuse gvfs-lang hplip-hpijs hplip-sane ibus ibus-dict-emoji ibus-gtk ibus-gtk3 ibus-lang libibus-1_0-5 typelib-1_0-IBus-1_0 ibus-chewing ibus-pinyin iscsiuio libopeniscsiusr0_2_0 open-iscsi java-11-openjdk java-11-openjdk-headless kate kate-lang kate-plugins kconf_update5 libKF5ConfigCore5 libKF5ConfigCore5-lang libKF5ConfigGui5 kcoreaddons kcoreaddons-lang libKF5CoreAddons5 kdump kernel-64kb kernel-64kb-extra kernel-64kb-optional kernel-default kernel-default-extra kernel-default-optional kernel-kvmsmall kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd kinit kinit-lang kio-extras5 kio-extras5-lang libkioarchive5 konversation konversation-lang krb5 krb5-32bit kscreenlocker kscreenlocker-lang libKScreenLocker5 ktexteditor ktexteditor-lang less libBasicUsageEnvironment1 libUsageEnvironment3 libgroupsock30 libliveMedia102 libFLAC8 libFLAC8-32bit libHX28 libICE6 libIlmImf-2_2-23 libKF5Auth5 libKF5Auth5-lang libKF5AuthCore5 libKF5Codecs5 libKF5Codecs5-lang libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3 libQt5Svg5 libSDL-1_2-0 libSDL2-2_0-0 libSoundTouch0 libX11-6 libX11-data libX11-xcb1 libXRes1 libXcursor1 libXdmcp6 libXext6 libXfixes3 libXfont1 libXfont2-2 libXi6 libXinerama1 libXrandr2 libXrender1 libXt6 libXtst6 libXv1 libXvMC1 libXvnc1 tigervnc xorg-x11-Xvnc xorg-x11-Xvnc-module libXxf86dga1 libXxf86vm1 libZXing1 libaom3 libapr-util1 libarchive13 libass9 libaudit1 libaudit1-32bit libauparse0 libavcodec57 libavutil55 libswresample2 libavcodec58_134 libavdevice58_13 libavfilter7_110 libavformat58_76 libavresample4_0 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9 libblas3 liblapack3 libopenblas_openmp0 libopenblas_pthreads0 libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid1 libuuid1-32bit util-linux util-linux-lang util-linux-systemd libbrotlicommon1 libbrotlicommon1-32bit libbrotlidec1 libbrotlidec1-32bit libbrotlienc1 libbsd0 libcaca0 libcacard0 libcairo-gobject2 libcairo-script-interpreter2 libcairo2 libcares2 libcdio16 libcdio19 libcfitsio9 libdjvulibre21 libdmx1 libebml5 libekmfweb1 libkmipclient1 s390-tools libevent-2_1-8 libexempi3 libexif12 libexiv2-26 libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss mozilla-nss-certs libfreetype6 libfreetype6-32bit libgadu3 libgc1 libgcrypt20 libgcrypt20-32bit libgd3 libgfbgraph-0_2-0 libgif7 libgme0 libgmp10 libgmp10-32bit libgnome-autoar-0-0 libgnome-autoar-gtk-0-0 libgraphite2-3 libgupnp-1_2-1 libgxps2 libhdf5-103 libhdf5_hl100 libhivex0 perl-Win-Hivex libhogweed6 libhogweed6-32bit libnettle8 libnettle8-32bit libhunspell-1_6-0 libical-glib3 libical3 libidn11 libidn2-0 libidn2-0-32bit libidn2-lang libimobiledevice-1_0-6 libusbmuxd-2_0-6 libinput-udev libinput10 libixml11 libupnp17 libjansson4 libjansson4-32bit libjasper4 libjbig2 libjpeg8 libjson-c3 libksba8 liblcms2-2 libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client libldb2 libldb2-32bit python3-ldb liblouis-data liblouis20 python3-louis liblua5_3-5 liblua5_3-5-32bit liblz4-1 liblz4-1-32bit liblzma5 liblzma5-32bit xz xz-lang liblzo2-2 libmad0 libmariadb3 libmariadbd19 mariadb mariadb-client mariadb-errormessages libmarkdown2 libminiupnpc17 libminizip1 libz1 libz1-32bit libmozjs-78-0 libmp3lame0 libmpfr6 libmpg123-0 mpg123-openal mpg123-pulse libmspack0 libmwaw-0_3-3 libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen libndp0 libnetpbm11 netpbm libnewt0_52 libnghttp2-14 libnghttp2-14-32bit libntfs-3g87 ntfs-3g ntfsprogs libodbc2 libopencv405 libopencv_imgcodecs405 libopencv_ximgproc405 libopenjp2-7 libopenjpeg1 libopenmpt0 libopenssl1_1 libopenssl1_1-32bit openssl-1_1 libopus0 libosinfo libosinfo-1_0-0 libosinfo-lang typelib-1_0-Libosinfo-1_0 libotr5 libp11-kit0 libp11-kit0-32bit p11-kit p11-kit-tools libpango-1_0-0 typelib-1_0-Pango-1_0 libpano13-3 libpcap1 libpcre1 libpcre1-32bit libpcre2-16-0 libpcre2-8-0 libpcsclite1 pcsc-lite libplist-2_0-3 libpng16-16 libpng16-16-32bit libpolkit0 polkit typelib-1_0-Polkit-1_0 libpoppler-cpp0 libpoppler-glib8 libpoppler-qt5-1 libpoppler117 poppler-tools libpotrace0 libpq5 libprocps7 procps libprotobuf-lite20 libprotobuf20 libproxy1 libproxy1-config-gnome3 libproxy1-config-kde libproxy1-networkmanager libproxy1-pacrunner-webkit libpskc0 libpurple libpurple-client0 libpurple-lang libpurple-tcl libpurple0 pidgin libpython3_6m1_0 python3 python3-base python3-curses python3-dbm libqpdf26 libqt5-qtwebengine libquicktime0 librados2 librbd1 libraptor2-0 libraw20 libreoffice libreoffice-base libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-ar libreoffice-l10n-bg libreoffice-l10n-bs libreoffice-l10n-ca libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-eo libreoffice-l10n-es libreoffice-l10n-et libreoffice-l10n-fa libreoffice-l10n-fi libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-id libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-ko libreoffice-l10n-lt libreoffice-l10n-nb libreoffice-l10n-nl libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-sk libreoffice-l10n-sl libreoffice-l10n-sv libreoffice-l10n-uk libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit libruby2_5-2_5 ruby2.5 ruby2.5-stdlib libsamba-policy0-python3 samba samba-ad-dc-libs samba-client samba-client-32bit samba-client-libs samba-client-libs-32bit samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs samba-winbind-libs-32bit libseccomp2 libserf-1-1 libshp2 libslirp0 libsndfile1 libsndfile1-32bit libsnmp30 net-snmp perl-SNMP snmp-mibs libsolv-tools python3-solv ruby-solv libsoup-2_4-1 libsoup-3_0-0 libsoup-lang libsoup2-lang typelib-1_0-Soup-2_4 typelib-1_0-Soup-3_0 libspeex1 libspeex1-32bit libspice-client-glib-2_0-8 libspice-client-glib-helper libspice-client-gtk-3_0-5 typelib-1_0-SpiceClientGlib-2_0 typelib-1_0-SpiceClientGtk-3_0 libspice-server1 libsqlite3-0 sqlite3 libsrt1 libsrtp2-1 libssh-config libssh4 libssh4-32bit libssh2-1 libstaroffice-0_0-0 libsynctex2 libsystemd0 libsystemd0-32bit libudev1 libudev1-32bit systemd systemd-32bit systemd-container systemd-doc systemd-lang systemd-sysvinit udev libtag1 libtag_c0 libtasn1 libtasn1-6 libtasn1-6-32bit libtiff5 libtirpc-netconfig libtirpc3 libtirpc3-32bit libtpms0 libtss2-esys0 libtss2-mu0 libtss2-rc0 libtss2-sys1 libudisks2-0 libudisks2-0_btrfs udisks2 udisks2-lang libunwind libupsclient1 nut nut-cgi libvdpau1 libvirglrenderer1 libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-qemu libvirt-libs libvlc5 libvlccore9 vlc vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau libvmtools0 open-vm-tools open-vm-tools-desktop libvncclient1 libvncserver1 libvorbis0 libvorbis0-32bit libvorbisenc2 libvorbisenc2-32bit libvorbisfile3 libvpx4 libvpx7 libwavpack1 libwebp7 libwebpdemux2 libwebpmux3 libwmf-0_2-7 libwpd-0_10-10 libxapian30 libxerces-c-3_2 libxkbcommon-x11-0 libxkbcommon0 libxkbregistry0 libxml2-2 libxml2-2-32bit libxml2-tools python3-libxml2 libxslt-tools libxslt1 libyaml-0-2 libyaml-cpp0_6 libzip5 libzstd1 libzstd1-32bit zstd libzypp login_defs shadow mailx mc mc-lang messagelib messagelib-lang mozilla-nspr nbdkit nbdkit-basic-filters nbdkit-basic-plugins nbdkit-curl-plugin nbdkit-python-plugin nbdkit-server nbdkit-ssh-plugin nbdkit-vddk-plugin nfs-client nfs-kernel-server okular okular-lang openconnect openconnect-lang openslp openslp-32bit openssh openssh-clients openssh-common openssh-server openssl openvpn ovmf qemu-ovmf-x86_64 qemu-uefi-aarch64 p7zip p7zip-full pam pam-32bit pam-doc perl perl-base perl-base-32bit perl-core-DB_File perl-Archive-Zip perl-HTML-Parser perl-LWP-Protocol-https perl-XML-LibXML perl-XML-Twig permissions plasma5-desktop plasma5-desktop-emojier plasma5-desktop-lang powerpc-utils ppc64-diag ppp procmail python3-cryptography python3-lxml python3-numpy python3-pip python3-py python3-requests python3-setuptools python3-urllib3 qemu qemu-SLOF qemu-accel-tcg-x86 qemu-arm qemu-audio-spice qemu-block-curl qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-microvm qemu-ppc qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86 rpcbind rpm rpm-32bit rsync rsyslog rtkit ruby2.5-rubygem-nokogiri sane-backends sane-backends-autoconfig screen sddm sddm-branding-openSUSE sharutils sharutils-lang shim spice-vdagent squashfs sudo sudo-plugin-python swtpm tar tar-lang tar-rmt telepathy-idle texlive-lm-fonts tmux tnftp transmission-common transmission-gtk transmission-gtk-lang trousers u-boot-rpiarm64 u-boot-rpiarm64-doc ucode-intel unzip unzip-doc update-alternatives vim vim-data vim-data-common virt-install virt-manager virt-manager-common virtualbox-guest-tools virtualbox-guest-x11 virtualbox-kmp-default vorbis-tools vorbis-tools-lang vsftpd w3m wget wget-lang wicked wicked-service wpa_supplicant xdg-utils xen-libs xinetd xorg-x11-essentials xrdb xorg-x11-server xorg-x11-server-extra xscreensaver xscreensaver-data xscreensaver-lang xterm xterm-bin xwayland yast2-security yast2-users zypper zypper-log zypper-needs-restarting libdxfrw-devel libdxfrw-tools libdxfrw1 librecad librecad-parts chromedriver caddy firejail firejail-bash-completion firejail-zsh-completion chafa chafa-devel chafa-doc libchafa0 atheme atheme-devel libathemecore1 neomutt neomutt-doc neomutt-lang trivy tor dbus-broker wdiff wdiff-lang librttopo-devel librttopo1 libQt5Pdf5 libQt5PdfWidgets5 libqt5-qtpdf-devel libqt5-qtpdf-examples libqt5-qtpdf-imports libqt5-qtpdf-private-headers-devel libqt5-qtwebengine-devel libqt5-qtwebengine-examples libqt5-qtwebengine-private-headers-devel opera phpPgAdmin phpPgAdmin-apache python3-virtualbox virtualbox virtualbox-devel virtualbox-guest-desktop-icons virtualbox-guest-source virtualbox-host-source virtualbox-qt virtualbox-vnc virtualbox-websrv jupyter-jupyterlab python3-jupyterlab connman connman-client connman-devel connman-doc connman-nmcompat connman-plugin-hh2serial-gps connman-plugin-iospm connman-plugin-l2tp connman-plugin-openvpn connman-plugin-polkit connman-plugin-pptp connman-plugin-tist connman-plugin-vpnc connman-plugin-wireguard connman-test seamonkey seamonkey-dom-inspector seamonkey-irc canna canna-devel canna-libs canna-libs-32bit canna-libs-64bit nim freeciv freeciv-gtk3 freeciv-lang freeciv-qt python3-Django libvarnishapi3 varnish varnish-devel mupdf mupdf-devel-static lighttpd lighttpd-mod_authn_gssapi lighttpd-mod_authn_ldap lighttpd-mod_authn_pam lighttpd-mod_authn_sasl lighttpd-mod_magnet lighttpd-mod_maxminddb lighttpd-mod_rrdtool lighttpd-mod_vhostdb_dbi lighttpd-mod_vhostdb_ldap lighttpd-mod_vhostdb_mysql lighttpd-mod_vhostdb_pgsql lighttpd-mod_webdav gdcm gdcm-applications gdcm-devel gdcm-examples libgdcm3_0 libsocketxx1_2 orthanc orthanc-devel orthanc-doc orthanc-gdcm orthanc-source orthanc-webviewer python3-gdcm libosip2-12 libosip2-devel roundcubemail enlightenment enlightenment-branding-upstream enlightenment-devel pngcheck v4l2loopback-autoload v4l2loopback-kmp-64kb v4l2loopback-kmp-default v4l2loopback-utils exim eximon eximstats-html cacti cacti-spine pdns-recursor jhead pyenv pyenv-bash-completion pyenv-fish-completion pyenv-zsh-completion EternalTerminal privoxy privoxy-doc deluge deluge-lang libmodbus-devel libmodbus5 autotrace autotrace-devel libautotrace3 libtumbler-1-0 tumbler tumbler-devel tumbler-doc tumbler-folder-thumbnailer tumbler-lang tumbler-webp-thumbnailer Botan Botan-doc libbotan-2-18 libbotan-2-18-32bit libbotan-2-18-64bit libbotan-devel libbotan-devel-32bit libbotan-devel-64bit python3-botan xtrabackup xtrabackup-test rxvt-unicode cherrytree cherrytree-lang libmatio-devel libmatio11 matio-tools python3-slixmpp multimon-ng vlc-devel vlc-jack vlc-opencv libmbedcrypto7 libmbedcrypto7-32bit libmbedcrypto7-64bit libmbedtls14 libmbedtls14-32bit libmbedtls14-64bit libmbedx509-1 libmbedx509-1-32bit libmbedx509-1-64bit mbedtls-devel libredwg-devel libredwg-tools libredwg0 libxls-devel libxls-tools libxlsreader8 libsphinxclient-0_0_1 libsphinxclient-devel sphinx minetest minetest-data minetest-lang minetestserver editorconfig libeditorconfig-devel libeditorconfig-devel-32bit libeditorconfig-devel-64bit libeditorconfig0 libeditorconfig0-32bit libeditorconfig0-64bit dcmtk dcmtk-devel libdcmtk17 libQt6Svg6 libQt6SvgWidgets6 qt6-svg-devel qt6-svg-docs-html qt6-svg-docs-qch qt6-svg-examples qt6-svg-private-devel guile1 guile1-modules-2_2 libguile-2_2-1 libguile1-devel lilypond lilypond-doc lilypond-doc-cs lilypond-doc-de lilypond-doc-es lilypond-doc-fr lilypond-doc-hu lilypond-doc-it lilypond-doc-ja lilypond-doc-nl lilypond-doc-zh lilypond-emmentaler-fonts lilypond-fonts-common keepass gifsicle xonotic xonotic-data xonotic-server python3-Django1 apptainer libiniparser-devel libiniparser1 libiniparser1-32bit libiniparser1-64bit libasn1-8 libgssapi3 libhcrypto4 libhdb9 libheimbase1 libheimdal-devel libheimedit0 libheimntlm0 libhx509-5 libkadm5clnt7 libkadm5srv8 libkafs0 libkdc2 libkrb5-26 libotp0 libroken18 libsl0 libwind0 zabbix-agent zabbix-java-gateway zabbix-phpfrontend zabbix-proxy zabbix-proxy-mysql zabbix-proxy-postgresql zabbix-proxy-sqlite zabbix-server zabbix-server-mysql zabbix-server-postgresql amanda trytond perl-Net-Netmask perl-HTTP-Tiny opensuse-welcome opensuse-welcome-lang python3-mitmproxy tcpreplay libmodsecurity3 libmodsecurity3-32bit libmodsecurity3-64bit modsecurity modsecurity-devel Cadence python3-GitPython python3-CairoSVG python3-bugzilla python3-mechanize upx libsox3 sox sox-devel gn gstreamer-plugins-bad-32bit gstreamer-plugins-bad-64bit gstreamer-plugins-bad-chromaprint gstreamer-plugins-bad-chromaprint-32bit gstreamer-plugins-bad-chromaprint-64bit gstreamer-plugins-bad-devel gstreamer-plugins-bad-fluidsynth gstreamer-plugins-bad-fluidsynth-32bit gstreamer-plugins-bad-fluidsynth-64bit gstreamer-transcoder gstreamer-transcoder-devel libgstadaptivedemux-1_0-0-32bit libgstadaptivedemux-1_0-0-64bit libgstbadaudio-1_0-0-32bit libgstbadaudio-1_0-0-64bit libgstbasecamerabinsrc-1_0-0-32bit libgstbasecamerabinsrc-1_0-0-64bit libgstcodecparsers-1_0-0-32bit libgstcodecparsers-1_0-0-64bit libgstcodecs-1_0-0-32bit libgstcodecs-1_0-0-64bit libgstcuda-1_0-0 libgstcuda-1_0-0-32bit libgstcuda-1_0-0-64bit libgstinsertbin-1_0-0 libgstinsertbin-1_0-0-32bit libgstinsertbin-1_0-0-64bit libgstisoff-1_0-0-32bit libgstisoff-1_0-0-64bit libgstmpegts-1_0-0-32bit libgstmpegts-1_0-0-64bit libgstphotography-1_0-0-32bit libgstphotography-1_0-0-64bit libgstplay-1_0-0-32bit libgstplay-1_0-0-64bit libgstplayer-1_0-0-32bit libgstplayer-1_0-0-64bit libgstsctp-1_0-0-32bit libgstsctp-1_0-0-64bit libgsttranscoder-1_0-0 libgsturidownloader-1_0-0-32bit libgsturidownloader-1_0-0-64bit libgstva-1_0-0-32bit libgstva-1_0-0-64bit libgstvulkan-1_0-0-32bit libgstvulkan-1_0-0-64bit libgstwayland-1_0-0-32bit libgstwayland-1_0-0-64bit libgstwebrtc-1_0-0-32bit libgstwebrtc-1_0-0-64bit libgstwebrtcnice-1_0-0 libgstwebrtcnice-1_0-0-32bit libgstwebrtcnice-1_0-0-64bit typelib-1_0-CudaGst-1_0 typelib-1_0-GstBadAudio-1_0 typelib-1_0-GstCodecs-1_0 typelib-1_0-GstCuda-1_0 typelib-1_0-GstInsertBin-1_0 typelib-1_0-GstMpegts-1_0 typelib-1_0-GstPlay-1_0 typelib-1_0-GstPlayer-1_0 typelib-1_0-GstTranscoder-1_0 typelib-1_0-GstVa-1_0 typelib-1_0-GstVulkan-1_0 typelib-1_0-GstVulkanWayland-1_0 typelib-1_0-GstVulkanXCB-1_0 typelib-1_0-GstWebRTC-1_0 python3-django-grappelli optipng libtorrent-rasterbar-devel libtorrent-rasterbar-doc libtorrent-rasterbar2_0 python3-libtorrent-rasterbar qbittorrent qbittorrent-nox libevtlog-3_35-0 syslog-ng syslog-ng-curl syslog-ng-devel syslog-ng-geoip syslog-ng-java syslog-ng-mqtt syslog-ng-python syslog-ng-redis syslog-ng-smtp syslog-ng-snmp syslog-ng-sql fish fish-devel proftpd proftpd-devel proftpd-doc proftpd-lang proftpd-ldap proftpd-mysql proftpd-pgsql proftpd-radius proftpd-sqlite deepin-compressor deepin-compressor-lang postgresql12-timescaledb postgresql13-timescaledb postgresql14-timescaledb postgresql15-timescaledb phpMyAdmin phpMyAdmin-apache phpMyAdmin-lang gssntlmssp gssntlmssp-devel peazip peazip-kf5 squirrel squirrel-devel squirrel-devel-static squirrel-doc squirrel-examples nextcloud nextcloud-apache ruby2.5-rubygem-activerecord-5.2 ruby2.5-rubygem-activerecord-doc-5.2 caja-extension-nextcloud cloudproviders-extension-nextcloud libnextcloudsync-devel libnextcloudsync0 nautilus-extension-nextcloud nemo-extension-nextcloud nextcloud-desktop nextcloud-desktop-doc nextcloud-desktop-dolphin nextcloud-desktop-lang liferea liferea-lang stellarium putty go1.18 go1.18-doc go1.18-race go1.17 go1.17-doc go1.17-race ant ant-antlr ant-apache-bcel ant-apache-bsf ant-apache-log4j ant-apache-oro ant-apache-regexp ant-apache-resolver ant-apache-xalan2 ant-commons-logging ant-commons-net ant-imageio ant-javamail ant-jdepend ant-jmf ant-jsch ant-junit ant-junit5 ant-manual ant-scripts ant-swing ant-testutil ant-xz libwebkit2gtk3-lang golang-github-prometheus-prometheus libaom0 libaom0-32bit python-paramiko-doc python2-paramiko python3-paramiko python2-pip nodejs12 nodejs12-devel nodejs12-docs npm12 corepack14 nodejs14 nodejs14-devel nodejs14-docs npm14 libslirp-devel caca-utils libcaca-devel libcaca-ruby libcaca0-32bit libcaca0-plugins libcaca0-plugins-32bit python3-caca python2-Twisted jasper libjasper-devel libjasper4-32bit git git-arch git-core git-credential-gnome-keyring git-credential-libsecret git-cvs git-daemon git-doc git-email git-gui git-p4 git-svn git-web gitk perl-Git libpython3_9-1_0 libpython3_9-1_0-32bit python39 python39-32bit python39-base python39-base-32bit python39-curses python39-dbm python39-devel python39-doc python39-doc-devhelp python39-idle python39-testsuite python39-tk python39-tools pcp-pmda-kvm pcp-pmda-postgresql python-pcp amazon-ssm-agent ruby2.5-devel ruby2.5-devel-extra ruby2.5-doc ruby2.5-doc-ri java-11-openjdk-accessibility java-11-openjdk-demo java-11-openjdk-devel java-11-openjdk-javadoc java-11-openjdk-jmods java-11-openjdk-src ruby2.5-rubygem-puma ruby2.5-rubygem-puma-doc libwmf-0_2-7-32bit libwmf-devel libwmf-gnome libwmf-gnome-32bit libwmf-tools apache2-mod_auth_mellon apache2-mod_auth_mellon-diagnostics apache2-mod_auth_mellon-doc pgadmin4 pgadmin4-doc pgadmin4-web pgadmin4-web-uwsgi libvirt-admin libvirt-bash-completion giflib-devel giflib-devel-32bit giflib-progs libgif7-32bit gzip clamav clamav-devel libclamav9 libfreshclam2 finch finch-devel libpurple-branding-upstream libpurple-devel libpurple-plugin-sametime pidgin-devel libnss_slurm2 libpmi0 libslurm36 perl-slurm slurm slurm-auth-none slurm-config slurm-config-man slurm-cray slurm-devel slurm-doc slurm-hdf5 slurm-lua slurm-munge slurm-node slurm-openlava slurm-pam_slurm slurm-plugins slurm-rest slurm-seff slurm-sjstat slurm-slurmdbd slurm-sql slurm-sview slurm-torque slurm-webdoc openldap2 openldap2-back-meta openldap2-back-perl openldap2-back-sock openldap2-back-sql openldap2-contrib openldap2-devel openldap2-devel-32bit openldap2-devel-static openldap2-doc openldap2-ppolicy-check-password jackson-annotations jackson-annotations-javadoc jackson-bom jackson-core jackson-core-javadoc jackson-databind jackson-databind-javadoc jackson-dataformat-cbor jackson-dataformat-smile jackson-dataformats-binary jackson-dataformats-binary-javadoc cluster-md-kmp-preempt dlm-kmp-preempt dtb-al dtb-zte gfs2-kmp-preempt kernel-preempt kernel-preempt-devel kernel-preempt-extra kernel-preempt-livepatch-devel kernel-preempt-optional kselftests-kmp-preempt ocfs2-kmp-preempt reiserfs-kmp-preempt containerd containerd-ctr docker docker-bash-completion docker-fish-completion docker-kubic docker-kubic-bash-completion docker-kubic-fish-completion docker-kubic-kubeadm-criconfig docker-kubic-zsh-completion docker-zsh-completion nodejs8 nodejs8-devel nodejs8-docs npm8 nodejs10 nodejs10-devel nodejs10-docs npm10 e2fsprogs-devel e2fsprogs-scrub libcom_err-devel libcom_err-devel-32bit libcom_err-devel-static libext2fs-devel libext2fs-devel-32bit libext2fs-devel-static libext2fs2-32bit php7-wddx MozillaFirefox-branding-upstream MozillaFirefox-devel python2-libxml2-python python3-libxml2-python php7-bcmath php7-bz2 php7-calendar php7-curl php7-dba php7-devel php7-embed php7-enchant php7-exif php7-fastcgi php7-fileinfo php7-fpm php7-ftp php7-gd php7-gettext php7-gmp php7-intl php7-ldap php7-mbstring php7-odbc php7-opcache php7-pcntl php7-phar php7-posix php7-readline php7-shmop php7-snmp php7-soap php7-sockets php7-sodium php7-sysvmsg php7-sysvsem php7-sysvshm php7-test php7-tidy php7-xmlrpc php7-xsl php7-zip php7-zlib libMagick++-7_Q16HDRI4 libMagick++-7_Q16HDRI4-32bit libMagickCore-7_Q16HDRI6 libMagickCore-7_Q16HDRI6-32bit libMagickWand-7_Q16HDRI6 libMagickWand-7_Q16HDRI6-32bit php7-firebird libnss_slurm2_20_11 libpmi0_20_11 perl-slurm_20_11 slurm_20_11 slurm_20_11-auth-none slurm_20_11-config slurm_20_11-config-man slurm_20_11-cray slurm_20_11-devel slurm_20_11-doc slurm_20_11-hdf5 slurm_20_11-lua slurm_20_11-munge slurm_20_11-node slurm_20_11-openlava slurm_20_11-pam_slurm slurm_20_11-plugins slurm_20_11-rest slurm_20_11-seff slurm_20_11-sjstat slurm_20_11-slurmdbd slurm_20_11-sql slurm_20_11-sview slurm_20_11-torque slurm_20_11-webdoc cups-ddk cups-devel cups-devel-32bit libcupscgi1-32bit libcupsimage2-32bit libcupsmime1-32bit libcupsppdc1-32bit libtiff-devel libtiff-devel-32bit libtiff5-32bit tiff helm-mirror postgresql10 postgresql10-contrib postgresql10-docs postgresql10-llvmjit-devel postgresql10-plperl postgresql10-plpython postgresql10-pltcl postgresql10-server postgresql10-test dpdk-kmp-preempt dpdk-thunderx-kmp-preempt postgresql12 postgresql12-contrib postgresql12-devel postgresql12-docs postgresql12-llvmjit postgresql12-llvmjit-devel postgresql12-plperl postgresql12-plpython postgresql12-pltcl postgresql12-server postgresql12-server-devel postgresql12-test postgresql13 postgresql13-contrib postgresql13-devel postgresql13-docs postgresql13-llvmjit postgresql13-llvmjit-devel postgresql13-plperl postgresql13-plpython postgresql13-pltcl postgresql13-server postgresql13-server-devel postgresql13-test fribidi-devel libfribidi0-32bit libecpg6 libecpg6-32bit libpq5-32bit postgresql14 postgresql14-contrib postgresql14-devel postgresql14-docs postgresql14-llvmjit postgresql14-llvmjit-devel postgresql14-plperl postgresql14-plpython postgresql14-pltcl postgresql14-server postgresql14-server-devel postgresql14-test hdf5-gnu-hpc hdf5-gnu-hpc-devel hdf5-gnu-mpich-hpc hdf5-gnu-mpich-hpc-devel hdf5-gnu-mvapich2-hpc hdf5-gnu-mvapich2-hpc-devel hdf5-gnu-openmpi3-hpc hdf5-gnu-openmpi3-hpc-devel hdf5-gnu-openmpi4-hpc hdf5-gnu-openmpi4-hpc-devel hdf5-hpc-examples hdf5_1_10_8-gnu-hpc hdf5_1_10_8-gnu-hpc-devel hdf5_1_10_8-gnu-hpc-devel-static hdf5_1_10_8-gnu-hpc-module hdf5_1_10_8-gnu-mpich-hpc hdf5_1_10_8-gnu-mpich-hpc-devel hdf5_1_10_8-gnu-mpich-hpc-devel-static hdf5_1_10_8-gnu-mpich-hpc-module hdf5_1_10_8-gnu-mvapich2-hpc hdf5_1_10_8-gnu-mvapich2-hpc-devel hdf5_1_10_8-gnu-mvapich2-hpc-devel-static hdf5_1_10_8-gnu-mvapich2-hpc-module hdf5_1_10_8-gnu-openmpi3-hpc hdf5_1_10_8-gnu-openmpi3-hpc-devel hdf5_1_10_8-gnu-openmpi3-hpc-devel-static hdf5_1_10_8-gnu-openmpi3-hpc-module hdf5_1_10_8-gnu-openmpi4-hpc hdf5_1_10_8-gnu-openmpi4-hpc-devel hdf5_1_10_8-gnu-openmpi4-hpc-devel-static hdf5_1_10_8-gnu-openmpi4-hpc-module hdf5_1_10_8-hpc-examples libhdf5-gnu-hpc libhdf5-gnu-mpich-hpc libhdf5-gnu-mvapich2-hpc libhdf5-gnu-openmpi3-hpc libhdf5-gnu-openmpi4-hpc libhdf5_1_10_8-gnu-hpc libhdf5_1_10_8-gnu-mpich-hpc libhdf5_1_10_8-gnu-mvapich2-hpc libhdf5_1_10_8-gnu-openmpi3-hpc libhdf5_1_10_8-gnu-openmpi4-hpc libhdf5_cpp-gnu-hpc libhdf5_cpp-gnu-mpich-hpc libhdf5_cpp-gnu-mvapich2-hpc libhdf5_cpp-gnu-openmpi3-hpc libhdf5_cpp-gnu-openmpi4-hpc libhdf5_cpp_1_10_8-gnu-hpc libhdf5_cpp_1_10_8-gnu-mpich-hpc libhdf5_cpp_1_10_8-gnu-mvapich2-hpc libhdf5_cpp_1_10_8-gnu-openmpi3-hpc libhdf5_cpp_1_10_8-gnu-openmpi4-hpc libhdf5_fortran-gnu-hpc libhdf5_fortran-gnu-mpich-hpc libhdf5_fortran-gnu-mvapich2-hpc libhdf5_fortran-gnu-openmpi3-hpc libhdf5_fortran-gnu-openmpi4-hpc libhdf5_fortran_1_10_8-gnu-hpc libhdf5_fortran_1_10_8-gnu-mpich-hpc libhdf5_fortran_1_10_8-gnu-mvapich2-hpc libhdf5_fortran_1_10_8-gnu-openmpi3-hpc libhdf5_fortran_1_10_8-gnu-openmpi4-hpc libhdf5_hl-gnu-hpc libhdf5_hl-gnu-mpich-hpc libhdf5_hl-gnu-mvapich2-hpc libhdf5_hl-gnu-openmpi3-hpc libhdf5_hl-gnu-openmpi4-hpc libhdf5_hl_1_10_8-gnu-hpc libhdf5_hl_1_10_8-gnu-mpich-hpc libhdf5_hl_1_10_8-gnu-mvapich2-hpc libhdf5_hl_1_10_8-gnu-openmpi3-hpc libhdf5_hl_1_10_8-gnu-openmpi4-hpc libhdf5_hl_cpp-gnu-hpc libhdf5_hl_cpp-gnu-mpich-hpc libhdf5_hl_cpp-gnu-mvapich2-hpc libhdf5_hl_cpp-gnu-openmpi3-hpc libhdf5_hl_cpp-gnu-openmpi4-hpc libhdf5_hl_cpp_1_10_8-gnu-hpc libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc libhdf5_hl_fortran-gnu-hpc libhdf5_hl_fortran-gnu-mpich-hpc libhdf5_hl_fortran-gnu-mvapich2-hpc libhdf5_hl_fortran-gnu-openmpi3-hpc libhdf5_hl_fortran-gnu-openmpi4-hpc libhdf5hl_fortran_1_10_8-gnu-hpc libhdf5hl_fortran_1_10_8-gnu-mpich-hpc libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc libudisks2-0-devel libudisks2-0_bcache libudisks2-0_lsm libudisks2-0_lvm2 libudisks2-0_vdo libudisks2-0_zram typelib-1_0-UDisks-2_0 kernel-firmware patch apache2-mod_php8 php8 php8-bcmath php8-bz2 php8-calendar php8-cli php8-ctype php8-curl php8-dba php8-devel php8-dom php8-embed php8-enchant php8-exif php8-fastcgi php8-fileinfo php8-fpm php8-ftp php8-gd php8-gettext php8-gmp php8-iconv php8-intl php8-ldap php8-mbstring php8-mysql php8-odbc php8-opcache php8-openssl php8-pcntl php8-pdo php8-pgsql php8-phar php8-posix php8-readline php8-shmop php8-snmp php8-soap php8-sockets php8-sodium php8-sqlite php8-sysvmsg php8-sysvsem php8-sysvshm php8-test php8-tidy php8-tokenizer php8-xmlreader php8-xmlwriter php8-xsl php8-zip php8-zlib redis bsdtar libarchive-devel libarchive13-32bit openvpn-auth-pam-plugin openvpn-devel openvpn-down-root-plugin grub2-arm64-efi-debug grub2-branding-upstream grub2-i386-pc-debug grub2-powerpc-ieee1275-debug grub2-s390x-emu grub2-s390x-emu-debug grub2-x86_64-efi-debug grub2-x86_64-xen google-gson google-gson-javadoc netty3 netty3-javadoc u-boot-avnetultra96rev1 u-boot-avnetultra96rev1-doc u-boot-bananapim64 u-boot-bananapim64-doc u-boot-dragonboard410c u-boot-dragonboard410c-doc u-boot-dragonboard820c u-boot-dragonboard820c-doc u-boot-evb-rk3399 u-boot-evb-rk3399-doc u-boot-firefly-rk3399 u-boot-firefly-rk3399-doc u-boot-geekbox u-boot-geekbox-doc u-boot-hikey u-boot-hikey-doc u-boot-khadas-vim u-boot-khadas-vim-doc u-boot-khadas-vim2 u-boot-khadas-vim2-doc u-boot-libretech-ac u-boot-libretech-ac-doc u-boot-libretech-cc u-boot-libretech-cc-doc u-boot-ls1012afrdmqspi u-boot-ls1012afrdmqspi-doc u-boot-mvebudb-88f3720 u-boot-mvebudb-88f3720-doc u-boot-mvebudbarmada8k u-boot-mvebudbarmada8k-doc u-boot-mvebuespressobin-88f3720 u-boot-mvebuespressobin-88f3720-doc u-boot-mvebumcbin-88f8040 u-boot-mvebumcbin-88f8040-doc u-boot-nanopia64 u-boot-nanopia64-doc u-boot-odroid-c2 u-boot-odroid-c2-doc u-boot-odroid-c4 u-boot-odroid-c4-doc u-boot-odroid-n2 u-boot-odroid-n2-doc u-boot-orangepipc2 u-boot-orangepipc2-doc u-boot-p2371-2180 u-boot-p2371-2180-doc u-boot-p2771-0000-500 u-boot-p2771-0000-500-doc u-boot-p3450-0000 u-boot-p3450-0000-doc u-boot-pine64plus u-boot-pine64plus-doc u-boot-pinebook u-boot-pinebook-doc u-boot-pinebook-pro-rk3399 u-boot-pinebook-pro-rk3399-doc u-boot-pineh64 u-boot-pineh64-doc u-boot-pinephone u-boot-pinephone-doc u-boot-poplar u-boot-poplar-doc u-boot-rock-pi-4-rk3399 u-boot-rock-pi-4-rk3399-doc u-boot-rock-pi-n10-rk3399pro u-boot-rock-pi-n10-rk3399pro-doc u-boot-rock64-rk3328 u-boot-rock64-rk3328-doc u-boot-rock960-rk3399 u-boot-rock960-rk3399-doc u-boot-rockpro64-rk3399 u-boot-rockpro64-rk3399-doc u-boot-rpi3 u-boot-rpi3-doc u-boot-rpi4 u-boot-rpi4-doc u-boot-tools u-boot-xilinxzynqmpvirt u-boot-xilinxzynqmpvirt-doc u-boot-xilinxzynqmpzcu102rev10 u-boot-xilinxzynqmpzcu102rev10-doc u-boot-xilinxzynqmpgeneric u-boot-xilinxzynqmpgeneric-doc WebKit2GTK-4.0-lang libjavascriptcoregtk-4_0-18-32bit libjavascriptcoregtk-4_1-0-32bit libwebkit2gtk-4_0-37-32bit libwebkit2gtk-4_1-0-32bit typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 typelib-1_0-WebKit2WebExtension-4_0 typelib-1_0-WebKit2WebExtension-4_1 typelib-1_0-WebKit2WebExtension-5_0 webkit-jsc-4 webkit-jsc-4.1 webkit-jsc-5.0 webkit2gtk3-devel webkit2gtk3-minibrowser webkit2gtk3-soup2-devel webkit2gtk3-soup2-minibrowser webkit2gtk4-devel webkit2gtk4-minibrowser gvim vim-small libmysqld-devel libmysqld19 ruby2.5-rubygem-actionpack-5_1 ruby2.5-rubygem-actionpack-doc-5_1 ruby2.5-rubygem-activesupport-5_1 ruby2.5-rubygem-activesupport-doc-5_1 kernel-debug-base kernel-default-man kernel-kvmsmall-base kernel-vanilla kernel-vanilla-base kernel-vanilla-devel kernel-vanilla-livepatch-devel kernel-zfcpdump-man golang-github-prometheus-alertmanager golang-github-prometheus-node_exporter drbd-kmp-preempt drbd-kmp-rt liblouis19 ruby2.5-rubygem-rack ruby2.5-rubygem-rack-doc ruby2.5-rubygem-rack-testsuite liblouis14 qemu-accel-qtest qemu-audio-alsa qemu-audio-jack qemu-audio-pa qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-ssh qemu-chardev-baum qemu-extra qemu-hw-s390x-virtio-gpu-ccw qemu-ivshmem-tools qemu-kvm qemu-lang qemu-linux-user qemu-s390x qemu-skiboot qemu-testsuite qemu-vhost-user-gpu libdpdk-18_11 haproxy libpython3_10-1_0 libpython3_10-1_0-32bit python310 python310-32bit python310-base python310-base-32bit python310-curses python310-dbm python310-devel python310-doc python310-doc-devhelp python310-idle python310-testsuite python310-tk python310-tools libexpat-devel libexpat-devel-32bit 389-ds 389-ds-devel 389-ds-snmp lib389 libsvrcore0 xen xen-devel xen-doc-html xen-libs-32bit xen-tools xen-tools-domU xen-tools-xendomains-wait-disk python-Twisted-doc python3-Twisted liblouis-devel liblouis-doc liblouis-tools ImageMagick-config-7-upstream ImageMagick-devel ImageMagick-devel-32bit ImageMagick-doc ImageMagick-extra libMagick++-7_Q16HDRI5-32bit libMagick++-devel libMagick++-devel-32bit libMagickCore-7_Q16HDRI10-32bit libMagickWand-7_Q16HDRI10-32bit perl-PerlMagick apache2-devel apache2-event apache2-worker python3-salt salt salt-api salt-bash-completion salt-cloud salt-doc salt-fish-completion salt-master salt-minion salt-proxy salt-ssh salt-standalone-formulas-configuration salt-syndic salt-transactional-update salt-zsh-completion libcurl-devel libcurl-devel-32bit libopenssl-3-devel libopenssl-3-devel-32bit libopenssl3 libopenssl3-32bit openssl-3 openssl-3-doc ctdb ctdb-pcp-pmda ldb-tools libldb-devel libsamba-policy-devel libsamba-policy-python3-devel libsamba-policy0-python3-32bit python3-ldb-32bit python3-ldb-devel samba-ad-dc samba-ad-dc-libs-32bit samba-ceph samba-devel samba-devel-32bit samba-doc samba-dsdb-modules samba-libs-32bit samba-libs-python3-32bit samba-test samba-tool libopenssl-1_1-devel libopenssl-1_1-devel-32bit libopenssl1_1-hmac libopenssl1_1-hmac-32bit openssl-1_1-doc libopenssl-1_0_0-devel libopenssl-1_0_0-devel-32bit libopenssl10 libopenssl1_0_0 libopenssl1_0_0-32bit libopenssl1_0_0-hmac libopenssl1_0_0-hmac-32bit libopenssl1_0_0-steam libopenssl1_0_0-steam-32bit openssl-1_0_0 openssl-1_0_0-cavs openssl-1_0_0-doc fwupdtpmevlog libfwupdplugin1 ldirectord monitoring-plugins-metadata resource-agents fwupdate fwupdate-devel fwupdate-efi libfwup1 runc libpython2_7-1_0 libpython2_7-1_0-32bit python python-32bit python-base python-base-32bit python-curses python-demo python-devel python-doc python-doc-pdf python-gdbm python-idle python-tk python-xml libnbd libnbd-bash-completion libnbd-devel libnbd0 nbdfuse freerdp-devel freerdp-proxy freerdp-server freerdp-wayland libuwac0-0 uwac0-0-devel winpr2-devel libpython3_6m1_0-32bit python3-devel python3-doc python3-doc-devhelp python3-idle python3-testsuite python3-tk python3-tools squid libpcre2-16-0-32bit libpcre2-32-0 libpcre2-32-0-32bit libpcre2-8-0-32bit libpcre2-posix2 libpcre2-posix2-32bit pcre2-devel pcre2-devel-static pcre2-doc pcre2-tools libpcre16-0 libpcre16-0-32bit libpcrecpp0 libpcrecpp0-32bit libpcreposix0 libpcreposix0-32bit pcre-devel pcre-devel-static pcre-doc pcre-tools xorg-x11-server-sdk xorg-x11-server-source xorg-x11-server-wayland cifs-utils-devel pam_cifscreds virglrenderer-devel virglrenderer-test-server logrotate oracleasm-kmp-rt python3-PyJWT dovecot23 dovecot23-backend-mysql dovecot23-backend-pgsql dovecot23-backend-sqlite dovecot23-devel dovecot23-fts dovecot23-fts-lucene dovecot23-fts-solr dovecot23-fts-squat corepack16 nodejs16 nodejs16-devel nodejs16-docs npm16 cluster-md-kmp-64kb cluster-md-kmp-default dlm-kmp-64kb dlm-kmp-default dtb-allwinner dtb-altera dtb-amazon dtb-amd dtb-amlogic dtb-apm dtb-apple dtb-arm dtb-broadcom dtb-cavium dtb-exynos dtb-freescale dtb-hisilicon dtb-lg dtb-marvell dtb-mediatek dtb-nvidia dtb-qcom dtb-renesas dtb-rockchip dtb-socionext dtb-sprd dtb-xilinx gfs2-kmp-64kb gfs2-kmp-default kernel-64kb-devel kernel-64kb-livepatch-devel kernel-debug kernel-debug-devel kernel-debug-livepatch-devel kernel-default-base kernel-default-base-rebuild kernel-default-devel kernel-default-livepatch kernel-default-livepatch-devel kernel-devel kernel-docs kernel-docs-html kernel-kvmsmall-devel kernel-kvmsmall-livepatch-devel kernel-macros kernel-obs-build kernel-obs-qa kernel-source kernel-source-vanilla kernel-syms kernel-zfcpdump kselftests-kmp-64kb kselftests-kmp-default ocfs2-kmp-64kb ocfs2-kmp-default reiserfs-kmp-64kb reiserfs-kmp-default java-1_8_0-openjdk java-1_8_0-openjdk-accessibility java-1_8_0-openjdk-demo java-1_8_0-openjdk-devel java-1_8_0-openjdk-headless java-1_8_0-openjdk-javadoc java-1_8_0-openjdk-src python-M2Crypto-doc python3-M2Crypto mozilla-nspr-32bit mozilla-nspr-devel libekmfweb1-devel libkmipclient1-devel osasnmpd s390-tools-chreipl-fcp-mpath s390-tools-hmcdrvfs s390-tools-zdsfs libxml2-devel libxml2-devel-32bit libxml2-doc libmariadbd-devel mariadb-bench mariadb-galera mariadb-rpm-macros mariadb-test mariadb-tools guestfs-data guestfs-tools guestfs-winsupport guestfsd libguestfs-devel libguestfs-test libguestfs0 lua-libguestfs ocaml-libguestfs ocaml-libguestfs-devel perl-Sys-Guestfs python3-libguestfs rubygem-libguestfs aws-iam-authenticator ruby2.5-rubygem-tzinfo ruby2.5-rubygem-tzinfo-doc ruby2.5-rubygem-tzinfo-testsuite libfreebl3-32bit libfreebl3-hmac-32bit libsoftokn3-32bit libsoftokn3-hmac-32bit mozilla-nss-32bit mozilla-nss-certs-32bit mozilla-nss-devel mozilla-nss-sysinit mozilla-nss-sysinit-32bit mozilla-nss-tools booth booth-test cluster-md-kmp-azure dlm-kmp-azure gfs2-kmp-azure kernel-azure kernel-azure-devel kernel-azure-extra kernel-azure-livepatch-devel kernel-azure-optional kernel-devel-azure kernel-source-azure kernel-syms-azure kselftests-kmp-azure ocfs2-kmp-azure reiserfs-kmp-azure gimp-devel libgimp-2_0-0-32bit libgimpui-2_0-0-32bit libsamba-policy-python-devel libsamba-policy0 libsamba-policy0-32bit samba-libs-python samba-libs-python-32bit samba-python permissions-zypp-plugin rpmlint-mini mokutil python3-numpy-devel python3-numpy-gnu-hpc python3-numpy-gnu-hpc-devel python3-numpy_1_17_3-gnu-hpc python3-numpy_1_17_3-gnu-hpc-devel java-1_8_0-ibm java-1_8_0-ibm-32bit java-1_8_0-ibm-alsa java-1_8_0-ibm-demo java-1_8_0-ibm-devel java-1_8_0-ibm-devel-32bit java-1_8_0-ibm-plugin java-1_8_0-ibm-src libndr0 libndr0-32bit postgresql-jdbc postgresql-jdbc-javadoc drbd drbd-kmp-64kb drbd-kmp-default oracleasm-kmp-64kb oracleasm-kmp-default keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python3-keylime java-17-openjdk java-17-openjdk-accessibility java-17-openjdk-demo java-17-openjdk-devel java-17-openjdk-headless java-17-openjdk-javadoc java-17-openjdk-jmods java-17-openjdk-src harfbuzz-devel harfbuzz-tools libharfbuzz-gobject0 libharfbuzz-gobject0-32bit libharfbuzz-icu0 libharfbuzz-icu0-32bit libharfbuzz-subset0 libharfbuzz-subset0-32bit libharfbuzz0 libharfbuzz0-32bit typelib-1_0-HarfBuzz-0_0 libqpdf21 python3-ujson buildah libwavpack1-32bit wavpack wavpack-devel dfu-tool fwupd-devel typelib-1_0-FwupdPlugin-1_0 crash crash-devel crash-doc crash-eppic crash-gcore crash-kmp-64kb crash-kmp-default bind-doc libncurses5 libncurses5-32bit libncurses6-32bit ncurses-devel ncurses-devel-32bit ncurses5-devel ncurses5-devel-32bit tack python3-codecov libipa_hbac-devel libipa_hbac0 libnfsidmap-sss libsss_certmap-devel libsss_certmap0 libsss_idmap-devel libsss_idmap0 libsss_nss_idmap-devel libsss_nss_idmap0 libsss_simpleifp-devel libsss_simpleifp0 python3-ipa_hbac python3-sss-murmur python3-sss_nss_idmap python3-sssd-config sssd sssd-ad sssd-common sssd-dbus sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools sssd-winbind-idmap ceph ceph-base ceph-common ceph-fuse ceph-grafana-dashboards ceph-immutable-object-cache ceph-mds ceph-mgr ceph-mgr-cephadm ceph-mgr-dashboard ceph-mgr-diskprediction-local ceph-mgr-k8sevents ceph-mgr-modules-core ceph-mgr-rook ceph-mon ceph-osd ceph-prometheus-alerts ceph-radosgw ceph-test cephadm cephfs-mirror cephfs-shell cephfs-top libcephfs-devel libcephfs2 libcephsqlite libcephsqlite-devel librados-devel libradospp-devel librbd-devel librgw-devel librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw rados-objclass-devel rbd-fuse rbd-mirror rbd-nbd python-atomicwrites-doc python3-apipkg python3-atomicwrites python3-coverage python3-pycodestyle python3-pyflakes podman podman-cni-config podman-docker podman-remote libntfs-3g-devel ntfsprogs-extra systemd-presets-common-SUSE ruby2.5-rubygem-rails-html-sanitizer ruby2.5-rubygem-rails-html-sanitizer-doc ruby2.5-rubygem-rails-html-sanitizer-testsuite perl-HTTP-Daemon cosign dpdk dpdk-devel dpdk-doc dpdk-examples dpdk-kmp-default dpdk-thunderx dpdk-thunderx-devel dpdk-thunderx-doc dpdk-thunderx-examples dpdk-thunderx-kmp-default dpdk-thunderx-tools dpdk-tools libdpdk-20_0 libraptor-devel libraptor2-0-32bit raptor python3-lxml-devel python3-lxml-doc gnutls-guile libgnutls-devel libgnutls-devel-32bit libgnutls30-hmac libgnutls30-hmac-32bit libgnutlsxx-devel libgnutlsxx28 libyang-cpp-devel libyang-cpp1 libyang-devel libyang-doc libyang-extentions libyang1 python3-yang yang-tools libvmtools-devel open-vm-tools-sdmp libminizip1-32bit minizip-devel zlib-devel zlib-devel-32bit zlib-devel-static zlib-devel-static-32bit gstreamer-plugins-good-doc gdk-pixbuf-devel gdk-pixbuf-devel-32bit gdk-pixbuf-query-loaders-32bit libgdk_pixbuf-2_0-0-32bit typelib-1_0-GdkPixdata-2_0 php-composer2 MozillaFirefox-branding-SLE java-1_8_0-openj9 java-1_8_0-openj9-accessibility java-1_8_0-openj9-demo java-1_8_0-openj9-devel java-1_8_0-openj9-headless java-1_8_0-openj9-javadoc java-1_8_0-openj9-src python3-Flask-Security-Too libostree libostree-1-1 libostree-devel libostree-grub2 typelib-1_0-OSTree-1_0 libopenvswitch-2_13-0 libovn-20_03-0 libopenvswitch-2_14-0 libovn-20_06-0 openvswitch openvswitch-devel openvswitch-doc openvswitch-ipsec openvswitch-pki openvswitch-test openvswitch-vtep ovn ovn-central ovn-devel ovn-doc ovn-docker ovn-host ovn-vtep python3-ovs python-bottle-doc python3-bottle libicu60_2 libicu60_2-32bit libicu60_2-bedata libicu60_2-ledata icu libicu-devel libicu-devel-32bit libicu-doc libicu-suse65_1 libicu-suse65_1-32bit libicu65_1-bedata libicu65_1-ledata libyajl-devel libyajl-devel-32bit libyajl-devel-static libyajl2 libyajl2-32bit yajl ansible ansible-doc ansible-test dracut-saltboot golang-github-QubitProducts-exporter_exporter prometheus-blackbox_exporter python3-hwdata spacecmd wire yast2-samba-provision keepalived frr frr-devel libfrr0 libfrr_pb0 libfrrcares0 libfrrfpm_pb0 libfrrgrpc_pb0 libfrrospfapiclient0 libfrrsnmp0 libfrrzmq0 libmlag_pb0 bluez-auto-enable-devices bluez-cups bluez-deprecated bluez-devel bluez-devel-32bit bluez-test libbluetooth3-32bit freetype2-devel freetype2-devel-32bit freetype2-profile-tti35 ft2demos ftbench ftdiff ftdump ftgamma ftgrid ftinspect ftlint ftmulti ftstring ftvalid ftview ruby2.5-rubygem-kramdown ruby2.5-rubygem-kramdown-doc ruby2.5-rubygem-kramdown-testsuite perl-32bit perl-core-DB_File-32bit perl-doc libgit2-1_3 libgit2-1_3-32bit libgit2-devel libtirpc-devel libsqlite3-0-32bit sqlite3-devel sqlite3-doc sqlite3-tcl libwireshark15 libwiretap12 libwsutil13 wireshark wireshark-devel wireshark-ui-qt go1.19 go1.19-doc go1.19-race libonig4 oniguruma-devel kubevirt-container-disk kubevirt-manifests kubevirt-tests kubevirt-virt-api kubevirt-virt-controller kubevirt-virt-handler kubevirt-virt-launcher kubevirt-virt-operator kubevirt-virtctl obs-service-kubevirt_containers_meta containerized-data-importer-api containerized-data-importer-cloner containerized-data-importer-controller containerized-data-importer-importer containerized-data-importer-manifests containerized-data-importer-operator containerized-data-importer-uploadproxy containerized-data-importer-uploadserver obs-service-cdi_containers_meta snakeyaml snakeyaml-javadoc cargo1.62 rust1.62 libpmi0_18_08 perl-slurm_18_08 slurm_18_08 slurm_18_08-auth-none slurm_18_08-config slurm_18_08-config-man slurm_18_08-cray slurm_18_08-devel slurm_18_08-doc slurm_18_08-hdf5 slurm_18_08-lua slurm_18_08-munge slurm_18_08-node slurm_18_08-openlava slurm_18_08-pam_slurm slurm_18_08-plugins slurm_18_08-seff slurm_18_08-sjstat slurm_18_08-slurmdbd slurm_18_08-sql slurm_18_08-sview slurm_18_08-torque slurm_18_08-webdoc libslurm33 libslurm35 libnss_slurm2_20_02 libpmi0_20_02 perl-slurm_20_02 slurm_20_02 slurm_20_02-auth-none slurm_20_02-config slurm_20_02-config-man slurm_20_02-cray slurm_20_02-devel slurm_20_02-doc slurm_20_02-hdf5 slurm_20_02-lua slurm_20_02-munge slurm_20_02-node slurm_20_02-openlava slurm_20_02-pam_slurm slurm_20_02-plugins slurm_20_02-rest slurm_20_02-seff slurm_20_02-sjstat slurm_20_02-slurmdbd slurm_20_02-sql slurm_20_02-sview slurm_20_02-torque slurm_20_02-webdoc libgit2-28 libgit2-28-32bit libgit2-26 libgit2-26-32bit colord colord-color-profiles colord-lang libcolord-devel libcolord2 libcolord2-32bit libcolorhug2 typelib-1_0-Colord-1_0 typelib-1_0-Colorhug-1_0 libjpeg62-turbo libslurm32 LibVNCServer-devel qemu-s390 exiv2 exiv2-lang libexiv2-26-32bit libexiv2-devel libexiv2-doc libreoffice-base-drivers-postgresql libreoffice-calc-extensions libreoffice-gdb-pretty-printers libreoffice-glade libreoffice-l10n-af libreoffice-l10n-am libreoffice-l10n-as libreoffice-l10n-ast libreoffice-l10n-be libreoffice-l10n-bn libreoffice-l10n-bn_IN libreoffice-l10n-bo libreoffice-l10n-br libreoffice-l10n-brx libreoffice-l10n-ca_valencia libreoffice-l10n-ckb libreoffice-l10n-cy libreoffice-l10n-dgo libreoffice-l10n-dsb libreoffice-l10n-dz libreoffice-l10n-en_ZA libreoffice-l10n-eu libreoffice-l10n-fur libreoffice-l10n-fy libreoffice-l10n-ga libreoffice-l10n-gd libreoffice-l10n-gl libreoffice-l10n-gu libreoffice-l10n-gug libreoffice-l10n-he libreoffice-l10n-hi libreoffice-l10n-hr libreoffice-l10n-hsb libreoffice-l10n-is libreoffice-l10n-ka libreoffice-l10n-kab libreoffice-l10n-kk libreoffice-l10n-km libreoffice-l10n-kmr_Latn libreoffice-l10n-kn libreoffice-l10n-kok libreoffice-l10n-ks libreoffice-l10n-lb libreoffice-l10n-lo libreoffice-l10n-lv libreoffice-l10n-mai libreoffice-l10n-mk libreoffice-l10n-ml libreoffice-l10n-mn libreoffice-l10n-mni libreoffice-l10n-mr libreoffice-l10n-my libreoffice-l10n-ne libreoffice-l10n-nn libreoffice-l10n-nr libreoffice-l10n-nso libreoffice-l10n-oc libreoffice-l10n-om libreoffice-l10n-or libreoffice-l10n-pa libreoffice-l10n-pt_PT libreoffice-l10n-ro libreoffice-l10n-rw libreoffice-l10n-sa_IN libreoffice-l10n-sat libreoffice-l10n-sd libreoffice-l10n-si libreoffice-l10n-sid libreoffice-l10n-sq libreoffice-l10n-sr libreoffice-l10n-ss libreoffice-l10n-st libreoffice-l10n-sw_TZ libreoffice-l10n-szl libreoffice-l10n-ta libreoffice-l10n-te libreoffice-l10n-tg libreoffice-l10n-th libreoffice-l10n-tn libreoffice-l10n-tr libreoffice-l10n-ts libreoffice-l10n-tt libreoffice-l10n-ug libreoffice-l10n-uz libreoffice-l10n-ve libreoffice-l10n-vec libreoffice-l10n-vi libreoffice-l10n-xh libreoffice-l10n-zu libreoffice-librelogo libreoffice-officebean libreoffice-sdk libreoffice-sdk-doc libreoffice-writer-extensions libreofficekit-devel helm helm-bash-completion helm-fish-completion helm-zsh-completion clone-master-clean-up bind-chrootenv bind-devel libbind9-1600 libdns1605 libirs-devel libirs1601 libisc1606 libisccc1600 libisccfg1600 libns1604 libksba-devel kpartx libdmmp-devel libdmmp0_2_0 libmpath0 multipath-tools multipath-tools-devel libdmmp0_1_0 multipath-tools-rbd bind-devel-32bit libbind9-1600-32bit libdns1605-32bit libirs1601-32bit libisc1606-32bit libisccc1600-32bit libisccfg1600-32bit libns1604-32bit python3-waitress golang-github-lusitaniae-apache_exporter grafana libmad-devel libmad0-32bit telnet telnet-server libtasn1-devel libtasn1-devel-32bit libopenjp2-7-32bit openjpeg2 openjpeg2-devel dbus-1-devel dbus-1-devel-32bit dbus-1-devel-doc libconfuse-devel libconfuse0 libconfuse0-lang hsqldb hsqldb-demo hsqldb-javadoc hsqldb-manual hdf5_1_10_8-gnu-openmpi2-hpc hdf5_1_10_8-gnu-openmpi2-hpc-devel hdf5_1_10_8-gnu-openmpi2-hpc-devel-static hdf5_1_10_8-gnu-openmpi2-hpc-module libhdf5_1_10_8-gnu-openmpi2-hpc libhdf5_cpp_1_10_8-gnu-openmpi2-hpc libhdf5_fortran_1_10_8-gnu-openmpi2-hpc libhdf5_hl_1_10_8-gnu-openmpi2-hpc libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc libpodofo-devel libpodofo0_9_6 podofo python3-Flask-Security libgnome-desktop-3-12 libgnome-desktop-3-12-32bit ruby2.5-rubygem-loofah ruby2.5-rubygem-loofah-doc ruby2.5-rubygem-loofah-testsuite xmlbeans xmlbeans-scripts libexiv2-27 libexiv2-27-32bit libexiv2-xmp-static libmilter-doc libmilter1_0 rmail sendmail sendmail-devel sendmail-starttls gstreamer-plugins-base-doc gstreamer-plugins-good-32bit gstreamer-plugins-good-extra gstreamer-plugins-good-extra-32bit gstreamer-plugins-good-jack gstreamer-plugins-good-jack-32bit gstreamer-plugins-good-qtqml libprotobuf-lite20-32bit libprotobuf20-32bit libprotoc20 libprotoc20-32bit protobuf-devel protobuf-java protobuf-source python3-protobuf python3-rsa xwayland-devel busybox busybox-static busybox-testsuite busybox-warewulf3 python3-Mako libX11-6-32bit libX11-devel libX11-devel-32bit libX11-xcb1-32bit libvncclient0 libvncserver0 dhcp-devel dhcp-doc dhcp-relay dhcp-server nss-myhostname nss-myhostname-32bit nss-systemd systemd-coredump systemd-devel systemd-experimental systemd-journal-remote systemd-network systemd-portable systemd-testsuite sudo-devel sudo-test apache2-mod_wsgi jsoup jsoup-javadoc ruby2.5-rubygem-nokogiri-doc ruby2.5-rubygem-nokogiri-testsuite nss-mymachines nss-mymachines-32bit nss-resolve systemd-logger dpkg dpkg-devel dpkg-lang libopenjpeg1-32bit openjpeg openjpeg-devel openjpeg-devel-32bit binutils-devel binutils-devel-32bit binutils-gold cross-aarch64-binutils cross-arm-binutils cross-avr-binutils cross-epiphany-binutils cross-hppa-binutils cross-hppa64-binutils cross-i386-binutils cross-ia64-binutils cross-m68k-binutils cross-mips-binutils cross-ppc-binutils cross-ppc64-binutils cross-ppc64le-binutils cross-riscv64-binutils cross-rx-binutils cross-s390-binutils cross-s390x-binutils cross-sparc-binutils cross-sparc64-binutils cross-spu-binutils cross-x86_64-binutils krb5-client krb5-devel krb5-devel-32bit krb5-plugin-kdb-ldap krb5-plugin-preauth-otp krb5-plugin-preauth-pkinit krb5-plugin-preauth-spake krb5-server ffmpeg-4 ffmpeg-4-libavcodec-devel ffmpeg-4-libavdevice-devel ffmpeg-4-libavfilter-devel ffmpeg-4-libavformat-devel ffmpeg-4-libavresample-devel ffmpeg-4-libavutil-devel ffmpeg-4-libpostproc-devel ffmpeg-4-libswresample-devel ffmpeg-4-libswscale-devel ffmpeg-4-private-devel libavcodec58_134-32bit libavdevice58_13-32bit libavfilter7_110-32bit libavformat58_76-32bit libavresample4_0-32bit libavutil56_70-32bit libpostproc55_9-32bit libswresample3_9-32bit libswscale5_9-32bit strongswan strongswan-doc strongswan-hmac strongswan-ipsec strongswan-libs0 strongswan-mysql strongswan-nm strongswan-sqlite vim-plugin-nginx libsnmp40 libsnmp40-32bit net-snmp-devel net-snmp-devel-32bit python3-net-snmp libpixman-1-0 libpixman-1-0-32bit libpixman-1-0-devel db48-doc db48-utils libdb-4_8 libdb-4_8-32bit libdb-4_8-devel libdb-4_8-devel-32bit libdb_java-4_8 libdb_java-4_8-devel erlang erlang-debugger erlang-debugger-src erlang-dialyzer erlang-dialyzer-src erlang-diameter erlang-diameter-src erlang-doc erlang-epmd erlang-et erlang-et-src erlang-jinterface erlang-jinterface-src erlang-observer erlang-observer-src erlang-reltool erlang-reltool-src erlang-src erlang-wx erlang-wx-src supportutils emacs-el emacs-x11 bcel virt-v2v virt-v2v-bash-completion virt-v2v-man-pages-ja virt-v2v-man-pages-uk busybox-adduser busybox-attr busybox-bc busybox-bind-utils busybox-bzip2 busybox-coreutils busybox-cpio busybox-diffutils busybox-dos2unix busybox-ed busybox-findutils busybox-gawk busybox-grep busybox-gzip busybox-hostname busybox-iproute2 busybox-iputils busybox-kbd busybox-kmod busybox-less busybox-links busybox-man busybox-misc busybox-ncurses-utils busybox-net-tools busybox-netcat busybox-patch busybox-policycoreutils busybox-procps busybox-psmisc busybox-sed busybox-selinux-tools busybox-sendmail busybox-sh busybox-sharutils busybox-syslogd busybox-sysvinit-tools busybox-tar busybox-telnet busybox-tftp busybox-time busybox-traceroute busybox-tunctl busybox-unzip busybox-util-linux busybox-vi busybox-vlan busybox-wget busybox-which busybox-whois busybox-xz erlang-rabbitmq-client rabbitmq-server rabbitmq-server-plugins libnautilus-extension1-32bit golang-github-boynux-squid_exporter golang-github-prometheus-promu libtpms-devel capnproto libcapnp-0_9 libcapnp-devel apache2-mod_wsgi-python3 cni cni-plugins cluster-md-kmp-rt dlm-kmp-rt gfs2-kmp-rt kernel-devel-rt kernel-rt kernel-rt-devel kernel-rt_debug kernel-rt_debug-devel kernel-source-rt kernel-syms-rt ocfs2-kmp-rt freeradius-server freeradius-server-devel freeradius-server-doc freeradius-server-krb5 freeradius-server-ldap freeradius-server-ldap-schemas freeradius-server-libs freeradius-server-mysql freeradius-server-perl freeradius-server-postgresql freeradius-server-python3 freeradius-server-sqlite freeradius-server-utils conmon polkit-default-privs polkit-whitelisting ruby2.5-rubygem-websocket-extensions ruby2.5-rubygem-websocket-extensions-doc cargo1.66 rust1.66 cargo1.65 rust1.65 python3-certifi libpainter0 librfxencode0 xrdp xrdp-devel libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6Widgets6 libQt6Xml6 qt6-base-common-devel qt6-base-devel qt6-base-docs-html qt6-base-docs-qch qt6-base-examples qt6-base-private-devel qt6-concurrent-devel qt6-core-devel qt6-core-private-devel qt6-dbus-devel qt6-dbus-private-devel qt6-docs-common qt6-gui-devel qt6-gui-private-devel qt6-kmssupport-devel-static qt6-kmssupport-private-devel qt6-network-devel qt6-network-private-devel qt6-network-tls qt6-networkinformation-nm qt6-opengl-devel qt6-opengl-private-devel qt6-openglwidgets-devel qt6-platformsupport-devel-static qt6-platformsupport-private-devel qt6-platformtheme-gtk3 qt6-platformtheme-xdgdesktopportal qt6-printsupport-cups qt6-printsupport-devel qt6-printsupport-private-devel qt6-sql-devel qt6-sql-mysql qt6-sql-postgresql qt6-sql-private-devel qt6-sql-sqlite qt6-sql-unixODBC qt6-test-devel qt6-test-private-devel qt6-widgets-devel qt6-widgets-private-devel qt6-xml-devel qt6-xml-private-devel python3-setuptools-test python3-setuptools-wheel python-Werkzeug-doc xstream xstream-benchmark xstream-javadoc xstream-parent libmicrohttpd-devel libmicrohttpd12 libzstd-devel libzstd-devel-32bit libzstd-devel-static testng testng-javadoc python3-Werkzeug libXpm-devel libXpm-devel-32bit libXpm-tools libXpm4 libXpm4-32bit flatpak-devel flatpak-zsh-completion typelib-1_0-Flatpak-1_0 grub2-arm64-efi-extras grub2-i386-efi-extras grub2-i386-pc-extras grub2-i386-xen-extras grub2-powerpc-ieee1275-extras grub2-s390x-emu-extras grub2-x86_64-efi-extras grub2-x86_64-xen-extras glibc-devel glibc-devel-32bit glibc-devel-static glibc-devel-static-32bit glibc-html glibc-i18ndata glibc-info glibc-profile glibc-profile-32bit glibc-utils glibc-utils-32bit glib2-tests libgio-fam libgio-fam-32bit terraform-provider-helm gdk-pixbuf-loader-libheif libheif-devel libheif1 libheif1-32bit skopeo tomcat tomcat-admin-webapps tomcat-docs-webapp tomcat-el-3_0-api tomcat-embed tomcat-javadoc tomcat-jsp-2_3-api tomcat-jsvc tomcat-lib tomcat-servlet-4_0-api tomcat-webapps go1.20 go1.20-doc go1.20-race libopenvswitch-2_11-0 openvswitch-ovn-central openvswitch-ovn-common openvswitch-ovn-docker openvswitch-ovn-host openvswitch-ovn-vtep ghostscript-devel cmark cmark-devel libcmark0_30_2 python3-aliyun-python-sdk python3-aliyun-python-sdk-aas python3-aliyun-python-sdk-acm python3-aliyun-python-sdk-acms-open python3-aliyun-python-sdk-actiontrail python3-aliyun-python-sdk-adb python3-aliyun-python-sdk-address-purification python3-aliyun-python-sdk-aegis python3-aliyun-python-sdk-afs python3-aliyun-python-sdk-airec python3-aliyun-python-sdk-alidns python3-aliyun-python-sdk-aligreen-console python3-aliyun-python-sdk-alimt python3-aliyun-python-sdk-alinlp python3-aliyun-python-sdk-aliyuncvc python3-aliyun-python-sdk-amqp-open python3-aliyun-python-sdk-appmallsservice python3-aliyun-python-sdk-arms python3-aliyun-python-sdk-arms4finance python3-aliyun-python-sdk-baas python3-aliyun-python-sdk-brinekingdom python3-aliyun-python-sdk-bss python3-aliyun-python-sdk-bssopenapi python3-aliyun-python-sdk-cams python3-aliyun-python-sdk-cas python3-aliyun-python-sdk-cassandra python3-aliyun-python-sdk-cbn python3-aliyun-python-sdk-ccc python3-aliyun-python-sdk-ccs python3-aliyun-python-sdk-cdn python3-aliyun-python-sdk-chatbot python3-aliyun-python-sdk-clickhouse python3-aliyun-python-sdk-cloudapi python3-aliyun-python-sdk-cloudauth python3-aliyun-python-sdk-cloudesl python3-aliyun-python-sdk-cloudgame python3-aliyun-python-sdk-cloudmarketing python3-aliyun-python-sdk-cloudphoto python3-aliyun-python-sdk-cloudwf python3-aliyun-python-sdk-cms python3-aliyun-python-sdk-codeup python3-aliyun-python-sdk-companyreg python3-aliyun-python-sdk-core python3-aliyun-python-sdk-cr python3-aliyun-python-sdk-crm python3-aliyun-python-sdk-cs python3-aliyun-python-sdk-csb python3-aliyun-python-sdk-cspro python3-aliyun-python-sdk-cusanalytic_sc_online python3-aliyun-python-sdk-das python3-aliyun-python-sdk-dataworks-public python3-aliyun-python-sdk-dbfs python3-aliyun-python-sdk-dbs python3-aliyun-python-sdk-dcdn python3-aliyun-python-sdk-dds python3-aliyun-python-sdk-democenter python3-aliyun-python-sdk-devops-rdc python3-aliyun-python-sdk-dms-enterprise python3-aliyun-python-sdk-domain python3-aliyun-python-sdk-domain-intl python3-aliyun-python-sdk-drds python3-aliyun-python-sdk-dts python3-aliyun-python-sdk-dybaseapi python3-aliyun-python-sdk-dyplsapi python3-aliyun-python-sdk-dypnsapi python3-aliyun-python-sdk-dysmsapi python3-aliyun-python-sdk-dyvmsapi python3-aliyun-python-sdk-eas python3-aliyun-python-sdk-eci python3-aliyun-python-sdk-ecs python3-aliyun-python-sdk-edas python3-aliyun-python-sdk-ehpc python3-aliyun-python-sdk-elasticsearch python3-aliyun-python-sdk-emr python3-aliyun-python-sdk-ens python3-aliyun-python-sdk-ess python3-aliyun-python-sdk-faas python3-aliyun-python-sdk-facebody python3-aliyun-python-sdk-fnf python3-aliyun-python-sdk-foas python3-aliyun-python-sdk-ft python3-aliyun-python-sdk-geoip python3-aliyun-python-sdk-goodstech python3-aliyun-python-sdk-gpdb python3-aliyun-python-sdk-green python3-aliyun-python-sdk-gts-phd python3-aliyun-python-sdk-hbase python3-aliyun-python-sdk-hbr python3-aliyun-python-sdk-highddos python3-aliyun-python-sdk-hiknoengine python3-aliyun-python-sdk-hivisengine python3-aliyun-python-sdk-hpc python3-aliyun-python-sdk-hsm python3-aliyun-python-sdk-httpdns python3-aliyun-python-sdk-imageaudit python3-aliyun-python-sdk-imageenhan python3-aliyun-python-sdk-imageprocess python3-aliyun-python-sdk-imagerecog python3-aliyun-python-sdk-imagesearch python3-aliyun-python-sdk-imageseg python3-aliyun-python-sdk-imgsearch python3-aliyun-python-sdk-imm python3-aliyun-python-sdk-industry-brain python3-aliyun-python-sdk-iot python3-aliyun-python-sdk-iqa python3-aliyun-python-sdk-ivision python3-aliyun-python-sdk-ivpd python3-aliyun-python-sdk-jaq python3-aliyun-python-sdk-jarvis python3-aliyun-python-sdk-jarvis-public python3-aliyun-python-sdk-kms python3-aliyun-python-sdk-ledgerdb python3-aliyun-python-sdk-linkedmall python3-aliyun-python-sdk-linkface python3-aliyun-python-sdk-linkwan python3-aliyun-python-sdk-live python3-aliyun-python-sdk-lubancloud python3-aliyun-python-sdk-market python3-aliyun-python-sdk-mopen python3-aliyun-python-sdk-mts python3-aliyun-python-sdk-multimediaai python3-aliyun-python-sdk-nas python3-aliyun-python-sdk-netana python3-aliyun-python-sdk-nlp-automl python3-aliyun-python-sdk-nls-cloud-meta python3-aliyun-python-sdk-objectdet python3-aliyun-python-sdk-ocr python3-aliyun-python-sdk-ocs python3-aliyun-python-sdk-oms python3-aliyun-python-sdk-ons python3-aliyun-python-sdk-onsmqtt python3-aliyun-python-sdk-oos python3-aliyun-python-sdk-openanalytics python3-aliyun-python-sdk-openanalytics-open python3-aliyun-python-sdk-opensearch python3-aliyun-python-sdk-ossadmin python3-aliyun-python-sdk-ots python3-aliyun-python-sdk-outboundbot python3-aliyun-python-sdk-paistudio python3-aliyun-python-sdk-petadata python3-aliyun-python-sdk-polardb python3-aliyun-python-sdk-productcatalog python3-aliyun-python-sdk-pts python3-aliyun-python-sdk-push python3-aliyun-python-sdk-pvtz python3-aliyun-python-sdk-qualitycheck python3-aliyun-python-sdk-quickbi-public python3-aliyun-python-sdk-r-kvstore python3-aliyun-python-sdk-ram python3-aliyun-python-sdk-rdc python3-aliyun-python-sdk-rds python3-aliyun-python-sdk-reid python3-aliyun-python-sdk-resourcemanager python3-aliyun-python-sdk-retailcloud python3-aliyun-python-sdk-risk python3-aliyun-python-sdk-ros python3-aliyun-python-sdk-rtc python3-aliyun-python-sdk-sae python3-aliyun-python-sdk-saf python3-aliyun-python-sdk-sas python3-aliyun-python-sdk-sas-api python3-aliyun-python-sdk-scdn python3-aliyun-python-sdk-schedulerx2 python3-aliyun-python-sdk-sddp python3-aliyun-python-sdk-slb python3-aliyun-python-sdk-smartag python3-aliyun-python-sdk-smc python3-aliyun-python-sdk-snsuapi python3-aliyun-python-sdk-status python3-aliyun-python-sdk-sts python3-aliyun-python-sdk-tag python3-aliyun-python-sdk-tesladam python3-aliyun-python-sdk-teslamaxcompute python3-aliyun-python-sdk-teslastream python3-aliyun-python-sdk-trademark python3-aliyun-python-sdk-ubsms python3-aliyun-python-sdk-uis python3-aliyun-python-sdk-unimkt python3-aliyun-python-sdk-vcs python3-aliyun-python-sdk-viapiutils python3-aliyun-python-sdk-videoenhan python3-aliyun-python-sdk-videorecog python3-aliyun-python-sdk-videosearch python3-aliyun-python-sdk-videoseg python3-aliyun-python-sdk-visionai python3-aliyun-python-sdk-visionai-poc python3-aliyun-python-sdk-vod python3-aliyun-python-sdk-voicenavigator python3-aliyun-python-sdk-vpc python3-aliyun-python-sdk-vs python3-aliyun-python-sdk-waf-openapi python3-aliyun-python-sdk-webplus python3-aliyun-python-sdk-welfare-inner python3-aliyun-python-sdk-workorder python3-aliyun-python-sdk-xspace python3-aliyun-python-sdk-xtrace python3-aliyun-python-sdk-yundun python3-aliyun-python-sdk-yundun-ds aws-nitro-enclaves-binaryblobs-upstream aws-nitro-enclaves-cli system-group-ne apache2-mod_auth_openidc firewalld-prometheus-config libwayland-client0 libwayland-client0-32bit libwayland-cursor0 libwayland-cursor0-32bit libwayland-egl1 libwayland-egl1-32bit libwayland-server0 libwayland-server0-32bit wayland-devel wayland-devel-32bit gradle rmt-server rmt-server-config rmt-server-pubcloud dmidecode jettison jettison-javadoc indent libavahi-ui0 avahi-autoipd avahi-compat-howl-devel avahi-compat-mDNSResponder-devel avahi-utils avahi-utils-gtk libavahi-devel libavahi-glib-devel libavahi-glib1 libavahi-glib1-32bit libavahi-gobject-devel libavahi-gobject0 libavahi-libevent1 libavahi-qt5-1 libavahi-qt5-devel libavahi-ui-gtk3-0 libdns_sd libdns_sd-32bit libhowl0 python3-avahi python3-avahi-gtk typelib-1_0-Avahi-0_6 sbd sbd-devel python39-setuptools openssl-ibmca ruby2.5-rubygem-actionview-5_1 ruby2.5-rubygem-actionview-doc-5_1 ffmpeg ffmpeg-private-devel libavcodec-devel libavcodec57-32bit libavdevice-devel libavdevice57 libavdevice57-32bit libavfilter-devel libavfilter6 libavfilter6-32bit libavformat-devel libavformat57 libavformat57-32bit libavresample-devel libavresample3 libavresample3-32bit libavutil-devel libavutil55-32bit libpostproc-devel libpostproc54 libpostproc54-32bit libswresample-devel libswresample2-32bit libswscale-devel libswscale4 libswscale4-32bit gio-branding-upstream glib2-devel glib2-devel-32bit glib2-devel-static glib2-tests-devel glib2-tools-32bit libgthread-2_0-0-32bit netty netty-javadoc netty-poms netty-tcnative netty-tcnative-javadoc antlr3-bootstrap-tool antlr3-java antlr3-java-javadoc antlr3-javadoc antlr3-tool maven maven-javadoc maven-lib minlog minlog-javadoc sbt sbt-bootstrap xmvn xmvn-api xmvn-connector xmvn-connector-javadoc xmvn-core xmvn-install xmvn-minimal xmvn-mojo xmvn-mojo-javadoc xmvn-parent xmvn-resolve xmvn-subst xmvn-tools-javadoc xxd nginx nginx-source libfastjson-devel libfastjson4 ntp ntp-doc libprotobuf-c-devel libprotobuf-c1 protobuf-c distribution-registry prometheus-postgres_exporter libraw-devel libraw-devel-static libraw-tools libraw20-32bit libraw16 postgresql15 postgresql15-contrib postgresql15-devel postgresql15-docs postgresql15-llvmjit postgresql15-llvmjit-devel postgresql15-plperl postgresql15-plpython postgresql15-pltcl postgresql15-server postgresql15-server-devel postgresql15-test rekor prometheus-sap_host_exporter cups-filters-devel ovmf-tools qemu-ovmf-ia32 qemu-ovmf-x86_64-debug qemu-uefi-aarch32 mysql-connector-java ctags terraform-provider-aws terraform-provider-null python3-Flask python3-Flask-doc geoipupdate geoipupdate-legacy libkpathsea6 libptexenc1 libtexlua53-5 libtexluajit2 perl-biber texlive texlive-a2ping-bin texlive-accfonts-bin texlive-adhocfilelist-bin texlive-afm2pl-bin texlive-albatross-bin texlive-aleph-bin texlive-amstex-bin texlive-arara-bin texlive-asymptote-bin texlive-attachfile2-bin texlive-authorindex-bin texlive-autosp-bin texlive-axodraw2-bin texlive-bib2gls-bin texlive-biber-bin texlive-bibexport-bin texlive-bibtex-bin texlive-bibtex8-bin texlive-bibtexu-bin texlive-bin-devel texlive-bundledoc-bin texlive-cachepic-bin texlive-checkcites-bin texlive-checklistings-bin texlive-chklref-bin texlive-chktex-bin texlive-cjk-gs-integrate-bin texlive-cjkutils-bin texlive-clojure-pamphlet-bin texlive-cluttex-bin texlive-context-bin texlive-convbkmk-bin texlive-crossrefware-bin texlive-cslatex-bin texlive-csplain-bin texlive-ctan-o-mat-bin texlive-ctanbib-bin texlive-ctanify-bin texlive-ctanupload-bin texlive-ctie-bin texlive-cweb-bin texlive-cyrillic-bin-bin texlive-de-macro-bin texlive-detex-bin texlive-diadia-bin texlive-dosepsbin-bin texlive-dtl-bin texlive-dtxgen-bin texlive-dviasm-bin texlive-dvicopy-bin texlive-dvidvi-bin texlive-dviinfox-bin texlive-dviljk-bin texlive-dviout-util-bin texlive-dvipdfmx-bin texlive-dvipng-bin texlive-dvipos-bin texlive-dvips-bin texlive-dvisvgm-bin texlive-eplain-bin texlive-epspdf-bin texlive-epstopdf-bin texlive-exceltex-bin texlive-fig4latex-bin texlive-findhyph-bin texlive-fontinst-bin texlive-fontools-bin texlive-fontware-bin texlive-fragmaster-bin texlive-getmap-bin texlive-git-latexdiff-bin texlive-glossaries-bin texlive-gregoriotex-bin texlive-gsftopk-bin texlive-hyperxmp-bin texlive-jadetex-bin texlive-jfmutil-bin texlive-ketcindy-bin texlive-kotex-utils-bin texlive-kpathsea-bin texlive-kpathsea-devel texlive-l3build-bin texlive-lacheck-bin texlive-latex-bin-bin texlive-latex-bin-dev-bin texlive-latex-git-log-bin texlive-latex-papersize-bin texlive-latex2man-bin texlive-latex2nemeth-bin texlive-latexdiff-bin texlive-latexfileversion-bin texlive-latexindent-bin texlive-latexmk-bin texlive-latexpand-bin texlive-lcdftypetools-bin texlive-light-latex-make-bin texlive-lilyglyphs-bin texlive-listbib-bin texlive-listings-ext-bin texlive-lollipop-bin texlive-ltxfileinfo-bin texlive-ltximg-bin texlive-luahbtex-bin texlive-luajittex-bin texlive-luaotfload-bin texlive-luatex-bin texlive-lwarp-bin texlive-m-tx-bin texlive-make4ht-bin texlive-makedtx-bin texlive-makeindex-bin texlive-match_parens-bin texlive-mathspic-bin texlive-metafont-bin texlive-metapost-bin texlive-mex-bin texlive-mf2pt1-bin texlive-mflua-bin texlive-mfware-bin texlive-mkgrkindex-bin texlive-mkjobtexmf-bin texlive-mkpic-bin texlive-mltex-bin texlive-mptopdf-bin texlive-multibibliography-bin texlive-musixtex-bin texlive-musixtnt-bin texlive-omegaware-bin texlive-optex-bin texlive-patgen-bin texlive-pax-bin texlive-pdfbook2-bin texlive-pdfcrop-bin texlive-pdfjam-bin texlive-pdflatexpicscale-bin texlive-pdftex-bin texlive-pdftex-quiet-bin texlive-pdftosrc-bin texlive-pdfxup-bin texlive-pedigree-perl-bin texlive-perltex-bin texlive-petri-nets-bin texlive-pfarrei-bin texlive-pkfix-bin texlive-pkfix-helper-bin texlive-platex-bin texlive-pmx-bin texlive-pmxchords-bin texlive-ps2eps-bin texlive-ps2pk-bin texlive-pst-pdf-bin texlive-pst2pdf-bin texlive-ptex-bin texlive-ptex-fontmaps-bin texlive-ptex2pdf-bin texlive-ptexenc-devel texlive-purifyeps-bin texlive-pygmentex-bin texlive-pythontex-bin texlive-rubik-bin texlive-scripts-bin texlive-scripts-extra-bin texlive-seetexk-bin texlive-spix-bin texlive-splitindex-bin texlive-srcredact-bin texlive-sty2dtx-bin texlive-svn-multi-bin texlive-synctex-bin texlive-synctex-devel texlive-tex-bin texlive-tex4ebook-bin texlive-tex4ht-bin texlive-texcount-bin texlive-texdef-bin texlive-texdiff-bin texlive-texdirflatten-bin texlive-texdoc-bin texlive-texdoctk-bin texlive-texfot-bin texlive-texliveonfly-bin texlive-texloganalyser-bin texlive-texlua-devel texlive-texluajit-devel texlive-texosquery-bin texlive-texplate-bin texlive-texsis-bin texlive-texware-bin texlive-thumbpdf-bin texlive-tie-bin texlive-tikztosvg-bin texlive-tpic2pdftex-bin texlive-ttfutils-bin texlive-typeoutfileinfo-bin texlive-ulqda-bin texlive-uplatex-bin texlive-uptex-bin texlive-urlbst-bin texlive-velthuis-bin texlive-vlna-bin texlive-vpe-bin texlive-web-bin texlive-webquiz-bin texlive-wordcount-bin texlive-xdvi-bin texlive-xelatex-dev-bin texlive-xetex-bin texlive-xindex-bin texlive-xml2pmx-bin texlive-xmltex-bin texlive-xpdfopen-bin texlive-yplan-bin libsynctex1 libtexlua52-5 texlive-ebong-bin texlive-lua2dox-bin texlive-pdftools-bin texlive-pstools-bin texlive-tetex-bin texlive-texconfig-bin libpoppler73 libpoppler73-32bit kubernetes1.18-client kubernetes1.18-client-common golang-github-vpenso-prometheus_slurm_exporter go1.18-openssl go1.18-openssl-doc go1.18-openssl-race c-ares-devel c-ares-utils libcares2-32bit libvirt libvirt-daemon-config-nwfilter libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-storage-gluster libvirt-daemon-hooks libvirt-daemon-lxc libvirt-daemon-xen libvirt-devel libvirt-devel-32bit libvirt-doc libvirt-lock-sanlock libvirt-nss wireshark-plugin-libvirt apache-commons-fileupload apache-commons-fileupload-javadoc libwebp-devel libwebp-devel-32bit libwebp-tools libwebp7-32bit libwebpdecoder3 libwebpdecoder3-32bit libwebpdemux2-32bit libwebpmux3-32bit libwebp6 libwebp6-32bit libwebpdecoder2 libwebpdecoder2-32bit libwebpextras0 libwebpextras0-32bit libwebpmux2 libwebpmux2-32bit opensc opensc-32bit jetty-annotations jetty-ant jetty-cdi jetty-client jetty-continuation jetty-deploy jetty-fcgi jetty-http jetty-http-spi jetty-io jetty-jaas jetty-jmx jetty-jndi jetty-jsp jetty-minimal-javadoc jetty-openid jetty-plus jetty-proxy jetty-quickstart jetty-rewrite jetty-security jetty-server jetty-servlet jetty-servlets jetty-start jetty-util jetty-util-ajax jetty-webapp jetty-xml python3-reportlab python-ply-doc python3-jmespath python3-ply python3-simplejson python3-pyzmq python3-pyzmq-devel prometheus-ha_cluster_exporter rustup open-vm-tools-salt-minion python3-sqlparse cloud-init cloud-init-config-suse cloud-init-doc kubernetes1.24-client kubernetes1.24-client-bash-completion kubernetes1.24-client-common kubernetes1.24-client-fish-completion corepack18 nodejs18 nodejs18-devel nodejs18-docs npm18 dnsdist libluajit-5_1-2 libluajit-5_1-2-32bit luajit luajit-devel amazon-ecs-init libcap-devel libcap-progs libcap2 libcap2-32bit libpsx2 libpsx2-32bit libxmltooling7 libpython3_11-1_0 libpython3_11-1_0-32bit python311 python311-32bit python311-base python311-base-32bit python311-curses python311-dbm python311-devel python311-doc python311-doc-devhelp python311-idle python311-testsuite python311-tk python311-tools azure-cli-core python3-constantly python3-humanfriendly python3-hyperlink python3-jsondiff python3-knack python3-websocket-client python3-zope.interface libdwarf-devel libdwarf-devel-static libdwarf-doc libdwarf-tools libdwarf1 librabbitmq-devel librabbitmq4 rabbitmq-c-tools bouncycastle bouncycastle-javadoc bouncycastle-mail bouncycastle-pg bouncycastle-pkix bouncycastle-tls bouncycastle-util python3-azure-core python3-azure-storage-blob php8-pear php8-pecl python311-pip libpoppler89 libpoppler89-32bit openssh-askpass-gnome openssh-cavs openssh-fips openssh-helpers pam_cap pam_cap-32bit python3-scipy_1_2_0-gnu-hpc libQt5Svg5-32bit libqt5-qtsvg-devel libqt5-qtsvg-devel-32bit libqt5-qtsvg-examples libqt5-qtsvg-private-headers-devel libQt5Bootstrap-devel-static libQt5Bootstrap-devel-static-32bit libQt5Concurrent-devel libQt5Concurrent-devel-32bit libQt5Concurrent5-32bit libQt5Core-devel libQt5Core-devel-32bit libQt5Core-private-headers-devel libQt5Core5-32bit libQt5DBus-devel libQt5DBus-devel-32bit libQt5DBus-private-headers-devel libQt5DBus5-32bit libQt5Gui-devel libQt5Gui-devel-32bit libQt5Gui-private-headers-devel libQt5Gui5-32bit libQt5KmsSupport-devel-static libQt5KmsSupport-private-headers-devel libQt5Network-devel libQt5Network-devel-32bit libQt5Network-private-headers-devel libQt5Network5-32bit libQt5OpenGL-devel libQt5OpenGL-devel-32bit libQt5OpenGL-private-headers-devel libQt5OpenGL5-32bit libQt5OpenGLExtensions-devel-static libQt5OpenGLExtensions-devel-static-32bit libQt5PlatformHeaders-devel libQt5PlatformSupport-devel-static libQt5PlatformSupport-devel-static-32bit libQt5PlatformSupport-private-headers-devel libQt5PrintSupport-devel libQt5PrintSupport-devel-32bit libQt5PrintSupport-private-headers-devel libQt5PrintSupport5-32bit libQt5Sql-devel libQt5Sql-devel-32bit libQt5Sql-private-headers-devel libQt5Sql5-32bit libQt5Sql5-mysql-32bit libQt5Sql5-postgresql libQt5Sql5-postgresql-32bit libQt5Sql5-sqlite-32bit libQt5Sql5-unixODBC libQt5Sql5-unixODBC-32bit libQt5Test-devel libQt5Test-devel-32bit libQt5Test-private-headers-devel libQt5Test5-32bit libQt5Widgets-devel libQt5Widgets-devel-32bit libQt5Widgets-private-headers-devel libQt5Widgets5-32bit libQt5Xml-devel libQt5Xml-devel-32bit libQt5Xml5-32bit libqt5-qtbase-common-devel libqt5-qtbase-devel libqt5-qtbase-examples libqt5-qtbase-examples-32bit libqt5-qtbase-platformtheme-xdgdesktopportal libqt5-qtbase-private-headers-devel iperf iperf-devel libiperf0 tcl tcl-32bit tcl-devel go1.20-openssl go1.20-openssl-doc go1.20-openssl-race gdk-pixbuf-loader-rsvg-32bit librsvg-2-2-32bit librsvg-devel rsvg-convert libxmltooling-devel libxmltooling-lite9 libxmltooling9 xmltooling-schemas guava guava-javadoc guava-testlib pipewire-libpulse-0_3 apache2-mod_security2 python3-tornado system-user-prometheus jtidy jtidy-javadoc jtidy-scripts libpoppler-cpp0-32bit libpoppler-devel libpoppler-glib-devel libpoppler-glib8-32bit libpoppler-qt5-1-32bit libpoppler-qt5-devel libpoppler-qt6-3 libpoppler-qt6-devel libpoppler117-32bit typelib-1_0-Poppler-0_18 pipewire-modules pipewire-modules-32bit xtrans gstreamer-plugins-base-32bit gstreamer-plugins-base-devel gstreamer-plugins-base-devel-32bit libgstallocators-1_0-0-32bit libgstapp-1_0-0-32bit libgstaudio-1_0-0-32bit libgstfft-1_0-0-32bit libgstgl-1_0-0-32bit libgstpbutils-1_0-0-32bit libgstriff-1_0-0-32bit libgstrtp-1_0-0-32bit libgstrtsp-1_0-0-32bit libgstsdp-1_0-0-32bit libgsttag-1_0-0-32bit libgstvideo-1_0-0-32bit typelib-1_0-GstAllocators-1_0 typelib-1_0-GstApp-1_0 typelib-1_0-GstGL-1_0 typelib-1_0-GstGLEGL-1_0 typelib-1_0-GstGLWayland-1_0 typelib-1_0-GstGLX11-1_0 typelib-1_0-GstRtp-1_0 typelib-1_0-GstRtsp-1_0 typelib-1_0-GstSdp-1_0 gstreamer-plugins-ugly-doc gstreamer-plugins-ugly-32bit libcjose-devel libcjose0 cargo1.71 rust1.71 gstreamer-plugin-pipewire libpipewire-0_3-0 libpipewire-0_3-0-32bit pipewire pipewire-alsa pipewire-alsa-32bit pipewire-devel pipewire-doc pipewire-lang pipewire-libjack-0_3 pipewire-libjack-0_3-32bit pipewire-libjack-0_3-devel pipewire-modules-0_3 pipewire-modules-0_3-32bit pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-plugins-0_2-32bit pipewire-spa-tools pipewire-tools python3-scipy python3-scipy-gnu-hpc python3-scipy_1_3_3-gnu-hpc ruby2.5-rubygem-globalid ruby2.5-rubygem-globalid-doc qatengine re2c python3-configobj commons-compiler janino janino-javadoc WebKitGTK-4.0-lang WebKitGTK-4.1-lang WebKitGTK-6.0-lang libjavascriptcoregtk-4_0-18-64bit libjavascriptcoregtk-4_1-0-64bit libjavascriptcoregtk-6_0-1 libwebkit2gtk-4_0-37-64bit libwebkit2gtk-4_1-0-64bit libwebkitgtk-6_0-4 typelib-1_0-JavaScriptCore-6_0 typelib-1_0-WebKit-6_0 typelib-1_0-WebKitWebProcessExtension-6_0 webkit-jsc-6.0 webkitgtk-6_0-injected-bundles gawk ca-certificates-mozilla ca-certificates-mozilla-prebuilt procps-devel open-vm-tools-containerinfo exempi-tools libexempi-devel libexempi3-32bit djvulibre djvulibre-doc libdjvulibre-devel sccache gsl_2_4-gnu-hpc gsl_2_4-gnu-hpc-devel gsl_2_4-gnu-hpc-doc gsl_2_4-gnu-hpc-examples gsl_2_4-gnu-hpc-module libgsl23 libgsl_2_4-gnu-hpc libgslcblas_2_4-gnu-hpc libssh2-1-32bit libssh2-devel icu73_2 libicu73_2 libicu73_2-bedata libicu73_2-devel libicu73_2-doc libicu73_2-ledata flac flac-devel flac-devel-32bit flac-doc libFLAC++6 libFLAC++6-32bit cpp12 cross-nvptx-gcc12 cross-nvptx-newlib12-devel gcc12 gcc12-32bit gcc12-PIE gcc12-ada gcc12-ada-32bit gcc12-c++ gcc12-c++-32bit gcc12-d gcc12-d-32bit gcc12-fortran gcc12-fortran-32bit gcc12-go gcc12-go-32bit gcc12-info gcc12-locale gcc12-obj-c++ gcc12-obj-c++-32bit gcc12-objc gcc12-objc-32bit gcc12-testresults libada12 libada12-32bit libasan8 libasan8-32bit libatomic1 libatomic1-32bit libgcc_s1 libgcc_s1-32bit libgdruntime3 libgdruntime3-32bit libgfortran5 libgfortran5-32bit libgo21 libgo21-32bit libgomp1 libgomp1-32bit libgphobos3 libgphobos3-32bit libhwasan0 libitm1 libitm1-32bit liblsan0 libobjc4 libobjc4-32bit libquadmath0 libquadmath0-32bit libstdc++6 libstdc++6-32bit libstdc++6-devel-gcc12 libstdc++6-devel-gcc12-32bit libstdc++6-locale libstdc++6-pp libstdc++6-pp-32bit libtsan2 libubsan1 libubsan1-32bit cross-aarch64-gcc7 cross-aarch64-gcc7-icecream-backend cross-arm-gcc7 cross-arm-none-gcc7-bootstrap cross-avr-gcc7-bootstrap cross-epiphany-gcc7-bootstrap cross-hppa-gcc7 cross-hppa-gcc7-icecream-backend cross-i386-gcc7 cross-i386-gcc7-icecream-backend cross-m68k-gcc7 cross-m68k-gcc7-icecream-backend cross-mips-gcc7 cross-mips-gcc7-icecream-backend cross-nvptx-gcc7 cross-nvptx-newlib7-devel cross-ppc64-gcc7 cross-ppc64-gcc7-icecream-backend cross-ppc64le-gcc7 cross-ppc64le-gcc7-icecream-backend cross-rx-gcc7-bootstrap cross-s390x-gcc7 cross-s390x-gcc7-icecream-backend cross-sparc-gcc7 cross-sparc64-gcc7 cross-sparc64-gcc7-icecream-backend cross-sparcv9-gcc7-icecream-backend cross-x86_64-gcc7 cross-x86_64-gcc7-icecream-backend gcc7 gcc7-32bit gcc7-ada gcc7-ada-32bit gcc7-c++ gcc7-c++-32bit gcc7-fortran gcc7-fortran-32bit gcc7-go gcc7-go-32bit gcc7-info gcc7-locale gcc7-obj-c++ gcc7-obj-c++-32bit gcc7-objc gcc7-objc-32bit gcc7-testresults libada7 libada7-32bit libasan4 libasan4-32bit libatomic1-gcc7 libatomic1-gcc7-32bit libcilkrts5 libcilkrts5-32bit libgcc_s1-gcc7 libgcc_s1-gcc7-32bit libgfortran4-32bit libgo11 libgo11-32bit libgomp1-gcc7 libgomp1-gcc7-32bit libitm1-gcc7 libitm1-gcc7-32bit liblsan0-gcc7 libmpx2-gcc7 libmpx2-gcc7-32bit libmpxwrappers2-gcc7 libmpxwrappers2-gcc7-32bit libobjc4-gcc7 libobjc4-gcc7-32bit libquadmath0-gcc7 libquadmath0-gcc7-32bit libstdc++6-devel-gcc7 libstdc++6-devel-gcc7-32bit libstdc++6-gcc7 libstdc++6-gcc7-32bit libstdc++6-gcc7-locale libtsan0-gcc7 libubsan0 libubsan0-32bit python311-libxml2 go1.21 go1.21-doc go1.21-race cargo cargo1.72 rust rust1.72 libqb20 libqb20-32bit postfix-lmdb typelib-1_0-GstFft-1_0 mutt mutt-doc mutt-lang python3-brotlipy libfpm_pb0 libospf0 libospfapiclient0 libquagga_pb0 libzebra1 quagga quagga-devel go1.19-openssl go1.19-openssl-doc go1.19-openssl-race gsl gsl-devel gsl-doc gsl-examples gsl-gnu-hpc gsl-gnu-hpc-devel gsl-gnu-hpc-doc gsl_2_6-gnu-hpc gsl_2_6-gnu-hpc-devel gsl_2_6-gnu-hpc-doc gsl_2_6-gnu-hpc-examples gsl_2_6-gnu-hpc-module libgsl-gnu-hpc libgsl25 libgsl_2_6-gnu-hpc libgslcblas-gnu-hpc libgslcblas0 libgslcblas_2_6-gnu-hpc libmca_common_dstore1 libpmix2 pmix pmix-devel pmix-headers pmix-mca-params pmix-plugin-munge pmix-plugins pmix-test supportutils-plugin-susemanager-client apr-util-devel libapr-util1-dbd-mysql libapr-util1-dbd-pgsql libapr-util1-dbd-sqlite3 libapr-util1-dbm-db doxygen2man libqb-devel libqb-devel-32bit libqb-tests libqb-tools libqb100 libqb100-32bit postfix postfix-bdb postfix-bdb-lmdb postfix-devel postfix-doc postfix-ldap postfix-mysql postfix-postgresql libvpx-devel libvpx7-32bit vpx-tools libvpx4-32bit mdadm libeconf-devel libeconf-utils libeconf0 libeconf0-32bit libnghttp2-devel libnghttp2_asio-devel libnghttp2_asio1 libnghttp2_asio1-32bit nghttp2 python3-nghttp2 libbpf-devel libbpf0 libbpf0-32bit libcue-devel libcue2 python-gevent-doc python3-gevent suse-module-tools suse-module-tools-legacy cpp13 cross-nvptx-gcc13 cross-nvptx-newlib13-devel gcc13 gcc13-32bit gcc13-PIE gcc13-ada gcc13-ada-32bit gcc13-c++ gcc13-c++-32bit gcc13-d gcc13-d-32bit gcc13-fortran gcc13-fortran-32bit gcc13-go gcc13-go-32bit gcc13-info gcc13-locale gcc13-m2 gcc13-m2-32bit gcc13-obj-c++ gcc13-obj-c++-32bit gcc13-objc gcc13-objc-32bit libada13 libada13-32bit libgdruntime4 libgdruntime4-32bit libgo22 libgo22-32bit libgphobos4 libgphobos4-32bit libm2cor18 libm2cor18-32bit libm2iso18 libm2iso18-32bit libm2log18 libm2log18-32bit libm2min18 libm2min18-32bit libm2pim18 libm2pim18-32bit libstdc++6-devel-gcc13 libstdc++6-devel-gcc13-32bit libzck-devel libzck1 zchunk aws-efs-utils python311-Werkzeug libsndfile-devel libsndfile-progs apache-ivy apache-ivy-javadoc kernel-firmware-nvidia-gspx-G06 nvidia-open-driver-G06-signed-64kb-devel nvidia-open-driver-G06-signed-azure-devel nvidia-open-driver-G06-signed-default-devel nvidia-open-driver-G06-signed-kmp-64kb nvidia-open-driver-G06-signed-kmp-azure nvidia-open-driver-G06-signed-kmp-default w3m-inline-image exfatprogs python3-Pillow python3-Pillow-tk go1.21-openssl go1.21-openssl-doc go1.21-openssl-race postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-llvmjit postgresql-llvmjit-devel postgresql-plperl postgresql-plpython postgresql-pltcl postgresql-server postgresql-server-devel postgresql-test postgresql16 postgresql16-contrib postgresql16-devel postgresql16-devel-mini postgresql16-docs postgresql16-llvmjit postgresql16-llvmjit-devel postgresql16-plperl postgresql16-plpython postgresql16-pltcl postgresql16-server postgresql16-server-devel postgresql16-test frozen-devel libixion-0_18-0 libixion-devel libixion-tools liborcus-0_18-0 liborcus-devel liborcus-tools mdds-2_1-devel python3-libixion python3-liborcus apache2-mod_jk maven-resolver maven-resolver-api maven-resolver-connector-basic maven-resolver-impl maven-resolver-javadoc maven-resolver-named-locks maven-resolver-spi maven-resolver-test-util maven-resolver-transport-classpath maven-resolver-transport-file maven-resolver-transport-http maven-resolver-transport-wagon maven-resolver-util python311-Pillow python311-Pillow-tk libnss_slurm2_23_02 libpmi0_23_02 libslurm39 perl-slurm_23_02 slurm_23_02 slurm_23_02-auth-none slurm_23_02-config slurm_23_02-config-man slurm_23_02-cray slurm_23_02-devel slurm_23_02-doc slurm_23_02-lua slurm_23_02-munge slurm_23_02-node slurm_23_02-pam_slurm slurm_23_02-plugin-ext-sensors-rrd slurm_23_02-plugins slurm_23_02-rest slurm_23_02-slurmdbd slurm_23_02-sql slurm_23_02-sview slurm_23_02-torque slurm_23_02-webdoc libnss_slurm2_22_05 libpmi0_22_05 libslurm38 perl-slurm_22_05 slurm_22_05 slurm_22_05-auth-none slurm_22_05-config slurm_22_05-config-man slurm_22_05-cray slurm_22_05-devel slurm_22_05-doc slurm_22_05-hdf5 slurm_22_05-lua slurm_22_05-munge slurm_22_05-node slurm_22_05-openlava slurm_22_05-pam_slurm slurm_22_05-plugins slurm_22_05-rest slurm_22_05-seff slurm_22_05-sjstat slurm_22_05-slurmdbd slurm_22_05-sql slurm_22_05-sview slurm_22_05-testsuite slurm_22_05-torque slurm_22_05-webdoc libxerces-c-3_2-32bit libxerces-c-devel xerces-c xerces-c-doc python311-Twisted python311-Twisted-all_non_platform python311-Twisted-conch python311-Twisted-conch_nacl python311-Twisted-contextvars python311-Twisted-http2 python311-Twisted-serial python311-Twisted-tls traceroute tar-backup-scripts tar-doc tar-tests suse-build-key hplip hplip-devel hplip-scan-utils libxerces-c-3_1 libxerces-c-3_1-32bit openssl-1_1-livepatches pesign python311-cryptography tracker-miner-files tracker-miners tracker-miners-lang libsass-3_6_5-1 libsass-devel python-aiohttp-doc python3-aiohttp ruby2.5-rubygem-activerecord-5_1 docker-rootless-extras rootlesskit libzbar-devel libzbar0 libzbar0-32bit libzbarqt-devel libzbarqt0 libzbarqt0-32bit zbar libcryptopp5_6_5 libcryptopp5_6_5-32bit libtinyxml0 tinyxml-devel tinyxml-docs ppp-devel ppp-modem jbigkit libjbig-devel libjbig-devel-32bit libjbig2-32bit libtss2-esys0-32bit libtss2-fapi1 libtss2-fapi1-32bit libtss2-mu0-32bit libtss2-rc0-32bit libtss2-sys1-32bit libtss2-tcti-cmd0 libtss2-tcti-cmd0-32bit libtss2-tcti-device0 libtss2-tcti-device0-32bit libtss2-tcti-mssim0 libtss2-tcti-mssim0-32bit libtss2-tcti-pcap0 libtss2-tcti-swtpm0 libtss2-tcti-swtpm0-32bit libtss2-tctildr0 libtss2-tctildr0-32bit tpm2-0-tss tpm2-0-tss-devel libxslt-devel libxslt-devel-32bit libxslt1-32bit nautilus-devel typelib-1_0-Nautilus-3_0 google-guest-agent google-osconfig-agent libpkgconf-devel libpkgconf3 pkgconf libtss2-fapi0 libtss2-sys0 libtss2-sys0-32bit libxslt-python libSDL2-2_0-0-32bit libSDL2-devel libSDL2-devel-32bit jakarta-commons-fileupload jakarta-commons-fileupload-javadoc perl-Net-Server python3-future supportutils-plugin-salt python3-wheel saphanabootstrap-formula python310-setuptools libzypp-plugin-appdata openSUSE-appdata-extra libpolkit0-32bit polkit-devel polkit-doc libcryptopp-devel libcryptopp8_6_0 libcryptopp8_6_0-32bit eclipse-jgit jgit jgit-javadoc jsch jsch-demo jsch-javadoc hawk2 0:7.1.0.9-150400.4.7 15.4 0:21.2.4-150400.66.1 0:1.0.0-150400.66.1 0:91.8.0-150200.152.26.1 0:91.8.0-150200.8.65.1 0:1.32.12-150400.1.11 0:1.24.0-150400.2.9 0:1.2.6-bp154.2.68 0:1.2.4-150400.1.11 0:2.36.0-150400.2.13 0:2.36.0-150400.2.12 0:0.6.55-150400.12.8 0:2.4.51-150400.4.6 0:7.4.25-150400.2.8 0:7.4.25-150400.2.7 0:3.0.4-150400.3.4 0:3.0.4-150400.3.3 0:21.12.3-bp154.1.34 0:1.12.0-150400.1.5 0:5.1.3-150000.7.11.1 0:4.4.36-150400.1.6 0:0.8-150400.5.73 0:4.4-150400.25.22 0:7.0-150400.25.22 0:20180314-150400.28.5 0:9.16.20-150400.3.6 0:2.37-150100.7.29.1 0:1.1.0+git.20170126-3.6.1 0:5.62-150400.2.5 0:0.4.2-3.3.1 0:0.4.1-1.16 0:1.0.8-150400.1.122 0:101.0.4951.64-bp154.1.2 0:4.1-150400.19.4 0:6.14-150400.1.6 0:8.32-150400.7.5 0:2.13-150400.1.98 0:7.5.0+r278197-4.30.1 0:2.9.7-11.6.1 0:4.2-150400.82.21 0:1.5.7-150400.82.21 0:2.4.3-150400.1.110 0:2.2.7-3.26.1 0:1.25.0-3.3.1 0:0.2.6-150400.12.12 0:7.79.1-150400.3.1 0:2.1.27-150300.4.6.1 0:1.12.2-150400.16.52 0:1.12.2-150400.16.5 0:0.108-1.29 0:4.3.6.P1-6.11.1 0:2.2.27-1.2 0:2.86-150400.14.3 0:055+suse.252.g4988b0bf-150400.1.8 0:1.46.4-150400.1.80 0:0.185-150400.3.35 0:27.2-150400.1.49 0:41.1-150400.1.9 0:41.3-150400.1.11 0:3.42.4-150400.1.10 0:3.42.4-150400.1.7 0:2.4.4-150400.2.24 0:5.32-7.14.1 0:3.40.0-150400.3.13 0:0.9.3-150400.7.6 0:1.12.5-150400.1.11 0:2.4.0-150400.1.12 0:1.0.10-150400.1.7 0:2.9.7-3.3.1 0:1.7.3-150400.2.7 0:0.1.3-1.38 0:1.1-1.15 0:11.1-8.30.1 0:2.42.6-150400.3.8 0:2.52.6-150400.1.7 0:41.3-150400.2.7 0:0.4.34-150400.1.7 0:9.52-161.1 0:2.10.30-150400.1.10 0:2.70.1-150400.1.6 0:2.70.4-150400.1.5 0:2.31-150300.20.7 0:2.26-13.8.1 0:41.2-150400.1.7 0:41.4-150400.1.7 0:40.0-150400.2.6 0:2.24.33-150400.2.11 0:41.0-150400.1.8 0:41.2-150400.1.8 0:6.2.9-bp154.1.21 0:3.7.3-150400.2.12 0:1.0.8-150400.1.7 0:2.48.0-150400.1.165 0:2.48.0-150400.1.8 0:3.1-4.3.12 0:0.3.14-150400.1.11 0:1.22.4-150400.3.4 0:1.22.4-150400.3.41 0:2.06-150400.9.9 0:1.20.1-150400.1.5 0:1.20.1-lp154.1.1 0:1.20.1-150400.1.9 0:1.20.1-150400.1.6 0:1.20.1-150400.1.7 0:1.3.0-150400.1.10 0:1.48.1-150400.2.17 0:3.21.10-150400.1.9 0:1.5.25-150400.1.13 0:1.6.1-1.53 0:1.5.0-4.37 0:0.7.8.6-150400.37.6 0:2.1.6-150400.37.6 0:11.0.15.0-150000.3.80.1 0:21.12.3-bp154.1.31 0:5.90.0-150400.1.4 0:1.0.2+git10.g26f0b96-150400.1.4 0:5.14.21-150400.22.1 0:20220119-150400.2.3 0:5.90.0-bp154.1.48 0:21.12.3-bp154.1.50 0:21.12.3-bp154.1.33 0:1.19.2-150400.1.9 0:5.24.4-bp154.1.31 0:5.90.0-bp154.1.38 0:590-150400.1.51 0:2021.11.23-bp154.1.72 0:1.3.2-3.9.1 0:3.22-1.26 0:1.0.9-1.25 0:2.2.1-3.41.1 0:5.15.2+kde294-150400.4.8 0:5.15.2+kde16-150400.1.5 0:1.2.15-150000.3.19.1 0:2.0.8-150200.11.6.1 0:1.8.0-3.11.1 0:1.6.5-3.21.1 0:1.2.0-1.18 0:1.1.15-1.18 0:1.1.2-1.23 0:1.3.3-1.30 0:6.0.0-150400.1.4 0:1.5.4-1.17 0:2.0.3-1.17 0:1.7.9-3.2.1 0:1.1.3-1.22 0:1.5.1-2.17 0:0.9.10-1.30 0:1.1.5-2.24 0:1.2.3-1.24 0:1.0.11-1.23 0:1.0.10-1.23 0:1.10.1-150400.5.6 0:1.1.4-1.24 0:1.1.4-1.23 0:1.2.0-9.7.1 0:3.2.0-150400.1.8 0:1.6.1-18.2.1 0:3.5.1-150400.1.9 0:0.14.0-3.9.1 0:3.0.6-150400.2.13 0:3.4.2-11.17.1 0:4.4-150400.1.13 0:3.5.0-4.6.1 0:0.3.20-150400.2.3 0:2.37.2-150400.6.26 0:2.37.2-150400.6.5 0:1.0.7-3.3.1 0:0.8.7-3.3.17 0:0.99.beta19.git20171003-150200.11.6.1 0:2.5.3-1.27 0:1.16.0-150400.9.6 0:1.17.1+20200724-3.17.1 0:0.94-6.9.2 0:2.1.0-1.27 0:3.490-bp154.1.83 0:3.5.27-11.11.1 0:1.1.3-1.23 0:1.4.2-bp154.2.69 0:2.19.0-150400.5.5 0:2.1.8-2.23 0:2.4.5-3.3.2 0:0.6.22-150000.5.9.1 0:0.26-6.8.1 0:3.68.3-150400.1.7 0:2.10.1-4.8.1 0:1.12.2-1.44 0:7.6.4-1.16 0:1.9.4-150400.4.6 0:2.2.5-11.3.1 0:0.2.5-150400.1.8 0:5.2.1-150000.4.8.1 0:0.6.2-1.17 0:6.1.2-4.9.1 0:0.4.1-150400.1.10 0:1.3.11-2.12 0:1.4.3-150400.1.6 0:0.3.0-4.3.29 0:1.10.8-150400.1.1 0:1.3.21-150400.2.10 0:3.7.3-150400.2.21 0:1.6.2-3.8.1 0:3.0.10-150400.1.12 0:3.0.10-150400.1.8 0:1.34-3.2.2 0:2.2.0-3.6.1 0:1.3.0+git.20210921-150400.1.15 0:2.0.2-150400.1.6 0:1.19.4-150400.1.8 0:1.14.12-bp154.1.66 0:2.9-1.24 0:2.0.14-150000.3.25.1 0:2.1-3.2.1 0:8.2.2-150400.15.9 0:0.13-3.3.1 0:1.3.5-2.14 0:2.12-150400.1.10 0:2.4.46-150200.14.5.1 0:2.4.1-150400.2.5 0:3.16.1-150400.1.9 0:5.3.6-3.6.1 0:1.9.3-150400.1.7 0:5.2.3-150000.4.7.1 0:2.10-2.22 0:0.15.1b-3.16 0:3.1.13-3.30.1 0:10.6.7-150400.1.4 0:2.2.4-1.41 0:2.2.2-bp154.1.81 0:1.2.11-150000.3.30.1 0:78.15.0-150400.1.10 0:3.100-1.33 0:4.0.2-3.3.1 0:1.26.4-1.15 0:0.6-3.14.1 0:0.3.20-4.14.1 0:6.1-5.9.1 0:1.6-1.26 0:10.80.1-3.11.1 0:0.52.20-5.35 0:1.40.0-6.1 0:2021.8.22-3.8.1 0:2.3.9-150400.14.5 0:4.5.5-150400.1.28 0:2.3.0-150000.3.5.1 0:1.5.2-150000.4.5.1 0:0.3.28-2.13.1 0:1.1.1l-150400.5.14 0:1.3.1-3.6.1 0:1.7.1-150400.8.6 0:4.1.1-2.3 0:0.23.22-150400.1.10 0:1.50.4-150400.1.5 0:2.9.21-bp154.1.27 0:1.10.1-150400.1.7 0:8.45-20.10.1 0:10.39-150400.2.3 0:1.9.4-150400.1.9 0:2.2.0-150400.5.4 0:1.6.34-3.9.1 0:0.116-3.9.1 0:22.01.0-150400.1.5 0:22.01.0-150400.1.6 0:1.16-150400.1.5 0:14.2-5.9.2 0:3.3.15-7.22.1 0:3.9.2-4.12.1 0:0.4.17-150400.1.8 0:0.4.17-150400.1.21 0:2.6.2-1.15 0:2.14.8-150400.1.10 0:3.6.15-150300.10.21.1 0:9.0.2-1.36 0:5.15.9-bp154.1.32 0:1.2.4+git20180804.fff99cd-1.19 0:16.2.7.654+gd5a90ff46f0-150400.1.4 0:2.0.15-9.7.1 0:0.20.2-150400.1.36 0:7.2.5.1-150300.14.22.18.3 0:2.5.9-150000.4.23.1 0:4.15.5+git.328.f1f29505d84-150400.1.44 0:2.5.3-150400.2.4 0:1.3.9-2.31 0:1.5.0-bp154.2.50 0:4.3.1-150300.2.7.1 0:1.0.28-5.15.1 0:5.7.3-10.12.1 0:0.7.22-150400.1.5 0:2.74.2-150400.1.6 0:3.0.4-150400.1.6 0:1.2-3.3.1 0:0.39-150400.2.13 0:0.15.0-150400.2.8 0:3.36.0-3.12.1 0:1.3.4-1.45 0:2.2.0-1.34 0:0.9.6-150400.1.5 0:1.9.0-4.13.1 0:0.0.7-7.3.2 0:1.21-150400.29.15 0:249.11-150400.6.8 0:1.11.1-4.9.1 0:4.13-4.5.1 0:4.0.9-45.5.1 0:1.2.6-150300.3.3.1 0:0.8.2-3.3.1 0:3.1.0-150400.1.6 0:2.9.2-150400.1.15 0:1.5.0-4.5.1 0:2.7.4-4.72 0:1.1.1-1.28 0:0.9.1-150400.1.7 0:8.0.0-150400.5.8 0:3.0.17.3-bp154.1.49 0:11.3.5-13.1 0:0.9.13-150400.1.9 0:1.3.6-4.3.1 0:1.6.1-6.6.8 0:1.11.0-150400.1.5 0:5.4.0-4.12.1 0:1.0.3-3.2.1 0:0.2.12-150000.4.4.1 0:0.10.2-3.3.1 0:1.4.17-1.43 0:3.2.3-1.28 0:1.3.0-150400.1.13 0:2.9.12-150400.3.4 0:1.1.34-150400.1.7 0:0.1.7-1.17 0:0.6.3-150400.2.5 0:1.8.0-150400.1.7 0:1.5.0-150400.1.71 0:17.30.0-150400.1.6 0:4.8.1-150400.8.57 0:12.5-3.3.1 0:4.8.27-bp154.1.50 0:21.12.3-bp154.1.22 0:4.32-3.20.1 0:1.29.4-150400.1.4 0:2.1.1-150100.10.24.1 0:21.12.3-bp154.1.25 0:7.08-6.9.1 0:2.0.0-6.15.1 0:8.4p1-3.9.1 0:1.1.1l-150400.1.5 0:2.5.5-150400.1.5 0:202202-150400.3.3 0:16.02-14.7.1 0:1.3.0-150000.6.55.3 0:5.26.1-150300.17.3.1 0:1.60-3.3.1 0:3.72-1.26 0:6.06-1.24 0:2.0132-1.20 0:3.52-3.3.1 0:20201225-150400.3.4 0:5.24.4-bp154.1.21 0:1.3.9-150400.17.4 0:2.7.7-150400.1.8 0:2.4.7-150000.5.6.1 0:3.22-2.34 0:2.8-10.1 0:4.7.1-3.7.1 0:1.17.3-150400.21.32 0:20.0.2-150400.15.6 0:1.8.1-5.6.1 0:2.24.0-1.24 0:44.1.1-150400.1.4 0:1.25.10-4.3.1 0:6.2.0-150400.35.10 0:1.0.0+-150400.35.10 0:1.15.0_0_g2dd4b9b-150400.35.10 0:8-150400.35.10 0:0.2.3-5.9.2 0:4.14.3-150300.46.1 0:3.2.3-150400.1.53 0:8.2106.0-150400.3.1 0:0.11+git.20130926-1.34 0:1.8.5-150400.12.4 0:1.0.32-6.6.2 0:4.6.2-5.3.1 0:0.19.0-lp154.3.6 0:4.15.2-2.21 0:15.4-4.7.1 0:0.21.0-3.3.1 0:4.4-1.1 0:1.9.9-150400.2.5 0:0.5.3-150300.3.3.1 0:1.34-150000.3.12.1 0:0.2.2-bp154.1.40 0:2021.189.2.005svn58637-150400.18.1 0:3.1c-1.38 0:20151004-bp154.2.20 0:3.00-bp154.1.67 0:0.3.15-150400.1.10 0:2021.10-150400.2.6 0:20220207-10.1 0:6.00-4.8.13 0:1.19.0.4-4.3.1 0:8.0.1568-5.17.1 0:4.0.0-150400.1.5 0:6.1.32-lp154.1.83 0:6.1.32_k5.14.21_150400.22-lp154.1.67 0:1.4.0-1.53 0:3.0.5-150400.1.6 0:0.5.3+git20180125-1.17 0:1.20.3-3.12.1 0:0.6.69-150400.1.3 0:2.9-4.33.1 0:1.1.3+20201113-150400.1.4 0:4.16.0_08-150400.2.12 0:2.3.15.4-bp154.1.21 0:7.6_1-1.22 0:1.1.0-3.4.1 0:1.20.3-150400.36.7 0:6.03-150400.1.6 0:330-11.3.1 0:21.1.4-150400.1.12 0:4.4.13-150400.1.7 0:4.4.10-150400.1.7 0:1.14.52-150400.1.9 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.0.1+git.20220109-bp154.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.0~rc3-bp154.3.3.1 (noarch) 0:2.2.0~rc3-bp154.3.3.1 (aarch64|x86_64) 0:102.0.5005.61-bp154.2.5.3 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.5.1-bp154.2.5.1 (aarch64|x86_64) 0:102.0.5005.115-bp154.2.8.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.9.70-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.8.0-bp154.3.3.1 (noarch) 0:1.8.0-bp154.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:7.2.12-bp154.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:20220429-bp154.2.3.1 (noarch) 0:20220429-bp154.2.3.1 (aarch64|i586|s390x|x86_64) 0:0.28.0-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.4.7.8-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:28-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.2.2-bp154.2.1 (noarch) 0:1.2.2-bp154.2.1 (aarch64|x86_64) 0:103.0.5060.53-bp154.2.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.0-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.8.0-bp154.3.8.1 (noarch) 0:1.8.0-bp154.3.8.1 (aarch64|x86_64) 0:5.15.10-bp154.2.3.2 (noarch) 0:5.15.10-bp154.2.3.2 (aarch64|x86_64) 0:103.0.5060.114-bp154.2.14.1 (x86_64) 0:88.0.4412.74-lp154.2.11.1 (noarch) 0:7.13.0-bp154.2.3.1 (x86_64) 0:6.1.36-lp154.2.7.1 (noarch) 0:6.1.36-lp154.2.7.1 (x86_64) 0:6.1.36_k5.14.21_150400.24.11-lp154.2.7.1 (aarch64|x86_64) 0:103.0.5060.134-bp154.2.17.2 (noarch) 0:2.2.10-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.41-bp154.2.3.1 (aarch64|i586|s390x|x86_64) 0:1.41-bp154.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.41-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.5.2-bp154.2.8.1 (aarch64|i586|s390x|x86_64) 0:0.30.4-bp154.2.6.1 (aarch64|x86_64) 0:104.0.5112.79-bp154.2.20.1 (x86_64) 0:89.0.4447.71-lp154.2.14.1 (aarch64|i586|x86_64) 0:2.53.13-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.7p3-bp154.3.3.1 (x86_64) 0:3.7p3-bp154.3.3.1 (aarch64_ilp32) 0:3.7p3-bp154.3.3.1 (aarch64|x86_64) 0:104.0.5112.101-bp154.2.23.1 (aarch64|ppc64le|x86_64) 0:1.6.6-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.0.3-bp154.2.3.1 (noarch) 0:2.2.28-bp154.2.3.3 (aarch64|i586|ppc64le|s390x|x86_64) 0:7.1.1-bp154.2.6.1 (x86_64) 0:90.0.4480.54-lp154.2.17.1 (x86_64) 0:90.0.4480.84-lp154.2.20.1 (aarch64|x86_64) 0:105.0.5195.102-bp154.2.26.1 (aarch64|x86_64) 0:105.0.5195.127-bp154.2.29.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-bp154.2.3.1 (x86_64) 0:91.0.4516.20-lp154.2.23.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.4.66-bp154.2.3.1 (aarch64|x86_64) 0:106.0.5249.91-bp154.2.32.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.4.67-bp154.2.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.19-bp154.2.5.1 (aarch64|ppc64le|x86_64) 0:1.11.2-bp154.2.3.1 (noarch) 0:1.11.2-bp154.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5-bp154.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.8-bp154.2.3.1 (aarch64|x86_64) 0:106.0.5249.119-bp154.2.35.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:5.2.1-bp154.2.3.1 (noarch) 0:1.5.3-bp154.2.3.1 (x86_64) 0:6.1.38-lp154.2.15.1 (noarch) 0:6.1.38-lp154.2.15.1 (x86_64) 0:6.1.38_k5.14.21_150400.24.21-lp154.2.15.1 (aarch64|ppc64le|s390x|x86_64) 0:0.25.4-bp154.4.3.1 (noarch) 0:0.12.5-lp154.3.3.1 (aarch64) 0:0.12.5_k5.14.21_150400.24.21-lp154.3.3.1 (aarch64|x86_64) 0:0.12.5_k5.14.21_150400.24.21-lp154.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.94.2-bp154.2.3.1 (noarch) 0:1.2.22-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.2.22-bp154.2.3.1 (aarch64|ppc64le|x86_64) 0:4.6.3-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.06.0.1-bp154.2.3.1 (aarch64|x86_64) 0:107.0.5304.87-bp154.2.40.1 (x86_64) 0:92.0.4561.21-lp154.2.26.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.3.5-bp154.2.3.1 (noarch) 0:2.3.5-bp154.2.3.1 (aarch64|x86_64) 0:6.2.1-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.0.33-bp154.3.3.1 (noarch) 0:3.0.33-bp154.3.3.1 (noarch) 0:2.1.1-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.1.6-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.31.1-bp154.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:7.2.1-bp154.2.9.1 (aarch64|x86_64) 0:107.0.5304.110-bp154.2.43.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.06.0.1-bp154.2.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.16.1-bp154.3.3.1 (noarch) 0:4.16.1-bp154.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.4.7.11-bp154.2.9.1 (aarch64|i586|s390x|x86_64) 0:2.18.2-bp154.2.3.1 (noarch) 0:2.18.2-bp154.2.3.1 (x86_64) 0:2.18.2-bp154.2.3.1 (aarch64_ilp32) 0:2.18.2-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.4.26-bp154.2.3.1 (x86_64) 0:93.0.4585.11-lp154.2.29.1 (aarch64|x86_64) 0:107.0.5304.121-bp154.2.46.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:9.26-bp154.2.3.1 (aarch64|x86_64) 0:108.0.5359.71-bp154.2.49.1 (aarch64|s390x|x86_64) 0:0.99.49+3-bp154.2.3.2 (noarch) 0:0.99.49+3-bp154.2.3.2 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.5.23-bp154.2.3.1 (aarch64|x86_64) 0:108.0.5359.94-bp154.2.52.1 (x86_64) 0:93.0.4585.37-lp154.2.32.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.4.2-bp154.2.3.1 (aarch64|x86_64) 0:108.0.5359.124-bp154.2.55.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.2.0-bp154.2.3.1 (x86_64) 0:94.0.4606.38-lp154.2.35.1 (aarch64|ppc64le|x86_64) 0:3.0.18-bp154.2.3.1 (noarch) 0:3.0.18-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.28.0-bp154.2.3.1 (x86_64) 0:2.28.0-bp154.2.3.1 (aarch64_ilp32) 0:2.28.0-bp154.2.3.1 (x86_64) 0:85.0.4341.28-lp154.2.5.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:7.1.0-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.12.5-bp154.2.3.1 (x86_64) 0:87.0.4390.25-lp154.2.8.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.6.2-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.2.11-lp154.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:5.6.0-bp154.2.3.5 (noarch) 0:5.6.0-bp154.2.3.5 (aarch64|ppc64le|x86_64) 0:4.6.6-bp154.2.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.12.6-bp154.2.3.1 (x86_64) 0:0.12.6-bp154.2.3.1 (aarch64_ilp32) 0:0.12.6-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.6.7-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:6.2.2-bp154.2.3.1 (x86_64) 0:99.0.4788.13-lp154.2.47.1 (x86_64) 0:113.0.5672.126-bp154.2.87.1 (aarch64|x86_64) 0:114.0.5735.106-bp154.2.90.1 (aarch64|x86_64) 0:114.0.5735.133-bp154.2.93.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.2.6-bp154.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.24.1-bp154.2.3.2 (noarch) 0:2.24.1-bp154.2.3.2 (noarch) 0:2.54-bp154.2.3.1 (aarch64|x86_64) 0:114.0.5735.198-bp155.2.10.1 (aarch64|x86_64) 0:109.0.5414.74-bp154.2.58.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.94-bp155.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.6-bp155.2.3.1 (noarch) 0:0.8.6-bp155.2.3.1 (x86_64) 0:7.0.8-lp154.2.32.2 (noarch) 0:7.0.8-lp154.2.32.2 (x86_64) 0:7.0.8_k5.14.21_150400.24.63-lp154.2.32.1 (noarch) 0:2.2.28-bp154.2.12.1 (noarch) 0:1.11.29-bp154.2.6.1 (aarch64|i586|s390x|x86_64) 0:1.1.2-lp154.2.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.1-bp154.2.3.1 (x86_64) 0:4.1-bp154.2.3.1 (aarch64_ilp32) 0:4.1-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:7.8.0-bp154.2.4.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.0.47-bp155.3.3.1 (aarch64|x86_64) 0:115.0.5790.102-bp155.2.13.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.1-bp154.3.6.1 (noarch) 0:6.0.34-bp154.2.30.1 (noarch) 0:1.9022-bp154.2.3.1 (aarch64|x86_64) 0:115.0.5790.170-bp155.2.16.1 (noarch) 0:0.086-bp154.2.3.1 (aarch64|x86_64) 0:0.1.9+git.0.66be0d8-bp154.2.6.1 (noarch) 0:0.1.9+git.0.66be0d8-bp154.2.6.1 (noarch) 0:3.0.4-bp154.2.3.1 (aarch64|x86_64) 0:116.0.5845.96-bp155.2.19.1 (x86_64) 0:116.0.5845.110-bp155.2.22.1 (aarch64|x86_64) 0:116.0.5845.140-bp155.2.25.1 (aarch64|x86_64) 0:116.0.5845.179-bp155.2.28.1 (aarch64|x86_64) 0:116.0.5845.187-bp155.2.31.1 (aarch64|x86_64) 0:116.0.5845.187-bp155.2.34.1 (aarch64|x86_64) 0:117.0.5938.88-bp155.2.37.1 (noarch) 0:1.2.23-bp154.2.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.2.23-bp154.2.6.1 (x86_64) 0:102.0.4880.40-lp154.2.50.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.4.4-bp155.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.0.10-bp154.2.3.1 (x86_64) 0:3.0.10-bp154.2.3.1 (aarch64_ilp32) 0:3.0.10-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.4.7.13-bp154.2.12.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.9.1-bp154.2.3.1 (noarch) 0:3.1.12.1610074031.f653af66-bp154.2.3.1 (noarch) 0:2.5.2-bp154.2.3.1 (noarch) 0:1.2.25-bp155.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.2.25-bp155.2.3.1 (aarch64|x86_64) 0:117.0.5938.132-bp155.2.40.1 (noarch) 0:3.2.0-bp154.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:4.94.2-bp155.5.3.1 (x86_64) 0:103.0.4928.16-lp154.2.53.1 (noarch) 0:0.4.8-bp154.2.3.1 (aarch64|x86_64) 0:118.0.5993.70-bp155.2.46.1 (aarch64|ppc64le|s390x|x86_64) 0:4.94.2-bp154.2.9.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:9.31-bp155.3.3.1 (aarch64|x86_64) 0:118.0.5993.88-bp155.2.49.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.1-bp154.4.3.1 (noarch) 0:2.2.28-bp154.2.15.1 (aarch64|x86_64) 0:109.0.5414.119-bp154.2.64.1 (aarch64|x86_64) 0:118.0.5993.117-bp155.2.52.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:14.4.2-bp154.2.3.1 (x86_64) 0:7.0.6-lp154.2.26.2 (noarch) 0:7.0.6-lp154.2.26.2 (x86_64) 0:7.0.6_k5.14.21_150400.24.41-lp154.2.26.2 (x86_64) 0:104.0.4944.23-lp154.2.56.1 (x86_64) 0:7.0.12-lp154.2.43.1 (noarch) 0:7.0.12-lp154.2.43.1 (x86_64) 0:7.0.12_k5.14.21_150400.24.92-lp154.2.43.1 (x86_64) 0:104.0.4944.36-lp154.2.59.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.4.8.8-bp155.2.3.1 (aarch64|ppc64le|x86_64) 0:3.0.20-bp154.2.6.1 (noarch) 0:3.0.20-bp154.2.6.1 (aarch64|x86_64) 0:119.0.6045.123-bp155.2.55.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.20231023-bp155.5.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.42-bp154.2.6.1 (aarch64|i586|s390x|x86_64) 0:1.42-bp154.2.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.42-bp154.2.6.1 (aarch64|x86_64) 0:119.0.6045.159-bp155.2.58.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.22.0-lp155.3.4.1 (x86_64) 0:1.22.0-lp155.3.4.1 (aarch64_ilp32) 0:1.22.0-lp155.3.4.1 (noarch) 0:1.22.0-lp155.3.4.1 (noarch) 0:2.14.4-bp154.2.3.1 (x86_64) 0:105.0.4970.21-lp154.2.62.1 (aarch64|x86_64) 0:119.0.6045.199-bp155.2.61.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.7.8-bp154.3.5.1 (noarch) 0:1.11.29-bp154.2.9.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.0.9-bp155.2.3.1 (noarch) 0:2.0.9-bp155.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.6.2-bp155.2.3.1 (x86_64) 0:105.0.4970.34-lp154.2.65.1 (aarch64|ppc64le|s390x|x86_64) 0:3.35.1-bp154.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.3.1-bp154.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.22.0-lp155.3.7.1 (x86_64) 0:1.22.0-lp155.3.7.1 (aarch64_ilp32) 0:1.22.0-lp155.3.7.1 (noarch) 0:1.22.0-lp155.3.7.1 (aarch64|x86_64) 0:6.2.4-bp154.2.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.0.50-bp154.2.9.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.3.8b-bp155.2.3.1 (noarch) 0:1.3.8b-bp155.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:5.12.2-bp154.2.3.1 (noarch) 0:5.12.2-bp154.2.3.1 (x86_64) 0:95.0.4635.25-lp154.2.38.1 (aarch64|x86_64) 0:110.0.5481.77-bp154.2.67.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.9.3-bp154.2.3.1 (noarch) 0:5.2.1-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.06.0.1-bp154.2.9.1 (noarch) 0:2.2.28-bp154.2.6.1 (aarch64|x86_64) 0:110.0.5481.177-bp154.2.70.1 (noarch) 0:2.2.28-bp154.2.9.1 (x86_64) 0:96.0.4693.20-lp154.2.41.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.37.3-bp154.2.9.1 (x86_64) 0:96.0.4693.31-lp154.2.44.1 (aarch64|x86_64) 0:111.0.5563.64-bp154.2.73.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.1-bp154.3.3.1 (aarch64|x86_64) 0:9.1.0-bp154.2.3.1 (noarch) 0:9.1.0-bp154.2.3.1 (noarch) 0:1.11.29-bp154.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.0.7-bp154.3.3.1 (noarch) 0:3.0.7-bp154.3.3.1 (aarch64|x86_64) 0:111.0.5563.110-bp154.2.76.1 (noarch) 0:23.0.12-bp154.2.3.1 (aarch64|i586|x86_64) 0:2.53.16-bp154.2.6.2 (aarch64|ppc64le|s390x|x86_64) 0:4.0.2-bp154.4.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:5.2.3-bp154.2.3.1 (noarch) 0:3.8.0-bp154.2.3.1 (aarch64|x86_64) 0:3.8.0-bp154.2.3.1 (aarch64|x86_64) 0:112.0.5615.121-bp154.2.79.1 (aarch64|x86_64) 0:112.0.5615.165-bp154.2.84.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.14.1-bp154.2.3.1 (noarch) 0:1.14.1-bp154.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.21.2-bp154.2.3.1 (x86_64) 0:106.0.4998.19-lp154.2.68.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.80-bp154.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.1-150000.1.11.1 (aarch64|x86_64) 0:1.18.1-150000.1.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.17.9-150000.1.28.1 (aarch64|x86_64) 0:1.17.9-150000.1.28.1 (noarch) 0:1.10.7-150200.4.6.1 (noarch) 0:2.36.0-150200.32.1 (aarch64|ppc64le|s390x|x86_64) 0:2.32.1-150100.4.9.2 (aarch64|ppc64le|s390x|x86_64) 0:1.0.0-150200.3.12.1 (x86_64) 0:1.0.0-150200.3.12.1 (noarch) 0:2.4.2-150100.6.12.1 (noarch) 0:20.0.2-150100.6.18.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.12-150200.4.32.1 (noarch) 0:12.22.12-150200.4.32.1 (aarch64|ppc64le|s390x|x86_64) 0:14.19.1-150200.15.31.1 (noarch) 0:14.19.1-150200.15.31.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.1-150300.2.7.1 (aarch64|ppc64le|s390x|x86_64) 0:0.99.beta19.git20171003-150200.11.6.1 (x86_64) 0:0.99.beta19.git20171003-150200.11.6.1 (noarch) 0:0.99.beta19.git20171003-150200.11.6.1 (aarch64|ppc64le|s390x|x86_64) 0:19.10.0-150200.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.14-150000.3.25.1 (x86_64) 0:2.0.14-150000.3.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.35.3-150300.10.12.1 (noarch) 0:2.35.3-150300.10.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.10-150300.4.8.1 (x86_64) 0:3.9.10-150300.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.10-150300.4.8.2 (x86_64) 0:3.9.10-150300.4.8.2 (aarch64|ppc64le|s390x|x86_64) 0:3.11.9-150000.5.14.1 (aarch64|x86_64) 0:3.1.1260.0-150000.5.9.2 (aarch64|ppc64le|s390x|x86_64) 0:2.5.9-150000.4.23.1 (noarch) 0:2.5.9-150000.4.23.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.15.0-150000.3.80.1 (noarch) 0:11.0.15.0-150000.3.80.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.11-150000.3.6.2 (aarch64|ppc64le|s390x|x86_64) 0:0.2.12-150000.4.4.1 (x86_64) 0:0.2.12-150000.4.4.1 (aarch64|ppc64le|s390x|x86_64) 0:0.17.0-150200.5.7.1 (aarch64|ppc64le|s390x|x86_64) 0:4.30-150300.3.3.1 (noarch) 0:4.30-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0-150300.6.29.1 (noarch) 0:7.1.0-150300.6.29.1 (aarch64|ppc64le|s390x|x86_64) 0:5.2.1-150000.4.8.1 (x86_64) 0:5.2.1-150000.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10-150200.10.1 (aarch64|ppc64le|s390x|x86_64) 0:0.103.6-150000.3.38.1 (aarch64|ppc64le|s390x|x86_64) 0:2.13.0-150200.12.6.1 (noarch) 0:2.13.0-150200.12.6.1 (aarch64|ppc64le|s390x|x86_64) 0:20.11.9-150300.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.46-150200.14.8.1 (x86_64) 0:2.4.46-150200.14.8.1 (noarch) 0:2.4.46-150200.14.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2-150200.14.8.1 (noarch) 0:2.13.0-150200.3.6.1 (noarch) 0:2.13.0-150200.3.3.1 (noarch) 0:2.13.0-150200.3.9.1 (noarch) 0:2.13.0-150200.3.3.3 (aarch64|x86_64) 0:5.3.18-150300.59.68.1 (aarch64) 0:5.3.18-150300.59.68.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.11-150000.68.1 (aarch64|ppc64le|s390x|x86_64) 0:20.10.14_ce-150000.163.1 (noarch) 0:20.10.14_ce-150000.163.1 (aarch64|ppc64le|s390x|x86_64) 0:8.17.0-150200.10.22.1 (noarch) 0:8.17.0-150200.10.22.1 (aarch64|ppc64le|s390x|x86_64) 0:10.24.1-150000.1.44.1 (noarch) 0:10.24.1-150000.1.44.1 (aarch64|ppc64le|s390x|x86_64) 0:1.46.4-150400.3.3.1 (x86_64) 0:1.46.4-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:91.9.0-150200.8.68.2 (aarch64|ppc64le|s390x|x86_64) 0:7.2.5-150000.4.92.1 (x86_64) 0:20220510-150200.14.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.1-150300.6.2 (aarch64|ppc64le|s390x|x86_64) 0:91.9.0-150200.152.37.3 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.46.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.25-150400.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.25-150400.4.3.2 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-150200.10.26.1 (x86_64) 0:7.0.7.34-150200.10.26.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.6-150200.3.38.2 (aarch64|ppc64le|s390x|x86_64) 0:1.18.2-150000.1.17.1 (aarch64|x86_64) 0:1.18.2-150000.1.17.1 (aarch64|ppc64le|s390x|x86_64) 0:91.9.1-150200.152.40.1 (aarch64|ppc64le|s390x|x86_64) 0:20.11.9-150200.6.10.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.7-150000.3.32.1 (x86_64) 0:2.2.7-150000.3.32.1 (aarch64|ppc64le|s390x|x86_64) 0:1.17.10-150000.1.34.1 (aarch64|x86_64) 0:1.17.10-150000.1.34.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-150000.45.8.1 (x86_64) 0:4.0.9-150000.45.8.1 (aarch64|ppc64le|s390x|x86_64) 0:0.3.1-150000.1.13.1 (aarch64|ppc64le|s390x|x86_64) 0:10.21-150100.8.47.1 (noarch) 0:10.21-150100.8.47.1 (aarch64|x86_64) 0:19.11.4_k5.3.18_150300.59.63-150300.11.1 (aarch64) 0:19.11.4_k5.3.18_150300.59.63-150300.11.1 (aarch64|ppc64le|s390x|x86_64) 0:12.11-150200.8.32.1 (noarch) 0:12.11-150200.8.32.1 (aarch64|ppc64le|s390x|x86_64) 0:13.7-150200.5.28.1 (noarch) 0:13.7-150200.5.28.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.10-150400.3.3.1 (x86_64) 0:1.0.10-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:14.3-150200.5.12.2 (x86_64) 0:14.3-150200.5.12.2 (noarch) 0:14.3-150200.5.12.2 (noarch) 0:1.10.8-150300.4.3.1 (noarch) 0:1.10.8-150300.4.3.2 (aarch64|ppc64le|s390x|x86_64) 0:1.10.8-150300.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.8-150300.4.3.2 (aarch64|ppc64le|s390x|x86_64) 0:2.9.2-150400.3.3.1 (noarch) 0:2.9.2-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:91.10.0-150200.152.43.1 (noarch) 0:20220509-150400.4.5.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.6-150000.5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.10-150400.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.10-150400.4.3.2 (aarch64|ppc64le|s390x|x86_64) 0:6.2.6-150400.3.3.7 (aarch64|ppc64le|s390x|x86_64) 0:3.5.1-150400.3.3.1 (x86_64) 0:3.5.1-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.6-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.17.11-150000.1.37.1 (aarch64|x86_64) 0:1.17.11-150000.1.37.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.3-150000.1.20.1 (aarch64|x86_64) 0:1.18.3-150000.1.20.1 (aarch64|ppc64le|s390x|x86_64) 0:2.06-150400.11.5.2 (noarch) 0:2.06-150400.11.5.2 (s390x) 0:2.06-150400.11.5.2 (noarch) 0:2.8.9-150200.3.6.3 (noarch) 0:3.10.6-150200.3.3.2 (aarch64) 0:2021.10-150400.4.5.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.10-150400.4.5.1 (aarch64) 0:2020.01-150200.10.12.1 (aarch64|ppc64le|s390x|x86_64) 0:91.10.0-150200.8.73.1 (noarch) 0:2.36.3-150400.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.36.3-150400.4.3.1 (x86_64) 0:2.36.3-150400.4.3.1 (noarch) 0:2.36.3-150200.35.1 (aarch64|x86_64) 0:5.3.18-150300.59.71.2 (aarch64) 0:5.3.18-150300.59.71.1 (aarch64|ppc64le|s390x|x86_64) 0:8.2.5038-150000.5.21.1 (noarch) 0:8.2.5038-150000.5.21.1 (aarch64|ppc64le|s390x|x86_64) 0:10.2.44-150000.3.54.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.4-150000.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.4-150000.3.6.1 (ppc64le|x86_64) 0:4.12.14-150100.197.114.2 (s390x) 0:4.12.14-150100.197.114.2 (x86_64) 0:4.12.14-150100.197.114.2 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.114.2 (aarch64|ppc64le|s390x|x86_64) 0:0.23.0-150100.4.7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.0-150100.3.12.1 (aarch64|x86_64) 0:9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 (x86_64) 0:9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.5.1 (aarch64|x86_64) 0:5.3.18-150300.59.76.1 (aarch64) 0:5.3.18-150300.59.76.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.13-150300.4.13.1 (x86_64) 0:3.9.13-150300.4.13.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.0-150200.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.6-150200.3.41.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.3.0-150000.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-150200.10.31.1 (x86_64) 0:7.0.7.34-150200.10.31.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.0-150400.37.5.3 (noarch) 0:6.2.0-150400.37.5.3 (noarch) 0:1.0.0+-150400.37.5.3 (s390x|x86_64) 0:6.2.0-150400.37.5.3 (aarch64|ppc64le|s390x|x86_64) 0:6.2.0-150400.37.5.1 (noarch) 0:1.15.0_0_g2dd4b9b-150400.37.5.3 (noarch) 0:8-150400.37.5.3 (aarch64|ppc64le|s390x|x86_64) 0:6.2.0-150400.37.5.5 (aarch64|ppc64le|x86_64) 0:18.11.9-150100.4.16.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.5-150000.4.95.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.8+git0.d1f8d41e0-150400.3.3.13 (aarch64|ppc64le|s390x|x86_64) 0:3.10.5-150400.4.7.1 (x86_64) 0:3.10.5-150400.4.7.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.25-150400.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.4-150400.3.6.9 (x86_64) 0:2.4.4-150400.3.6.9 (aarch64|ppc64le|s390x|x86_64) 0:2.0.15~git26.1ea6a6803-150400.3.5.1 (aarch64|x86_64) 0:4.16.1_04-150400.4.5.2 (x86_64) 0:4.16.1_04-150400.4.5.2 (noarch) 0:4.16.1_04-150400.4.5.2 (aarch64|ppc64le|s390x|x86_64) 0:22.2.0-150400.5.4.1 (noarch) 0:3.20.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.20.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0.9-150400.6.3.1 (x86_64) 0:7.1.0.9-150400.6.3.1 (noarch) 0:7.1.0.9-150400.6.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.51-150400.6.3.1 (noarch) 0:2.4.51-150400.6.3.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.10-150400.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:3004-150400.8.8.1 (noarch) 0:3004-150400.8.8.1 (aarch64|ppc64le|s390x|x86_64) 0:7.79.1-150400.5.3.1 (x86_64) 0:7.79.1-150400.5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.1-150400.4.7.1 (x86_64) 0:3.0.1-150400.4.7.1 (noarch) 0:3.0.1-150400.4.7.1 (aarch64|ppc64le|s390x|x86_64) 0:4.15.7+git.376.dd43aca9ab2-150400.3.5.3 (aarch64|ppc64le|s390x|x86_64) 0:2.4.2-150400.4.3.11 (x86_64) 0:2.4.2-150400.4.3.11 (x86_64) 0:4.15.7+git.376.dd43aca9ab2-150400.3.5.3 (aarch64|x86_64) 0:4.15.7+git.376.dd43aca9ab2-150400.3.5.3 (noarch) 0:4.15.7+git.376.dd43aca9ab2-150400.3.5.3 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1l-150400.7.7.1 (x86_64) 0:1.1.1l-150400.7.7.1 (noarch) 0:1.1.1l-150400.7.7.1 (aarch64|ppc64le|s390x|x86_64) 0:91.11.0-150200.152.48.1 (aarch64|ppc64le|s390x|x86_64) 0:91.11.0-150200.8.76.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-150000.3.56.1 (x86_64) 0:1.0.2p-150000.3.56.1 (noarch) 0:1.0.2p-150000.3.56.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.8-150300.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:4.10.0+git40.0f4de473-150400.3.7.1 (noarch) 0:4.10.0+git40.0f4de473-150400.3.7.1 (aarch64|x86_64) 0:12-150100.11.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.6-150000.73.2 (aarch64|ppc64le|s390x|x86_64) 0:20.10.17_ce-150000.166.1 (noarch) 0:20.10.17_ce-150000.166.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.3-150000.30.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.41.1 (x86_64) 0:2.7.18-150000.41.1 (noarch) 0:2.7.18-150000.41.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.3-150300.8.9.1 (noarch) 0:1.9.3-150300.8.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.27.1 (x86_64) 0:3.6.15-150300.10.27.1 (aarch64|ppc64le|s390x|x86_64) 0:5.6-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:10.39-150400.4.3.1 (x86_64) 0:10.39-150400.4.3.1 (noarch) 0:10.39-150400.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:8.45-150000.20.13.1 (x86_64) 0:8.45-150000.20.13.1 (noarch) 0:8.45-150000.20.13.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150400.38.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150200.22.5.55.1 (aarch64|ppc64le|s390x|x86_64) 0:6.15-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.1-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.18.1-150400.3.7.1 (x86_64) 0:2.0.8_k5.3.18_8.13-150300.19.5.3 (noarch) 0:1.7.1-150200.3.3.1 (ppc64le|x86_64) 0:4.12.14-150100.197.117.1 (s390x) 0:4.12.14-150100.197.117.1 (x86_64) 0:4.12.14-150100.197.117.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.117.1 (aarch64|ppc64le|s390x|x86_64) 0:14.20.0-150200.15.34.1 (noarch) 0:14.20.0-150200.15.34.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.12-150200.4.35.1 (noarch) 0:12.22.12-150200.4.35.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.15-150200.62.1 (aarch64|ppc64le|s390x|x86_64) 0:16.16.0-150400.3.3.2 (noarch) 0:16.16.0-150400.3.3.2 (aarch64) 0:5.14.21-150400.24.11.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.11.1 (ppc64le|x86_64) 0:5.14.21-150400.24.11.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.11.1.150400.24.3.6 (noarch) 0:5.14.21-150400.24.11.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.11.1 (s390x) 0:5.14.21-150400.24.11.1 (noarch) 0:2.36.4-150400.4.6.2 (aarch64|ppc64le|s390x|x86_64) 0:2.36.4-150400.4.6.2 (x86_64) 0:2.36.4-150400.4.6.2 (noarch) 0:2.36.4-150200.38.2 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.332-150000.3.67.1 (noarch) 0:1.8.0.332-150000.3.67.1 (noarch) 0:0.38.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.38.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.34-150000.3.23.1 (x86_64) 0:4.34-150000.3.23.1 (s390x) 0:2.19.0-150400.7.4.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.27-150300.3.5.1 (noarch) 0:2.2.27-150300.3.5.1 (aarch64) 0:5.3.18-150300.59.87.1 (aarch64|ppc64le|s390x|x86_64) 0:2.35.3-150300.10.15.1 (noarch) 0:2.35.3-150300.10.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.14-150400.5.7.1 (x86_64) 0:2.9.14-150400.5.7.1 (noarch) 0:2.9.14-150400.5.7.1 (aarch64|ppc64le|s390x|x86_64) 0:10.6.8-150400.3.7.1 (noarch) 0:10.6.8-150400.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:10.39-150400.4.6.1 (x86_64) 0:10.39-150400.4.6.1 (noarch) 0:10.39-150400.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.44.2-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.3-150000.1.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.4-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.79-150400.3.7.1 (x86_64) 0:3.79-150400.3.7.1 (aarch64|x86_64) 0:4.16.1_06-150400.4.8.1 (x86_64) 0:4.16.1_06-150400.4.8.1 (noarch) 0:4.16.1_06-150400.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0+20210519.bfb2f92-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:91.12.0-150200.152.53.1 (aarch64|x86_64) 0:5.14.21-150400.14.7.1 (noarch) 0:5.14.21-150400.14.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.3.1 (noarch) 0:2.10.30-150400.3.3.1 (x86_64) 0:2.10.30-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5+git.490.e80cf669f50-150100.3.70.1 (x86_64) 0:4.9.5+git.490.e80cf669f50-150100.3.70.1 (aarch64|ppc64le|s390x|x86_64) 0:20201225-150400.5.8.1 (noarch) 0:20201225-150400.5.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10-150400.23.2.1 (aarch64|ppc64le|x86_64) 0:0.5.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.17.3-150400.23.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-150000.45.11.1 (x86_64) 0:4.0.9-150000.45.11.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr7.10-150000.3.59.1 (x86_64) 0:1.8.0_sr7.10-150000.3.59.1 (aarch64|ppc64le|s390x|x86_64) 0:4.11.14+git.325.2e31b7efa01-150200.4.41.1 (x86_64) 0:4.11.14+git.325.2e31b7efa01-150200.4.41.1 (aarch64) 0:2020.01-150200.10.15.1 (noarch) 0:42.2.25-150400.3.3.2 (aarch64|ppc64le|s390x|x86_64) 0:9.0.30~1+git.10bee2d5-150400.3.2.9 (aarch64) 0:9.0.30~1+git.10bee2d5_k5.14.21_150400.24.11-150400.3.2.9 (aarch64|ppc64le|s390x|x86_64) 0:9.0.30~1+git.10bee2d5_k5.14.21_150400.24.11-150400.3.2.9 (aarch64) 0:2.0.8_k5.14.21_150400.24.11-150400.25.2.8 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8_k5.14.21_150400.24.11-150400.25.2.8 (noarch) 0:6.3.2-150400.4.11.1 (aarch64|ppc64le|s390x|x86_64) 0:4.15.8+git.500.d5910280cc7-150400.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.3-150400.4.8.1 (x86_64) 0:2.4.3-150400.4.8.1 (x86_64) 0:4.15.8+git.500.d5910280cc7-150400.3.11.1 (aarch64|x86_64) 0:4.15.8+git.500.d5910280cc7-150400.3.11.1 (noarch) 0:4.15.8+git.500.d5910280cc7-150400.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:17.0.4.0-150400.3.3.1 (noarch) 0:17.0.4.0-150400.3.3.1 (aarch64) 0:2021.10-150400.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.10-150400.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.0-150400.3.3.1 (x86_64) 0:3.4.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.2-150000.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.17.13-150000.1.42.1 (aarch64|x86_64) 0:1.17.13-150000.1.42.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.5-150000.1.25.1 (aarch64|x86_64) 0:1.18.5-150000.1.25.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35-150100.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.1-150400.3.3.28 (aarch64|ppc64le|s390x|x86_64) 0:5.4.0-150000.4.15.1 (x86_64) 0:5.4.0-150000.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.3-150400.3.3.19 (noarch) 0:1.7.3-150400.3.3.19 (noarch) 0:0.38.0-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.38.0-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.3.0-150400.3.2.6 (x86_64) 0:7.3.0-150400.3.2.6 (aarch64) 0:7.3.0_k5.14.21_150400.24.11-150400.3.2.6 (aarch64|ppc64le|s390x|x86_64) 0:7.3.0_k5.14.21_150400.24.11-150400.3.2.6 (aarch64|ppc64le|s390x|x86_64) 0:11.0.16.0-150000.3.83.1 (noarch) 0:11.0.16.0-150000.3.83.1 (aarch64|ppc64le|s390x|x86_64) 0:9.16.31-150400.5.6.1 (noarch) 0:9.16.31-150400.5.6.1 (aarch64|ppc64le|s390x|x86_64) 0:6.1-150000.5.12.1 (x86_64) 0:6.1-150000.5.12.1 (aarch64|x86_64) 0:5.14.21-150400.14.10.1 (noarch) 0:5.14.21-150400.14.10.1 (aarch64|ppc64le|s390x|x86_64) 0:91.12.0-150200.8.79.1 (noarch) 0:2.0.15-150100.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.4-150300.8.12.1 (noarch) 0:1.12.4-150300.8.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.2-150400.4.5.14 (aarch64) 0:5.14.21-150400.24.18.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.18.1 (ppc64le|x86_64) 0:5.14.21-150400.24.18.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.18.1.150400.24.5.4 (noarch) 0:5.14.21-150400.24.18.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.18.1 (s390x) 0:5.14.21-150400.24.18.1 (aarch64|ppc64le|s390x|x86_64) 0:16.2.9.536+g41a9f9a5573-150400.3.3.1 (noarch) 0:16.2.9.536+g41a9f9a5573-150400.3.3.1 (x86_64) 0:16.2.9.536+g41a9f9a5573-150400.3.3.1 (noarch) 0:2.36.5-150200.41.1 (aarch64|ppc64le|s390x|x86_64) 0:3.2.3-150400.3.3.1 (noarch) 0:2.36.5-150400.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.36.5-150400.4.9.1 (x86_64) 0:2.36.5-150400.4.9.1 (ppc64le|x86_64) 0:4.12.14-150100.197.120.1 (s390x) 0:4.12.14-150100.197.120.1 (x86_64) 0:4.12.14-150100.197.120.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.120.1 (noarch) 0:1.1.5-150000.3.2.1 (noarch) 0:1.4-150000.3.2.1 (aarch64|ppc64le|s390x|x86_64) 0:4.5.4-150000.3.3.2 (noarch) 0:1.10.0-150000.5.9.2 (noarch) 0:2.5.0-150000.3.2.2 (noarch) 0:2.1.1-150000.3.2.2 (aarch64|ppc64le|s390x|x86_64) 0:3.4.7-150400.4.3.1 (noarch) 0:3.4.7-150400.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2022.5.17-150000.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:10.24.1-150000.1.47.1 (noarch) 0:10.24.1-150000.1.47.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.345-150000.3.70.1 (noarch) 0:1.8.0.345-150000.3.70.1 (noarch) 0:15-150100.8.17.1 (aarch64) 0:2021.10-150400.4.11.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.10-150400.4.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.4-150000.4.3.1 (noarch) 0:6.01-150000.3.5.1 (aarch64) 0:5.3.18-150300.59.90.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.1-150400.3.3.1 (aarch64|ppc64le|x86_64) 0:19.11.10-150400.4.4.1 (noarch) 0:19.11.10-150400.4.4.1 (aarch64|ppc64le|x86_64) 0:19.11.10_k5.14.21_150400.24.11-150400.4.4.1 (aarch64) 0:19.11.10-150400.4.4.1 (aarch64) 0:19.11.10_k5.14.21_150400.24.11-150400.4.4.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.15-150200.9.12.1 (x86_64) 0:2.0.15-150200.9.12.1 (aarch64|ppc64le|s390x|x86_64) 0:4.7.1-150200.3.10.1 (noarch) 0:4.7.1-150200.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:3.7.3-150400.4.10.1 (x86_64) 0:3.7.3-150400.4.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.184-150300.3.3.1 (noarch) 0:1.0.184-150300.3.3.1 (aarch64|x86_64) 0:12.1.0-150300.19.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.1-150300.11.1 (aarch64|ppc64le|s390x|x86_64) 0:10.22-150100.8.50.1 (noarch) 0:10.22-150100.8.50.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.11-150000.3.33.1 (x86_64) 0:1.2.11-150000.3.33.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr7.11-150000.3.62.1 (x86_64) 0:1.8.0_sr7.11-150000.3.62.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.3-150200.3.9.1 (x86_64) 0:20220809-150200.18.1 (aarch64|ppc64le|s390x|x86_64) 0:13.8-150200.5.31.1 (noarch) 0:13.8-150200.5.31.1 (aarch64|ppc64le|s390x|x86_64) 0:12.12-150200.8.35.1 (noarch) 0:12.12-150200.8.35.1 (aarch64|ppc64le|s390x|x86_64) 0:14.5-150200.5.17.1 (x86_64) 0:14.5-150200.5.17.1 (noarch) 0:14.5-150200.5.17.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.0-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.42.8-150400.5.3.1 (x86_64) 0:2.42.8-150400.5.3.1 (noarch) 0:2.42.8-150400.5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0.9-150400.6.6.1 (x86_64) 0:7.1.0.9-150400.6.6.1 (noarch) 0:7.1.0.9-150400.6.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.79.1-150400.5.6.1 (x86_64) 0:7.79.1-150400.5.6.1 (noarch) 0:2.2.3-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:91.13.0-150200.152.56.2 (aarch64|ppc64le|s390x|x86_64) 0:91-150200.9.7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.345-150200.3.24.1 (noarch) 0:1.8.0.345-150200.3.24.1 (noarch) 0:3.4.2-150200.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.6-150400.3.3.1 (aarch64|ppc64le|x86_64) 0:2021.6-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.13.2-150200.9.17.1 (aarch64|ppc64le|s390x|x86_64) 0:20.03.1-150200.9.17.1 (aarch64|ppc64le|s390x|x86_64) 0:2.14.2-150400.24.3.1 (aarch64|ppc64le|s390x|x86_64) 0:20.06.2-150400.24.3.1 (noarch) 0:2.14.2-150400.24.3.1 (noarch) 0:20.06.2-150400.24.3.1 (noarch) 0:0.12.13-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.6.2 (noarch) 0:2.10.30-150400.3.6.2 (x86_64) 0:2.10.30-150400.3.6.2 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-150200.10.36.1 (x86_64) 0:7.0.7.34-150200.10.36.1 (noarch) 0:2.36.7-150400.4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.36.7-150400.4.12.1 (x86_64) 0:2.36.7-150400.4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:60.2-150000.3.12.1 (x86_64) 0:60.2-150000.3.12.1 (noarch) 0:60.2-150000.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:65.1-150200.4.5.1 (x86_64) 0:65.1-150200.4.5.1 (noarch) 0:65.1-150200.4.5.1 (aarch64|ppc64le|s390x|x86_64) 0:2.42.9-150400.5.6.1 (x86_64) 0:2.42.9-150400.5.6.1 (noarch) 0:2.42.9-150400.5.6.1 (aarch64|ppc64le|s390x|x86_64) 0:10.6.9-150400.3.12.1 (noarch) 0:10.6.9-150400.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0-150000.4.3.1 (x86_64) 0:2.1.0-150000.4.3.1 (noarch) 0:2.9.27-150000.1.14.1 (noarch) 0:0.1.1657643023.0d694ce-150000.1.35.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.0-150000.1.15.1 (aarch64|ppc64le|s390x|x86_64) 0:0.19.0-150000.1.11.1 (noarch) 0:2.3.5-150000.3.9.1 (noarch) 0:4.3.14-150000.3.83.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.0-150000.1.6.1 (noarch) 0:1.0.5-150400.9.3.3 (aarch64|ppc64le|s390x|x86_64) 0:9.0.0313-150000.5.25.1 (noarch) 0:9.0.0313-150000.5.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.2-150400.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:4.15.8+git.527.8d0c05d313e-150400.3.14.1 (x86_64) 0:4.15.8+git.527.8d0c05d313e-150400.3.14.1 (aarch64|x86_64) 0:4.15.8+git.527.8d0c05d313e-150400.3.14.1 (noarch) 0:4.15.8+git.527.8d0c05d313e-150400.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.184-150300.3.6.1 (noarch) 0:1.0.184-150300.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4-150300.4.7.1 (aarch64|ppc64le|s390x|x86_64) 0:5.62-150400.4.5.1 (noarch) 0:5.62-150400.4.5.1 (x86_64) 0:5.62-150400.4.5.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.2-150200.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.103.7-150000.3.41.1 (aarch64|ppc64le|s390x|x86_64) 0:16.17.0-150400.3.6.1 (noarch) 0:16.17.0-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.4-150000.4.12.1 (x86_64) 0:2.10.4-150000.4.12.1 (noarch) 0:2.10.4-150000.4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.15.0-150000.3.3.1 (aarch64) 0:5.3.18-150300.59.93.1 (aarch64|ppc64le|s390x|x86_64) 0:5.26.1-150300.17.11.1 (x86_64) 0:5.26.1-150300.17.11.1 (noarch) 0:5.26.1-150300.17.11.1 (aarch64|ppc64le|s390x|x86_64) 0:102.2.2-150200.8.82.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.0-150400.3.3.1 (x86_64) 0:1.3.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.16~git20.219f047ae-150400.3.10.1 (aarch64|x86_64) 0:5.14.21-150400.14.13.1 (noarch) 0:5.14.21-150400.14.13.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.9-150000.4.26.1 (noarch) 0:2.5.9-150000.4.26.1 (aarch64) 0:5.14.21-150400.24.21.2 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.21.2 (aarch64) 0:5.14.21-150400.24.21.1 (ppc64le|x86_64) 0:5.14.21-150400.24.21.2 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.21.2.150400.24.7.2 (noarch) 0:5.14.21-150400.24.21.2 (noarch) 0:5.14.21-150400.24.21.3 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.21.2 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.21.1 (s390x) 0:5.14.21-150400.24.21.2 (aarch64|ppc64le|s390x|x86_64) 0:1.2.6-150300.3.14.1 (x86_64) 0:1.2.6-150300.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.1-150400.3.6.1 (x86_64) 0:3.5.1-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.39.3-150000.3.17.1 (x86_64) 0:3.39.3-150000.3.17.1 (noarch) 0:3.39.3-150000.3.17.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.8-150000.3.74.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.5-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.6-150000.1.31.1 (aarch64|x86_64) 0:1.18.6-150000.1.31.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.1-150000.1.9.1 (aarch64|x86_64) 0:1.19.1-150000.1.9.1 (aarch64|ppc64le|s390x|x86_64) 0:6.7.0-150000.3.3.1 (x86_64) 0:0.54.0-150400.3.3.2 (x86_64) 0:1.51.0-150400.4.3.1 (aarch64|ppc64le|x86_64) 0:19.11.10-150400.4.7.1 (noarch) 0:19.11.10-150400.4.7.1 (aarch64|ppc64le|x86_64) 0:19.11.10_k5.14.21_150400.24.18-150400.4.7.1 (aarch64) 0:19.11.10-150400.4.7.1 (aarch64) 0:19.11.10_k5.14.21_150400.24.18-150400.4.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8-150000.3.9.1 (noarch) 0:2.36.7-150200.44.1 (aarch64|ppc64le|s390x|x86_64) 0:20201225-150400.5.11.1 (noarch) 0:20201225-150400.5.11.1 (aarch64|ppc64le|s390x|x86_64) 0:102.3.0-150200.152.61.1 (aarch64|ppc64le|s390x|x86_64) 0:102-150200.9.10.1 (noarch) 0:1.31-150200.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:6.00-150000.4.11.1 (aarch64|ppc64le|s390x|x86_64) 0:0.99.beta19.git20171003-150200.11.9.1 (x86_64) 0:0.99.beta19.git20171003-150200.11.9.1 (noarch) 0:0.99.beta19.git20171003-150200.11.9.1 (ppc64le|x86_64) 0:4.12.14-150100.197.123.1 (s390x) 0:4.12.14-150100.197.123.1 (x86_64) 0:4.12.14-150100.197.123.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.123.1 (aarch64|ppc64le|x86_64) 0:18.11.9-150100.4.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.62.1-150300.7.7.1 (aarch64|ppc64le|s390x|x86_64) 0:18.08.9-150000.1.17.1 (aarch64|ppc64le|s390x|x86_64) 0:18.08.9-150100.3.22.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.7-150400.4.10.1 (x86_64) 0:3.10.7-150400.4.10.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.14-150300.4.16.1 (x86_64) 0:3.9.14-150300.4.16.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.0-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0.9-150400.6.9.1 (x86_64) 0:7.1.0.9-150400.6.9.1 (noarch) 0:7.1.0.9-150400.6.9.1 (noarch) 0:2.36.8-150400.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.36.8-150400.4.15.1 (x86_64) 0:2.36.8-150400.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.4-150400.3.9.1 (x86_64) 0:2.4.4-150400.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:20.02.7-150200.3.14.2 (aarch64|ppc64le|s390x|x86_64) 0:20.02.7-150100.3.24.1 (aarch64|ppc64le|s390x|x86_64) 0:0.28.4-150200.3.3.1 (x86_64) 0:0.28.4-150200.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.26.8-150000.3.15.1 (x86_64) 0:0.26.8-150000.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.5-150400.4.3.1 (noarch) 0:1.4.5-150400.4.3.1 (x86_64) 0:1.4.5-150400.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.44.1 (x86_64) 0:2.7.18-150000.44.1 (noarch) 0:2.7.18-150000.44.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.3-150000.32.5.1 (aarch64|ppc64le|s390x|x86_64) 0:6.15-150400.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:5.7-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:17.11.13-150000.6.40.1 (noarch) 0:42.2.25-150400.3.6.1 (noarch) 0:2.36.8-150200.47.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.13-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.30.1 (x86_64) 0:3.6.15-150300.10.30.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-150200.10.39.1 (x86_64) 0:7.0.7.34-150200.10.39.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.12-150000.3.9.1 (aarch64|x86_64) 0:5.14.21-150400.14.16.1 (noarch) 0:5.14.21-150400.14.16.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.1-150200.69.1 (aarch64|ppc64le|s390x|x86_64) 0:0.26-150000.6.16.1 (noarch) 0:0.26-150000.6.16.1 (x86_64) 0:0.26-150000.6.16.1 (aarch64|ppc64le|s390x|x86_64) 0:14.20.1-150200.15.37.1 (noarch) 0:14.20.1-150200.15.37.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.12-150200.4.38.1 (noarch) 0:12.22.12-150200.4.38.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.4-150000.3.9.1 (aarch64|ppc64le|x86_64) 0:7.3.6.2-150300.14.22.24.2 (noarch) 0:7.3.6.2-150300.14.22.24.2 (aarch64|ppc64le|s390x|x86_64) 0:1.27.1-150400.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:16.17.1-150400.3.9.1 (noarch) 0:16.17.1-150400.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.24-150400.4.14.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.4-150000.1.10.3 (noarch) 0:3.9.4-150000.1.10.3 (noarch) 0:1.8-150100.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.7-150000.1.34.1 (aarch64|x86_64) 0:1.18.7-150000.1.34.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.2-150000.1.12.1 (aarch64|x86_64) 0:1.19.2-150000.1.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.14-150000.3.28.1 (x86_64) 0:2.0.14-150000.3.28.1 (aarch64|ppc64le|s390x|x86_64) 0:9.16.6-150300.22.21.2 (aarch64|ppc64le|s390x|x86_64) 0:1.3.5-150000.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-150000.45.16.1 (x86_64) 0:4.0.9-150000.45.16.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.14-150400.5.10.1 (x86_64) 0:2.9.14-150400.5.10.1 (noarch) 0:2.9.14-150400.5.10.1 (ppc64le|x86_64) 0:4.12.14-150100.197.126.1 (s390x) 0:4.12.14-150100.197.126.1 (x86_64) 0:4.12.14-150100.197.126.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.126.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.0+62+suse.3e048d4-150400.4.7.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.3+173+suse.7dd1b01-150000.3.29.1 (aarch64|ppc64le|s390x|x86_64) 0:102.4.0-150200.152.64.1 (aarch64|x86_64) 0:4.16.2_06-150400.4.11.1 (x86_64) 0:4.16.2_06-150400.4.11.1 (noarch) 0:4.16.2_06-150400.4.11.1 (x86_64) 0:9.16.6-150000.12.63.1 (noarch) 0:2.4.3-150100.6.15.1 (noarch) 0:1.4.3-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.0-150100.3.18.1 (noarch) 0:0.1.1661440542.6cbe0da-150000.1.38.1 (aarch64|ppc64le|s390x|x86_64) 0:0.11.0-150000.1.12.1 (noarch) 0:4.3.15-150000.3.86.1 (aarch64|ppc64le|s390x|x86_64) 0:8.3.10-150200.3.26.1 (aarch64|ppc64le|s390x|x86_64) 0:9.16.33-150400.5.11.1 (noarch) 0:9.16.33-150400.5.11.1 (aarch64) 0:5.3.18-150300.59.98.1 (aarch64|ppc64le|s390x|x86_64) 0:0.15.1b-150000.5.3.1 (x86_64) 0:0.15.1b-150000.5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.13-150000.4.8.1 (x86_64) 0:4.13-150000.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:7.79.1-150400.5.9.1 (x86_64) 0:7.79.1-150400.5.9.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.0-150400.37.8.2 (noarch) 0:6.2.0-150400.37.8.2 (noarch) 0:1.0.0+-150400.37.8.2 (s390x|x86_64) 0:6.2.0-150400.37.8.2 (aarch64|ppc64le|s390x|x86_64) 0:6.2.0-150400.37.8.1 (noarch) 0:1.15.0_0_g2dd4b9b-150400.37.8.2 (noarch) 0:8-150400.37.8.2 (aarch64|ppc64le|s390x|x86_64) 0:6.2.0-150400.37.8.4 (aarch64|ppc64le|s390x|x86_64) 0:102.4.0-150200.8.85.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.0-150000.3.8.1 (x86_64) 0:2.3.0-150000.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.2-150400.18.5.1 (x86_64) 0:1.12.2-150400.18.5.1 (noarch) 0:1.12.2-150400.18.5.1 (aarch64|ppc64le|s390x|x86_64) 0:2.8-150000.3.3.1 (noarch) 0:2.8-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.7-150400.4.6.1 (noarch) 0:3.4.7-150400.4.6.1 (noarch) 0:2.3.3-150000.7.3.1 (ppc64le) 0:1.10.8-150100.7.7.1 (noarch) 0:1.10.8-150300.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.8-150300.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.5-150000.4.98.2 (aarch64|ppc64le|s390x|x86_64) 0:0.9.6-150300.3.6.1 (noarch) 0:3.0.0-150100.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:10.24.1-150000.1.50.1 (noarch) 0:10.24.1-150000.1.50.1 (aarch64|ppc64le|s390x|x86_64) 0:3.26.2-150000.4.3.1 (x86_64) 0:3.26.2-150000.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.1-150400.4.11.1 (x86_64) 0:3.0.1-150400.4.11.1 (noarch) 0:3.0.1-150400.4.11.1 (aarch64) 0:5.14.21-150400.24.28.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.28.1 (ppc64le|x86_64) 0:5.14.21-150400.24.28.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.28.1.150400.24.9.5 (noarch) 0:5.14.21-150400.24.28.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.28.1 (s390x) 0:5.14.21-150400.24.28.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150200.22.5.58.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150400.38.8.1 (aarch64|ppc64le|s390x|x86_64) 0:2022.5.17-150000.3.16.1 (noarch) 0:3.4.2-150200.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.2-150000.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.51.1 (noarch) 0:2.6.0-150000.5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.4-150400.3.12.1 (x86_64) 0:2.4.4-150400.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:0.27.5-150400.15.4.1 (noarch) 0:0.27.5-150400.15.4.1 (aarch64|ppc64le|s390x|x86_64) 0:0.26-150400.9.16.1 (x86_64) 0:0.26-150400.9.16.1 (x86_64) 0:0.27.5-150400.15.4.1 (noarch) 0:8.15.2-150000.8.9.1 (aarch64|ppc64le|s390x|x86_64) 0:8.15.2-150000.8.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.3-150200.4.6.2 (aarch64|ppc64le|s390x|x86_64) 0:1.20.1-150400.3.3.1 (x86_64) 0:1.20.1-150400.3.3.1 (noarch) 0:1.20.1-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.5-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.2-150200.4.19.2 (x86_64) 0:3.9.2-150200.4.19.2 (noarch) 0:3.9.2-150200.4.19.2 (aarch64|ppc64le|s390x|x86_64) 0:2.35.3-150300.10.18.1 (noarch) 0:2.35.3-150300.10.18.1 (noarch) 0:3.4.2-150000.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.1-150400.3.9.1 (x86_64) 0:3.5.1-150400.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.4-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:330-150200.11.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.0-150400.3.3.1 (aarch64|x86_64) 0:1.35.0-150400.3.3.1 (x86_64) 0:0.54.0-150400.3.5.1 (x86_64) 0:1.51.0-150400.4.5.1 (noarch) 0:1.0.7-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.0-150400.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.5-150000.3.24.1 (x86_64) 0:1.6.5-150000.3.24.1 (noarch) 0:1.6.5-150000.3.24.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.10-150000.4.29.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.6.P1-150000.6.17.1 (noarch) 0:2.13.4.2-150200.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.16~git56.d15a0a7-150400.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150400.4.13.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150400.4.13.2 (aarch64|x86_64) 0:5.14.21-150400.14.21.2 (noarch) 0:5.14.21-150400.14.21.1 (aarch64|x86_64) 0:5.14.21-150400.14.21.1 (aarch64|ppc64le|s390x|x86_64) 0:249.12-150400.8.13.1 (x86_64) 0:249.12-150400.8.13.1 (noarch) 0:249.12-150400.8.13.1 (aarch64|ppc64le|s390x|x86_64) 0:22.2.0-150400.5.7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.9-150400.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:16.18.1-150400.3.12.1 (noarch) 0:16.18.1-150400.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.8-150400.4.15.1 (x86_64) 0:3.10.8-150400.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.25-150400.4.17.1 (aarch64|x86_64) 0:4.16.2_08-150400.4.16.1 (x86_64) 0:4.16.2_08-150400.4.16.1 (noarch) 0:4.16.2_08-150400.4.16.1 (aarch64|ppc64le|s390x|x86_64) 0:4.7.1-150400.3.3.1 (noarch) 0:1.15.3-150200.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.5-150400.14.3.1 (aarch64) 0:5.3.18-150300.59.101.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.3-150000.1.15.1 (aarch64|x86_64) 0:1.19.3-150000.1.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.8-150000.1.37.1 (aarch64|x86_64) 0:1.18.8-150000.1.37.1 (aarch64|ppc64le|s390x|x86_64) 0:246.16-150300.7.54.1 (x86_64) 0:246.16-150300.7.54.1 (aarch64|ppc64le|s390x|x86_64) 0:102.5.0-150200.152.67.3 (aarch64|ppc64le|s390x|x86_64) 0:7.2.34-150000.4.103.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150200.3.46.2 (aarch64|ppc64le|s390x|x86_64) 0:3.9.15-150300.4.21.1 (x86_64) 0:3.9.15-150300.4.21.1 (aarch64) 0:5.14.21-150400.24.33.2 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.33.2 (aarch64) 0:5.14.21-150400.24.33.1 (ppc64le|x86_64) 0:5.14.21-150400.24.33.2 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.33.2.150400.24.11.4 (noarch) 0:5.14.21-150400.24.33.1 (noarch) 0:5.14.21-150400.24.33.2 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.33.2 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.33.1 (s390x) 0:5.14.21-150400.24.33.2 (aarch64|ppc64le|s390x|x86_64) 0:11.0.17.0-150000.3.86.2 (noarch) 0:11.0.17.0-150000.3.86.2 (aarch64|ppc64le|s390x|x86_64) 0:17.0.5.0-150400.3.6.1 (noarch) 0:17.0.5.0-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.0.4-150000.4.4.1 (noarch) 0:1.19.0.4-150000.4.4.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.2-150000.4.10.1 (x86_64) 0:1.5.2-150000.4.10.1 (aarch64|ppc64le|s390x|x86_64) 0:102.5.0-150200.8.90.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4-150300.4.10.1 (aarch64|ppc64le|s390x|x86_64) 0:2.06-150400.11.17.1 (noarch) 0:2.06-150400.11.17.1 (s390x) 0:2.06-150400.11.17.1 (aarch64|ppc64le|s390x|x86_64) 0:2.39-150100.7.40.1 (x86_64) 0:2.39-150100.7.40.1 (ppc64le|s390x|x86_64) 0:2.39-150100.7.40.1 (aarch64|s390x|x86_64) 0:2.39-150100.7.40.1 (aarch64|ppc64le|x86_64) 0:2.39-150100.7.40.1 (aarch64|ppc64le|s390x) 0:2.39-150100.7.40.1 (x86_64) 0:0.54.0-150400.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.2-150400.3.3.1 (x86_64) 0:1.19.2-150400.3.3.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr7.20-150000.3.65.1 (x86_64) 0:1.8.0_sr7.20-150000.3.65.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.6-150400.3.6.1 (x86_64) 0:1.51.0-150400.4.7.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4-150400.3.5.1 (x86_64) 0:4.4-150400.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:5.8.2-150400.19.3.3 (noarch) 0:5.8.2-150400.19.3.3 (noarch) 0:1.19.8-150300.3.9.1 (noarch) 0:6.3.2-150400.4.14.1 (aarch64|ppc64le|s390x|x86_64) 0:5.9.3-150300.15.3.1 (x86_64) 0:5.9.3-150300.15.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.40.0-150400.3.3.1 (x86_64) 0:0.40.0-150400.3.3.1 (noarch) 0:2.38.2-150400.4.22.1 (aarch64|ppc64le|s390x|x86_64) 0:2.38.2-150400.4.22.1 (x86_64) 0:2.38.2-150400.4.22.1 (aarch64|ppc64le|s390x|x86_64) 0:0.26-150400.9.21.1 (x86_64) 0:0.26-150400.9.21.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.1-150400.3.12.1 (x86_64) 0:3.5.1-150400.3.12.1 (noarch) 0:4.8.30-150000.7.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.8.30-150000.7.6.1 (x86_64) 0:4.8.30-150000.7.6.1 (aarch64|ppc64le|s390x|x86_64) 0:22.3-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.0-150400.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.352-150200.3.27.1 (noarch) 0:1.8.0.352-150200.3.27.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.12-150200.4.41.2 (noarch) 0:12.22.12-150200.4.41.2 (aarch64|ppc64le|s390x|x86_64) 0:14.21.1-150200.15.40.2 (noarch) 0:14.21.1-150200.15.40.2 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-150000.45.19.1 (x86_64) 0:4.0.9-150000.45.19.1 (noarch) 0:3.1.21-150300.7.35.15.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.37.2 (x86_64) 0:3.6.15-150300.10.37.2 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.37.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.0814-150000.5.28.1 (noarch) 0:9.0.0814-150000.5.28.1 (noarch) 0:2.38.2-150200.54.2 (aarch64|ppc64le|s390x|x86_64) 0:10.24.1-150000.1.53.1 (noarch) 0:10.24.1-150000.1.53.1 (aarch64|ppc64le|s390x|x86_64) 0:27.2-150400.3.3.1 (noarch) 0:27.2-150400.3.3.1 (noarch) 0:5.2-150200.11.3.1 (noarch) 0:1.44.2-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:102.5.1-150200.8.93.1 (aarch64|ppc64le|s390x|x86_64) 0:1.28.2-150400.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.0-150400.3.8.1 (noarch) 0:1.35.0-150400.4.3.14 (aarch64|x86_64) 0:1.35.0-150400.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:3.8.11-150300.3.11.1 (x86_64) 0:3.34.3-150200.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.4-150000.1.18.1 (aarch64|x86_64) 0:1.19.4-150000.1.18.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.9-150000.1.40.1 (aarch64|x86_64) 0:1.18.9-150000.1.40.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-150000.45.22.1 (x86_64) 0:4.0.9-150000.45.22.1 (aarch64|ppc64le|s390x|x86_64) 0:8.5.13-150200.3.29.5 (noarch) 0:0.1.1665997480.587fa10-150000.1.41.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6-150000.1.9.1 (aarch64|ppc64le|s390x|x86_64) 0:0.13.0-150000.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:0.19.0-150000.1.14.3 (noarch) 0:4.3.16-150000.3.89.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.0-150000.1.9.3 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.352-150000.3.73.1 (noarch) 0:1.8.0.352-150000.3.73.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.10-150000.3.78.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.2-150300.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:102.6.0-150200.152.70.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.12-150000.79.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.1-150400.3.4.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150400.38.13.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150200.22.5.63.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.4-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.5.18-150000.4.6.1 (aarch64|x86_64) 0:5.14.21-150400.14.28.1 (noarch) 0:5.14.21-150400.14.28.1 (ppc64le|x86_64) 0:4.12.14-150100.197.131.1 (s390x) 0:4.12.14-150100.197.131.1 (x86_64) 0:4.12.14-150100.197.131.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.131.1 (aarch64|ppc64le|s390x|x86_64) 0:102.6.0-150200.8.96.1 (aarch64) 0:5.14.21-150400.24.38.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.38.1 (ppc64le|x86_64) 0:5.14.21-150400.24.38.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.38.1.150400.24.13.2 (noarch) 0:5.14.21-150400.24.38.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.38.1 (s390x) 0:5.14.21-150400.24.38.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.1-150400.4.14.1 (x86_64) 0:3.0.1-150400.4.14.1 (noarch) 0:3.0.1-150400.4.14.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.1-150100.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.6-150100.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:7.79.1-150400.5.12.1 (x86_64) 0:7.79.1-150400.5.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.3-150000.1.13.1 (noarch) 0:3.10.3-150000.1.13.1 (aarch64) 0:5.3.18-150300.59.106.1 (x86_64) 0:5.14.21-150400.15.5.1 (noarch) 0:5.14.21-150400.15.5.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.25-150400.4.4.1 (aarch64|ppc64le|s390x|x86_64) 0:3.39.3-150000.3.20.1 (x86_64) 0:3.39.3-150000.3.20.1 (noarch) 0:3.39.3-150000.3.20.1 (aarch64|ppc64le|s390x|x86_64) 0:249.12-150400.8.16.1 (x86_64) 0:249.12-150400.8.16.1 (noarch) 0:249.12-150400.8.16.1 (aarch64|ppc64le|s390x|x86_64) 0:246.16-150300.7.57.1 (x86_64) 0:246.16-150300.7.57.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.1040-150000.5.31.1 (noarch) 0:9.0.1040-150000.5.31.1 (noarch) 0:2.38.3-150400.4.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.38.3-150400.4.25.1 (x86_64) 0:2.38.3-150400.4.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.5-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:102.6.1-150200.8.99.1 (noarch) 0:13.2+20221216.a0c29e6-150400.3.3.1 (noarch) 0:2.38.3-150200.57.1 (aarch64|ppc64le|s390x|x86_64) 0:10.5.15-150300.3.15.1 (noarch) 0:42.2.25-150400.3.9.2 (aarch64|ppc64le|s390x|x86_64) 0:2.35.3-150300.10.21.1 (noarch) 0:2.35.3-150300.10.21.1 (aarch64|ppc64le|s390x|x86_64) 0:102.7.0-150200.152.73.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.9-150400.4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3.79.3-150400.3.23.1 (x86_64) 0:3.79.3-150400.3.23.1 (aarch64|ppc64le|s390x|x86_64) 0:0.1.3-150000.3.4.1 (aarch64|ppc64le|s390x|x86_64) 0:1.66.0-150400.9.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.65.0-150300.7.9.1 (noarch) 0:2018.1.18-150000.3.3.1 (aarch64|x86_64) 0:5.14.21-150400.14.31.1 (noarch) 0:5.14.21-150400.14.31.1 (x86_64) 0:5.14.21-150400.15.8.1 (noarch) 0:5.14.21-150400.15.8.1 (aarch64) 0:5.14.21-150400.24.41.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.41.1 (ppc64le|x86_64) 0:5.14.21-150400.24.41.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.41.1.150400.24.15.1 (noarch) 0:5.14.21-150400.24.41.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.41.1 (s390x) 0:5.14.21-150400.24.41.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.13.1-150200.4.18.1 (aarch64) 0:5.3.18-150300.59.109.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.8+git0.d1f8d41e0-150400.3.6.1 (noarch) 0:1.10.8-150300.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.8-150300.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.2-150400.4.3.1 (noarch) 0:6.2.2-150400.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.26.8-150000.3.18.1 (x86_64) 0:0.26.8-150000.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.1-150000.1.16.1 (noarch) 0:3.11.1-150000.1.16.1 (aarch64|ppc64le|s390x|x86_64) 0:16.2.11.58+g38d6afd3b78-150400.3.6.1 (noarch) 0:16.2.11.58+g38d6afd3b78-150400.3.6.1 (x86_64) 0:16.2.11.58+g38d6afd3b78-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.79.1-150400.5.18.1 (x86_64) 0:7.79.1-150400.5.18.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150200.3.54.1 (noarch) 0:44.1.1-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.15.13+git.591.ab36624310c-150400.3.19.1 (x86_64) 0:4.15.13+git.591.ab36624310c-150400.3.19.1 (aarch64|x86_64) 0:4.15.13+git.591.ab36624310c-150400.3.19.1 (noarch) 0:4.15.13+git.591.ab36624310c-150400.3.19.1 (aarch64|x86_64) 0:5.14.21-150400.14.40.1 (noarch) 0:5.14.21-150400.14.40.1 (x86_64) 0:5.14.21-150400.15.18.1 (noarch) 0:5.14.21-150400.15.18.1 (noarch) 0:1.10.0-150100.5.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.16-150000.82.2 (aarch64|ppc64le|s390x|x86_64) 0:4.11.14+git.384.5dc2c21dce-150200.4.44.1 (x86_64) 0:4.11.14+git.384.5dc2c21dce-150200.4.44.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.2-150000.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.51-150400.6.11.1 (noarch) 0:2.4.51-150400.6.11.1 (x86_64) 0:2.0.8_k5.14.21_150400.15.14-150400.4.2.2 (noarch) 0:0.14.1-150100.6.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.9-150400.4.26.1 (aarch64|ppc64le|s390x|x86_64) 0:5.62-150400.4.8.1 (noarch) 0:5.62-150400.4.8.1 (x86_64) 0:5.62-150400.4.8.1 (noarch) 0:1.4.20-150200.3.25.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150400.38.22.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150200.22.5.72.1 (aarch64|ppc64le|s390x|x86_64) 0:4.11.14+git.386.cc81f3dca2-150200.4.47.1 (x86_64) 0:4.11.14+git.386.cc81f3dca2-150200.4.47.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5+git.554.abee30cf06-150100.3.77.1 (x86_64) 0:4.9.5+git.554.abee30cf06-150100.3.77.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8-150000.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.57-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.0-150400.3.3.1 (x86_64) 0:1.5.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.15.13+git.636.53d93c5b9d6-150400.3.23.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.4-150400.4.11.1 (x86_64) 0:2.4.4-150400.4.11.1 (x86_64) 0:4.15.13+git.636.53d93c5b9d6-150400.3.23.1 (aarch64|x86_64) 0:4.15.13+git.636.53d93c5b9d6-150400.3.23.1 (noarch) 0:4.15.13+git.636.53d93c5b9d6-150400.3.23.1 (aarch64|x86_64) 0:4.16.3_02-150400.4.19.1 (x86_64) 0:4.16.3_02-150400.4.19.1 (noarch) 0:4.16.3_02-150400.4.19.1 (noarch) 0:7.4.0-150200.3.7.1 (noarch) 0:1.0.1-150300.3.3.1 (aarch64|x86_64) 0:15.7-150300.4.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-150000.3.70.1 (x86_64) 0:1.0.2p-150000.3.70.1 (noarch) 0:1.0.2p-150000.3.70.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.12-150000.3.7.2 (x86_64) 0:3.5.12-150000.3.7.2 (aarch64) 0:5.14.21-150400.24.55.2 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.55.3 (aarch64) 0:5.14.21-150400.24.55.1 (ppc64le|x86_64) 0:5.14.21-150400.24.55.3 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.55.3.150400.24.22.7 (noarch) 0:5.14.21-150400.24.55.2 (noarch) 0:5.14.21-150400.24.55.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.55.3 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.55.1 (s390x) 0:5.14.21-150400.24.55.2 (aarch64|ppc64le|s390x|x86_64) 0:1.12.8-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.4-150400.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.06-150400.11.25.1 (noarch) 0:2.06-150400.11.25.1 (s390x) 0:2.06-150400.11.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.31-150300.46.1 (x86_64) 0:2.31-150300.46.1 (noarch) 0:2.31-150300.46.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4-150400.3.11.1 (x86_64) 0:4.4-150400.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0.9-150400.6.15.1 (x86_64) 0:7.1.0.9-150400.6.15.1 (noarch) 0:7.1.0.9-150400.6.15.1 (aarch64|ppc64le|s390x|x86_64) 0:102.9.1-150200.8.110.2 (aarch64|ppc64le|s390x|x86_64) 0:4.30-150300.3.6.1 (noarch) 0:4.30-150300.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.62.6-150200.3.10.1 (x86_64) 0:2.62.6-150200.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1l-150400.7.31.2 (x86_64) 0:1.1.1l-150400.7.31.2 (noarch) 0:1.1.1l-150400.7.31.2 (aarch64|ppc64le|s390x|x86_64) 0:3.0.1-150400.4.20.1 (x86_64) 0:3.0.1-150400.4.20.1 (noarch) 0:3.0.1-150400.4.20.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.0-150200.6.8.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-150200.10.45.1 (x86_64) 0:7.0.7.34-150200.10.45.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.30~1+git.10bee2d5-150400.3.4.1 (aarch64) 0:9.0.30~1+git.10bee2d5_k5.14.21_150400.24.46-150400.3.4.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.30~1+git.10bee2d5_k5.14.21_150400.24.46-150400.3.4.1 (aarch64|ppc64le|x86_64) 0:19.11.10-150400.4.9.1 (noarch) 0:19.11.10-150400.4.9.1 (aarch64|ppc64le|x86_64) 0:19.11.10_k5.14.21_150400.24.46-150400.4.9.1 (aarch64) 0:19.11.10-150400.4.9.1 (aarch64) 0:19.11.10_k5.14.21_150400.24.46-150400.4.9.1 (aarch64) 0:2.0.8_k5.14.21_150400.24.46-150400.25.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8_k5.14.21_150400.24.46-150400.25.7.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.12-150000.3.86.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.0-150400.3.8.1 (x86_64) 0:1.12.0-150400.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:0.1.41-150000.4.14.1 (noarch) 0:9.0.43-150200.35.1 (noarch) 0:3.20.0-150400.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:3.20.0-150400.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:3.3.0-150000.4.13.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.0-150200.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.0-150400.3.6.1 (x86_64) 0:1.3.0-150400.3.6.1 (ppc64le|s390x|x86_64) 0:1.20.3-150000.1.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150000.1.8.1 (aarch64|x86_64) 0:1.20.3-150000.1.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.8-150000.1.26.1 (aarch64|x86_64) 0:1.19.8-150000.1.26.1 (aarch64|ppc64le|x86_64) 0:18.11.9-150100.4.23.1 (aarch64|ppc64le|s390x|x86_64) 0:2.11.5-150100.3.18.2 (aarch64|ppc64le|s390x|x86_64) 0:2.1.5-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:9.52-150000.164.1 (aarch64|x86_64) 0:5.14.21-150400.14.43.1 (noarch) 0:5.14.21-150400.14.43.1 (aarch64) 0:5.3.18-150300.59.118.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.4-150400.4.16.1 (noarch) 0:4.4.4-150400.4.16.1 (aarch64|x86_64) 0:3.1.1260.0-150000.5.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.19-150000.87.1 (aarch64|ppc64le|s390x|x86_64) 0:3.3.0-150000.4.16.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.0-150200.3.13.1 (aarch64|ppc64le|s390x|x86_64) 0:0.30.2-150400.3.3.1 (noarch) 0:1.0.0-150100.3.7.4 (noarch) 0:2.1.1-150100.3.5.5 (noarch) 0:1.0.1-150100.3.7.5 (noarch) 0:1.0.0-150100.3.7.5 (noarch) 0:2.0.3-150100.3.7.5 (noarch) 0:1.0.5-150100.3.7.5 (noarch) 0:1.0.6-150100.3.7.5 (noarch) 0:2.0.0-150100.3.7.5 (noarch) 0:2.6.20-150100.3.7.5 (noarch) 0:1.0.3-150100.3.7.5 (noarch) 0:3.0.30-150100.3.7.5 (noarch) 0:1.0.16-150100.3.7.5 (noarch) 0:1.0.10.2-150100.3.7.5 (noarch) 0:1.1.1-150100.3.5.5 (noarch) 0:1.1.1-150100.3.7.5 (noarch) 0:2.5.22-150100.3.7.5 (noarch) 0:2.0.2-150100.3.7.5 (noarch) 0:0.0.4-150100.3.7.5 (noarch) 0:1.6.2-150100.3.7.5 (noarch) 0:20180713_0114-150100.3.7.5 (noarch) 0:1.0.7-150100.3.7.5 (noarch) 0:2.0.4-150100.3.7.5 (noarch) 0:3.6.1-150100.3.7.5 (noarch) 0:1.2.1-150100.3.7.5 (noarch) 0:4.9.2-150100.3.7.5 (noarch) 0:2.0.26-150100.3.7.5 (noarch) 0:2.7.16-150100.3.7.5 (noarch) 0:1.1.19-150100.3.7.5 (noarch) 0:7.0.18-150100.3.7.5 (noarch) 0:0.0.8-150100.3.7.5 (noarch) 0:1.0.2-150100.3.7.5 (noarch) 0:2.13.30-150100.3.7.5 (noarch) 0:4.1.2-150100.3.7.5 (noarch) 0:2.2.1-150100.3.7.5 (noarch) 0:4.8.1-150100.3.7.5 (noarch) 0:1.2.9-150100.3.7.5 (noarch) 0:1.3.9-150100.3.7.5 (noarch) 0:3.2.6-150100.3.7.5 (noarch) 0:1.0.29-150100.3.7.5 (noarch) 0:2.1.2-150100.3.7.5 (noarch) 0:3.5.0-150100.3.7.5 (noarch) 0:1.1.0-150100.3.7.5 (noarch) 0:1.9.0-150100.3.7.5 (noarch) 0:1.12.0-150100.3.7.5 (noarch) 0:3.14.4-150100.3.7.5 (noarch) 0:1.6.0-150100.3.7.5 (noarch) 0:20201028-150100.3.7.5 (noarch) 0:5.1.9-150100.3.7.5 (noarch) 0:1.3.0-150100.3.7.5 (noarch) 0:1.1.3-150100.3.7.5 (noarch) 0:2.1.1-150100.3.7.5 (noarch) 0:3.0.2-150100.3.7.5 (noarch) 0:0.0.3-150100.3.7.5 (noarch) 0:4.23.9-150100.3.7.5 (noarch) 0:3.15.2-150100.3.7.5 (noarch) 0:1.14.1-150100.3.7.5 (noarch) 0:3.0.20-150100.3.7.5 (noarch) 0:3.3.2-150100.3.7.5 (noarch) 0:1.3.3-150100.3.7.5 (noarch) 0:2.3.3-150100.3.7.5 (noarch) 0:2.7.11-150100.3.7.5 (noarch) 0:1.2.15-150100.3.7.5 (noarch) 0:1.8.0-150100.3.7.5 (noarch) 0:5.6.7-150100.3.7.5 (noarch) 0:3.6.3-150100.3.7.5 (noarch) 0:1-150100.3.7.5 (noarch) 0:2.9.2-150100.3.7.5 (noarch) 0:0.0.2-150100.3.7.5 (noarch) 0:1.1.2-150100.3.7.5 (noarch) 0:1.0.10-150100.3.7.5 (noarch) 0:1.0.13-150100.3.7.5 (noarch) 0:1.1.8-150100.3.7.5 (noarch) 0:1.1.6-150100.3.7.5 (noarch) 0:1.23.0-150100.3.7.5 (noarch) 0:5.0.52-150100.3.7.5 (noarch) 0:8.21.1-150100.3.7.5 (noarch) 0:1.2.0-150100.3.7.5 (noarch) 0:1.0.6.1-150100.3.7.5 (noarch) 0:2.0.7-150100.3.7.5 (noarch) 0:1.2.4-150100.3.7.5 (noarch) 0:2.14.0-150100.3.7.5 (noarch) 0:0.7.0-150100.3.7.5 (noarch) 0:3.9.5-150100.3.7.5 (noarch) 0:2.0.24-150100.3.7.5 (noarch) 0:2.7.6-150100.3.7.5 (noarch) 0:3.10.0-150100.3.7.5 (noarch) 0:0.0.9-150100.3.7.5 (noarch) 0:1.0.10-150100.3.7.4 (noarch) 0:1.0.9-150100.3.7.4 (noarch) 0:0.0.4-150100.3.7.4 (noarch) 0:0.0.3-150100.3.7.4 (noarch) 0:3.1.6-150100.3.7.4 (noarch) 0:1.0.5-150100.3.7.4 (noarch) 0:1.4.0-150100.3.7.4 (noarch) 0:1.0.1-150100.3.7.4 (noarch) 0:2.0.2-150100.3.7.4 (noarch) 0:0.9.0-150100.3.7.4 (noarch) 0:4.0.1-150100.3.7.4 (noarch) 0:1.2.1-150100.3.7.4 (noarch) 0:1.8.3-150100.3.7.4 (noarch) 0:2.1.0-150100.3.7.4 (noarch) 0:3.13.6-150100.3.7.4 (noarch) 0:3.0.9-150100.3.7.4 (noarch) 0:2.13.0-150100.3.7.4 (noarch) 0:3.2.0-150100.3.7.4 (noarch) 0:1.1-150100.3.7.4 (noarch) 0:2.5.8-150100.3.7.4 (noarch) 0:1.1.8.5-150100.3.7.4 (noarch) 0:2.0.12-150100.3.7.4 (noarch) 0:3.6.0-150100.3.7.4 (noarch) 0:1.2.5-150100.3.7.4 (noarch) 0:1.5.0.0-150100.3.7.4 (noarch) 0:3.0.2-150100.3.7.4 (noarch) 0:1.1.3-150100.3.7.4 (noarch) 0:2.1.1-150100.3.7.4 (noarch) 0:2.2.3-150100.3.7.4 (noarch) 0:1.0.3-150100.3.7.4 (noarch) 0:3.3.3-150100.3.7.4 (noarch) 0:1.5.4-150100.3.7.4 (noarch) 0:1.0.2-150100.3.7.4 (noarch) 0:1.7.1-150100.3.7.4 (noarch) 0:3.7-150100.3.7.4 (noarch) 0:1.5.5-150100.3.7.4 (noarch) 0:2.0.5-150100.3.7.4 (noarch) 0:1.0.24-150100.3.7.4 (noarch) 0:2.0.4-150100.3.7.4 (noarch) 0:1.0-150100.3.7.4 (noarch) 0:1.0.7-150100.3.7.4 (noarch) 0:1.1.0-150100.3.7.4 (noarch) 0:2.15.12-150100.3.7.4 (noarch) 0:1.1.1-150100.3.7.4 (noarch) 0:3.0.12-150100.3.7.4 (noarch) 0:1.10.2-150100.3.7.4 (noarch) 0:1.1.4-150100.3.7.4 (noarch) 0:3.0.0-150100.3.7.4 (noarch) 0:0.2.2-150100.3.7.4 (noarch) 0:2.1.4-150100.3.7.4 (aarch64|x86_64) 0:1.2.2~git0.4ccc639-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150400.4.22.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150400.4.22.2 (ppc64le|x86_64) 0:4.12.14-150100.197.142.1 (s390x) 0:4.12.14-150100.197.142.1 (x86_64) 0:4.12.14-150100.197.142.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.142.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.8-150100.3.25.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr8.0-150000.3.71.1 (x86_64) 0:1.8.0_sr8.0-150000.3.71.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.0-150400.3.6.1 (x86_64) 0:3.4.0-150400.3.6.1 (noarch) 0:9.0.43-150200.38.1 (noarch) 0:3.20.0-150400.3.13.1 (aarch64|ppc64le|s390x|x86_64) 0:3.20.0-150400.3.13.1 (aarch64|ppc64le|s390x|x86_64) 0:102.10.0-150200.152.84.1 (aarch64|ppc64le|s390x|x86_64) 0:0.1-150100.4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.32.1-150100.4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.0-150400.3.3.1 (x86_64) 0:1.19.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:99~1.19.0-150400.3.3.1 (x86_64) 0:99~1.19.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.1-150200.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.1-150400.4.11.1 (noarch) 0:4.3.1-150400.4.11.1 (aarch64|ppc64le|s390x|x86_64) 0:10.24.1-150000.1.59.1 (noarch) 0:10.24.1-150000.1.59.1 (aarch64|ppc64le|s390x|x86_64) 0:14.21.3-150200.15.46.1 (noarch) 0:14.21.3-150200.15.46.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.12-150200.4.47.1 (noarch) 0:12.22.12-150200.4.47.1 (aarch64|ppc64le|s390x|x86_64) 0:4.30-150300.3.9.1 (noarch) 0:4.30-150300.3.9.1 (aarch64|x86_64) 0:5.14.21-150400.14.46.1 (noarch) 0:5.14.21-150400.14.46.1 (aarch64) 0:5.14.21-150400.24.60.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.60.1 (ppc64le|x86_64) 0:5.14.21-150400.24.60.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.60.1.150400.24.24.3 (noarch) 0:5.14.21-150400.24.60.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.60.1 (s390x) 0:5.14.21-150400.24.60.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.1-150400.4.23.1 (x86_64) 0:3.0.1-150400.4.23.1 (noarch) 0:3.0.1-150400.4.23.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10-150400.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.2-150000.1.19.1 (noarch) 0:3.11.2-150000.1.19.1 (aarch64|ppc64le|s390x|x86_64) 0:8.5.22-150200.3.38.1 (aarch64|ppc64le|s390x|x86_64) 0:0.28.4-150200.3.6.1 (x86_64) 0:0.28.4-150200.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1l-150400.7.34.1 (x86_64) 0:1.1.1l-150400.7.34.1 (noarch) 0:1.1.1l-150400.7.34.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-150000.3.73.1 (x86_64) 0:1.0.2p-150000.3.73.1 (noarch) 0:1.0.2p-150000.3.73.1 (aarch64|ppc64le|s390x|x86_64) 0:16.20.0-150400.3.18.2 (noarch) 0:16.20.0-150400.3.18.2 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0.9-150400.6.18.1 (x86_64) 0:7.1.0.9-150400.6.18.1 (noarch) 0:7.1.0.9-150400.6.18.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.13-150000.3.89.1 (aarch64|x86_64) 0:3.4-150400.16.8.1 (noarch) 0:1.5.4-150200.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.11-150000.3.3.1 (x86_64) 0:1.51.0-150400.4.13.1 (x86_64) 0:0.54.0-150400.3.13.1 (x86_64) 0:5.14.21-150400.15.23.1 (noarch) 0:5.14.21-150400.15.23.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7-150100.3.24.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8-150400.7.3.1 (noarch) 0:0.8-150400.7.3.1 (x86_64) 0:0.8-150400.7.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.8-150300.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.1+20221128.8ec8e01-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.5-150000.41.1 (aarch64|ppc64le|s390x|x86_64) 0:249.14-150400.8.19.1 (x86_64) 0:249.14-150400.8.19.1 (noarch) 0:249.14-150400.8.19.1 (noarch) 0:44.1.1-150300.7.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.35.3-150300.10.27.1 (noarch) 0:2.35.3-150300.10.27.1 (s390x) 0:2.4.0-150400.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.57.1 (noarch) 0:1.19.8-150300.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.3-150400.3.5.1 (noarch) 0:1.7.3-150400.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.2-150300.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.14-150400.5.16.1 (x86_64) 0:2.9.14-150400.5.16.1 (noarch) 0:2.9.14-150400.5.16.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.11.25.1 (x86_64) 0:3.4.2-150200.11.25.1 (noarch) 0:2.70.5-150400.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:2.70.5-150400.3.8.1 (x86_64) 0:2.70.5-150400.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:102.10.1-150200.8.113.2 (noarch) 0:2.38.6-150400.4.39.1 (aarch64|ppc64le|s390x|x86_64) 0:2.38.6-150400.4.39.1 (x86_64) 0:2.38.6-150400.4.39.1 (noarch) 0:4.8.1-150400.10.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.8.1-150400.10.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.62.6-150200.3.15.1 (x86_64) 0:2.62.6-150200.3.15.1 (noarch) 0:2.38.6-150200.72.1 (aarch64|x86_64) 0:15.7-150300.4.16.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4-150400.3.15.1 (x86_64) 0:4.4-150400.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1.90-150200.4.14.1 (noarch) 0:4.1.90-150200.4.14.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.59-150200.3.10.1 (noarch) 0:2.0.59-150200.3.10.1 (noarch) 0:3.5.3-150200.3.11.8 (aarch64|ppc64le|s390x|x86_64) 0:3.8.6-150200.4.9.8 (noarch) 0:3.8.6-150200.4.9.8 (noarch) 0:1.3.1-150200.3.7.8 (noarch) 0:0.13.18-150200.4.7.8 (aarch64|ppc64le|s390x|x86_64) 0:4.0.0-150200.3.7.1 (noarch) 0:4.0.0-150200.3.7.1 (noarch) 0:4.0.0-150200.3.7.3 (noarch) 0:4.0.0-150200.3.7.8 (aarch64|ppc64le|s390x|x86_64) 0:9.0.1443-150000.5.40.1 (noarch) 0:9.0.1443-150000.5.40.1 (ppc64le|s390x|x86_64) 0:1.20.4-150000.1.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.4-150000.1.11.1 (aarch64|x86_64) 0:1.20.4-150000.1.11.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.11.28.1 (x86_64) 0:3.4.2-150200.11.28.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.1234-150000.5.34.1 (noarch) 0:9.0.1234-150000.5.34.1 (aarch64|ppc64le|s390x|x86_64) 0:17.0.7.0-150400.3.18.2 (noarch) 0:17.0.7.0-150400.3.18.2 (aarch64|ppc64le|s390x|x86_64) 0:6.1-150000.5.15.1 (x86_64) 0:6.1-150000.5.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.5-150400.3.3.1 (noarch) 0:1.21.5-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.6-150400.3.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.9-150000.1.31.1 (aarch64|x86_64) 0:1.19.9-150000.1.31.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35-150100.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:0.99.9-150400.3.3.1 (aarch64) 0:5.14.21-150400.24.63.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.63.1 (ppc64le|x86_64) 0:5.14.21-150400.24.63.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.63.1.150400.24.27.1 (noarch) 0:5.14.21-150400.24.63.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.63.1 (s390x) 0:5.14.21-150400.24.63.1 (aarch64|x86_64) 0:5.14.21-150400.14.49.1 (noarch) 0:5.14.21-150400.14.49.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.8p15-150000.4.22.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.2-150200.3.3.1 (aarch64) 0:5.3.18-150300.59.121.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.8-150100.3.22.1 (ppc64le|x86_64) 0:4.12.14-150100.197.145.1 (s390x) 0:4.12.14-150100.197.145.1 (x86_64) 0:4.12.14-150100.197.145.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.145.1 (aarch64|ppc64le|s390x|x86_64) 0:2.8.1-150400.9.18.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.5-150400.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:9.52-161.1 (aarch64|ppc64le|s390x|x86_64) 0:0.1-150100.4.14.1 (aarch64|ppc64le|s390x|x86_64) 0:2.32.1-150100.4.14.1 (aarch64|ppc64le|s390x|x86_64) 0:102.11.0-150200.152.87.1 (aarch64|ppc64le|s390x|x86_64) 0:1.29.1-150400.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.2-150000.1.21.1 (noarch) 0:3.11.2-150000.1.21.1 (aarch64|ppc64le|s390x|x86_64) 0:0.1.41-150000.4.16.1 (aarch64|ppc64le|s390x|x86_64) 0:0.14.0-150000.3.12.2 (aarch64|ppc64le|s390x|x86_64) 0:0.19.0-150000.1.17.2 (aarch64|ppc64le|s390x|x86_64) 0:0.10.1-150000.1.11.4 (aarch64|ppc64le|s390x|x86_64) 0:0.23.0-150100.4.13.2 (aarch64|ppc64le|s390x|x86_64) 0:1.5.0-150100.3.23.2 (aarch64|ppc64le|s390x|x86_64) 0:0.20.2-150400.3.6.1 (x86_64) 0:0.20.2-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.18.9-150000.3.20.1 (aarch64|ppc64le|s390x|x86_64) 0:12.15-150200.8.44.1 (noarch) 0:12.15-150200.8.44.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1c-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.1-150200.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:14.8-150200.5.26.1 (noarch) 0:14.8-150200.5.26.1 (aarch64|ppc64le|s390x|x86_64) 0:15.3-150200.5.9.1 (x86_64) 0:15.3-150200.5.9.1 (noarch) 0:15.3-150200.5.9.1 (aarch64|ppc64le|s390x|x86_64) 0:330-150200.11.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1-150400.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:102.11.0-150200.8.116.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.1+git.1593777035.a5d05f8-150200.4.5.1 (aarch64|ppc64le|s390x|x86_64) 0:13.11-150200.5.40.1 (noarch) 0:13.11-150200.5.40.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5+git.552.fec1a5e57a-150100.3.73.1 (x86_64) 0:4.9.5+git.552.fec1a5e57a-150100.3.73.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.19.0-150000.3.96.1 (noarch) 0:11.0.19.0-150000.3.96.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.0-150400.3.11.1 (x86_64) 0:1.12.0-150400.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.1-150400.5.23.1 (x86_64) 0:8.0.1-150400.5.23.1 (x86_64) 0:5.14.21-150400.15.28.2 (noarch) 0:5.14.21-150400.15.28.1 (x86_64) 0:5.14.21-150400.15.28.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.0-150200.3.6.1 (aarch64|x86_64) 0:202202-150400.5.10.1 (noarch) 0:202202-150400.5.10.1 (x86_64) 0:202202-150400.5.10.1 (noarch) 0:8.0.32-150200.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.372-150000.3.79.1 (noarch) 0:1.8.0.372-150000.3.79.1 (x86_64) 0:20230512-150200.24.1 (aarch64|ppc64le|s390x|x86_64) 0:5.8-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.14.2-150400.24.6.1 (aarch64|ppc64le|s390x|x86_64) 0:20.06.2-150400.24.6.1 (noarch) 0:2.14.2-150400.24.6.1 (noarch) 0:20.06.2-150400.24.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.0-150200.6.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.19-150000.90.3 (aarch64|ppc64le|s390x|x86_64) 0:2.11.5-150100.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.5-150000.43.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.0-150200.6.5.1 (noarch) 0:1.0.4-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.2-150000.1.10.1 (aarch64|ppc64le|s390x|x86_64) 0:2.13.2-150200.9.22.1 (aarch64|ppc64le|s390x|x86_64) 0:20.03.1-150200.9.22.1 (aarch64|ppc64le|s390x|x86_64) 0:6.3.3-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.9-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.6-150400.31.3.1 (aarch64|x86_64) 0:2.1.0beta3-150400.31.3.1 (noarch) 0:2021.20210325.svn30357-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn27321-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn12688-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn28038-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn57878-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn57089-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn58378-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn3006-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn29036-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn57890-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn52909-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn18790-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn45266-150400.31.3.1 (noarch) 0:2021.20210325.svn57273-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn16219-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn17794-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn15543-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn25623-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn38300-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn52631-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn37223-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn51944-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn48871-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn34112-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn30408-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn45927-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn50528-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn46996-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn48478-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn24061-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn23866-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn58136-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn53554-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn17399-150400.31.3.1 (noarch) 0:2021.20210325.svn37645-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn24759-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn29031-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn8329-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn44515-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn58535-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn29050-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn18336-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn25860-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn14752-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn14758-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn25997-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn13663-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn34971-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn54732-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn37813-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn56984-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn44835-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn49033-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn32101-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn46894-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn53999-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn54358-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn30983-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn42296-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn42300-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn16420-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn25012-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn32150-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn10937-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn27025-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn56352-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn31696-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn26126-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn15093-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn41465-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn29005-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn32346-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn34647-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn43292-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn50281-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn37750-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn38769-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn23500-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn23661-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn23406-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn14428-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn8457-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn33688-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn18674-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn30534-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn37026-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn53804-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn10843-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn37537-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn14387-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn52858-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn41779-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn49140-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn40690-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn25962-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn16181-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn39165-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn29348-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn13364-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn52800-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn32405-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn7838-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn29333-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn44206-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn29335-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn34996-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn31638-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn32919-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn55172-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn53577-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn55933-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn29688-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn38710-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn21215-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn37771-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn13013-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn45011-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn15506-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn12782-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn47948-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn29741-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn33155-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn24062-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn43596-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn53444-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn6898-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn55132-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn25648-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn23262-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn6897-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn50419-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn46165-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn49312-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn52917-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.20210325.svn34398-150400.31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18-150200.21.4.1 (aarch64|ppc64le|s390x|x86_64) 0:5.2.4-150200.21.4.1 (aarch64|ppc64le|s390x|x86_64) 0:2017.20170520.svn21000-150200.21.4.1 (aarch64|ppc64le|s390x|x86_64) 0:2017.20170520.svn29053-150200.21.4.1 (aarch64|ppc64le|s390x|x86_64) 0:2017.20170520.svn44143-150200.21.4.1 (aarch64|ppc64le|s390x|x86_64) 0:2017.20170520.svn43957-150200.21.4.1 (aarch64|ppc64le|s390x|x86_64) 0:2017.20170520.svn29741-150200.21.4.1 (aarch64|ppc64le|s390x|x86_64) 0:0.62.0-150000.4.12.1 (x86_64) 0:0.62.0-150000.4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.10-150200.5.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2.13-150400.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.14.2-150400.24.9.1 (aarch64|ppc64le|s390x|x86_64) 0:20.06.2-150400.24.9.1 (noarch) 0:2.14.2-150400.24.9.1 (noarch) 0:20.06.2-150400.24.9.1 (aarch64|ppc64le|s390x|x86_64) 0:0.19-150300.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:2.8.2-150400.9.21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.10.1-150000.1.9.1 (aarch64|x86_64) 0:1.18.10.1-150000.1.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.1-150000.3.23.1 (x86_64) 0:1.19.1-150000.3.23.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.0-150200.3.15.1 (x86_64) 0:1.0.0-150200.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.14-150000.3.92.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.0-150200.6.10.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.6-150100.3.13.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.1-150100.3.10.1 (aarch64|x86_64) 0:3.1.1260.0-150000.5.13.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-150000.3.76.1 (x86_64) 0:1.0.2p-150000.3.76.1 (noarch) 0:1.0.2p-150000.3.76.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-150000.45.28.1 (x86_64) 0:4.0.9-150000.45.28.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1l-150400.7.37.1 (x86_64) 0:1.1.1l-150400.7.37.1 (noarch) 0:1.1.1l-150400.7.37.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0.9-150400.6.21.1 (x86_64) 0:7.1.0.9-150400.6.21.1 (noarch) 0:7.1.0.9-150400.6.21.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.7-150000.3.43.1 (x86_64) 0:2.2.7-150000.3.43.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.0-150400.7.6.1 (x86_64) 0:8.0.0-150400.7.6.1 (aarch64|x86_64) 0:8.0.0-150400.7.6.1 (noarch) 0:8.0.0-150400.7.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-150200.10.48.1 (x86_64) 0:7.0.7.34-150200.10.48.1 (noarch) 0:1.5-150200.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.11-150400.4.25.1 (x86_64) 0:3.10.11-150400.4.25.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.3-150200.3.5.1 (x86_64) 0:1.0.3-150200.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.8-150400.4.26.1 (x86_64) 0:3.0.8-150400.4.26.1 (noarch) 0:3.0.8-150400.4.26.1 (aarch64|ppc64le|s390x|x86_64) 0:10.6.13-150400.3.23.1 (noarch) 0:10.6.13-150400.3.23.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.46-150200.14.14.1 (x86_64) 0:2.4.46-150200.14.14.1 (noarch) 0:2.4.46-150200.14.14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2-150200.14.14.1 (aarch64|ppc64le|s390x|x86_64) 0:102.12.0-150200.152.90.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.0-150000.3.11.1 (x86_64) 0:0.5.0-150000.3.11.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr8.5-150000.3.74.1 (x86_64) 0:1.8.0_sr8.5-150000.3.74.1 (aarch64|x86_64) 0:5.14.21-150400.14.52.1 (noarch) 0:5.14.21-150400.14.52.1 (noarch) 0:9.0.75-150200.41.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.1-150400.4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:0.22.0-150400.3.3.1 (x86_64) 0:0.22.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.48.1 (x86_64) 0:3.6.15-150300.10.48.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.10-150000.1.34.1 (aarch64|x86_64) 0:1.19.10-150000.1.34.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.5-150000.1.14.1 (ppc64le|x86_64) 0:4.12.14-150100.197.148.1 (s390x) 0:4.12.14-150100.197.148.1 (x86_64) 0:4.12.14-150100.197.148.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.148.1 (noarch) 0:9.4.51-150200.3.19.2 (aarch64|ppc64le|s390x|x86_64) 0:1.18.10-150200.5.10.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.0-150000.3.9.1 (noarch) 0:3.10-150000.3.3.4 (noarch) 0:0.9.3-150000.3.3.4 (aarch64|ppc64le|s390x|x86_64) 0:3006.0-150400.8.34.2 (aarch64|ppc64le|s390x|x86_64) 0:3.17.2-150300.3.2.3 (noarch) 0:3006.0-150400.8.34.2 (aarch64|ppc64le|s390x|x86_64) 0:9.5.1-150200.3.41.3 (x86_64) 0:9.16.6-150000.12.65.1 (noarch) 0:0.1.1681904360.84ef141-150000.1.50.1 (noarch) 0:4.3.21-150000.3.98.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.0-150000.1.12.3 (aarch64|ppc64le|s390x|x86_64) 0:17.1.2-150000.3.5.2 (aarch64|ppc64le|s390x|x86_64) 0:1.3.1+git.1676027782.ad3c0e9-150200.3.23.1 (aarch64|ppc64le|s390x|x86_64) 0:0.1-150100.4.17.1 (aarch64|ppc64le|s390x|x86_64) 0:2.37.6-150100.4.17.1 (aarch64|x86_64) 0:1.26.0~0-150400.3.7.1 (aarch64|x86_64) 0:12.2.0-150300.29.1 (x86_64) 0:12.2.0-150300.29.1 (aarch64|ppc64le|s390x|x86_64) 0:5.62-150400.4.13.1 (noarch) 0:5.62-150400.4.13.1 (x86_64) 0:5.62-150400.4.13.1 (noarch) 0:2.38.6-150200.75.2 (aarch64|ppc64le|s390x|x86_64) 0:4.2.8p17-150000.4.25.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.29-150400.4.34.1 (aarch64) 0:5.3.18-150300.59.124.1 (aarch64|ppc64le|s390x|x86_64) 0:102.12.0-150200.8.121.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.5-150000.3.30.1 (x86_64) 0:1.6.5-150000.3.30.1 (noarch) 0:1.6.5-150000.3.30.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.7-150000.3.46.1 (x86_64) 0:2.2.7-150000.3.46.1 (noarch) 0:0.4.2-150300.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:23.1-150100.8.63.5 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-150000.3.79.1 (x86_64) 0:1.0.2p-150000.3.79.1 (noarch) 0:1.0.2p-150000.3.79.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.1572-150000.5.46.1 (noarch) 0:9.0.1572-150000.5.46.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.16-150300.4.27.1 (x86_64) 0:3.9.16-150300.4.27.1 (noarch) 0:2.38.6-150400.4.42.4 (aarch64|ppc64le|s390x|x86_64) 0:2.38.6-150400.4.42.4 (x86_64) 0:2.38.6-150400.4.42.4 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1l-150400.7.42.1 (x86_64) 0:1.1.1l-150400.7.42.1 (noarch) 0:1.1.1l-150400.7.42.1 (aarch64|x86_64) 0:3.1.1260.0-150000.5.15.1 (aarch64) 0:5.14.21-150400.24.66.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.66.1 (ppc64le|x86_64) 0:5.14.21-150400.24.66.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.66.1.150400.24.29.1 (noarch) 0:5.14.21-150400.24.66.1 (noarch) 0:5.14.21-150400.24.66.2 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.66.1 (s390x) 0:5.14.21-150400.24.66.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.13-150400.9.5.1 (noarch) 0:1.24.13-150400.9.5.1 (aarch64|ppc64le|s390x|x86_64) 0:16.20.1-150400.3.21.1 (noarch) 0:16.20.1-150400.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.1-150400.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:9.16.42-150400.5.27.1 (noarch) 0:9.16.42-150400.5.27.1 (aarch64|ppc64le|s390x|x86_64) 0:18.16.1-150400.9.9.1 (noarch) 0:18.16.1-150400.9.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.29.1-150400.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.1-150400.4.14.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.0-150200.6.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.0-150200.6.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.0-150200.6.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8-150000.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0-150400.9.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 (x86_64) 0:2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 (aarch64|x86_64) 0:1.53.0-150100.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.63-150400.3.3.1 (x86_64) 0:2.63-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.4-150000.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.10-150200.5.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.3-150400.9.12.1 (x86_64) 0:3.11.3-150400.9.12.1 (x86_64) 0:5.14.21-150400.15.37.2 (noarch) 0:5.14.21-150400.15.37.1 (x86_64) 0:5.14.21-150400.15.37.1 (noarch) 0:2.17.1-150100.6.18.1 (noarch) 0:15.1.0-150000.3.4.1 (noarch) 0:10.0-150100.6.3.3 (noarch) 0:17.2.1-150000.3.4.1 (noarch) 0:1.3.0-150100.3.6.3 (noarch) 0:0.9.0-150100.3.7.3 (noarch) 0:1.3.2-150100.6.7.3 (aarch64|ppc64le|s390x|x86_64) 0:4.4.2-150000.3.4.1 (aarch64|ppc64le|s390x|x86_64) 0:20161124-150000.3.6.1 (x86_64) 0:9.16.6-150000.12.68.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6.0+git.1685628435.48c4099-150200.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.3+git.1683650163.1000ba6-150200.3.26.1 (x86_64) 0:5.14.21-150400.15.40.1 (noarch) 0:5.14.21-150400.15.40.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.2-150000.1.12.1 (ppc64le|x86_64) 0:0.1.41-150000.4.18.1 (aarch64) 0:5.14.21-150400.24.69.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.69.1 (ppc64le|x86_64) 0:5.14.21-150400.24.69.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.69.1.150400.24.31.1 (noarch) 0:5.14.21-150400.24.69.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.69.1 (s390x) 0:5.14.21-150400.24.69.1 (aarch64|ppc64le|s390x|x86_64) 0:0.10.0-150300.5.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150400.4.25.1 (aarch64|ppc64le|s390x|x86_64) 0:9.52-150000.167.1 (ppc64le|x86_64) 0:4.12.14-150100.197.151.1 (s390x) 0:4.12.14-150100.197.151.1 (x86_64) 0:4.12.14-150100.197.151.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.151.1 (aarch64|x86_64) 0:5.14.21-150400.14.55.1 (noarch) 0:5.14.21-150400.14.55.1 (aarch64|ppc64le|s390x|x86_64) 0:10.2.44-150000.3.57.1 (aarch64|ppc64le|s390x|x86_64) 0:0.62.0-150000.4.15.1 (x86_64) 0:0.62.0-150000.4.15.1 (noarch) 0:1.74-150200.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.11-150000.1.37.1 (aarch64|x86_64) 0:1.19.11-150000.1.37.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.6-150000.1.17.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150200.22.5.66.1 (aarch64) 0:5.3.18-150300.59.127.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr8.6-150000.3.77.1 (x86_64) 0:1.8.0_sr8.6-150000.3.77.1 (noarch) 0:2.24.0-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.1-150100.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.6-150100.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.2-150400.18.8.1 (x86_64) 0:1.12.2-150400.18.8.1 (noarch) 0:1.12.2-150400.18.8.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0.9-150400.6.24.1 (x86_64) 0:7.1.0.9-150400.6.24.1 (noarch) 0:7.1.0.9-150400.6.24.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150400.38.16.1 (aarch64|ppc64le|s390x|x86_64) 0:5.26.1-150300.17.14.1 (x86_64) 0:5.26.1-150300.17.14.1 (noarch) 0:5.26.1-150300.17.14.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.12-150400.4.30.1 (x86_64) 0:3.10.12-150400.4.30.1 (aarch64|ppc64le|s390x|x86_64) 0:115.0-150200.152.93.1 (aarch64|ppc64le|s390x|x86_64) 0:115-150200.9.13.1 (noarch) 0:115.0-150200.152.93.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.4-150400.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.1-150400.5.26.1 (x86_64) 0:8.0.1-150400.5.26.1 (noarch) 0:1.23.1-150100.3.13.1 (noarch) 0:12.13.1-150100.3.10.1 (noarch) 0:1.10.21-150400.9.3.1 (aarch64|ppc64le|s390x|x86_64) 0:9.5.5-150200.3.44.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.6-150400.3.22.1 (aarch64|ppc64le|s390x|x86_64) 0:4.15.13+git.663.9c654e06cdb-150400.3.28.1 (x86_64) 0:4.15.13+git.663.9c654e06cdb-150400.3.28.1 (aarch64|x86_64) 0:4.15.13+git.663.9c654e06cdb-150400.3.28.1 (noarch) 0:4.15.13+git.663.9c654e06cdb-150400.3.28.1 (noarch) 0:22.3.1-150400.17.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.4-150400.9.15.3 (x86_64) 0:3.11.4-150400.9.15.3 (aarch64|ppc64le|s390x|x86_64) 0:3.11.4-150400.9.15.1 (x86_64) 0:3.11.4-150400.9.15.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.4-150400.9.15.2 (aarch64|ppc64le|s390x|x86_64) 0:0.79.0-150200.3.11.1 (x86_64) 0:0.79.0-150200.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:8.4p1-150300.3.22.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.6-150400.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:9.16.6-150300.22.30.1 (aarch64|ppc64le|s390x|x86_64) 0:2.26-150000.4.9.1 (x86_64) 0:2.26-150000.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.17-150300.4.30.1 (x86_64) 0:3.9.17-150300.4.30.1 (aarch64|ppc64le|s390x|x86_64) 0:115.0.2-150200.152.96.1 (noarch) 0:115.0.2-150200.152.96.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1l-150400.7.48.1 (x86_64) 0:1.1.1l-150400.7.48.1 (noarch) 0:1.1.1l-150400.7.48.1 (aarch64|ppc64le|x86_64) 0:1.2.0-150100.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1.94-150200.4.17.1 (noarch) 0:4.1.94-150200.4.17.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.61-150200.3.13.1 (noarch) 0:2.0.61-150200.3.13.1 (noarch) 0:8.0.33-150200.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150200.3.57.1 (aarch64|ppc64le|s390x|x86_64) 0:5.15.2+kde16-150400.3.3.1 (x86_64) 0:5.15.2+kde16-150400.3.3.1 (noarch) 0:5.15.2+kde16-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:5.15.2+kde294-150400.6.6.1 (x86_64) 0:5.15.2+kde294-150400.6.6.1 (noarch) 0:5.15.2+kde294-150400.6.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.7-150400.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:8.6.12-150300.14.6.1 (x86_64) 0:8.6.12-150300.14.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.6.1-150000.1.8.1 (x86_64) 0:1.51.0-150400.4.16.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.8-150400.4.31.2 (x86_64) 0:3.0.8-150400.4.31.2 (noarch) 0:3.0.8-150400.4.31.2 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5+git.564.996810ca1e3-150100.3.82.3 (x86_64) 0:4.9.5+git.564.996810ca1e3-150100.3.82.3 (aarch64|ppc64le|s390x|x86_64) 0:2.52.10-150400.3.6.1 (x86_64) 0:2.52.10-150400.3.6.1 (noarch) 0:2.52.10-150400.3.6.1 (noarch) 0:20220509-150400.4.19.1 (aarch64|ppc64le|s390x|x86_64) 0:17.0.8.0-150400.3.27.1 (noarch) 0:17.0.8.0-150400.3.27.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-150000.3.65.1 (x86_64) 0:1.0.2p-150000.3.65.1 (noarch) 0:1.0.2p-150000.3.65.1 (x86_64) 0:0.54.0-150400.3.19.1 (aarch64|ppc64le|s390x|x86_64) 0:115.0.1-150200.8.124.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.0-150300.3.3.1 (noarch) 0:32.0.1-150200.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-150000.3.82.1 (x86_64) 0:1.0.2p-150000.3.82.1 (noarch) 0:1.0.2p-150000.3.82.1 (aarch64|ppc64le|s390x|x86_64) 0:0.3.6-150200.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1l-150400.7.22.1 (x86_64) 0:1.1.1l-150400.7.22.1 (noarch) 0:1.1.1l-150400.7.22.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.1-150400.4.17.1 (x86_64) 0:3.0.1-150400.4.17.1 (noarch) 0:3.0.1-150400.4.17.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.4-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.24.0-150000.1.20.2 (aarch64|ppc64le|s390x|x86_64) 0:4.5.3-150000.3.6.1 (noarch) 0:4.3.22-150000.3.101.1 (noarch) 0:1.0.0-150000.10.1 (aarch64|ppc64le|s390x|x86_64) 0:3006.0-150400.8.37.2 (noarch) 0:3006.0-150400.8.37.2 (aarch64|ppc64le|s390x|x86_64) 0:115.1.0-150200.152.99.1 (noarch) 0:115.1.0-150200.152.99.1 (noarch) 0:8.0-150200.11.7.1 (aarch64|ppc64le|s390x|x86_64) 0:22.01.0-150400.3.6.1 (x86_64) 0:22.01.0-150400.3.6.1 (aarch64) 0:5.14.21-150400.24.74.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.74.1 (ppc64le|x86_64) 0:5.14.21-150400.24.74.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.74.1.150400.24.33.3 (noarch) 0:5.14.21-150400.24.74.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.74.1 (s390x) 0:5.14.21-150400.24.74.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.7-150000.1.20.1 (aarch64|x86_64) 0:5.14.21-150400.14.60.1 (noarch) 0:5.14.21-150400.14.60.1 (aarch64|ppc64le|s390x|x86_64) 0:0.3.24-150300.4.6.1 (x86_64) 0:0.3.24-150300.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-150200.10.51.1 (x86_64) 0:7.0.7.34-150200.10.51.1 (noarch) 0:1.3.5-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10-150400.23.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.1-150400.3.6.1 (x86_64) 0:1.20.1-150400.3.6.1 (noarch) 0:1.20.1-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.51-150400.6.6.1 (noarch) 0:2.4.51-150400.6.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.3-150200.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:115.1.0-150200.8.127.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.4-150000.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6.1-150100.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.0-150400.37.20.1 (noarch) 0:6.2.0-150400.37.20.1 (noarch) 0:1.0.0+-150400.37.20.1 (s390x|x86_64) 0:6.2.0-150400.37.20.1 (noarch) 0:1.15.0_0_g2dd4b9b-150400.37.20.1 (noarch) 0:8-150400.37.20.1 (aarch64|ppc64le|s390x|x86_64) 0:5.62-150400.4.16.1 (noarch) 0:5.62-150400.4.16.1 (x86_64) 0:5.62-150400.4.16.1 (aarch64|ppc64le|s390x|x86_64) 0:0.62.0-150000.4.18.1 (x86_64) 0:0.62.0-150000.4.18.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.8-150400.4.34.1 (x86_64) 0:3.0.8-150400.4.34.1 (noarch) 0:3.0.8-150400.4.34.1 (noarch) 0:6.3.2-150400.4.17.1 (aarch64|ppc64le|s390x|x86_64) 0:1.71.1-150400.9.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150000.3.97.1 (aarch64|ppc64le|s390x|x86_64) 0:0.3.49-150400.3.3.1 (x86_64) 0:0.3.49-150400.3.3.1 (noarch) 0:0.3.49-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.16-150400.9.8.2 (noarch) 0:1.24.16-150400.9.8.2 (aarch64|ppc64le|s390x|x86_64) 0:1.19.12-150000.1.40.1 (aarch64|x86_64) 0:1.19.12-150000.1.40.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.3-150200.4.9.2 (aarch64|ppc64le|s390x|x86_64) 0:1.16.3-150200.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.3-150200.5.3.1 (aarch64|ppc64le|x86_64) 0:1.3.3-150200.5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.1-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.20.0-150000.3.99.1 (noarch) 0:11.0.20.0-150000.3.99.1 (aarch64|ppc64le|s390x|x86_64) 0:102.7.1-150200.8.102.1 (x86_64) 0:0.6.10-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.79.0-150200.3.14.1 (x86_64) 0:0.79.0-150200.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.13.1-150200.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0-150000.4.6.1 (x86_64) 0:2.1.0-150000.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.372-150200.3.33.2 (noarch) 0:1.8.0.372-150200.3.33.2 (aarch64) 0:5.14.21-150400.24.81.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.81.1 (ppc64le|x86_64) 0:5.14.21-150400.24.81.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.81.1.150400.24.35.3 (noarch) 0:5.14.21-150400.24.81.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.81.1 (s390x) 0:5.14.21-150400.24.81.1 (x86_64) 0:5.14.21-150400.15.46.1 (noarch) 0:5.14.21-150400.15.46.1 (aarch64|ppc64le|s390x|x86_64) 0:10.39-150400.4.9.1 (x86_64) 0:10.39-150400.4.9.1 (noarch) 0:10.39-150400.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.382-150200.3.36.1 (noarch) 0:1.8.0.382-150200.3.36.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-150000.3.85.1 (x86_64) 0:1.0.2p-150000.3.85.1 (noarch) 0:1.0.2p-150000.3.85.1 (aarch64|ppc64le|s390x|x86_64) 0:13.12-150200.5.43.1 (noarch) 0:13.12-150200.5.43.1 (aarch64|ppc64le|s390x|x86_64) 0:15.4-150200.5.12.1 (x86_64) 0:15.4-150200.5.12.1 (noarch) 0:15.4-150200.5.12.1 (aarch64|ppc64le|s390x|x86_64) 0:14.9-150200.5.29.1 (noarch) 0:14.9-150200.5.29.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.3-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.11.14+git.396.91f4f677472-150200.4.52.5 (x86_64) 0:4.11.14+git.396.91f4f677472-150200.4.52.5 (noarch) 0:20220509-150400.4.22.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.2-150400.3.6.1 (x86_64) 0:1.19.2-150400.3.6.1 (noarch) 0:5.0.6-150000.3.3.1 (aarch64|x86_64) 0:5.14.21-150400.14.63.1 (noarch) 0:5.14.21-150400.14.63.1 (aarch64|ppc64le|s390x|x86_64) 0:18.17.1-150400.9.12.1 (noarch) 0:18.17.1-150400.9.12.1 (aarch64|ppc64le|s390x|x86_64) 0:16.20.2-150400.3.24.1 (noarch) 0:16.20.2-150400.3.24.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.2-150400.4.6.1 (noarch) 0:6.2.2-150400.4.6.1 (x86_64) 0:20230808-150200.27.1 (aarch64|ppc64le|s390x|x86_64) 0:12.16-150200.8.47.1 (noarch) 0:12.16-150200.8.47.1 (noarch) 0:3.1.10-150200.3.7.1 (aarch64) 0:5.3.18-150300.59.130.1 (ppc64le|x86_64) 0:4.12.14-150100.197.154.1 (s390x) 0:4.12.14-150100.197.154.1 (x86_64) 0:4.12.14-150100.197.154.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.154.1 (aarch64|x86_64) 0:4.16.5_02-150400.4.31.1 (x86_64) 0:4.16.5_02-150400.4.31.1 (noarch) 0:4.16.5_02-150400.4.31.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1l-150400.7.53.1 (x86_64) 0:1.1.1l-150400.7.53.1 (noarch) 0:1.1.1l-150400.7.53.1 (aarch64|ppc64le|s390x|x86_64) 0:22.3-150300.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:14.21.3-150200.15.49.1 (noarch) 0:14.21.3-150200.15.49.1 (aarch64|ppc64le|s390x|x86_64) 0:9.16.37-150400.5.17.1 (noarch) 0:9.16.37-150400.5.17.1 (noarch) 0:2.40.5-150400.4.45.3 (aarch64|ppc64le|s390x|x86_64) 0:2.40.5-150400.4.45.3 (x86_64) 0:2.40.5-150400.4.45.3 (aarch64_ilp32) 0:2.40.5-150400.4.45.3 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-150000.45.25.1 (x86_64) 0:4.0.9-150000.45.25.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.11-150000.3.83.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.11-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:9.52-150000.170.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.1-150000.3.3.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr8.10-150000.3.80.1 (x86_64) 0:1.8.0_sr8.10-150000.3.80.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.382-150000.3.82.1 (noarch) 0:1.8.0.382-150000.3.82.1 (noarch) 0:2.62-150200.30.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.12-150200.4.50.1 (noarch) 0:12.22.12-150200.4.50.1 (aarch64|ppc64le|s390x|x86_64) 0:0.103.9-150000.3.47.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.4-150000.4.15.1 (x86_64) 0:2.10.4-150000.4.15.1 (noarch) 0:2.10.4-150000.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.22+git0.f8e3218e2-150400.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:3.3.15-150000.7.34.1 (aarch64|ppc64le|s390x|x86_64) 0:590-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150200.3.60.1 (aarch64|x86_64) 0:12.2.0-150300.33.1 (x86_64) 0:12.2.0-150300.33.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.5-150000.3.6.1 (x86_64) 0:2.4.5-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:115.2.0-150200.152.102.1 (noarch) 0:115.2.0-150200.152.102.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.27-150200.11.14.1 (noarch) 0:3.5.27-150200.11.14.1 (aarch64|x86_64) 0:1.53.0-150100.4.17.1 (noarch) 0:6.3.2-150400.4.20.1 (aarch64|x86_64) 0:0.4.2~3-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4-150100.9.4.1 (noarch) 0:2.4-150100.9.4.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.30-150400.4.37.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.0-150400.3.11.1 (noarch) 0:1.35.0-150400.4.5.1 (aarch64|x86_64) 0:1.35.0-150400.3.11.1 (noarch) 0:0.1.1673279145.e7616bd-150000.1.44.1 (noarch) 0:4.3.18-150000.3.92.1 (aarch64|ppc64le|s390x|x86_64) 0:1.29.1-150400.3.20.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.10-150200.5.17.1 (aarch64|ppc64le|s390x|x86_64) 0:24.0.5_ce-150000.185.1 (noarch) 0:24.0.5_ce-150000.185.1 (aarch64|x86_64) 0:3.1.1260.0-150000.5.17.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150400.4.28.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.0-150000.4.16.1 (x86_64) 0:1.9.0-150000.4.16.1 (noarch) 0:2.40.5-150400.4.48.1 (aarch64|ppc64le|s390x|x86_64) 0:2.40.5-150400.4.48.1 (x86_64) 0:2.40.5-150400.4.48.1 (aarch64_ilp32) 0:2.40.5-150400.4.48.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.1-150400.4.16.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.2-150000.1.14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.0-150300.11.5.1 (aarch64|ppc64le|s390x|x86_64) 0:73.2-150000.1.3.1 (noarch) 0:73.2-150000.1.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.0-150200.6.14.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.0-150200.6.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.0-150200.6.9.1 (aarch64|ppc64le|s390x|x86_64) 0:115.2.1-150200.152.105.1 (noarch) 0:115.2.1-150200.152.105.1 (aarch64|ppc64le|s390x|x86_64) 0:8.5.15-150200.3.32.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.3-150200.3.10.1 (x86_64) 0:1.0.3-150200.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.2-150000.3.14.1 (x86_64) 0:1.3.2-150000.3.14.1 (noarch) 0:1.3.2-150000.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:12.3.0+git1204-150000.1.16.1 (x86_64) 0:12.3.0+git1204-150000.1.16.1 (aarch64|s390x|x86_64) 0:12.3.0+git1204-150000.1.16.1 (noarch) 0:12.3.0+git1204-150000.1.16.1 (s390x|x86_64) 0:12.3.0+git1204-150000.1.16.1 (aarch64) 0:12.3.0+git1204-150000.1.16.1 (ppc64le|x86_64) 0:12.3.0+git1204-150000.1.16.1 (aarch64|ppc64le|s390x|x86_64) 0:115.2.2-150200.8.130.1 (ppc64le|x86_64) 0:4.12.14-150100.197.157.1 (s390x) 0:4.12.14-150100.197.157.1 (x86_64) 0:4.12.14-150100.197.157.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.157.1 (aarch64|x86_64) 0:5.14.21-150400.14.66.1 (noarch) 0:5.14.21-150400.14.66.1 (aarch64) 0:5.3.18-150300.59.133.1 (aarch64|ppc64le|s390x|x86_64) 0:7.5.0+r278197-150000.4.35.1 (ppc64le|s390x|x86_64) 0:7.5.0+r278197-150000.4.35.1 (x86_64) 0:7.5.0+r278197-150000.4.35.1 (aarch64|s390x|x86_64) 0:7.5.0+r278197-150000.4.35.1 (aarch64|ppc64le|x86_64) 0:7.5.0+r278197-150000.4.35.1 (aarch64|ppc64le|s390x) 0:7.5.0+r278197-150000.4.35.1 (s390x|x86_64) 0:7.5.0+r278197-150000.4.35.1 (noarch) 0:7.5.0+r278197-150000.4.35.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.60.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.14-150400.5.22.1 (x86_64) 0:2.9.14-150400.5.22.1 (noarch) 0:2.9.14-150400.5.22.1 (noarch) 0:2.60-150200.27.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.8-150000.1.23.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.1-150000.1.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.7-150000.3.51.2 (x86_64) 0:2.2.7-150000.3.51.2 (aarch64|ppc64le|s390x|x86_64) 0:3.9.18-150300.4.33.1 (x86_64) 0:3.9.18-150300.4.33.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.4-150000.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.1-150200.79.1 (aarch64|ppc64le|s390x|x86_64) 0:1.72.0-150400.24.24.1 (aarch64|ppc64le|s390x|x86_64) 0:1.72.0-150400.9.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.3+20190326.a521604-150100.3.9.1 (x86_64) 0:1.0.3+20190326.a521604-150100.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:9.16.44-150400.5.37.2 (noarch) 0:9.16.44-150400.5.37.2 (ppc64le|s390x|x86_64) 0:1.8.0_sr7.20-150000.3.68.1 (x86_64) 0:1.8.0_sr7.20-150000.3.68.1 (noarch) 0:2.40.5-150400.4.51.1 (aarch64|ppc64le|s390x|x86_64) 0:2.40.5-150400.4.51.1 (x86_64) 0:2.40.5-150400.4.51.1 (aarch64_ilp32) 0:2.40.5-150400.4.51.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4-150300.4.17.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.16-150000.3.100.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.0-150000.1.14.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.7-150200.3.12.2 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-150200.10.54.1 (x86_64) 0:7.0.7.34-150200.10.54.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.5-150000.3.6.1 (x86_64) 0:9.16.6-150000.12.71.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.1-150100.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.6-150100.3.17.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.21-150000.95.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.11.31.1 (x86_64) 0:3.4.2-150200.11.31.1 (noarch) 0:3.1.26-150300.7.35.21.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.1-150400.5.29.1 (x86_64) 0:8.0.1-150400.5.29.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.13-150400.4.33.1 (x86_64) 0:3.10.13-150400.4.33.1 (aarch64|ppc64le|s390x|x86_64) 0:2.41-150100.7.46.1 (x86_64) 0:2.41-150100.7.46.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.1-150000.3.26.1 (noarch) 0:1.10.1-150000.3.26.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.0-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.51.1 (x86_64) 0:3.6.15-150300.10.51.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.0-150000.3.14.1 (x86_64) 0:0.5.0-150000.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.13.1-150200.4.24.1 (aarch64|x86_64) 0:4.16.5_04-150400.4.34.1 (x86_64) 0:4.16.5_04-150400.4.34.1 (noarch) 0:4.16.5_04-150400.4.34.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.5-150000.3.9.1 (x86_64) 0:2.4.5-150000.3.9.1 (aarch64|x86_64) 0:12.3.0-150300.37.1 (x86_64) 0:12.3.0-150300.37.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1-150400.12.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.8.1-150000.1.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.13.1-150000.1.8.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6-150200.3.4.3 (noarch) 0:2.6-150200.3.4.3 (aarch64|ppc64le|s390x|x86_64) 0:3.2.3-150300.3.8.1 (noarch) 0:3.2.3-150300.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:3006.0-150400.8.44.1 (noarch) 0:3006.0-150400.8.44.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.0-150000.1.18.3 (aarch64|ppc64le|s390x|x86_64) 0:1.0.0-150000.1.17.2 (aarch64|ppc64le|s390x|x86_64) 0:0.24.0-150000.1.23.3 (aarch64|ppc64le|s390x|x86_64) 0:0.10.1-150000.1.14.3 (noarch) 0:4.3.23-150000.3.104.2 (noarch) 0:4.3.3-150000.3.21.2 (aarch64|ppc64le|s390x|x86_64) 0:9.5.5-150200.3.47.1 (aarch64|ppc64le|s390x|x86_64) 0:3.15-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.23.0-150100.4.16.2 (aarch64|ppc64le|s390x|x86_64) 0:1.5.0-150100.3.26.2 (aarch64|ppc64le|s390x|x86_64) 0:1.6.1-150300.18.5.1 (aarch64|ppc64le|s390x|x86_64) 0:115.3.0-150200.152.108.1 (noarch) 0:115.3.0-150200.152.108.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.54.1 (x86_64) 0:2.7.18-150000.54.1 (noarch) 0:2.7.18-150000.54.1 (aarch64|x86_64) 0:5.14.21-150400.14.34.1 (noarch) 0:5.14.21-150400.14.34.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.5-150400.9.20.2 (x86_64) 0:3.11.5-150400.9.20.2 (aarch64|ppc64le|s390x|x86_64) 0:3.11.5-150400.9.20.1 (x86_64) 0:3.11.5-150400.9.20.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.4+20211112.a2691b9-150400.4.3.1 (x86_64) 0:2.0.4+20211112.a2691b9-150400.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.9-150300.5.12.2 (noarch) 0:3.5.9-150300.5.12.2 (aarch64|ppc64le|s390x|x86_64) 0:1.11.0-150400.3.3.1 (x86_64) 0:1.11.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:22.01.0-150400.3.11.2 (x86_64) 0:22.01.0-150400.3.11.2 (aarch64|ppc64le|s390x|x86_64) 0:1.6.1-150000.6.11.1 (x86_64) 0:1.6.1-150000.6.11.1 (aarch64|ppc64le|s390x|x86_64) 0:115.3.1-150200.152.111.1 (noarch) 0:115.3.1-150200.152.111.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.8-150000.49.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1-150300.24.33.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.2-150400.3.6.1 (x86_64) 0:0.5.2-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.1894-150000.5.54.1 (noarch) 0:9.0.1894-150000.5.54.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.12-150000.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.5-150000.3.33.1 (x86_64) 0:1.6.5-150000.3.33.1 (noarch) 0:1.6.5-150000.3.33.1 (x86_64) 0:5.14.21-150400.15.53.1 (noarch) 0:5.14.21-150400.15.53.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.12-150000.3.10.1 (x86_64) 0:3.5.12-150000.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:0.18.9-150000.3.23.1 (aarch64|ppc64le|s390x|x86_64) 0:0.20.2-150400.3.9.1 (x86_64) 0:0.20.2-150400.3.9.1 (aarch64) 0:5.14.21-150400.24.88.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.88.1 (ppc64le|x86_64) 0:5.14.21-150400.24.88.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.88.1.150400.24.40.1 (noarch) 0:5.14.21-150400.24.88.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.88.1 (s390x) 0:5.14.21-150400.24.88.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.0-150000.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:0.62.0-150000.4.25.2 (x86_64) 0:0.62.0-150000.4.25.2 (aarch64|ppc64le|s390x|x86_64) 0:9.52-150000.173.2 (aarch64|ppc64le|s390x|x86_64) 0:2.4.0-150400.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:1.40.0-150200.9.1 (x86_64) 0:1.40.0-150200.9.1 (aarch64|ppc64le|s390x|x86_64) 0:0.79.0-150200.3.21.2 (x86_64) 0:0.79.0-150200.3.21.2 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-150200.10.57.1 (x86_64) 0:7.0.7.34-150200.10.57.1 (aarch64|ppc64le|s390x|x86_64) 0:115.3.1-150200.8.133.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.2-150000.1.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.9-150000.1.26.1 (noarch) 0:4.8.1-150400.10.12.1 (aarch64|ppc64le|s390x|x86_64) 0:4.8.1-150400.10.12.1 (noarch) 0:2.2.3-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.7-150400.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.1-150400.5.32.1 (x86_64) 0:8.0.1-150400.5.32.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.0-150400.3.3.1 (x86_64) 0:0.5.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0.9-150400.6.27.1 (x86_64) 0:7.1.0.9-150400.6.27.1 (noarch) 0:7.1.0.9-150400.6.27.1 (aarch64|x86_64) 0:4.16.5_06-150400.4.37.1 (x86_64) 0:4.16.5_06-150400.4.37.1 (noarch) 0:4.16.5_06-150400.4.37.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.0-150400.37.23.1 (noarch) 0:6.2.0-150400.37.23.1 (noarch) 0:1.0.0+-150400.37.23.1 (s390x|x86_64) 0:6.2.0-150400.37.23.1 (noarch) 0:1.15.0_0_g2dd4b9b-150400.37.23.1 (noarch) 0:8-150400.37.23.1 (aarch64|x86_64) 0:5.14.21-150400.14.69.1 (noarch) 0:5.14.21-150400.14.69.1 (aarch64|ppc64le|s390x|x86_64) 0:4.15.13+git.691.3d3cea0641-150400.3.31.1 (x86_64) 0:4.15.13+git.691.3d3cea0641-150400.3.31.1 (aarch64|x86_64) 0:4.15.13+git.691.3d3cea0641-150400.3.31.1 (noarch) 0:4.15.13+git.691.3d3cea0641-150400.3.31.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.10-150000.1.29.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.3-150000.1.12.1 (aarch64) 0:5.14.21-150400.24.92.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.92.1 (ppc64le|x86_64) 0:5.14.21-150400.24.92.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.92.1.150400.24.42.1 (noarch) 0:5.14.21-150400.24.92.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.92.1 (s390x) 0:5.14.21-150400.24.92.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.17-150000.3.103.1 (aarch64|ppc64le|s390x|x86_64) 0:0.22.0-150400.3.6.1 (x86_64) 0:0.22.0-150400.3.6.1 (aarch64) 0:5.3.18-150300.59.112.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.2-150000.5.3.1 (x86_64) 0:5.14.21-150400.15.56.1 (noarch) 0:5.14.21-150400.15.56.1 (aarch64) 0:5.3.18-150300.59.138.1 (aarch64|ppc64le|s390x|x86_64) 0:1.29.1-150400.3.22.1 (ppc64le|x86_64) 0:4.12.14-150100.197.134.1 (s390x) 0:4.12.14-150100.197.134.1 (x86_64) 0:4.12.14-150100.197.134.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.134.1 (noarch) 0:1.25.10-150300.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:23.3.4.19-150300.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.8+git0.d1f8d41e0-150400.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:2.31-150300.63.1 (x86_64) 0:2.31-150300.63.1 (noarch) 0:2.31-150300.63.1 (aarch64|ppc64le|x86_64) 0:20.11.9-150300.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:20.02.7-150200.3.17.1 (aarch64|ppc64le|s390x|x86_64) 0:20.02.7-150100.3.27.1 (aarch64|ppc64le|s390x|x86_64) 0:18.08.9-150100.3.25.1 (aarch64|ppc64le|s390x|x86_64) 0:3.13.1-150000.1.26.1 (noarch) 0:3.13.1-150000.1.26.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.1-150100.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.6-150100.3.20.1 (noarch) 0:9.0.82-150200.46.1 (aarch64|ppc64le|s390x|x86_64) 0:18.18.2-150400.9.15.1 (noarch) 0:18.18.2-150400.9.15.1 (aarch64|ppc64le|s390x|x86_64) 0:15.4.18-150400.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:2.06-150400.11.38.1 (noarch) 0:2.06-150400.11.38.1 (s390x) 0:2.06-150400.11.38.1 (aarch64|ppc64le|s390x|x86_64) 0:16.20.2-150400.3.27.2 (noarch) 0:16.20.2-150400.3.27.2 (aarch64|ppc64le|s390x|x86_64) 0:13.2.1+git7813-150000.1.3.3 (x86_64) 0:13.2.1+git7813-150000.1.3.2 (s390x|x86_64) 0:13.2.1+git7813-150000.1.3.3 (aarch64|s390x|x86_64) 0:13.2.1+git7813-150000.1.3.3 (noarch) 0:13.2.1+git7813-150000.1.3.3 (aarch64|x86_64) 0:13.2.1+git7813-150000.1.3.3 (ppc64le|x86_64) 0:13.2.1+git7813-150000.1.3.3 (x86_64) 0:13.2.1+git7813-150000.1.3.3 (aarch64|ppc64le|s390x|x86_64) 0:4.1.100-150200.4.20.1 (noarch) 0:4.1.100-150200.4.20.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.62-150200.3.16.1 (noarch) 0:2.0.62-150200.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.9-150000.4.29.1 (noarch) 0:2.5.9-150000.4.29.1 (aarch64|ppc64le|s390x|x86_64) 0:0.62.0-150000.4.28.2 (x86_64) 0:0.62.0-150000.4.28.2 (aarch64|ppc64le|s390x|x86_64) 0:3.0.8-150400.4.37.1 (x86_64) 0:3.0.8-150400.4.37.1 (noarch) 0:3.0.8-150400.4.37.1 (aarch64|ppc64le|s390x|x86_64) 0:18.13.0-150400.9.3.1 (noarch) 0:18.13.0-150400.9.3.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.21.0-150000.3.107.1 (noarch) 0:11.0.21.0-150000.3.107.1 (aarch64|ppc64le|s390x|x86_64) 0:1.40.0-150200.12.1 (x86_64) 0:1.40.0-150200.12.1 (noarch) 0:9.4.53-150200.3.22.1 (aarch64|ppc64le|s390x|x86_64) 0:115.4.0-150200.152.114.1 (noarch) 0:115.4.0-150200.152.114.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.11-150000.3.48.1 (x86_64) 0:1.2.11-150000.3.48.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.57.1 (x86_64) 0:2.7.18-150000.57.1 (noarch) 0:2.7.18-150000.57.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.1-150300.8.15.1 (noarch) 0:1.18.1-150300.8.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.16-150400.3.7.1 (aarch64|x86_64) 0:12.3.0-150300.43.1 (x86_64) 0:12.3.0-150300.43.1 (noarch) 0:1.34.5-150100.4.11.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.7.34-150200.10.42.1 (x86_64) 0:7.0.7.34-150200.10.42.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.0-150000.3.3.1 (noarch) 0:1.4.0-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:9.16.6-150300.22.27.1 (aarch64|ppc64le|s390x|x86_64) 0:0.62.0-150000.4.31.1 (x86_64) 0:0.62.0-150000.4.31.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.0.9-150400.6.12.1 (x86_64) 0:7.1.0.9-150400.6.12.1 (noarch) 0:7.1.0.9-150400.6.12.1 (noarch) 0:2.3.6-150400.6.6.1 (aarch64|ppc64le|s390x|x86_64) 0:17.0.9.0-150400.3.33.1 (noarch) 0:17.0.9.0-150400.3.33.1 (aarch64|ppc64le|s390x|x86_64) 0:7.79.1-150400.5.15.1 (x86_64) 0:7.79.1-150400.5.15.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.6-150400.3.25.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150400.38.29.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.4-150400.3.20.1 (noarch) 0:2.42.1-150400.4.57.2 (noarch) 0:2.42.1-150400.4.57.3 (aarch64|ppc64le|s390x|x86_64) 0:2.42.1-150400.4.57.2 (x86_64) 0:2.42.1-150400.4.57.2 (aarch64_ilp32) 0:2.42.1-150400.4.57.2 (aarch64|ppc64le|s390x|x86_64) 0:2.42.1-150400.4.57.3 (aarch64|ppc64le|s390x|x86_64) 0:10.24.1-150000.1.62.3 (noarch) 0:10.24.1-150000.1.62.3 (aarch64|ppc64le|s390x|x86_64) 0:2.35.3-150300.10.24.1 (noarch) 0:2.35.3-150300.10.24.1 (aarch64|ppc64le|s390x|x86_64) 0:115.4.1-150200.8.136.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.4-150400.3.6.1 (aarch64|ppc64le|x86_64) 0:20.11.9-150200.6.13.1 (aarch64) 0:5.14.21-150400.24.46.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.46.1 (ppc64le|x86_64) 0:5.14.21-150400.24.46.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.46.1.150400.24.17.3 (noarch) 0:5.14.21-150400.24.46.1 (noarch) 0:5.14.21-150400.24.46.2 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.46.1 (s390x) 0:5.14.21-150400.24.46.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.28-150000.5.20.1 (x86_64) 0:1.0.28-150000.5.20.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150200.22.5.79.1 (aarch64|ppc64le|s390x|x86_64) 0:3.79.4-150400.3.26.1 (x86_64) 0:3.79.4-150400.3.26.1 (aarch64|x86_64) 0:5.14.21-150400.14.72.1 (noarch) 0:5.14.21-150400.14.72.1 (ppc64le|x86_64) 0:4.12.14-150100.197.160.1 (s390x) 0:4.12.14-150100.197.160.1 (x86_64) 0:4.12.14-150100.197.160.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.160.1 (aarch64) 0:5.3.18-150300.59.141.1 (aarch64|ppc64le|s390x|x86_64) 0:17.0.6.0-150400.3.12.1 (noarch) 0:17.0.6.0-150400.3.12.1 (x86_64) 0:5.14.21-150400.15.59.1 (noarch) 0:5.14.21-150400.15.59.1 (x86_64) 0:0.54.0-150400.3.23.1 (aarch64|ppc64le|s390x|x86_64) 0:22.01.0-150400.3.16.1 (x86_64) 0:22.01.0-150400.3.16.1 (noarch) 0:2.5.2-150200.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-150000.45.32.1 (x86_64) 0:4.0.9-150000.45.32.1 (aarch64|ppc64le|s390x|x86_64) 0:14.21.3-150200.15.52.2 (noarch) 0:14.21.3-150200.15.52.2 (aarch64|ppc64le|s390x|x86_64) 0:12.22.12-150200.4.53.2 (noarch) 0:12.22.12-150200.4.53.2 (aarch64) 0:5.14.21-150400.24.97.1 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.97.1 (ppc64le|x86_64) 0:5.14.21-150400.24.97.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.97.1.150400.24.44.2 (noarch) 0:5.14.21-150400.24.97.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.97.1 (s390x) 0:5.14.21-150400.24.97.1 (aarch64|ppc64le|s390x|x86_64) 0:5.7-150400.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3006.0-150400.8.49.2 (noarch) 0:3006.0-150400.8.49.2 (aarch64|ppc64le|s390x|x86_64) 0:3.17.2-150300.3.4.1 (aarch64|ppc64le|s390x|x86_64) 0:0.103.11-150000.3.50.1 (x86_64) 0:1.51.0-150400.4.20.2 (aarch64|x86_64) 0:535.129.03-150400.9.12.1 (aarch64) 0:535.129.03-150400.9.27.1 (x86_64) 0:535.129.03-150400.9.27.1 (aarch64|x86_64) 0:535.129.03-150400.9.27.1 (aarch64) 0:535.129.03_k5.14.21_150400.24.92-150400.9.27.1 (x86_64) 0:535.129.03_k5.14.21_150400.14.72-150400.9.27.1 (aarch64|x86_64) 0:535.129.03_k5.14.21_150400.24.92-150400.9.27.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.51-150400.6.14.1 (noarch) 0:2.4.51-150400.6.14.1 (aarch64|ppc64le|s390x|x86_64) 0:330-150200.11.12.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.3+git20230121-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.4-150000.3.15.1 (x86_64) 0:20231113-150200.32.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.4-150300.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:12.17-150200.8.54.1 (noarch) 0:12.17-150200.8.54.1 (aarch64|ppc64le|s390x|x86_64) 0:13.13-150200.5.50.1 (noarch) 0:13.13-150200.5.50.1 (aarch64|ppc64le|s390x|x86_64) 0:13.2.1+git7813-150000.1.6.1 (x86_64) 0:13.2.1+git7813-150000.1.6.1 (s390x|x86_64) 0:13.2.1+git7813-150000.1.6.1 (aarch64|s390x|x86_64) 0:13.2.1+git7813-150000.1.6.1 (noarch) 0:13.2.1+git7813-150000.1.6.1 (aarch64|x86_64) 0:13.2.1+git7813-150000.1.6.1 (ppc64le|x86_64) 0:13.2.1+git7813-150000.1.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.1-150300.8.18.1 (noarch) 0:1.18.1-150300.8.18.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.63.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.0-150300.3.3.1 (noarch) 0:1.25.10-150300.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.4.1-150000.1.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.11-150000.1.32.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.4-150000.1.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.11.1-150000.1.14.1 (aarch64|x86_64) 0:4.16.5_08-150400.4.40.1 (x86_64) 0:4.16.5_08-150400.4.40.1 (noarch) 0:4.16.5_08-150400.4.40.1 (aarch64|ppc64le|s390x|x86_64) 0:14.10-150200.5.36.1 (noarch) 0:14.10-150200.5.36.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4-150300.4.20.1 (aarch64|ppc64le|s390x|x86_64) 0:16.1-150200.5.7.1 (x86_64) 0:16.1-150200.5.7.1 (noarch) 0:16-150400.4.9.2 (noarch) 0:16-150300.10.18.3 (aarch64|ppc64le|s390x|x86_64) 0:15.5-150200.5.19.1 (noarch) 0:15.5-150200.5.19.1 (noarch) 0:16.1-150200.5.7.1 (noarch) 0:1.1.1-150400.9.3.2 (aarch64|ppc64le|s390x|x86_64) 0:0.18.1-150400.14.3.2 (aarch64|ppc64le|s390x|x86_64) 0:0.18.1-150400.13.3.2 (aarch64|ppc64le|x86_64) 0:7.6.2.1-150400.17.17.3 (noarch) 0:7.6.2.1-150400.17.17.3 (noarch) 0:2.1.1-150400.9.3.2 (aarch64|ppc64le|s390x|x86_64) 0:12.14-150200.8.41.1 (noarch) 0:12.14-150200.8.41.1 (x86_64) 0:20231114-150200.35.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8-150400.7.10.1 (noarch) 0:0.8-150400.7.10.1 (x86_64) 0:0.8-150400.7.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.392-150000.3.85.1 (noarch) 0:1.8.0.392-150000.3.85.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.49-150100.6.6.1 (aarch64|ppc64le|s390x|x86_64) 0:5.9.11-150400.19.17.2 (noarch) 0:5.9.11-150400.19.17.2 (noarch) 0:44.1.1-150400.9.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-150000.3.88.1 (x86_64) 0:1.0.2p-150000.3.88.1 (noarch) 0:1.0.2p-150000.3.88.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1l-150400.7.60.2 (x86_64) 0:1.1.1l-150400.7.60.2 (noarch) 0:1.1.1l-150400.7.60.2 (aarch64|ppc64le|s390x|x86_64) 0:3.9.4-150200.4.18.1 (noarch) 0:3.9.4-150200.4.18.1 (noarch) 0:1.9.15-150200.3.14.2 (noarch) 0:0.13.18-150200.4.16.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.0-150200.3.14.1 (noarch) 0:4.2.0-150200.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:9.5.0-150400.5.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.14-150400.5.25.1 (x86_64) 0:2.9.14-150400.5.25.1 (noarch) 0:2.9.14-150400.5.25.1 (aarch64|ppc64le|s390x|x86_64) 0:5.7-150400.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:115.5.0-150200.152.117.1 (noarch) 0:115.5.0-150200.152.117.1 (noarch) 0:2.42.2-150400.4.64.2 (aarch64|ppc64le|s390x|x86_64) 0:2.42.2-150400.4.64.2 (x86_64) 0:2.42.2-150400.4.64.2 (aarch64_ilp32) 0:2.42.2-150400.4.64.2 (aarch64|ppc64le|s390x|x86_64) 0:0.79.0-150200.3.26.1 (x86_64) 0:0.79.0-150200.3.26.1 (aarch64|ppc64le|s390x|x86_64) 0:23.02.6-150300.7.14.1 (noarch) 0:23.02.6-150300.7.14.1 (aarch64|ppc64le|s390x|x86_64) 0:2.13.2-150200.9.25.1 (aarch64|ppc64le|s390x|x86_64) 0:20.03.1-150200.9.25.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr8.15-150000.3.83.1 (x86_64) 0:1.8.0_sr8.15-150000.3.83.1 (aarch64|ppc64le|s390x|x86_64) 0:2.14.2-150400.24.14.2 (aarch64|ppc64le|s390x|x86_64) 0:20.06.2-150400.24.14.2 (noarch) 0:2.14.2-150400.24.14.2 (noarch) 0:20.06.2-150400.24.14.2 (aarch64|ppc64le|s390x|x86_64) 0:0.9.13.1-150200.4.27.1 (aarch64|ppc64le|s390x|x86_64) 0:22.05.10-150300.7.6.1 (noarch) 0:22.05.10-150300.7.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.2.3-150300.3.3.2 (x86_64) 0:3.2.3-150300.3.3.2 (aarch64|ppc64le|s390x|x86_64) 0:9.0.2103-150000.5.57.1 (noarch) 0:9.0.2103-150000.5.57.1 (aarch64|ppc64le|s390x|x86_64) 0:115.5.0-150200.8.139.1 (aarch64|ppc64le|s390x|x86_64) 0:4.6.1-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:22.2.0-150400.15.1 (noarch) 0:22.10.0-150400.5.13.1 (aarch64|ppc64le|s390x|x86_64) 0:102.8.0-150200.152.78.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.392-150200.3.39.1 (noarch) 0:1.8.0.392-150200.3.39.1 (aarch64|ppc64le|s390x|x86_64) 0:3.44.0-150000.3.23.1 (x86_64) 0:3.44.0-150000.3.23.1 (noarch) 0:3.44.0-150000.3.23.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.21-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.34-150000.3.31.1 (noarch) 0:1.34-150000.3.31.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.22+git0.f8e3218e2-150400.3.19.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.8-150400.4.42.1 (x86_64) 0:3.0.8-150400.4.42.1 (noarch) 0:3.0.8-150400.4.42.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.1+git.1676027782.ad3c0e9-150200.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.1-150400.5.36.1 (x86_64) 0:8.0.1-150400.5.36.1 (aarch64|ppc64le|s390x|x86_64) 0:2.14.2-150400.24.17.1 (aarch64|ppc64le|s390x|x86_64) 0:20.06.2-150400.24.17.1 (noarch) 0:2.14.2-150400.24.17.1 (noarch) 0:20.06.2-150400.24.17.1 (noarch) 0:20220509-150400.4.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.13.2-150200.9.28.1 (aarch64|ppc64le|s390x|x86_64) 0:20.03.1-150200.9.28.1 (noarch) 0:12.0-150000.8.37.1 (x86_64) 0:1.51.0-150400.4.23.1 (aarch64|ppc64le|s390x|x86_64) 0:0.62.0-150000.4.34.1 (x86_64) 0:0.62.0-150000.4.34.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.11.1 (noarch) 0:2.10.30-150400.3.11.1 (x86_64) 0:2.10.30-150400.3.11.1 (x86_64) 0:0.54.0-150400.3.26.1 (aarch64|ppc64le|s390x|x86_64) 0:5.7-150400.3.20.1 (aarch64|ppc64le|s390x|x86_64) 0:0.103.8-150000.3.44.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.12-150000.1.35.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.5-150000.1.18.1 (aarch64|ppc64le|s390x|x86_64) 0:3.21.10-150400.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.4-150200.10.8.2 (x86_64) 0:3.1.4-150200.10.8.2 (aarch64|ppc64le|s390x|x86_64) 0:1.7.8-150000.103.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.10-150000.55.1 (x86_64) 0:5.14.21-150400.15.62.1 (noarch) 0:5.14.21-150400.15.62.1 (aarch64|ppc64le|s390x|x86_64) 0:3.7.3-150400.4.27.1 (x86_64) 0:3.7.3-150400.4.27.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150200.3.51.1 (aarch64|x86_64) 0:5.14.21-150400.14.75.1 (noarch) 0:5.14.21-150400.14.75.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150200.22.5.82.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150400.38.32.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.4-150400.3.23.1 (aarch64|ppc64le|s390x|x86_64) 0:0.62.0-150000.4.9.1 (x86_64) 0:0.62.0-150000.4.9.1 (aarch64) 0:5.14.21-150400.24.100.2 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.100.2 (aarch64) 0:5.14.21-150400.24.100.1 (ppc64le|x86_64) 0:5.14.21-150400.24.100.2 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.100.2.150400.24.46.2 (noarch) 0:5.14.21-150400.24.100.2 (noarch) 0:5.14.21-150400.24.100.1 (aarch64|ppc64le|x86_64) 0:5.14.21-150400.24.100.2 (aarch64|ppc64le|s390x|x86_64) 0:5.14.21-150400.24.100.1 (s390x) 0:5.14.21-150400.24.100.2 (x86_64) 0:0.1-150400.3.3.1 (noarch) 0:2.42.3-150400.4.67.1 (aarch64|ppc64le|s390x|x86_64) 0:2.42.3-150400.4.67.1 (x86_64) 0:2.42.3-150400.4.67.1 (aarch64|x86_64) 0:0.112-150000.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:41.0.3-150400.16.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3.3.2-150400.23.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.0-150000.3.20.1 (x86_64) 0:1.19.0-150000.3.20.1 (aarch64|ppc64le|s390x|x86_64) 0:3.2.2-150400.3.7.1 (noarch) 0:3.2.2-150400.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-150000.45.35.1 (x86_64) 0:4.0.9-150000.45.35.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.1-150400.3.14.1 (x86_64) 0:5.14.21-150400.15.11.1 (noarch) 0:5.14.21-150400.15.11.1 (ppc64le|x86_64) 0:4.12.14-150100.197.165.1 (s390x) 0:4.12.14-150100.197.165.1 (x86_64) 0:4.12.14-150100.197.165.1 (noarch) 0:2.38.5-150400.4.34.2 (aarch64|ppc64le|s390x|x86_64) 0:2.38.5-150400.4.34.2 (x86_64) 0:2.38.5-150400.4.34.2 (aarch64|ppc64le|s390x|x86_64) 0:6.1-150000.5.20.1 (x86_64) 0:6.1-150000.5.20.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.0-150400.3.23.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.5-150200.4.10.1 (noarch) 0:2.38.5-150200.66.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8-150400.7.13.1 (noarch) 0:0.8-150400.7.13.1 (x86_64) 0:0.8-150400.7.13.1 (aarch64|ppc64le|s390x|x86_64) 0:8.4p1-150300.3.27.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.0-150100.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7-150100.3.29.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.4-150000.5.6.1 (aarch64|ppc64le|s390x|x86_64) 0:9.52-150000.177.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.4-150400.3.26.1 (aarch64|ppc64le|s390x|x86_64) 0:115.6.0-150200.152.120.1 (noarch) 0:115.6.0-150200.152.120.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.12.1-150000.1.17.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.5.1-150000.1.8.1 (aarch64|ppc64le|x86_64) 0:7.6.2.1-150400.17.20.1 (noarch) 0:7.6.2.1-150400.17.20.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150200.22.5.85.1 (aarch64|ppc64le|s390x|x86_64) 0:24.0.7_ce-150000.190.4 (noarch) 0:24.0.7_ce-150000.190.4 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1-150000.1.3.3 (aarch64|ppc64le|s390x|x86_64) 0:3.6.19-150000.3.106.1 (aarch64|ppc64le|s390x|x86_64) 0:3.8.11-150300.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:0.23.1-150300.3.3.1 (x86_64) 0:0.23.1-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150400.38.35.1 (aarch64|ppc64le|s390x|x86_64) 0:22.01.0-150400.3.3.1 (x86_64) 0:22.01.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:5.15.2+kde294-150400.6.10.1 (x86_64) 0:5.15.2+kde294-150400.6.10.1 (noarch) 0:5.15.2+kde294-150400.6.10.1 (aarch64|ppc64le|s390x|x86_64) 0:5.6.5-150000.1.9.1 (x86_64) 0:5.6.5-150000.1.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.2-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.7-150000.5.13.1 (noarch) 0:2.4.7-150000.5.13.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1-150000.3.5.1 (x86_64) 0:2.1-150000.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:2.8.3-150400.9.24.1 (aarch64|ppc64le|s390x|x86_64) 0:3.7.3-150400.4.38.1 (x86_64) 0:3.7.3-150400.4.38.1 (noarch) 0:22.3.1-150400.17.12.1 (aarch64|ppc64le|s390x|x86_64) 0:0.18.9-150000.3.17.1 (aarch64|ppc64le|s390x|x86_64) 0:0.20.2-150400.3.3.1 (x86_64) 0:0.20.2-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150400.4.19.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.34-150000.4.109.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.0-150400.3.3.1 (x86_64) 0:3.1.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.28-150400.4.26.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.40.1 (x86_64) 0:3.6.15-150300.10.40.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.34-150400.3.3.1 (x86_64) 0:1.1.34-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.5-150000.4.6.1 (x86_64) 0:20230214-150200.21.1 (aarch64|ppc64le|s390x|x86_64) 0:15.2-150200.5.6.1 (x86_64) 0:15.2-150200.5.6.1 (noarch) 0:15.2-150200.5.6.1 (aarch64|ppc64le|s390x|x86_64) 0:13.10-150200.5.37.1 (noarch) 0:13.10-150200.5.37.1 (aarch64|ppc64le|s390x|x86_64) 0:27.2-150400.3.6.1 (noarch) 0:27.2-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:102.8.0-150200.8.105.2 (aarch64|ppc64le|s390x|x86_64) 0:41.5-150400.3.6.1 (noarch) 0:41.5-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:20230221.00-150000.1.34.1 (aarch64|ppc64le|s390x|x86_64) 0:20230222.00-150000.1.27.1 (aarch64|ppc64le|s390x|x86_64) 0:10.24.1-150000.1.56.1 (noarch) 0:10.24.1-150000.1.56.1 (aarch64|ppc64le|s390x|x86_64) 0:16.19.1-150400.3.15.1 (noarch) 0:16.19.1-150400.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.5-150300.3.6.1 (x86_64) 0:2.4.5-150300.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.3+git20180125-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.4-150400.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.5-150000.3.27.1 (x86_64) 0:1.6.5-150000.3.27.1 (noarch) 0:1.6.5-150000.3.27.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.0-150400.37.11.1 (noarch) 0:6.2.0-150400.37.11.1 (noarch) 0:1.0.0+-150400.37.11.1 (s390x|x86_64) 0:6.2.0-150400.37.11.1 (noarch) 0:1.15.0_0_g2dd4b9b-150400.37.11.1 (noarch) 0:8-150400.37.11.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.0-150400.37.11.2 (aarch64|ppc64le|s390x|x86_64) 0:14.21.3-150200.15.43.1 (noarch) 0:14.21.3-150200.15.43.1 (aarch64|ppc64le|s390x|x86_64) 0:0.79.0-150200.3.8.1 (x86_64) 0:0.79.0-150200.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.32-150000.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22.12-150200.4.44.1 (noarch) 0:12.22.12-150200.4.44.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150200.22.5.69.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.362-150200.3.30.1 (noarch) 0:1.8.0.362-150200.3.30.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8-150200.11.9.1 (x86_64) 0:2.0.8-150200.11.9.1 (aarch64|x86_64) 0:4.16.3_04-150400.4.22.1 (x86_64) 0:4.16.3_04-150400.4.22.1 (noarch) 0:4.16.3_04-150400.4.22.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.6-150400.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.11.20.1 (x86_64) 0:3.4.2-150200.11.20.1 (aarch64|ppc64le|s390x|x86_64) 0:14.7-150200.5.23.1 (noarch) 0:14.7-150200.5.23.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.16-150300.4.24.1 (x86_64) 0:3.9.16-150300.4.24.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.362-150000.3.76.1 (noarch) 0:1.8.0.362-150000.3.76.1 (aarch64|ppc64le|s390x|x86_64) 0:3.3.2-150400.16.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.48.1 (x86_64) 0:2.7.18-150000.48.1 (noarch) 0:2.7.18-150000.48.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8-150000.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150400.4.16.1 (noarch) 0:1.1.1-150000.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150400.38.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.19.7-150000.1.23.1 (aarch64|x86_64) 0:1.19.7-150000.1.23.1 (ppc64le|s390x|x86_64) 0:1.20.2-150000.1.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.2-150000.1.5.1 (aarch64|x86_64) 0:1.20.2-150000.1.5.1 (aarch64|ppc64le|s390x|x86_64) 0:18.14.2-150400.9.6.2 (noarch) 0:18.14.2-150400.9.6.2 (aarch64|ppc64le|s390x|x86_64) 0:8.0.27-150400.4.23.1 (noarch) 0:2.009-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.10-150400.4.22.1 (x86_64) 0:3.10.10-150400.4.22.1 (aarch64|ppc64le|s390x|x86_64) 0:5.9.3-150300.15.8.1 (x86_64) 0:5.9.3-150300.15.8.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.18.0-150000.3.93.1 (noarch) 0:11.0.18.0-150000.3.93.1 (ppc64le|x86_64) 0:4.12.14-150100.197.137.2 (s390x) 0:4.12.14-150100.197.137.2 (x86_64) 0:4.12.14-150100.197.137.2 (aarch64|ppc64le|s390x|x86_64) 0:4.12.14-150100.197.137.2 (aarch64|x86_64) 0:5.14.21-150400.14.37.1 (noarch) 0:5.14.21-150400.14.37.1 (aarch64) 0:5.3.18-150300.59.115.1 (aarch64|ppc64le|s390x|x86_64) 0:9.0.1386-150000.5.37.1 (noarch) 0:9.0.1386-150000.5.37.1 (noarch) 0:0.18.2-150300.3.3.1 (noarch) 0:2.4.0-150200.3.6.2 (aarch64|ppc64le|s390x|x86_64) 0:20.10.23_ce-150000.175.1 (noarch) 0:20.10.23_ce-150000.175.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4-150400.3.8.1 (x86_64) 0:4.4-150400.3.8.1 (x86_64) 0:9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.7.1 (noarch) 0:0.1.1674034019.a93ff61-150000.1.47.1 (noarch) 0:4.3.19-150000.3.95.1 (noarch) 0:1.2.2-150000.3.13.1 (aarch64|ppc64le|s390x|x86_64) 0:8.5.20-150200.3.35.1 (aarch64|ppc64le|s390x|x86_64) 0:102.9.0-150200.152.81.1 (aarch64|ppc64le|x86_64) 0:18.11.9-150100.4.21.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.34-150000.4.106.1 (aarch64|x86_64) 0:4.16.3_06-150400.4.25.1 (x86_64) 0:4.16.3_06-150400.4.25.1 (noarch) 0:4.16.3_06-150400.4.25.1 (x86_64) 0:2.0.8_k5.3.18_8.13-150300.19.7.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.45.1 (x86_64) 0:3.6.15-150300.10.45.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.10-150000.1.46.1 (aarch64|x86_64) 0:1.18.10-150000.1.46.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.1-150200.72.2 (aarch64|ppc64le|s390x|x86_64) 0:6.2.0-150400.37.14.2 (noarch) 0:6.2.0-150400.37.14.2 (noarch) 0:1.0.0+-150400.37.14.2 (s390x|x86_64) 0:6.2.0-150400.37.14.2 (aarch64|ppc64le|s390x|x86_64) 0:6.2.0-150400.37.14.1 (noarch) 0:1.15.0_0_g2dd4b9b-150400.37.14.2 (noarch) 0:8-150400.37.14.2 (noarch) 0:0.32.3-150100.6.5.1 (noarch) 0:0.13.1+git.1667812208.4db963e-150200.3.15.1 (noarch) 0:57.4.0-150400.4.3.1 (noarch) 0:1.0.1+git.20180426-150400.18.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.116-150200.3.12.1 (x86_64) 0:0.116-150200.3.12.1 (noarch) 0:0.116-150200.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.4-150000.3.29.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.9-150300.5.15.1 (noarch) 0:3.5.9-150300.5.15.1 (aarch64|ppc64le|s390x|x86_64) 0:23.3-150100.8.71.1 (aarch64|ppc64le|s390x|x86_64) 0:8.6.0-150400.3.3.1 (x86_64) 0:8.6.0-150400.3.3.1 (noarch) 0:2.42.4-150400.4.70.3 (aarch64|ppc64le|s390x|x86_64) 0:2.42.4-150400.4.70.3 (x86_64) 0:2.42.4-150400.4.70.3 (noarch) 0:5.11.0-150200.3.15.2 (noarch) 0:0.2.9-150200.11.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.11.0-150000.4.22.1 (x86_64) 0:1.11.0-150000.4.22.1 (aarch64|ppc64le|s390x|x86_64) 0:1.34-150000.3.34.1 (noarch) 0:1.34-150000.3.34.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.4+git.1702030539.5fb7d91b-150000.3.39.1